M
mathieulh
Enthusiast
- Joined
- Jun 17, 2020
- Messages
- 138
- Reaction score
- 251
- Location
- France
- Sep 17, 2020
- #1
This is the naomi multibios with a proper bootstrap (not the one from the HOTD2 beta used to bypass the HOLLY checksum)
This include both the naomi and naomi2 bioses which both have been tested on real hardware, they should fix the compatibility
issues introduced by the original multibios as well as fix the issue that caused many Atomiswave converts to not properly boot.
BIOSES are based on epr-21576h and epr-23605c for naomi 1 and 2 respectively.
As a reminder these are the tested available DIPSW configurations
Code:
DSW2DSW3DSW4OFFOFFOFFJapanONOFFOFFUSAOFFONOFFExportON ONOFFKoreaOFF OFFONAustralia
- Mathieulh
Attachments
Pa0l0ne
Student
- Joined
- Apr 16, 2016
- Messages
- 41
- Reaction score
- 59
- Location
- Italy
- Sep 17, 2020
- #2
Awesome!!! Thank you so much!
Mrhide
Legendary
- Joined
- Aug 17, 2016
- Messages
- 2,418
- Reaction score
- 4,136
- Location
- Montréal, Canada
- Sep 17, 2020
- #3
djsheep
Multi Boyz Overlord
Immortal
Multi Boyz
- Joined
- May 20, 2016
- Messages
- 8,002
- Reaction score
- 14,712
- Location
- Brisbane, Australia
- Sep 17, 2020
- #4
Awesome! Thanks.
rewrite
Multi Boyz Litigator
Immortal
Multi Boyz
- Joined
- Nov 9, 2015
- Messages
- 8,216
- Reaction score
- 7,861
- Location
- SoCal
- Sep 17, 2020
- #5
Fantastic! Thank you!
Kavas
Champion
- Joined
- Oct 7, 2018
- Messages
- 1,255
- Reaction score
- 1,882
- Location
- Florida, USA
- Sep 17, 2020
- #6
Just got my first Naomi setup up and running this week. Not even sure what Bios the seller included with the kit. Most games I tried worked but a few gave errors like CvS 2k Pro. Error 02 and some others were thrown up on screen. Haven't tried the Atomiswave games included yet.
I am guessing it's a good idea to reflash my bios with this one?
Pa0l0ne
Student
- Joined
- Apr 16, 2016
- Messages
- 41
- Reaction score
- 59
- Location
- Italy
- Sep 17, 2020
- #7
Kavas said:
Just got my first Naomi setup up and running this week. Not even sure what Bios the seller included with the kit. Most games I tried worked but a few gave errors like CvS 2k Pro. Error 02 and some others were thrown up on screen. Haven't tried the Atomiswave games included yet.
I am guessing it's a good idea to reflash my bios with this one?
Definitely have to do it! Just happy flashed and tested some random games
MetalliC
Champion
- Joined
- Nov 19, 2015
- Messages
- 1,326
- Reaction score
- 1,332
- Sep 17, 2020
- #8
@mathieulh does both of these was tested and works fine on real NAOMI 1/2 ? (I highly doubt it is)
Darksoft
Staff member
Immortal
- Joined
- Jun 12, 2015
- Messages
- 11,596
- Reaction score
- 17,165
- Location
- Poland
- Sep 17, 2020
- #9
Someone please confirm and test it.
EDIT: Oh I see now that @mathieulh said it was tested. Can someone else please provide some feedback? Any problematic games where this should be tested?
MetalliC
Champion
- Joined
- Nov 19, 2015
- Messages
- 1,326
- Reaction score
- 1,332
- Sep 17, 2020
- #10
Pa0l0ne said:
Just happy flashed and tested some random games
which one it was epr-21576h_multi.ic27_proper or epr-23605c_multi.ic27_proper ?
I'm mainly wondering does both of them happily pass HOLLY protection check
bobbydilley
Grand Master
- Joined
- Apr 29, 2018
- Messages
- 550
- Reaction score
- 599
- Location
- England
- Sep 17, 2020
- #11
> This include both the naomi and naomi2 bioses which both have been tested on real hardware.
Yes they both pass the check + boot (will have to wait for @mathieulh to reply, but I believe he basically brute forced the checksum by burning tonnes of EPROMs and trying them all out)
Edit: I was wrong, although this was the original plan. Turns out the checksum is weak and changing only a few bytes leaves it the same.
Last edited:
Darksoft
Staff member
Immortal
- Joined
- Jun 12, 2015
- Messages
- 11,596
- Reaction score
- 17,165
- Location
- Poland
- Sep 17, 2020
- #12
MetalliC
Champion
- Joined
- Nov 19, 2015
- Messages
- 1,326
- Reaction score
- 1,332
- Sep 17, 2020
- #13
bobbydilley said:
but I believe he basically brute forced the checksum by burning tonnes of EPROMs and trying them all out
he didn't bruteforced anything, but just 'reverted' 1st 1KB IPL back to original, so there left only 2(N1) and 4(N2) bytes patches which enable region switching, besides 2/4 bytes difference they are exact same as original N1/2 BIOSes, with no any attempts to somehow "compensate" checksum.
and that's why I'm wondering if/how it works
M
mathieulh
Enthusiast
- Joined
- Jun 17, 2020
- Messages
- 138
- Reaction score
- 251
- Location
- France
- Sep 17, 2020
- #14
MetalliC said:
Pa0l0ne said:
Just happy flashed and tested some random games
which one it was epr-21576h_multi.ic27_proper or epr-23605c_multi.ic27_proper ?
I'm mainly wondering does both of them happily pass HOLLY protection check
Both pass the HOLLY checksum and both have been tested. I indeed got very lucky and they passed on first try, otherwise I would have bruteforced them until I got a successful collision (sega uses the last 6 bytes as inverted bytes themselves to generate collisions), the algo is very weak anyway so the odds of success are pretty high.
Finally, I am not surprised it works, only 4 bytes were changed and the less changes you make, the more likely the original inverted bytes still match the expected checksum for whatever (very weak) algorithm NEC put in there.
As a sidenote, using the hotd2 beta bootstrap should be avoided, it does operations that mess with timings later on and causes issues. With how weak the algorithm is (you can expect one chance of collision out of every 5 attempts), I don't understand why nobody just wrote a custom bootstrap (a jump to an arbitrary address would do) and forged the inverted bytes via bruteforce.
Last edited:
MetalliC
Champion
- Joined
- Nov 19, 2015
- Messages
- 1,326
- Reaction score
- 1,332
- Sep 17, 2020
- #15
@mathieulh congrats then! you had really good luck.
and shame on me - when I've did these multi patches I haven't checked if it works "as is", but appended HOD2 proto IPL and released this multibios
add: even more interesting - when I tried to "compensate" checksum and flip other nearby bits (with original IPL) - it wont work, check was failed. so, yes, checksum algo is weak but still PITA
Last edited:
M
mathieulh
Enthusiast
- Joined
- Jun 17, 2020
- Messages
- 138
- Reaction score
- 251
- Location
- France
- Sep 17, 2020
- #16
MetalliC said:
@mathieulh congrats then! you had really good luck.
and shame on me - when I've did these multi patches I haven't checked if it works "as is", but appended HOD2 proto IPL and released this multibios
even more interesting - when I tried to "compensate" checksum and flip other nearby bits - it wont work, check was failed
The fact that it uses sega built in code makes it possible without too much hassle xD (Nice work on finding that out btw!).
Though technically we could also patch the 02 error with very little changes, I just think the jumper approach is cleaner, not to mention that if you netboot/cf/cdr you can just set byte 0x428 to 0xFF in your image to pass the region check.
Sp33dFr34k
Champion
- Joined
- Nov 8, 2015
- Messages
- 1,616
- Reaction score
- 1,378
- Location
- The Netherlands
- Sep 17, 2020
- #17
Awesome, so glad this fixes the issue with the AW conversions, nice work!
bobbydilley
Grand Master
- Joined
- Apr 29, 2018
- Messages
- 550
- Reaction score
- 599
- Location
- England
- Sep 17, 2020
- #18
MetalliC said:
bobbydilley said:
but I believe he basically brute forced the checksum by burning tonnes of EPROMs and trying them all out
he didn't bruteforced anything, but just 'reverted' 1st 1KB IPL back to original, so there left only 2(N1) and 4(N2) bytes patches which enable region switching, besides 2/4 bytes difference they are exact same as original N1/2 BIOSes, with no any attempts to somehow "compensate" checksum.and that's why I'm wondering if/how it works
Apologies - what I said above was the original strategy that wasn’t required due to the weak sum algorithm not changing with only a few bytes as you’ve both said above.
I’ve edited my message, thanks for explaining both.
MetalliC
Champion
- Joined
- Nov 19, 2015
- Messages
- 1,326
- Reaction score
- 1,332
- Sep 17, 2020
- #19
mathieulh said:
The fact that it uses sega built in code makes it possible without too much hassle xD (Nice work on finding that out btw!).
yes, this is handy.
actually this is leftover from dev.box BIOS, and it was supposed to be enabled in other way: code checking text in BIOS at 0x1FFD00 - COPYRIGHT (C) SEGA ENTERPRISES ... NAOMI BOOT ROM, and if its not the same as expected - will be enabled dev mode (dev BIOSes have there NAOMI DEVELOP text instead).
but its better not to touch that text, because games checking it too and may enable various debug stuff, some of them trying to communicate with host PC using SCSI, and hang because it doesn't exists in regular retail NAOMIs. so, better to patch the code directly.
skate323k137
Enlightened
- Joined
- Jul 23, 2015
- Messages
- 2,449
- Reaction score
- 2,901
- Location
- Michigan
- Sep 18, 2020
- #20
This is great! A good check would be Spawn on NAOMI, if I remember right it will crash at a splash screen if no credits are inserted (on the "old" multi bios)
Also on the "old" multi bios, a NAOMI 2 freeze will occur on replay mode of Initial D3 after gameplay if no buttons are pressed to skip it.
You must log in or register to reply here.