Jump to content
IGNORED

The new Atari 2600+ Hacked?


WhyLee commotari.club

Recommended Posts

17 minutes ago, Thomas Jentzsch said:

What makes you think so?

because it doesn't add up :)

 

26 minutes ago, Thomas Jentzsch said:

The dumper will most likely return random values anyway

I don't agree with the random values bit of hot spots but that' doens't matter the dumper transmits the dump that it read, creates some crc and transmits that in the end of rom dump part. Also dumping the same cart multiple times with or without power cycle returns the same dump and crc

 

When I change that crc value of a dumped rom, it won't be accepted. The dump only gets accepted when it has the same value as when it was dumped.

 

Link to comment
Share on other sites

2 hours ago, NinjaWarrior said:

Then why most games won't work on it

I'm getting confused, is it buildroot or Stella?

 

Anyhow, why doesn't the Genesis Controller don't work, But the SMS Controller does?

The main Firmware it runs is Linux(Buildroot) and run inside it Stella the Emulator when it dumps a cart, Stella is not the firmware.
Maybe the SMS controller works cause it dose not have a chip(IC) inside it, AFAIK the Mega Drive Control Pad does, because it has extra buttons B,C and Start, the Atari Joysticks do not have a chip in them too so it thinks the SMS Control Pad is a Atari joystick, I think Quick Joy Joysticks will work too, just make sure they have no chip in them like for turbo fire and that.
One of the MCU is acting like a USB IC that would be in a joystick(like in THEC64 Joystick GH001 USB IC) if it had USB ports on the Atari2600+ the USB IC would be in the joystick so the joystick you use or try has to be compatible with it and have a direct connection to it to work so to the joysticks UP, Down, Left, Right and Fire in the MCU IC so it works the same way as THEC64 Joystick works so its USB IC on its board connects straight to Up, Down, Left, Right and Fire.

It works the same as if you added a DB9 port on to THEC64 Joystick, thats what they have done on the Atari2600+ basically.

Edited by Spanner
Link to comment
Share on other sites

1 hour ago, Blinky said:

because it doesn't add up :)

Have you tried with different initial values? 

1 hour ago, Blinky said:

I don't agree with the random values bit of hot spots but that' doens't matter the dumper transmits the dump that it read, creates some crc and transmits that in the end of rom dump part. Also dumping the same cart multiple times with or without power cycle returns the same dump and crc

Interesting. Are you testing bankswitched carts like F8?

1 hour ago, Blinky said:

When I change that crc value of a dumped rom, it won't be accepted. The dump only gets accepted when it has the same value as when it was dumped.

Hm, what could that be useful for? Is the cart maybe dumped twice?

Edited by Thomas Jentzsch
Link to comment
Share on other sites

9 minutes ago, Thomas Jentzsch said:

Have you tried with different initial values?

Yes, I've also included the 5 byte header but didn't find any similarities (yet).

 

I've modded my 2600+ now so I can stream the dumped roms but I need to figure out the crc now so I can load other roms too :)

 

15 minutes ago, Thomas Jentzsch said:

Are you testing bankswitched carts like F8?

Yes tested a few.

 

18 minutes ago, Thomas Jentzsch said:

what could that be useful for?

integrity check. Just to make sure the dump is received correctly over the serial link. The dumper only sends the dump once after the dumper has done all it's magic internally.

 

  • Like 1
Link to comment
Share on other sites

On 11/23/2023 at 9:10 PM, karri said:

The easiest way might be to ask for it. But this may be difficult as the credentials are the same for all units. You do not want hackers to install their own stuff on machines. I would not share it.

 

The chip has a mask rom booting capability. You can just write your own firmware from scratch and install it :) . Or wait until they have a good enough firmware that allows us to run homebrews on the 2600+.

PLAION(Koch Media, Ben Jones) didn't mind the Capcom Home Arcade been hacked with CHOKO..

Its posted on there reddit(some of the stuff was add to its firmware too like a mode that turns the CHA into 2 PC Joysticks so you can use it with Mame or a game on the PC) I never new what a CHA was untill the hack came out, my friend worked on it and I will only be puting on it Atari stuff so no Retroarch, anyway it would not work, it does not enough ram, the Atari 800 Emulator would, we will see once I get in... :)

Edited by Spanner
Link to comment
Share on other sites

256 download attemts is a long time. Would be cool if we can crack it. sofar I got two 4k and 16K rom pairs that produce the same crc (but have totally different regular checksums)

 

Figured out the last two bytes (rom type) are not included in the crc calculation and the rom seems to load fine if these two bytes have random values.

Link to comment
Share on other sites

4 hours ago, karri said:

Sounds so much like a XOR...

But then swapping bits or nibbles should change the result.

 

Maybe there is a parity bit calculated per page (256 bytes) or bank (4096 bytes). And these are then combined to form a checksum byte.

Edited by Thomas Jentzsch
  • Thanks 1
Link to comment
Share on other sites

41 minutes ago, Blinky said:

It's definitely parity related as the rom still passes when setting or clearing an even number of bits.

So you could xor the bytes over the range and finally reduce the last byte to a bit to see if it is even or odd.

Link to comment
Share on other sites

3 hours ago, kelvinator3300 said:

since this thing will play old carts (or am i wrong about that?) it seems like the crc would be documented somewhere already...from the original 40+ year old system/carts. there's no way someone never cracked that.

The carts are not check-summing.

  • Like 1
Link to comment
Share on other sites

5 hours ago, kelvinator3300 said:

since this thing will play old carts (or am i wrong about that?) it seems like the crc would be documented somewhere already...from the original 40+ year old system/carts. there's no way someone never cracked that.

There was a hash for 7800 NTSC carts and an encryption with obfuscation for the Lynx carts. This was to prevent creation of unauthorized carts. These keys are known today.

 

The check sum is just for checking that the transmission from the dumper to the CPU is correct. But there is dozens of ways to calculate it. We have an idea how it works but the small details are not known.

Link to comment
Share on other sites

On 12/10/2023 at 10:57 AM, karri said:

There was a hash for 7800 NTSC carts and an encryption with obfuscation for the Lynx carts. This was to prevent creation of unauthorized carts. These keys are known today.

 

I guess this was also needed to distiguish if it is a 2600 or 7800 cartridge. Before starting a 2600 cartridge they had to shut down other hardware in the 7800 to stay compatible. Chip select logic for example.

Link to comment
Share on other sites

47 minutes ago, WhyLee commotari.club said:

I guess this was also needed to distiguish if it is a 2600 or 7800 cartridge. Before starting a 2600 cartridge they had to shut down other hardware in the 7800 to stay compatible. Chip select logic for example.

The PAL version of the 7800 does not have this. Perhaps there was some technical reason I am unaware about. The only reason I could see was to prevent unauthorized developers to access Maria. (the 7800 graphics chip)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...