PDA

View Full Version : Hacking the Game Elf



VanillaThunder
07-03-2014, 12:02 AM
I picked up a game elf at Tmg last weekend. I've always been a bit curious about it and since it was cheap, I decided to take the plunge.

First thing I noticed was that it runs off of an SD card and appears to be running a highly customized Linux backend.

Being technically proficient in the area, I began working on figuring out exactly how this thing works. I dismounted the SD and imaged it.

Mounting it in a windows machine will give you nothing. There isn't a valid windows partition on it.

Performing some advanced analysis on it began to give me some results. Searching for hex code 55 aa is always a good place to start....


Well, it looks hack able. There is an old file system/partition that wasn't properly scrubbed from the card and there is plenty of file structure in unallocated space. I'll be reconstructing the content tomorrow via file carving and partition/FS rebuild. I can tell you that the partition is a Fat16 volume and has several gzips present.

It presents as a 50m volume initially which we know isn't correct. Without giving too much away, I think I've got that clocked as well. With any luck, I'll be able to get this thing fully mapped out and booting else shortly.

Tyranix95
07-03-2014, 01:18 AM
Plz make it run Capcom and Neo roms. :D

Xian Xi
07-03-2014, 06:06 AM
Oh shit, I'd love to hack mine and put games I actually want on it. If you figure out how to get a better CPU in there or overclock let me know.

kruuth
07-03-2014, 07:44 AM
I posted a thread on hacking these. CPU upgrades aren't optional but you can add games. Hopefully someone will get into hacking the IO a little more.

Lemony Vengeance
07-03-2014, 09:14 AM
normally when I see the word "HACK" I scoff.


When I see it coming from VT, I KNOW it's legit. Good luck brotha!

shadowkn55
07-03-2014, 09:23 AM
normally when I see the word "HACK" I scoff.


Yeah, me too.

http://www.neo-geo.com/forums/showthread.php?241993-FS-360-ps3-dreamcast-padhacking-and-Console-gt-Jamma-boxes-upon-request!&highlight=

wataru330
07-03-2014, 09:23 AM
I should let you look @ my PGM3. Would be sick to load ALL PGM family games on the SD card-if that's even possible.

I have an ELF too...keep us posted! ^_^

Lemony Vengeance
07-03-2014, 09:25 AM
Yeah, me too.

http://www.neo-geo.com/forums/showthread.php?241993-FS-360-ps3-dreamcast-padhacking-and-Console-gt-Jamma-boxes-upon-request!&highlight=

Hey, I didn't invent the terminology for what I do. I'm physically modifying HW. Software HACKING is what I was talking about above, and VT can do it.

Jonmkl
07-08-2014, 04:48 AM
This is relevant to my interests.

Would love to see a Jamma multicart that is customizable and doesn't completely suck.
Anyone know, are the elf and the other similar boards, like another pandora's box, pretty much the same internally?

Adderall
07-08-2014, 06:16 AM
don't you dare ruin an original game elf to do your witch trickery!

MtothaJ
07-24-2014, 02:26 AM
I have one of those also, and find the whole experience strangely dissatisfying. Its not like your getting a bad deal with the amount of games available but bar the most simple stuff most games seem to have one issue or another - Final Fight and Ghouls 'n' Ghosts suffer from dodgy visuals when the screen is scrolling, System 16 titles are totally unplayable, the later Capcom and Neo Geo stuff is riddled with slowdown etc. Guess it would be cool to be able to put your own games on it and effectively its still a good value proposition for a cab but the hardware doesn’t seem man enough. Going to see if I can swap mine for a few MVS carts.

GutsDozer
07-24-2014, 08:32 AM
Crazy I had no idea it was using Linux. GL VT I'm sure you can do it.

VanillaThunder
07-27-2014, 08:16 PM
normally when I see the word "HACK" I scoff.


When I see it coming from VT, I KNOW it's legit. Good luck brotha!

Much progress has been made. ;)

I'll be posting some info later and yes, you'll be able to do some pretty rad stuff with it.

Another member generous "donated" one in the sense that it's on loan so I have two to work from (and compare)

This is one of the most interesting (both foolishly put together and clever, depending on your way of thinking) things that you will get to play with.

wataru330
07-27-2014, 08:41 PM
I've got my popcorn ready. This is gonna get good!

Kid Panda
07-27-2014, 08:41 PM
VT will blow it wide open and game elfs will sell for 1,000 usd on feebay :lolz:

VanillaThunder
07-27-2014, 08:48 PM
VT will blow it wide open and game elfs will sell for 1,000 usd on feebay :lolz:

Heh... not quite.

Interesting thing to note... you can mess with the monitor refresh and settings via the SD.

FOR EXAMPLE: Edit the refresh settings on one card, take it to another board and it'll work just fine. ;)

Some other nuggets I'll "let out"

1. All cards work across boards. If you can find the image of one, it will port directly over to another. You could potentially maintain multiple SD cards with different game loads and swap on demand.

2. There was not a whole lot of mame/xmame optimization done for the games. If you knew what you were looking at (heh) you could make the games run better.

3. The chinese pirates were worried other people were going to pirate their work, so they worked up a pretty laughably pathetic system to prevent messing with it. It took an extra 5 minutes to beat. lol


...more to come...

trenog
07-27-2014, 08:50 PM
VT will blow it wide open and game elfs will sell for 1,000 usd on feebay :lolz:

VTSoft Unlocking Tool ;)

wataru330
07-27-2014, 08:55 PM
Shootie games, running as good as on Shumpmame-I guy can dream, eh?

VanillaThunder
07-28-2014, 08:43 AM
Right now, I'm working on successfully duplicating the cards in an easily repeatable manner.

With that, I'll remove the infringing (roms) bit and make it easy for someone to load it up with stuff.

Kid Panda
07-28-2014, 08:52 AM
Right now, I'm working on successfully duplicating the cards in an easily repeatable manner.

With that, I'll remove the infringing (roms) bit and make it easy for someone to load it up with stuff.

So I'm assuming whatever "encryption" they used is all on the card then? No chips on the board that might be a security key? I find it ironic that some Chinese developer is trying to keep his work under lock and key :)

ChiefofSB
07-28-2014, 10:13 AM
Just bought one of these things a few weeks ago, can't wait to see what else you come up with.

cdamm
07-28-2014, 10:31 AM
Right now, I'm working on successfully duplicating the cards in an easily repeatable manner.

With that, I'll remove the infringing (roms) bit and make it easy for someone to load it up with stuff.

http://31.media.tumblr.com/bd426ed8849ca171c70093023181f0ab/tumblr_mzesqsVlDo1t3904qo1_500.gif

Lemony Vengeance
07-28-2014, 10:59 AM
http://31.media.tumblr.com/bd426ed8849ca171c70093023181f0ab/tumblr_mzesqsVlDo1t3904qo1_500.gif

Awww yisssss!

Seriously, which one should I buy?

bytestorm
07-29-2014, 11:18 PM
Ill second that.. wich one should we get ;) ? This could be cool.

Hitokiri
07-30-2014, 08:08 AM
I have one of those, I was thinking of selling it.
I'll keep it around for a while I guess ;)

VanillaThunder
07-31-2014, 10:41 AM
I'll be posting an update on this very shortly.

mr_b
07-31-2014, 11:18 AM
Sweet. Looking forward to your post.

ChiefofSB
07-31-2014, 11:27 AM
Nice, can't wait.

VanillaThunder
07-31-2014, 12:07 PM
There is a bit of "copy protection" being done on the media. (if you want to call it that)

I have it on my bench/lab and I'm basically walking through the process. I don't think it will be very difficult to break and I should be able to recreate it in a way for others to copy/alter the disk.

I'm almost 100% sure on how they're accomplishing it and I'm showing some positive results.

Nothing exciting, yet.

Vladi
08-04-2014, 12:23 AM
deam this sweet can't wait

werejag
08-04-2014, 12:49 AM
its a flood of new nicks posting all over

VanillaThunder
08-05-2014, 10:12 PM
The game elf (500) has an issue with the controls.

Typically, this is solved by grounding the buttons differently or bridging a couple of connectors on the JAMMA interface.

This is a software issue, not a hardware one. Yes, the fix works.. but it will soon become unnecessary.

The 400-in-1 vertical board does not suffer from the issue and if you swap cards with a 500 board, it works just fine.

The issue is with the OS build and software implementation. Yes, I'm working to remedy this right now.

Just another nugget I thought you'd all like to see.

werejag
08-05-2014, 10:18 PM
vt very nice

Namnuta
08-07-2014, 12:48 PM
This looks exciting. :)

VanillaThunder
09-01-2014, 01:43 PM
Update:

I stopped for a few weeks due to some personal commitments, but I'm back on the horse.

I'm working on porting to alternate cards. Mixed success.

Kid Panda
09-01-2014, 01:53 PM
Update:

I stopped for a few weeks due to some personal commitments, but I'm back on the horse.

I'm working on porting to alternate cards. Mixed success.

Word, progress is progress though. I can't wait!

werejag
09-01-2014, 06:50 PM
vt just take your time

codecrank
09-02-2014, 09:59 AM
There is a bit of "copy protection" being done on the media. (if you want to call it that)


so I take it that a straigh dd doesn't work.

reading your thread so far it reminds me of the lindbergh copy protection. Would be fun to poke around with. Once you figure it out, please don't be like those greedy fucks sitting on the lindbergh solution and profiting from it. I don't need one but I like to know how things work :D

Lemony Vengeance
09-02-2014, 12:26 PM
so I take it that a straigh dd doesn't work.

reading your thread so far it reminds me of the lindbergh copy protection. Would be fun to poke around with. Once you figure it out, please don't be like those greedy fucks sitting on the lindbergh solution and profiting from it. I don't need one but I like to know how things work :D

HACK THE PLANET!!

VanillaThunder
09-03-2014, 03:44 AM
so I take it that a straigh dd doesn't work.

No. I'm also using some other, far better solutions for this that aren't working either. I'm pretty sure I've got it worked out and when it's done, I'll explain in detail. In terms of bit-level cloning, they're exact copies of the media. They md5 and SHA-1 hashes match.

No worries. It's slow going but I've got not doubt that I'll get this thing done.

Neorebel
09-03-2014, 03:57 AM
Is this what you guys are talking about? http://www.jammaboards.com/store/512-in-1-aka-500-in-1-game-elf-horizontal-arcade-multigame-jamma-pcb-512in1.html

hezkezl
09-04-2014, 09:33 AM
Is the data stored on an SD card? I wouldn't be surprised if they were using the protected area of the card to store some sort of serialized key. Or if the chipset they are using for the reader has licensed CPRM, they could be using that for validation.

If so, you could probably pull they keys from firmware, or modify firmware to copy the entire filesystem, and piggyback on the serial line to backup the data. Once you have decrypted data, you could probably write it back to SD without the CPRM bits set, and it wouldn't care what was in the protected area.

RabbitTroop
09-04-2014, 01:41 PM
Well, this is cool. Completely missed this thread. With the Pandora ver2 group buy closing, it will be interesting to see if they're a similar setup under the hood. Nice to see these are relatively easy to mess with overall. I have no doubt you'll best their weak ass protection attempts in time. Depending on how this turns out I'll likely pickup a Game Elf for some fun times as well.

aoiddr
09-04-2014, 02:25 PM
Eagerly awaiting any new Game Elf developments as well. Be great to finally be able to use mine without cringing at how bad some of the emulation is (like on Moonwalker...). Best of luck!

rxdoga
09-06-2014, 08:37 AM
Was thinking about getting one of those be keep hearing about awful emulation issues with some games but after reading thread I'm placing my order now. Very cool stuff VT.

GTRetro87
09-10-2014, 02:43 PM
Awesome stuff. I've got my 500 in 1 the other day, I'm excited for this!!

Sucks about the controls though, having to bridge a few connectors and all..

zsonance
09-26-2014, 01:17 PM
Wow, I'm so glad I found this thread. Go VanillaThunder!!!

I'm very excited to see what happens. I own the GameElf 512-1, (which i purchased in July of this year), and the Blue elf 2012 v.2.0 board. They both seem to have positives and negatives...If we could somehow mess around with different versions of Mame, or Mame4All or whatever, with different rom sets we might be able to solve some of these problems. I know it can't be the processor, because otherwise why would CPS2 games seem to run much smoother and better than CPS1 games? The sound buffering on the CPS1 titles on this new board (Game elf 512-1) is terrible.

If we can't solve any of these issues, but were able to just add some other roms to test that would be worth it alone.

Keep up the good work! I'll be cheering you on

kuze
09-26-2014, 01:49 PM
I think it would be awesome if we can figure out how to disable "tate in hori" on the Pandora v2 in favor of real tate.

GTRetro87
10-14-2014, 09:44 PM
Found this: http://forums.arcade-museum.com/archive/index.php/t-272210.html

Not sure if this relates to this board but it's a shot

Syn
10-22-2014, 08:23 PM
I've got a 301 Elf lying about so this is very interesting.

EDIT: I'm looking at this going hmm.

http://excellentcom.net/detail.asp?catid=91987&subcatid=0&pdtid=703345

zsonance
10-24-2014, 11:26 AM
I've got a 301 Elf lying about so this is very interesting.

EDIT: I'm looking at this going hmm.

http://excellentcom.net/detail.asp?catid=91987&subcatid=0&pdtid=703345



Yeah, soooo they "reprogram" a new 4GB SD card for you, and charge you 40.00 bucks for it... I actually bought my 512-1 board from AliExpress.com and I contacted support and told them I was unsatisfied with the performance of the board, and apparently they are sending me this new 619 upgrade SD card at no charge...I will update everyone on how that goes

pixeljunkie
10-24-2014, 03:06 PM
if there were even just a way to fine tune the settings a bit so it looks more authentic that would make me rebuy one of these.

hereitcomes
12-04-2014, 10:48 AM
VT, any update?

VanillaThunder
12-04-2014, 12:33 PM
VT, any update?

I started working on it again very recently.

Should have an update shortly.

Syn
12-04-2014, 01:17 PM
Now that I have a game elf (had a blue elf) I can't wait for this to come to fruition.

Xavier
12-04-2014, 05:13 PM
Is this what you guys are talking about? http://www.jammaboards.com/store/512-in-1-aka-500-in-1-game-elf-horizontal-arcade-multigame-jamma-pcb-512in1.html

Pretty sure, Vt should get with them. They've made pretty good progress and done a bunch of things. Sounds like the newest version is a little better harder to hack though.

VanillaThunder
12-04-2014, 10:36 PM
Pretty sure, Vt should get with them. They've made pretty good progress and done a bunch of things. Sounds like the newest version is a little better harder to hack though.

I will NEVER EVER work with Jammaboards.

He would fuck up a turkey sandwich order if you could buy one through his site.

Xavier
12-08-2014, 03:52 PM
My bad I think I quoted the wrong post, there's a thread over on Klov about this board.
They made a lot of progress.
http://forums.arcade-museum.com/showthread.php?t=229853

You should get with them.

zsonance
05-29-2015, 01:12 AM
VT, it's been a while just wanted to see if you got anywhere with this... I have a friend Aaron who attempted to hack into the game elf as well and I think he was unsuccessful after trying many different things.

Xavier
06-04-2015, 10:57 PM
I haven't kept up with that thread I posted earlier but IIRC I think you have to downgrade the firmware and then you can swap out the Sd card add remove games and change some of the settings.