The protection of this game was reversed already a couple of years ago, but emulating the real thing is always better.
I got the MCU today via post-mail and as i had some free time today, i took a look at it.
At first i always try a test-dump from the MCU (maybe we are lucky and it was never locked). => Of course it was locked, just giving me FF's. ;-)
As with all 8751H's i heated the top of the chip, and removed it with a screw driver.
After that you just cover the eprom-area with some uv-resistent material (nail polish) and put the chip under the UV-Eraser, which will then delete the uncovered Lock-Bit.
Afterwards you can read the MCU with your favorite programmer, just like it was never locked.
The 4kb rom is nearly empty, just having some short binary snippets, but i already got confirmed that this dump looks good:
This MCU was used in a couple of 1943 variants and should now get them all fully preserved!
Most likely this will be included in the next MAME release.
Awesome work!!!
ReplyDeleteAs you always do.
:)
Hello. I tried burning this content to an Atmel AT89C51RC MCU - which is a functional equivalent to the Intel 8751H MCU originally used as a anti-piracy chip in the Capcom 1943 Battle of Midway (US Version). However, it does seem to work as the game constantly reboots when it gets to the anti-export splash screen. I was wondering if anyone has successfully used this code to replicate actual Capcom security hardware - and if so - can you please offer more details on how to implement the code. Thank you.
ReplyDelete