Sonic and Sega Retro Message Board: Curious discovery regarding Sega Smash Pack for PC - Sonic and Sega Retro Message Board

Jump to content

Hey there, Guest!  (Log In · Register) Help
  • 5 Pages +
  • 1
  • 2
  • 3
  • Last ►
    Locked
    Locked Forum

Curious discovery regarding Sega Smash Pack for PC Indeed, Dubberyoo Tee Eff???

#1 User is offline MarzSyndrome 

Posted 25 October 2009 - 10:30 PM

  • Everything is going to the beat.
  • Posts: 455
  • Joined: 03-November 08
  • Gender:Male
  • Location:Yesterday.
Decided to try one of the old Smash Packs from the late 90's for shits and giggles. The first one to be precise.

Thought I'd give one of my faves - Revenge of Shinobi - another go, even though I've beaten it to death like infinity times.

Except curiously - despite this being a US-originated product - it's going by the name of The Super Shinobi for today.


Cue the Sega logo. Dum de dum.


Then almost immediately, the intro plays (no copyright screen).... but with the music from Level 1. Erm?

Press Start to get to the menu.


Hang about, what are those funny numbers in the corner? Do I smell........ LEVEL SELECT?

Check the options.

Almost straight away, I notice a new option - No Death. It appears to make you totally invincible. No kidding.



Start Level 1. It plays music from one of the later levels. What. The. Fuck?



Folks, I'm starting to suspect that whoever compiled this compilation back in late '98/early '99 seemingly wasn't smart enough to notice they were bundling what appears to be some kind of beta version of a classic Sega title into their set. I know Steve Snake provided the emulator, but did he choose the games as well, or was that someone else's job?

Still, intriguing find - particularly as I don't believe a rom dump of this sort of revision already exists. Now if only somebody could take the time to work out how to break that KVQ format and rip the roms out. It's decade-old encryption now, so maybe we might have better luck with it? And before you ask, no I don't know how to code shit. I really wish I could.

#2 User is offline GerbilSoft 

Posted 25 October 2009 - 10:36 PM

  • RickRotate'd.
  • Posts: 2060
  • Joined: 11-January 03
  • Gender:Male
  • Location:USA
  • Project:Gens/GS
  • Wiki edits:158
9001
Probably the easiest thing to do would be to take a memory dump of the program while it's running. I'm not sure how to do that on Windows, but if you run it in Wine on Linux, you should be able to force a core dump.

#3 User is offline MainMemory 

Posted 25 October 2009 - 10:49 PM

  • Every day's the same old thing... Same place, different day...
  • Posts: 3206
  • Joined: 14-August 09
  • Gender:Not Telling
  • Project:SonLVL
  • Wiki edits:1,339
Cheat Engine can do a memory dump.

#4 User is offline MarzSyndrome 

Posted 25 October 2009 - 11:35 PM

  • Everything is going to the beat.
  • Posts: 455
  • Joined: 03-November 08
  • Gender:Male
  • Location:Yesterday.
Is there an idiot's guide to doing a memory dump with that program? I tried using it just now and I don't see an obvious "dump memory" button. Besides that, scrolling through all that code (I did have Smash.exe running in the background with Shinobi loaded, and selected the process in CE) couldn't help me find anything resembling the code/tags you get at the start of a Mega Drive rom. Maybe I'm not doing something right.

#5 User is offline Afti 

Posted 25 October 2009 - 11:46 PM

  • ORIGINAL MACHINE
  • Posts: 3521
  • Joined: 08-August 08
  • Gender:Male
  • Wiki edits:336
I've never used CE, so I'd be no help there.

You should upload that Smash Pack copy. The more people trying to extract the ROM, the faster it will be done.

#6 User is offline MarzSyndrome 

Posted 25 October 2009 - 11:53 PM

  • Everything is going to the beat.
  • Posts: 455
  • Joined: 03-November 08
  • Gender:Male
  • Location:Yesterday.
You mean just the rom, or the whole collection? I might be able to upload it quickly before I have to go to bed, lmao.

#7 User is offline Afti 

Posted 25 October 2009 - 11:54 PM

  • ORIGINAL MACHINE
  • Posts: 3521
  • Joined: 08-August 08
  • Gender:Male
  • Wiki edits:336
Whole collection; you already stated you can't extract the ROM.

#8 User is offline MarzSyndrome 

Posted 25 October 2009 - 11:58 PM

  • Everything is going to the beat.
  • Posts: 455
  • Joined: 03-November 08
  • Gender:Male
  • Location:Yesterday.
Maybe I didn't word it right - the roms are in seperate files, just in encrypted form (with a *.kvq extension). Do you still want me to up the whole caboodle though?

#9 User is offline GerbilSoft 

Posted 25 October 2009 - 11:59 PM

  • RickRotate'd.
  • Posts: 2060
  • Joined: 11-January 03
  • Gender:Male
  • Location:USA
  • Project:Gens/GS
  • Wiki edits:158
9001
QUOTE (MarzSyndrome @ Oct 26 2009, 12:58 AM)
Maybe I didn't word it right - the roms are in seperate files, just in encrypted form (with a *.kvq extension). Do you still want me to up the whole caboodle though?

Yes, upload the whole thing. That way, we can run it and use a utility to extract data from memory, where it's uncompressed / deobfuscated.

#10 User is offline MarzSyndrome 

Posted 26 October 2009 - 12:14 AM

  • Everything is going to the beat.
  • Posts: 455
  • Joined: 03-November 08
  • Gender:Male
  • Location:Yesterday.
Okay, here ya go folks..... http://www.megaupload.com/?d=V3OZEVPP


Little note: This was installed through its InstallShield installer, and it usually has a "Uninst.isu" file, but I chose not to include it as I'm sure it won't really matter that much to you. If you're concerned about registry changes, the only one I believe the program adds is in "HKLM\Software\Sega\Sega Smash Pack".
This post has been edited by MarzSyndrome: 26 October 2009 - 12:15 AM

#11 User is offline GerbilSoft 

Posted 26 October 2009 - 12:24 AM

  • RickRotate'd.
  • Posts: 2060
  • Joined: 11-January 03
  • Gender:Male
  • Location:USA
  • Project:Gens/GS
  • Wiki edits:158
9001
Found the image in memory. Extracting...

EDIT: The MEMO section of the ROM header says "A0115 Sega Channel". Maybe this is a Sega Channel-specific ROM?

#12 User is offline MarzSyndrome 

Posted 26 October 2009 - 12:30 AM

  • Everything is going to the beat.
  • Posts: 455
  • Joined: 03-November 08
  • Gender:Male
  • Location:Yesterday.
Sega Channel hosting a beta game? Lulz.


It seems strange it crept into Smash Pack though, particularly as this was many years after the initial licensing struggle with the game that caused several revisions to pop up in the first place, and having played through it, not only is Spiderman present in his red and blue glory, but Batman as well.

#13 User is offline GerbilSoft 

Posted 26 October 2009 - 12:31 AM

  • RickRotate'd.
  • Posts: 2060
  • Joined: 11-January 03
  • Gender:Male
  • Location:USA
  • Project:Gens/GS
  • Wiki edits:158
9001
Here it is: http://www.soniccenter.org/gerbilsoft/shinobi_smashpack.zip

CRC32 is FA1B8AEB. (Doesn't seem to match any ROMs in GoodGen.)

For the record, the actual method I used to dump the ROM was loading Smash Pack in Wine with the GDB debugger. Once the ROM was loaded, I paused GDB with Ctrl-C and entered this command:

CODE
(gdb) dump binary memory dump.raw 0x00400000 0x01000000

This dumped all memory segments starting at 0x00400000 and ending at 0x01000000, totalling 12 MB. I then searched for the standard MD ROM header, and I found it. Extracting the ROM was relatively easy with a hex editor.

EDIT: The addresses I chose were partially guesswork. Windows binaries start at 0x00400000, and I picked 0x01000000 as the ending address because it seemed like a reasonable upper bound.
This post has been edited by GerbilSoft: 26 October 2009 - 12:43 AM

#14 User is offline evilhamwizard 

Posted 26 October 2009 - 12:41 AM

  • Posts: 1140
  • Joined: 16-June 04
  • Gender:Male
  • Wiki edits:109
Just FYI - there is no final boss. It'll load the area for a quick second, but then the screen will flash and go back to LEVEL1-1.

Neat stuff. I'd like to see you get more roms out of the collection Gerbil to see if any other game is possibly different. I have the other Sega Smash Packs as well, so if you need them - let me know.
This post has been edited by evilhamwizard: 26 October 2009 - 12:43 AM

#15 User is offline GerbilSoft 

Posted 26 October 2009 - 12:44 AM

  • RickRotate'd.
  • Posts: 2060
  • Joined: 11-January 03
  • Gender:Male
  • Location:USA
  • Project:Gens/GS
  • Wiki edits:158
9001
QUOTE (evilhamwizard @ Oct 26 2009, 01:41 AM)
Neat stuff. I'd like to see you get more roms out of the collection Gerbil to see if any other game is possibly different. I have the other Sega Smash Packs as well, so if you need them - let me know.

I'll take a look at them tomorrow.

EDIT: The ROM files are their original size, plus 8 bytes. It looks like it might be a simple 64-bit XOR obfuscation. I'll attempt to see if it can be decoded easily tomorrow, too.

EDIT 2: Maybe not XOR. Still, cracking the encryption can't be too difficult, since we have the ciphertext and the plaintext. Presumably, the key makes up those extra 8 bytes. Now all we need is the cipher.
This post has been edited by GerbilSoft: 26 October 2009 - 12:54 AM
Reason for edit: Encryption stuff.

  • 5 Pages +
  • 1
  • 2
  • 3
  • Last ►
    Locked
    Locked Forum

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users