Ive been messing around, on and off, with decrypting these a while now. Basically I wanted the ROM’s as standard as I could get. No mini menu and no other hidden changes. I also wanted to keep the board region the same and there are some blanks in the Phoenix sets created by Razoola.

Using MAME to save the DASM from a non decrypted set I then made a program to convert that DASM back into binary format.
Once I had this I then added some extra functionality to my program to compare 2 different regions of the same ROM set. Where the data matched on both ROM’s is the unencrypted data and when this happened I replaced the data in my first binary file with the unencrypted data from this comparison.

At this point I know have an unencrypted, unmolested ROM (almost).
There are a couple of points in the original ROM’s which match but are in fact encrypted. I will cover these later on.

As per instructions from Razoola himself at the CPS2Shock website. The ROM must now be patched so all read/writes to the region 0x400000 – 0x40000a are changed to 0xFFFFF0 – 0xFFFFFA. The self test routines must also be patched not to clear this region. Both are pretty easy to do using the MAME debugger to find the areas.

My first conversion was for the Japan version of 1944. When I got to this point and tested in an emulator, I received this message

If 1944 this area is different depending on the region so my simple program treated it as encrypted data resulting in it reading the region code from an incorrect address.
This area is located at address $C2. if the word is set to #$0000 this is the Japan region code. I think #$0002 is for USA but not sure what others are.
I don’t think this region setting affects game play but it does change the language used, especially in the test menus.
As I wanted to keep this as standard as possible I chose to keep the menu in Japanese.

One other thing is that the ROM tests in the test menu will fail. This is caused by invalidating the checksum when patching the ROM. I have also changed the checksum number accordingly to comply with the actual checksum calculated and now the tests pass. The checksum data is held at address $D0. The two address following this in 1944 are also checksum values for the other 2 ROM’s.

There were a couple more instances of my data being wrong and causing crashes but they were soon found by comparing against the genuine game.
Ive tested my ROM on the real hardware and it works just fine from start to finish

Myself and my mate StiGGy were wanting another SD2IEC device for a couple of reasons. The other one I have was made by SirMorris and is still going strong but didn’t want to bother him with making a couple more so I asked him if I could have his original schematics which he very kindly supplied.
The result is 4 shiny new boards straight from China. I originally ordered 2 but for some reason they always seem to double up my order but I’m not complaining.

Ive got most of the parts on order but Farnell don’t seem to have the SD slots available that aren’t on US stock order (and extra £15) so ill look else where for those.