ToToTEK.COM

[TheShadowRunner]

Hey All,
Thanks to the tool developped by Tomy, it is now possible to dump the Pro Fighter X series BIOS. [see HERE]
This thread is about hacking the Pro Fighter X Turbo BIOS.

HACKING

I currently see 3 enhancements that would make the BIOS better, IMHO.

1. At startup, remove the "piracy warning" and display the copier menu directly.
2. Make the default background color BLUE. (NO SCROLLING FLAGS!)
3. Never prompt for "Automatic Goldfinger code" after game has finished loading (=boot ALL games directly).

For 1 & 2, I will certainly need help as they require disassembling the BIOS and understanding 65816 code..
(not my cup of tea at all ^^)

If you DO understand 65816 code and it's a 2 minutes job for you, please by all means give it a try.
I will burn the chips to try altered code. ^^;

For 3 (disabling "Auto Goldfinger codes"), I believe it's just a matter of replacing all the ROM NAMEs in the BIOS by 00h.. easy as hell. (Offset 49152 to 54751)

The only way to test a hacked BIOS is by directly flashing it to a chip and then replace the chip physically in the copier, it won't boot as a ROM/Game from a disk in the copier (I learned the hard way )

FLASHING

From what I gathered, the following is needed:
- Willem EPROM Programmer
- Blank 27C512 EPROM chips

I found, on eBay:
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=190303009220
Is that EPROM Progammer OK for the job? (it's basically eBay's cheapest, able to burn 27C512's ^^)

As for the blank 27C512 chips, would that be fine?
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=260415097189
(I don't see why not, but i've no experience so maybe I'm missing something..?)

Any input is welcome! First I would need to know if the hardware i selected on ebay for burning the chips is suited for the work, as without it, no way to test!

Also, attached is the BIOS I dumped and rebuilt thanks to madman and Tomy, it has not been modified in any way.

Thanks for any help.
Later,

TSR
BTW: I do not plan to make a profit out of this in any way.
If a few person are interested, I see no problem sending them hacked BIOS chips as long as they pay for the blank EPROM and shipping, but we definitely aren't there yet ^^;

[madman]

I had problems w/the Willem, but many have had success with it. Worst case, you have problems and you can resell it on a forum. You'll also need a UV EPROM eraser. You need to erase EPROMs if you wish to write to them again. I haven't spent much time looking at the disassembled code. Once I found out that getting it to run on a emu would require a lot of work I kind of gave up since I don't have a PFX any longer.

[RGB_Gamer]

TheShadowRunner,


I have a Willem EPROM programmer that I got off of ebay, and got the 16-bit 42pin adaptor (so I could program chips like the 27c322 for a star ocean repro cart). It actually works pretty good for me and like madman says, it is hit or miss. I erase EPROM chips with a UV lamp. Just remember the Willem programmer is a parallel port programmer, so I'd suggest you know that your parallel port works, especially if you are using XP

I would definitely go with blank EPROM chips and keep the original from your Pro Fighter X (or whichever you have) stored safely as a backup. I am really excited to see how this progresses!

[TheShadowRunner]

[madman]

Not sure why you'd want OTP EPROMs...especially for something like this where it may take a few tries to get it right.

The code in the BIOS has to be 65816...that's what the SNES uses and everything you see on screen in the BIOS is running on the SNES. The parts we are interested in hacking is SNES code.

[TheShadowRunner]

Ah, I was thinking in terms of cost. ^^;
10 OTP EPROMs are 18US$ shipping included.

1 UV Eraser + 10 "rewrittable" EPROM on ebay (cheapest), is around 40US$ total.. more than twice the cost.

I would expect that 10 OTP EPROMs is enough for testing..

[madman]

Well if you don't know assembler or specifically 65816 asm, a disasm isn't going to do you any good. It will just show you opcodes that won't make any sense to you.

[kyuusaku]

You really should get an EEPROM or FlashROM, 10 tries is possibly enough, but it's a total waste of resources and money to throw out the bad ROMs.

And this definitely isn't a 2 minute job. 65816 isn't an easy processor to disassemble; unlike most CPU, the instruction data has different meanings depending on the internal state of the processor. Conventional (read: available) disassemblers have no idea about the internal state so they can easily misinterpret a large amount of code.

There are really two ways to go about this:

- If experienced with 65816, step through the code until you find the PFX condition that throws off emulators and bypass it. Then use a debugging emulator to locate annoyances and temporarily patch ROM until everything's right.

- Otherwise you have to do it blind and get lucky (I'd look for the intro subroutine, which points to the text strings and by finding the flag animation code which will be near code pointing to the character data viewable in a tile editor)