8 replies to this topic

[sage]

As this is useless for most people, I decided to release it as kind of a X-mas decoration. Useless, but nice to look at.

This script creates a new encoded header including checksumming for a 256kb ROM.
Thus automating the process of encoding which is described elsewhere.
As are the sourcecodes for the programs.
The encodes stage 2 you can just copy of any of the newer commerical ROMs.
The stage 1 source you would have to decode and reassemble from any of the newer commerical ROMs.

#!/bin/bash
echo "Add a loader to a 256kb ROM (well 1024bytes/block)"
echo "Process $1, get dir entries"
buildchk $1 256
echo "now romdir.i and checkstring.src have been created"
echo "next assmble new stage1 using loader_stage1.asm"
lyxass -d -o "$1.stage1_plain" loader_stage1.asm
lynxenc "$1.stage1_plain" "$1.stage1_enc"
OUT="$1_mod.lyx"
echo "Copy Image file to new name... $OUT"
cp  "$1" $OUT
## Now write the stage 1 part (which depend on file dir)
SIZE1=154
dd if="$1.stage1_enc"  of="$OUT" bs=1 count=$SIZE1 conv=notrunc
## Now write the stage 2 part
SIZE2=256
dd if="loader.stage2_256k_enc"  of="$OUT" bs=1 count=$SIZE2 conv=notrunc seek=$SIZE1
OUT2="_$(basename "$OUT")"
echo "Now make a lnx... $OUT"
mv $OUT "$OUT2"
make_lnx "$OUT2" -b0 256k
echo "Finished"

[ThomH]

Dumb question, probably, but supposing someone wanted to set themselves up with a BLL development environment based on this script...

• lyxass is the assembler provided with BLL and for which the source code is available from your site (from where people will presumably want to fetch the related libraries too)
  
• make_lnx comes from Handy and is available as source from github
  
• the only lynxenc I can find seems to be for 68000 machines only?
  
• buildchk seems to be for Amigas only?

I'm assuming I'm wrong on at least the final two bullet points — would it be possible to expand on the tools this script calls?

[sage]

1) BLL is not needed, just one assembler for the 6502 code, lyxass ist just what i am used to ... well eh and a dissassmbler to get the code of a module
2) yes
3) https://bitbucket.or...rc/58e88930582a
4) no idea where the source came from, it just popped up somewhere (how about  google for buildchk epyx)?

Edited by sage, Tue Dec 27, 2011 11:31 AM.

[ThomH]

I'm a huge fan of BLL and am actually quite happy you posted, since I spent quite a few hours the other day trying and failing to locate the source code — just following the link in your signature got me there instantly!

The final link I found is to an Amiga-related archive that Google pointed me to, but expands to a whole bunch of stuff including a buildchk.c that starts with:

/* *** buildchk.c ***********************************************************
*
* Build the Security code  --  Handy ROM security code builder
*
* Copyright (C) 1989, Epyx, Inc.
* All Rights Reserved
*
* CONFIDENTIAL and PROPRIETARY
*
* HISTORY	  NAME			 DESCRIPTION
* -----------  ---------------   --------------------------------------------
* 5 Apr 1990   Stephen Landrum  Created this file.
*
* *********************************************************************** */

Is that the one? If so then it's quite possibly now free and legal to distribute per Hasbro's release of Lynx development tools into the public domain?

[sage]

looks so

[sage]

Let me  just point out, that actually the only use for teh encrypted header is, that it contains a checksum for the whole ROM.
If you dont want the checksum, you can simple use the hacked loader, which can just be copied in front of the ROM.

[LX.NET]

I am currently working out the entire boot process of the Lynx and the decryption process in it. After that I will investigate and document the cartridge header types, encryption options. I'll post an annotated boot rom later tonight.
Just a few comments on the stuff mentioned:
buildchk is (originally) from the Lynx encryption zip-archive (http://cgexpo.com/encrypt/lynx.htm). I guess it was part of the Handy development kit. At least some of the things that the doit batch file uses (asm and asmstrip) are also included in the dev kit. The encryption archive contains all source code for the encryption of headers (the Epyx way). Wookie did a great set of wiki posts on that (http://www.classicga...Lynx_Encryption) earlier.

buildchk does the following:

• a check on the first and second directory entries (whether they exist)
  
• writes out a romdir.i include file with variables for the dir entries
  
• computes a hash (I still have to look into the specifics of the algorithm)
  
• writes hash value to checkstring.src

For completeness sake the whole process of encryption performed by "doit" is like this, supposing you start out with a bare ROM file that has the correct directory entries at top and two obligatory files for startup sprite (load screen) and first program to run.

• Creates an include file romsize.i that has a variable for the current ROM's size
  
• Runs buildchk (creates checkstring.src and romdir.i)
  
• Compiles assembler code for boot.src (references all created files)
  
• Cuts compiled boot loader in two frames and strip headers (asmstrip does this)
  
• Premodifies (obfuscate by accumulation trick) the two frames
  
• Encrypts individual blocks inside two frames
  
• Postmodifies each frame (reversing bytes per block)
  
• Creates final ROM image by appending first two encrypted loader frames and the original ROM image you started with

That's it. I do not know exactly how the BLL loader does things (as described by sage), but the Lynx boot rom always does a decrypt of the first two header frames and then runs the decrypted code (that gets stored at $0200). The code is a checksummed version of boot.src. You can read what it does there.

I know this should have some picture, but hold on and I'll have them ready in notime.

[EricDeLee]

sage, on Tue Dec 27, 2011 2:07 PM, said:

Let me  just point out, that actually the only use for teh encrypted header is, that it contains a checksum for the whole ROM.
If you dont want the checksum, you can simple use the hacked loader, which can just be copied in front of the ROM.

Hacked loader?  Where is that at?

[sage]

LX.NET, on Tue Dec 27, 2011 5:19 PM, said:

I am currently working out the entire boot process of the Lynx and the decryption process in it. After that I will investigate and document the cartridge header types, encryption options. I'll post an annotated boot rom later tonight.

have you seen my post about the loader/header types?

LX.NET, on Tue Dec 27, 2011 5:19 PM, said:

Just a few comments on the stuff mentioned:
<<<stuff removed >>>
Creates final ROM image by appending first two encrypted loader frames and the original ROM image you started with

What do  oyu thing the script is doing?

LX.NET, on Tue Dec 27, 2011 5:19 PM, said:

That's it. I do not know exactly how the BLL loader does things (as described by sage), but the Lynx boot rom always does a decrypt of the first two header frames and then runs the decrypted code (that gets stored at $0200). The code is a checksummed version of boot.src. You can read what it does there.

Nobody talks about the BLL gautlet loader here.

EricDeLee, on Tue Dec 27, 2011 8:35 PM, said:

Hacked loader?  Where is that at?

This is the loader which lynxdir uses.
Its an epyx loader where the checksumming is disabled and where the adress for the binary and title picture are read from the directory and NOT stored in the encryoted part. Just a few lines of fixes...