Jump to content
IGNORED

Is there a tool to decrypt a fully encrypted ROM?


ninsei

Recommended Posts

The encryption and obfuscation phases are documented now. You can use the OpenSSL library for the encryption and decryption and some own C code for dealing with obfuscation. But you need to invest some time in this. Usually the Lynx loader comes in 2 parts. The 1st chunk is 3 times 51 bytes and the 2nd 5 times 51 bytes.

Link to comment
Share on other sites

There is one extra byte in front of every chunk. So by adding 2 bytes you end up to 410 bytes. The missing 10 bytes were lost in sage's memory icon_wink.gif

The typical loader is really 410 bytes.

In front of the loader there is 64 bytes called a lnx header. It is to tell emulaters of what is in the ROM. This header is not in the real Lynx ROM at all.

 

The first byte tells you how many chunks to decrypt

FF = 1
FE = 2
FD = 3
FC = 4
FB = 5

 

So the binary starts with:
FD + 3 times 51 bytes
FB + 5 times 51 bytes
directory, 8 bytes per entry
files, rest of the cart

 

The number of encrypted chunks can be anything. The last byte of the last 51 byte chunk needs to be 0 to stop the decryption process.

Edited by karri
Link to comment
Share on other sites

Is there a way to tell if a ROM is using Epyx or BLL loader? If a ROM starts with the layout that Karri posted in post number 8 of this thread: Is that the Epyx layout? Assuming it is, I was unable to find an equivalent explanation of the BLL layout, other than a couple of fields of the dir entry section are XORed in BLL. But what about the layout of the loader section of BLL?

Link to comment
Share on other sites

yes. the easiest way is to check the default location for useful directory data. these are 512 and 410, depending on which type of epyx loader is used (there are several). in case of bll, the main directory contains only one entry, and a second directory with a slighly different format.

any homebrew can use any directory format it wants.

The bootrom only makes it necessary that the first 52 bytes of rom are correctly decryptable. what happens afterwards, depends what code you put inside there...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...