[flarn2006]

I'm sure a lot of people here know how TMSS worked, or at least was intended to work. You can read about it on Wikipedia, but as a tl;dr: Basically it was a mechanism on the Genesis that refused to load games unless it contained the word "SEGA" at a specific location in the ROM, in which case it would also display a message that it was licensed by Sega. Their goal was that if this mechanism was reverse engineered (which they expected would happen) and a company made unlicensed cartridges, they could take them to court for allegedly violating their trademark. This did end up happening with a company called Accolade, but (thankfully) the court ruled that they were abusing the trademark system and Accolade was not in violation.

In the section of the article about the lawsuit though, it says:

Quote

Accolade's case was further hurt by a presentation by a Sega engineer named Takeshi Nagashima, who showed two Sega game cartridges that were able to run on the Genesis III without the trademark-displaying TMSS, and offered them to Accolade's defense team but would not reveal how that was possible.

My question is how was that possible? Sega may not have revealed it, but they haven't revealed much if anything about the internal workings of the system's games, and look where we are now. Does anyone here know? My guess is that they had anticipated someone using this defense, so they also programmed in a secret string that could be inserted in the ROM in place of SEGA (AGES is what initially came to mind as a possibility) to load the game without the warning. Hell, I wouldn't be surprised if Accolade reverse engineered it themselves and figured it out, considering they were offered the cartridges and they obviously had the means to dump them.

Another question: if they had previously made systems without TMSS, how did games made before TMSS load on the Genesis III? I'm assuming it didn't use a whitelist of approved hashes, because I imagine that would take too long on the Genesis' hardware.

[MarkeyJester]

According to the TMSS software, there are no alternate strings available, except for "SEGA" and " SEGA", so I think it's safe to say that a "secret string" is not the answer.

However, there is a switch that's set by the TMSS (bit 0 of A14101) which switches between the TMSS ROM and the actual cartridge ROM (0 for TMSS, 1 for catridge). The TMSS copies it's string checking software into RAM, and jumps the 68k CPU to process it there, this allows the switch to be set, and directed to the cartridge, so it can have its string checks to ensure the word "SEGA" or " SEGA" is in fact in the header. If it fails to find that string, the switch will be cleared, and sent back to the TMSS ROM.

The reset button of the Mega Drive does not appear to change this switch at any point (it may go into explaining why the TMSS screen does not display after pressing reset, midway through a game). It might be a possibility that a game cartridge's hardware, is able to "force" a reset timed at a specific moment during the string check (after it switched to cartridge, but before it switched back), thus causing the console to be reset, but directed to the cartridge instead of the TMSS. Therefore, skipping the checks/screen entirely. But what you'd be looking at here is hardware specific. I can't see any way around it via software alone.

I don't know what the SEGA engineer did, or those other games that managed to skip the screen. This is... just speculation, a theory on my part. I mean, what do I know?

EDIT: For reference, here's a disassembly of the TMSS code.

This post has been edited by MarkeyJester: 07 June 2015 - 06:52 AM

[GerbilSoft]

This happens if you use the "trick" for 8 MB addressing. Basically, leave the /CART_IN line floating instead of grounding it. Some additional changes need to be made for chip addressing, since this moves the carteidge to $400000. Doing this disables the TMSS ROM entirely. This is also why TMSS doesn't show up when using Sega CD.

Note that this won't work if a Sega CD is connected.

This post has been edited by GerbilSoft: 07 June 2015 - 09:43 PM