sage Posted December 26, 2011 Share Posted December 26, 2011 As this is useless for most people, I decided to release it as kind of a X-mas decoration. Useless, but nice to look at. This script creates a new encoded header including checksumming for a 256kb ROM. Thus automating the process of encoding which is described elsewhere. As are the sourcecodes for the programs. The encodes stage 2 you can just copy of any of the newer commerical ROMs. The stage 1 source you would have to decode and reassemble from any of the newer commerical ROMs. #!/bin/bash echo "Add a loader to a 256kb ROM (well 1024bytes/block)" echo "Process $1, get dir entries" buildchk $1 256 echo "now romdir.i and checkstring.src have been created" echo "next assmble new stage1 using loader_stage1.asm" lyxass -d -o "$1.stage1_plain" loader_stage1.asm lynxenc "$1.stage1_plain" "$1.stage1_enc" OUT="$1_mod.lyx" echo "Copy Image file to new name... $OUT" cp "$1" $OUT ## Now write the stage 1 part (which depend on file dir) SIZE1=154 dd if="$1.stage1_enc" of="$OUT" bs=1 count=$SIZE1 conv=notrunc ## Now write the stage 2 part SIZE2=256 dd if="loader.stage2_256k_enc" of="$OUT" bs=1 count=$SIZE2 conv=notrunc seek=$SIZE1 OUT2="_$(basename "$OUT")" echo "Now make a lnx... $OUT" mv $OUT "$OUT2" make_lnx "$OUT2" -b0 256k echo "Finished" Quote Link to comment Share on other sites More sharing options...
ThomH Posted December 27, 2011 Share Posted December 27, 2011 Dumb question, probably, but supposing someone wanted to set themselves up with a BLL development environment based on this script... lyxass is the assembler provided with BLL and for which the source code is available from your site (from where people will presumably want to fetch the related libraries too) make_lnx comes from Handy and is available as source from github the only lynxenc I can find seems to be for 68000 machines only? buildchk seems to be for Amigas only? I'm assuming I'm wrong on at least the final two bullet points — would it be possible to expand on the tools this script calls? Quote Link to comment Share on other sites More sharing options...
sage Posted December 27, 2011 Author Share Posted December 27, 2011 (edited) 1) BLL is not needed, just one assembler for the 6502 code, lyxass ist just what i am used to ... well eh and a dissassmbler to get the code of a module 2) yes 3) https://bitbucket.or...rc/58e88930582a 4) no idea where the source came from, it just popped up somewhere (how about google for buildchk epyx)? Edited December 27, 2011 by sage Quote Link to comment Share on other sites More sharing options...
ThomH Posted December 27, 2011 Share Posted December 27, 2011 I'm a huge fan of BLL and am actually quite happy you posted, since I spent quite a few hours the other day trying and failing to locate the source code — just following the link in your signature got me there instantly! The final link I found is to an Amiga-related archive that Google pointed me to, but expands to a whole bunch of stuff including a buildchk.c that starts with: /* *** buildchk.c *********************************************************** * * Build the Security code -- Handy ROM security code builder * * Copyright (C) 1989, Epyx, Inc. * All Rights Reserved * * CONFIDENTIAL and PROPRIETARY * * HISTORY NAME DESCRIPTION * ----------- --------------- -------------------------------------------- * 5 Apr 1990 Stephen Landrum Created this file. * * *********************************************************************** */ Is that the one? If so then it's quite possibly now free and legal to distribute per Hasbro's release of Lynx development tools into the public domain? Quote Link to comment Share on other sites More sharing options...
sage Posted December 27, 2011 Author Share Posted December 27, 2011 looks so Quote Link to comment Share on other sites More sharing options...
sage Posted December 27, 2011 Author Share Posted December 27, 2011 Let me just point out, that actually the only use for teh encrypted header is, that it contains a checksum for the whole ROM. If you dont want the checksum, you can simple use the hacked loader, which can just be copied in front of the ROM. Quote Link to comment Share on other sites More sharing options...
LX.NET Posted December 27, 2011 Share Posted December 27, 2011 I am currently working out the entire boot process of the Lynx and the decryption process in it. After that I will investigate and document the cartridge header types, encryption options. I'll post an annotated boot rom later tonight. Just a few comments on the stuff mentioned: buildchk is (originally) from the Lynx encryption zip-archive (http://cgexpo.com/encrypt/lynx.htm). I guess it was part of the Handy development kit. At least some of the things that the doit batch file uses (asm and asmstrip) are also included in the dev kit. The encryption archive contains all source code for the encryption of headers (the Epyx way). Wookie did a great set of wiki posts on that (http://www.classicgamedev.com/Blog:Hacking_Classics/Lynx_Encryption) earlier. buildchk does the following: a check on the first and second directory entries (whether they exist) writes out a romdir.i include file with variables for the dir entries computes a hash (I still have to look into the specifics of the algorithm) writes hash value to checkstring.src For completeness sake the whole process of encryption performed by "doit" is like this, supposing you start out with a bare ROM file that has the correct directory entries at top and two obligatory files for startup sprite (load screen) and first program to run. Creates an include file romsize.i that has a variable for the current ROM's size Runs buildchk (creates checkstring.src and romdir.i) Compiles assembler code for boot.src (references all created files) Cuts compiled boot loader in two frames and strip headers (asmstrip does this) Premodifies (obfuscate by accumulation trick) the two frames Encrypts individual blocks inside two frames Postmodifies each frame (reversing bytes per block) Creates final ROM image by appending first two encrypted loader frames and the original ROM image you started with That's it. I do not know exactly how the BLL loader does things (as described by sage), but the Lynx boot rom always does a decrypt of the first two header frames and then runs the decrypted code (that gets stored at $0200). The code is a checksummed version of boot.src. You can read what it does there. I know this should have some picture, but hold on and I'll have them ready in notime. Quote Link to comment Share on other sites More sharing options...
EricDeLee Posted December 28, 2011 Share Posted December 28, 2011 Let me just point out, that actually the only use for teh encrypted header is, that it contains a checksum for the whole ROM. If you dont want the checksum, you can simple use the hacked loader, which can just be copied in front of the ROM. Hacked loader? Where is that at? Quote Link to comment Share on other sites More sharing options...
sage Posted December 28, 2011 Author Share Posted December 28, 2011 I am currently working out the entire boot process of the Lynx and the decryption process in it. After that I will investigate and document the cartridge header types, encryption options. I'll post an annotated boot rom later tonight. have you seen my post about the loader/header types? Just a few comments on the stuff mentioned: <<<stuff removed >>> Creates final ROM image by appending first two encrypted loader frames and the original ROM image you started with What do oyu thing the script is doing? That's it. I do not know exactly how the BLL loader does things (as described by sage), but the Lynx boot rom always does a decrypt of the first two header frames and then runs the decrypted code (that gets stored at $0200). The code is a checksummed version of boot.src. You can read what it does there. Nobody talks about the BLL gautlet loader here. Hacked loader? Where is that at? This is the loader which lynxdir uses. Its an epyx loader where the checksumming is disabled and where the adress for the binary and title picture are read from the directory and NOT stored in the encryoted part. Just a few lines of fixes... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.