Hi;

I was in the process of dumping all my cartridges that are either pirate variants or undumped unlicensed games. I ran into a particular snag with one unlicensed Mega Drive cart that I'm unsure how to get around.

Currently I've got a 16m Multi-Game Hunter and a 24m Double Pro Fighter trying to dump a Mega Drive game. The cart plays fine on my machine without any problems. When connected to either of these copiers it does not even show up, both report a game not inserted in the cart slot.

I've dug around a bit trying to find some more information, possibly someone else that has run into the same situation. All I've managed to find is a guy that was trying to dump a Sonic 3 cart with a DPF, he found that by masking over a few pins on the right hand side of the cart connector he got the game to show up and dump properly.

Any ideas? I'm sure there's some sort of copy protection in place as most of these original run unlicensed games have, but all I've ran into at least showed up when connected to a copier.

have you tried dumping with a sega cd transfer cable?

It's possible the cart information at the beginning of ROM doesn't exist or is invalid so maybe the copier relies on that. I think the Sega CD transfer method allows you to specify ROM size for dumping which means it wouldn't rely on valid cart info in the ROM.

MD copiers can only dump standard licensed games, and not even very well. Unlicensed MD games often have unique memory decoding and bankswitching so it's unlikely there's anything you can do without a lot of technical expertise or a device programmer.

Basically if the game has unknown hardware you can tinker with the cart with custom dumping software and either implement your own PC interface like the MCD transfer tool, or hack the algorithm into a copier.

LOTS OF WORK.

On the other hand you can just read the ROM with a device programmer which takes little understanding or time. From there other people can disassemble the game to try to understand the hardware and implement it in emulators or whatever.

If you took a picture of the board that could give an understanding of what's being dealt with here, maybe I'm overthinking it.

Desolder and dump. Socket the old board, and place back.

Desolder and dump. Socket the old board, and place back.

Assuming the chip is easily identified and a programmer found this is likely the best method.

Though dumping via the SegaCD method is a good option as well. Any accidental overdump could be trimmed off.

MD copiers can only dump standard licensed games, and not even very well. Unlicensed MD games often have unique memory decoding and bankswitching so it's unlikely there's anything you can do without a lot of technical expertise or a device programmer.

You obviously know more about this hardware than I do, but I must admit that between these two devices I have dumped about a dozen unlicensed games, several of them undumped or not shared publicly. I had never ran into this problem before.

Of course anything that had copy protection did not work unpatched, but it managed to dump everything correctly to produce an image suitable for patching.

Not that I'm saying you're wrong, but that I had done this before with similar software and never ran into this particular problem.


Desolder and dump. Socket the old board, and place back.

Unfortunately both games use a combination of chips and a globtop.

Looks like the Sega CD cable is my only option and I do not own one. If someone has one that I could borrow I would certainly appreciate it.

the Sega CD cable is meant to be built on your own, it was never sold as a packaged product. I built mine myself out of radioshack parts, it is very simple - http://www.retrodev.com/transfer.html

you will need a PC with an LPT port, which could be troublesome if you only have a relatively new PC handy.

fwiw the transfer cable cannot dump Pier Solar

I must admit that between these two devices I have dumped about a dozen unlicensed games, several of them undumped or not shared publicly. I had never ran into this problem before.
I guess I misspoke, I mean the unlicensed library relative to the licensed library which follows a very standard hardware arrangement enforced by Sega.

All copy protected games have some odd hardware (or something called "partial decoding") which break copier compatibility. The only reason these games could have been dumped with the old copiers is because they had to have been decoded to the standard ROM area and didn't use bankswitching; effectively the same simple hardware as a licensed game. The MGH is so bad at dumping games I vaguely remember not being able to dump a 16M game (which doesn't even use bankswitching) much less a 24M or 32M game.


Unfortunately both games use a combination of chips and a globtop. Are you sure the chips aren't the ROMs? It's possible the epoxy contains a mapper. Post some pics.


Looks like the Sega CD cable is my only option and I do not own one. If someone has one that I could borrow I would certainly appreciate it.The cable isn't magic, the software has support for only so many boards. If you have a new undiscovered board that isn't supported, a new algorithm needs to be written, and without that, the SCD cable isn't any more useful than the MGH or DPF.

What game are you trying to dump ? A picture of the board would help as well.

A lot of chinese/taiwanese pirates (generally those illegally using licensed characters) share the same banking mechanisms which are now known and emulated (p://code.google.com/p/genplus-gx/source/browse/trunk/source/cart_hw/md_cart.c)for existing dumps.
That's said, it seems that the banking mechanism for those games is only used while running the game as a protection to detect if it runs from the original cartridge or from flashcart/emulator/etc (i.e game software writes something to its banking hardware to change ROM mapping and shift banks then execute code from the area).
These games probably could be dumped entirely using common methods because the banking hardware is in default state on startup (i.e whole ROM is accessible in cartridge area).

However, other games (especially those which are not yet dumped because it means dumping them is probably not so straight forward) might use bankshifting as soon as the cart is powered. This would result in your dump being incomplete, with a lot of mirrored data, which size depends on the bank size
As Calpis said, these carts cannot be dumped with traditional methods and the ROM is generally not accessible for direct dump. You need to dump the partial ROM , analyse it, figure how the bank mapping is controlled then use custom software and/or custom hardware to "mimic" what the game program is doing to access the full ROM range.

On that matter, unlicensed games generally also have copy-protection hardware that comes in the form of four hardware registers mapped in unused memory space which return fixed or bitshifted values. Again, those registers are only used while the game is running to detect it's running on original cartridge hardware but this should not prevent them from being dumped.
It seems that a lot of unlicensed games were patched immediately by releaser to work with emulators, and original versions were lost. Some others come unpatched and were analysed to figure the protection.

the Sega CD cable is meant to be built on your own, it was never sold as a packaged product.

Link (http://www.tototek.com/store/index.php?main_page=product_info&cPath=1_6_12&products_id=90)


Are you sure the chips aren't the ROMs? It's possible the epoxy contains a mapper. Post some pics.

That I'll be doing soon.


The cable isn't magic, the software has support for only so many boards. If you have a new undiscovered board that isn't supported, a new algorithm needs to be written, and without that, the SCD cable isn't any more useful than the MGH or DPF.

Thanks for the information, that just saved me both some money and aggravation. I very seriously doubt there are algorithms in place for these obscure unlicensed games.

Looks like my only bet, other than physically removing the chips (even if that's possible) is a USB dumping device similar to the Retrode.

Does anyone have one of these they could spare for a good cause? I'd return it as soon as I was done.

And thanks for everyone's really helpful information.

Also, DerekB noted that Pier Solar couldn't be dumped with a Sega CD cable. Now I realize that the size of the ROM versus my copier RAM size wouldn't allow a dump anyway, but just as an experiment I plugged it in. The Double Pro Fighter 24m doesn't even recognize a cart inserted. The MGH 16 recognizes a 16m cart inserted (of course), and attempts to dump the first two floppies, which of course are useless. I also noticed it you just straight up play the cart while connected through the device it crashes at (what I'm assuming) is a red checksum error screen after the initial first credits screen.

That kinda struck me as odd that it would show up in one unit an not the other, then the testimonial of the guy who dumped several picky Sonic 3 carts that wouldn't show up unless he covered certain pins on the PCB made me think there might be an easy way around this.

Link (http://www.tototek.com/store/index.php?main_page=product_info&cPath=1_6_12&products_id=90)



That I'll be doing soon.



Thanks for the information, that just saved me both some money and aggravation. I very seriously doubt there are algorithms in place for these obscure unlicensed games.

Looks like my only bet, other than physically removing the chips (even if that's possible) is a USB dumping device similar to the Retrode.

Does anyone have one of these they could spare for a good cause? I'd return it as soon as I was done.

And thanks for everyone's really helpful information.

Also, DerekB noted that Pier Solar couldn't be dumped with a Sega CD cable. Now I realize that the size of the ROM versus my copier RAM size wouldn't allow a dump anyway, but just as an experiment I plugged it in. The Double Pro Fighter 24m doesn't even recognize a cart inserted. The MGH 16 recognizes a 16m cart inserted (of course), and attempts to dump the first two floppies, which of course are useless. I also noticed it you just straight up play the cart while connected through the device it crashes at (what I'm assuming) is a red checksum error screen after the initial first credits screen.

That kinda struck me as odd that it would show up in one unit an not the other, then the testimonial of the guy who dumped several picky Sonic 3 carts that wouldn't show up unless he covered certain pins on the PCB made me think there might be an easy way around this.

well thats pretty shitty of tototek if they are making money off MoD's design, you'd have to be mentally handicapped to not be able to build that yourself

Pier Solar will start dumping with transfer cable, and is detected properly as 64mbit but freezes halfway through the dump, probably due to however their bank switching is setup. I'd try Retrode if it is in your budget

Looks like my only bet, other than physically removing the chips (even if that's possible) is a USB dumping device similar to the Retrode. The Retrode will not be of any help, and I don't know of anything similar to it. Like everything else it has built in algorithms and they are likely to be the absolute minimal set. Even worse it relies on the game's internal header (used for cataloging) to choose an algorithm since there's no other input, and unlicensed games typically won't have this.


Also, DerekB noted that Pier Solar couldn't be dumped with a Sega CD cable. Now I realize that the size of the ROM versus my copier RAM size wouldn't allow a dump anyway, but just as an experiment I plugged it in.The RAM isn't used when backing up with a DPF. Some copiers require you to backup to RAM before copying to disk but it's only an idiosyncrasy.

As a 64M game Pier Solar will either have bankswitching and/or protection and/or extended ROM decoding past the 32M ROM area into memory reserved for expansion (illegal for licensed games). Again it's the algorithm that allows you to dump.

Your best bet will be to either desolder the ROMs and read them with a programmer, or lend the cart to a skilled MD homebrewer to dump.


That kinda struck me as odd that it would show up in one unit an not the other, then the testimonial of the guy who dumped several picky Sonic 3 carts that wouldn't show up unless he covered certain pins on the PCB made me think there might be an easy way around this.
Sonic 3 is an almost standard 16M cart with save RAM. The only difference is that the RAM (is FRAM and) is bankswitched like a game >16M to protect its contents from accidental corruption when powering off the console. Covering over the pins simply disables the RAM, and is only necessary because the DPF apparently gets confused otherwise.

The 16M that your MGH dumped is probably valid. Despite tricks the cart uses, there always has to be some ROM to the standard ROM area initially or nothing could start and that is what the MGH dumped. It could actually be useful in determining the rest of the cart's hardware if you gave it to someone to be analyzed.

Thanks for the information supplied by everyone. I guess I am just shit out of luck on this one.

Attached is a picture as example, 3 globtops + 2 20 pin chips on the board.

You're right the ROMs certainly are under the epoxy. Perhaps it's a 12M game? I don't see why else there'd be 3 chips. The discrete chips likely make the complete mapper; the PAL must be used for decoding and possibly bankswitching, the '244 on the other hand is a very strange thing to be there. I guess it's protection since 8 bits isn't enough to buffer the address or data bus to use it for electrical characteristics. Likely one side of the buffer is hardwired to a bit sequence and the other to the data bus. This way the game can read the buffer to check that it's running on this unique board.

If you want to get this dumped, it has to be done with a custom algorithm. You can still learn a lot about it by examining the board. The first thing I'd check is whether the MD's /RESET line connects to the PAL, and check which MD signal pin 1 of the PAL connects to. These things usually give away whether the PAL contains latches or registers. Then I'd check how the '244 is wired and whether it's enable signals are tied together or connect to the PAL separately. If you trace the discrete chips and most of the traces leading to the blobs, it will be clear what the mapper is capable of and probably most of it's operation. This is important not only for dumping but for emulating as well (unless you don't mind using a cracked ROM).

You should at least be able to read the first part (boot program) of the ROM, just like the console is doing after power-on. Just dump the full cartridge ($000000-$3FFFFF) area to see what you get (very likely, mirrored data). If you can get this initial ROM dump, we could disassemble and analyse the code to figure the bankswitching / copy-protection mechanism.

Once this is done, something like this (http://www.brunofreitas.com/?q=node/31)could be used to write customized software that communicate with the cartridge just like the game is doing in order to dump the full ROM.

About the board, from what I can see:

- it doesn't use !TIME signal for bankswitching
- it doesn't use RESET, neither CLK signals
- it only detects writes to odd address / lower byte (!UWR not connected)
- it can generate its own !DTACK and uses !AS from 68k (valid address strobe) which could mean the cart can answer to illegal areas access (extra cart hardware mapped in $800000-$9FFFFF range ?)
- it uses the full 16MB address range (A1-A23) except A19 for address decoding, while most games only use A1-A21 (4MB), which makes me think ROM size is 512k and is mirrored in the first MB.
- it uses /CAS0 (Output Enable) but does not use !CE0 signal which is generally used as cartridge ROM chip enable, which confirms the cart uses its own address decoding through /AS and address lines.

@Azathoth you have Super Mario World 64? That pirate is extremely rare! Where you bought it?

Just dump the full cartridge ($000000-$3FFFFF) area to see what you get

Eke, what hardware could I possibly use to even get to this point?

Insignificant but last night I noticed this cart hangs right before the level loads if it's attached to a Pro Action Replay, it also doesn't play the speech sample at the title screen.

The SCD transfer cable.

Eke, what hardware could I possibly use to even get to this point?Sega CD transfer cable or Retrode should both work, they will at least allow you to read the 4MB cartridge area, then we can work with the dumped data.

The reason it does not work with your current hardware might be because the cartridge does not put the /CART signal low (see how B32 on the right side of the board has some weird connection, maybe it's forced to 5V from the other side ?), which make those copy devices think there is no cartridge inserted. The console would need this signal to generate the /CE signal to access the cartridge ROM but as said earlier, this cartridge seems to have its own address decoding logic and doesn't use that /CE signal.

Do you have a console with BIOS license screen on startup ? If it shows up for normal games but not this one, this would be another hint that this cartridge does not assert the /CART signal...

EDIT: just saw you said MGH can dump it partially, this 2MB dump could be of some use actually, care to share it ?


Insignificant but last night I noticed this cart hangs right before the level loads if it's attached to a Pro Action Replay, it also doesn't play the speech sample at the title screen. Pro Action Replay cartridge does not connect all signals from the console connector to the plugged cartridge so it's very likely some of the required signals (/DTACK and /AS probably) are missing.

@ MarioInside: From a fellow collector in South America, I bought it with the intention of dumping since for some reason it hasn't been done yet. If I can manage to get this and 2-3 others dumped that should cover all known unlicensed titles.


Sega CD transfer cable or Retrode

Thank you for the clarifications. I was under the impression from the previous posts that using either of these things would not produce any type of results.


Do you have a console with BIOS license screen on startup ?

Just verified this. Using US model 1 Genesis still displays the "produced by or under license from" screen and boots as any other game. Does not boot on a Sega Nomad.


The RAM isn't used when backing up with a DPF. Some copiers require you to backup to RAM before copying to disk but it's only an idiosyncrasy.

I mention this because all units I have used (of any type or manufacturer) will not dump anything beyond what their own RAM size is. For example, a 32m cart is detected by the 24m DPF as a 24m cart. A 24m cart is detected by the 16m MGH as a 16m cart and only dumps the first 16m of the total game.

I ran into this dumping The King of Fighters 2000 (a 24m SNES cart) with my MGH. It was detected as a 16m game would only dump the first 16m of the game.


EDIT: just saw you said MGH can dump it partially, this 2MB dump could be of some use actually, care to share it ?

To clarify, I was able to dump 2M of Pier Solar, not this game.

The reason I mentioned that is Pier Solar does not show up on the DPF at all, yet shows up as a 16m cart in the MGH and dumps normally.


Pro Action Replay cartridge does not connect all signals from the console connector to the plugged cartridge so it's very likely some of the required signals (/DTACK and /AS probably) are missing.

Also this cartridge will not work at all with a Game Genie attached.

If any member has either a SCD transfer cable or a Retrode I could borrow I would certainly appreciate it, it would really help in getting these last two or three MD games dumped.

I mention this because all units I have used (of any type or manufacturer) will not dump anything beyond what their own RAM size is. For example, a 32m cart is detected by the 24m DPF as a 24m cart. A 24m cart is detected by the 16m MGH as a 16m cart and only dumps the first 16m of the total game.
It doesn't have anything to do with the RAM, just the poor dumping algorithms. The MD uses a bankswitching scheme for most games over 16M, that's why the MGH can't detect more, it's too stupid.


I ran into this dumping The King of Fighters 2000 (a 24m SNES cart) with my MGH. It was detected as a 16m game would only dump the first 16m of the game. This is because of bankswitching or strange decoding, or just because the MGH's poor algorithms. I recall the MGH requiring you to backup games to RAM before to disk, but I don't think 24M MGH can backup >16M games for either console anyway.



If any member has either a SCD transfer cable or a Retrode I could borrow I would certainly appreciate it, it would really help in getting these last two or three MD games dumped.It will help getting it dumped, but to clarify you will NOT be able to dump it with a SCD transfer cable. You will be able to dump part of it which can be analyzed and be used to possibly dump the rest with a lot of additional help...

Eke, are you sure the Retrode actually implements the full address bus and /AS? Seems more likely it'd just use the regular cartridge select like all copiers. I was thinking the MGH data might be valid, but if the cart select isnt' used for decoding the data could be open bus.

Just verified this. Using US model 1 Genesis still displays the "produced by or under license from" screen and boots as any other game. Does not boot on a Sega Nomad. Then scratch my theory about the /CART line, it seems there is nothing special here. The problem is probably that these devices does not pass all the needed signals and can't read the ROM. And I think the Sega Nomad is missing some of the cartridge port signals too. They are generally not used by official games so it didn't matter.


It doesn't have anything to do with the RAM, just the poor dumping algorithms. The MD uses a bankswitching scheme for most games over 16M, that's why the MGH can't detect more, it's too stupid.
Actually, that's not entirely true: the bankswitching is always part of the cartridge hardware (controlled by software) and as for official games, is only present in a few cartridges where backup RAM (usually mapped in the upper 2MB area) and ROM shares the same area. Afaik, the only cartridges using it are Beyond Oasis/Legend of Thor, Phantasy Star IV & Sonic 3 (this one is only 2MB but this was done to work with Sonic & Knuckles lock-on). Super Street Fighter 2 also uses some bankswitching because it's larger than 4MB.


Eke, are you sure the Retrode actually implements the full address bus and /AS? Seems more likely it'd just use the regular cartridge select like all copiers. I was thinking the MGH data might be valid, but if the cart select isnt' used for decoding the data could be open bus. I think you are right, Retrode probably does not simulate all the signals but only the usually required ones. That means your only way to dump the boot program is through the console itself, via the Sega CD transfer cable. Or you can send your cartridge to that guy that I linked a few post above, he is serious. I'd also love this game being dumped and emulated so I would help with the ROM analysis if necessary.

My apologies in advance for the overtly long post.

I guess I should start by saying I purchased the parts to build the SCD transfer cable, hopefully I can pull some type of working information from the Super Mario World 64 cart.

Before I start let me relate something that happened previously. I was in contact with D4S, going back and forth with him about dumping and cracking a few unlicensed SNES games I had that weren't available. During that I mentioned that I'd like find a crack for The King of Fighters '99 for Mega Drive, since the existing ROM dump has copy protection and doesn't work on anything but HazeMD. I my dump was the same as the existing available dump. He did crack it, along with the two SNES games (Street Fighter EX + Alpha and The King of Fighters 2000). You can check his work out here (http://www.dforce3000.de/).

KoF '99 is an odd duck. An uncracked ROM boots to some type of error screen in Chinese. D4S didn't go into specifics on the protection, but the game played fine in my Everdrive and that was really all that mattered to me. The strange thing was, it still did the error screen when I played it in my Sega Nomad with the Everdrive. Both he and I were kind of at a loss for and explanation, especially when the cracked version worked fine on a Tototek flash cart with the Nomad.

Today (thanks to member Bramsworth) I got a copy of another obscure, unlicensed Mega Drive game, a prequel to Yang Warrior Family. At least it looks that way, either that or someone was very inspired by this game when they made Yang Warrior Family.

So I pop it in my system (US Genesis model 1) and I'm greeted by this quickly repeating sound effect accompanied by a black screen. The sound was similar to a CD skipping. Cracked the cart open (looked to be brand new) and checked the PCB out, it was two globtops and no chips. I was hoping I'd at least be able to pull something off of it to work with.

The DPF picked it up as a 16m game, dumped it without any problems. When playing the dump it was just a black screen. Playing the cart through the DPF was the same thing. Tried it in a MGH, redumped it, same thing. Now here comes the strange part. I dumped the cart to the DRAM in the MGH, booted it from there and it sorta worked! Turns out the skipping sound effect was actually the title screen music resetting very quickly. The music played against a black screen, and if I pressed start it went to the title screen where you pick one or two players. When you pressed start to begin the game (A,B, or C did nothing) it returned back to the black screen. Obviously there was some type of weird programming going on. I went back and flashed the ROM to both the Everdrive and Tototek carts, both producing the same results as playing the game from the MGH DRAM.

Then I remembered Eke mentioning in the Everdrive forum about stuff programmed with the Tomsoft SDK not working with systems using TMSS. The actual cart bypassed the "Produced by or under license from" screen and went straight into the skipping music. So I tried anything I could think of; I set the system to Japanese (worked for Death Caliber and Deer Hunter), tried a Pro Action Replay, a Game Genie, all did nothing. Put the 32x on, was then greeted by the "Produced by.." screen, and then got to the looping press start screen I had when using the flash carts!

So then, on a whim, I remembered my experience with KoF '99 and shoved it into my Nomad. It completely bypassed the "Produced by.." screen and booted straight to the freaking game, and it worked 100%!

Obviously this thing would work on clone systems or pre-TMSS Sega consoles, although I don't have either to verify. And while the actual cart works in a Nomad, both the Everdrive and Mega Cart behave exactly the same in the Nomad as in the Genesis.

Ideas?

Edit: ROM behaves the same on emulators as it does on flash carts.

Hi;

I was in the process of dumping all my cartridges that are either pirate variants or undumped unlicensed games.


Will you be releasing these? Getting these into as many hands as possible is the surest way to preserve them.

He already has been sharing, plus I know him and the answer is yes =p

He already has been sharing, plus I know him and the answer is yes =p

Oh good. I'm glad to hear that.

Managed to get a clone Genesis console and verified that The Battle of Red Cliffs cartridge does indeed work properly on it. I really don't understand why the TMSS issue affected the ROM dump in the way that it did though, but I'm not too knowledgeable on the subject to start with.

And just to further cloud the TMSS issue, Super Mario World 64 will not boot on any non-TMSS system, both clones and the Sega Nomad.

Super Mario World 64 is obviously a bust, at least temporarily. Does anyone want to take a shot at properly cracking some of these ROMs? So far I've got these dumped that need properly cracked:

The Battle of Red Cliffs - Mega Drive
Soul Edge VS Samurai Spirits - Mega Drive
Soul Edge VS Samurai Spirits - SNES

You can upload them somewhere and I will have a look and try to emulate the protection (at least the MD games). If you have a partial dump of Super Mario World 64, you should upload it too so it can be analysed. Making these things public and available to hackers is the best way to eventually make some progress.

As for "The Battle of Red Cliffs", it is already dumped (a quick google search on "g_redclf" should help you) and is emulated by HazeMD. The ROM format is a little weird, with .mdx extension (so far I only found two games using this extension, the other one being a chinese version of Traysia). To convert .mdx ROM file into normal .bin (or .gen) format:

1) remove the first 4 bytes and the last byte
2) XOR each byte with 0x40

"The Battle of Red Cliffs" uses additional copy-protection which is similar to the one used in other unlicensed games: on-board registers are mapped to $400000, $400002, $400004 and $400006 addresses in 68k space. That game expects $55 to be returned from $400000 and $AA from $400004 (maybe other registers are tested at some other points, I don't know but it seems like those address/values are common to many unlicensed protected games).
A patch would need to find every location in the ROM where the game checks these addresses and replace the conditional branches into normal branches.

You can upload them somewhere and I will have a look and try to emulate the protection (at least the MD games). If you have a partial dump of Super Mario World 64, you should upload it too so it can be analysed. Making these things public and available to hackers is the best way to eventually make some progress.


I agree. The more people that can take a look at them the quicker and more likely the protection can be figured out and a workaround devised.

I agree, but only partially. If these things get distributed and start spreading around when they're not even properly cracked then you've got a bunch of non-working roms and confused people. There's already some stuff like this in the GoodSet that's pretty annoying. Makes more sense to pass it around to people that can actually do something with it, then put it out there to everyone once that's working.

Of course, it gets a bit more tricky if absolutely no one offers any help, but it looks like Eke might offer his assistance so at the moment we might be fine :)

It's been a couple of months, has there been any more progress on getting these to work?

Everything I've been working on so far is done is pretty much done, with the exception of Super Mario World 64. I'm hoping to at least have a full or partial dump of it done by this week. Hercules 2 for SNES is a bust for now since I can only get 16m of the 20m to dump. You can find links to everything in this thread (http://www.assemblergames.com/forums/showthread.php?t=33857) and this other thread (http://www.assemblergames.com/forums/showthread.php?p=517106).

There are a few things I still need to upload and provide links to; the Mega Drive version of Soul Edge VS Samurai Spirits (which is cracked properly), Street Fighter III: 18 Person for MD and Digimon Ruby for GBA. Waiting on SNES carts of A Bug's Life and Aladdin 2000 to arrive also.

Just to clarify one thing: I noticed on another forum someone had pasted my initial post and some other bits and pieces from this thread and insinuated this was an attempt to dump and distribute Pier Solar. It isn't.

Finally cobbled together a SCD transfer cable and reassembled my 1997 computer out of the closet to dump this POS. Got everything fired up and..

The SMW64 cart still boots with pin B32 covered.

I have checked and double checked it, even attempted to cover both it and the corresponding pin on the A side of the PCB. The cart always boots straight away.

Ideas?

Finally cobbled together a SCD transfer cable and reassembled my 1997 computer out of the closet to dump this POS. Got everything fired up and..

The SMW64 cart still boots with pin B32 covered.

I have checked and double checked it, even attempted to cover both it and the corresponding pin on the A side of the PCB. The cart always boots straight away.

Ideas?

You verified CD unit is connected and running but it still boots straight to cartridge ? Do you still see the license screen when CD is powered ?

I *think* what happens is that the cartridge somehow takes priority on the usual BOOT ROM because it uses its own address decoding. Basically, when the MD CPU resets and starts reading instructions from bus, cartridge code is returned, not internal CD BOOTROM.

When CD unit is not connected, it seems however than MD BOOT ROM is running as usual since you can see the license screen. Maybe the cartridge uses some logic to know when TMSS is running and when enable address decoding or not. That could also explain why the game does not work on systems without TMSS.

Anyway, with the fact the game is most likely using its own address decoding, I fear that the Sega CD transfer program would simply not work. Indeed, the program probably expects to read cartridge data from $400000-$7FFFFF area, where cartridge chip select is usually generated by the console when B32 is not connected (this is how RAM cartridge is accessed in CD booting mode). But this game completely ignores this chip select and uses other signals to know when it should return ROM data. I guess the only way to dump it is to build a specific hardware solution that assert those signals.

You verified CD unit is connected and running but it still boots straight to cartridge ? Do you still see the license screen when CD is powered ?

Checked and double checked everything, along with having a test cart (Sonic 2) that I used to verify the SCD transfer cable was assembled and working.

With B32 covered SMW64 skips the "produced by" screen and goes straight to the game when the console is powered on, just like it would do normally. Sonic 2 with B32 covered booted to the SCD.

I find it very odd that games with TMSS issues that will not work on a stock MD (such as unlicensed games or pirate multi-carts) will work fine on a Sega Nomad yet SMW64 refuses to boot on it. I was always under the impression that the hardware inside the Nomad was basically the exact same as a model 2 MD but that says otherwise.

With B32 covered SMW64 skips the "produced by" screen and goes straight to the game when the console is powered on, just like it would do normally. Sonic 2 with B32 covered booted to the SCD.
Pretty sure the cartridge drives the MD 68k bus so game is running instead of BOOT ROM program (on CD side).



I find it very odd that games with TMSS issues that will not work on a stock MD (such as unlicensed games or pirate multi-carts) will work fine on a Sega Nomad yet SMW64 refuses to boot on it. I was always under the impression that the hardware inside the Nomad was basically the exact same as a model 2 MD but that says otherwise.It is known that Nomad does not have the same cartridge port pinout as default console models (MD1, MD2, with or without TMSS, they all should have the same pinout) and some signals apparently are missing.

As said earlier, SMW64 most likely uses its own address decoding scheme which is not the traditional one (/CE i.e B17 as ROM chip select) but relies on all address lines (except VA19, which seems to indicate the ROM is 512k, mirrored in first MB), /AS (B18) and /DTACK (B20) signals. If any of those signals are not present on cartridge port, it probably does not boot.

Please excuse me for bumping this, but I feel it is topical:

What would be the cheapest way of dumping a Megadrive cart if I have no Mega CD?

Do you need to dump standard games or anything a little more special?

Does building your own count? You could wire a MD connector to a 42 pin socket and dump a lot of games using a device programmer. Or if you have a copier for another console you could make an adapter cartridge. Or you could build something that will dump games copiers cannot, using some logic chips using a USB MCU, parallel port or an Arduino or any other I/O method.

Should be a fairly standard game except for the two extra controller ports on top (it's a j-cart).

I literally have no experience nor any equipment for dumping roms.