Hacking the Game Elf

Tacitus

Volatile Memory Construct - SN://0467839
Staff member
Joined
Apr 26, 2002
Posts
15,120
I'll be posting an update on this very shortly.
 

mr_b

Windjammers Wonder
10 Year Member
Joined
Jun 1, 2009
Posts
1,379
Sweet. Looking forward to your post.
 

Tacitus

Volatile Memory Construct - SN://0467839
Staff member
Joined
Apr 26, 2002
Posts
15,120
There is a bit of "copy protection" being done on the media. (if you want to call it that)

I have it on my bench/lab and I'm basically walking through the process. I don't think it will be very difficult to break and I should be able to recreate it in a way for others to copy/alter the disk.

I'm almost 100% sure on how they're accomplishing it and I'm showing some positive results.

Nothing exciting, yet.
 

Tacitus

Volatile Memory Construct - SN://0467839
Staff member
Joined
Apr 26, 2002
Posts
15,120
The game elf (500) has an issue with the controls.

Typically, this is solved by grounding the buttons differently or bridging a couple of connectors on the JAMMA interface.

This is a software issue, not a hardware one. Yes, the fix works.. but it will soon become unnecessary.

The 400-in-1 vertical board does not suffer from the issue and if you swap cards with a 500 board, it works just fine.

The issue is with the OS build and software implementation. Yes, I'm working to remedy this right now.

Just another nugget I thought you'd all like to see.
 

Tacitus

Volatile Memory Construct - SN://0467839
Staff member
Joined
Apr 26, 2002
Posts
15,120
Update:

I stopped for a few weeks due to some personal commitments, but I'm back on the horse.

I'm working on porting to alternate cards. Mixed success.
 

codecrank

Whip's Subordinate
10 Year Member
Joined
May 2, 2011
Posts
1,751
There is a bit of "copy protection" being done on the media. (if you want to call it that)

so I take it that a straigh dd doesn't work.

reading your thread so far it reminds me of the lindbergh copy protection. Would be fun to poke around with. Once you figure it out, please don't be like those greedy fucks sitting on the lindbergh solution and profiting from it. I don't need one but I like to know how things work :D
 

Lemony Vengeance

Mitt Romney's Hairdresser,
Joined
Jan 30, 2012
Posts
4,204
so I take it that a straigh dd doesn't work.

reading your thread so far it reminds me of the lindbergh copy protection. Would be fun to poke around with. Once you figure it out, please don't be like those greedy fucks sitting on the lindbergh solution and profiting from it. I don't need one but I like to know how things work :D

HACK THE PLANET!!
 

Tacitus

Volatile Memory Construct - SN://0467839
Staff member
Joined
Apr 26, 2002
Posts
15,120
so I take it that a straigh dd doesn't work.

No. I'm also using some other, far better solutions for this that aren't working either. I'm pretty sure I've got it worked out and when it's done, I'll explain in detail. In terms of bit-level cloning, they're exact copies of the media. They md5 and SHA-1 hashes match.

No worries. It's slow going but I've got not doubt that I'll get this thing done.
 

hezkezl

n00b
Joined
Aug 15, 2014
Posts
19
Is the data stored on an SD card? I wouldn't be surprised if they were using the protected area of the card to store some sort of serialized key. Or if the chipset they are using for the reader has licensed CPRM, they could be using that for validation.

If so, you could probably pull they keys from firmware, or modify firmware to copy the entire filesystem, and piggyback on the serial line to backup the data. Once you have decrypted data, you could probably write it back to SD without the CPRM bits set, and it wouldn't care what was in the protected area.
 

RabbitTroop

Mayor of Southtown, ,
20 Year Member
Joined
Dec 26, 2000
Posts
13,852
Well, this is cool. Completely missed this thread. With the Pandora ver2 group buy closing, it will be interesting to see if they're a similar setup under the hood. Nice to see these are relatively easy to mess with overall. I have no doubt you'll best their weak ass protection attempts in time. Depending on how this turns out I'll likely pickup a Game Elf for some fun times as well.
 

aoiddr

Over Top Auto Mechanic
Joined
Jan 10, 2013
Posts
855
Eagerly awaiting any new Game Elf developments as well. Be great to finally be able to use mine without cringing at how bad some of the emulation is (like on Moonwalker...). Best of luck!
 
Last edited:

rxdoga

n00b
Joined
Aug 11, 2014
Posts
19
Was thinking about getting one of those be keep hearing about awful emulation issues with some games but after reading thread I'm placing my order now. Very cool stuff VT.
 

GTRetro87

Kabuki Klasher
Joined
Aug 20, 2014
Posts
127
Awesome stuff. I've got my 500 in 1 the other day, I'm excited for this!!

Sucks about the controls though, having to bridge a few connectors and all..
 

zsonance

n00b
Joined
Sep 18, 2014
Posts
3
Wow, I'm so glad I found this thread. Go VanillaThunder!!!

I'm very excited to see what happens. I own the GameElf 512-1, (which i purchased in July of this year), and the Blue elf 2012 v.2.0 board. They both seem to have positives and negatives...If we could somehow mess around with different versions of Mame, or Mame4All or whatever, with different rom sets we might be able to solve some of these problems. I know it can't be the processor, because otherwise why would CPS2 games seem to run much smoother and better than CPS1 games? The sound buffering on the CPS1 titles on this new board (Game elf 512-1) is terrible.

If we can't solve any of these issues, but were able to just add some other roms to test that would be worth it alone.

Keep up the good work! I'll be cheering you on
 

kuze

Akari's Big Brother
10 Year Member
Joined
Apr 20, 2013
Posts
2,549
I think it would be awesome if we can figure out how to disable "tate in hori" on the Pandora v2 in favor of real tate.
 
Top