Conversation

Replying to
An MSX mate () posted a picture of the interior of the cartridge. It was covered with some kind of silicone to prevent reverse engineering. I was curious about how the protection worked and he was kind enough to send me the game to examine it. Thanks Markus!
Image
2
7
I removed all the silicone, but the ICs have their surface scratched, so it was not possible to read the reference to identify them... at least that was the intention. But I managed to identify them all (I hope ^^!)
Image
1
5
The cartridge checks write and read operations on I/O port #7F. Each time the value #35 is written, a counter is incremented. If the port is read and the counter bits 0-1 are "11", the value #DA is returned. A simple BASIC program confirms it works in that way.
Image
1
4
I used openMSX emulator to add breakpoints when the port #7F is accessed. In this way is somehow easy to find the code that checks the protection. The protection has self-modifying code, or obfuscated code that looks like "garbage" or random data.
Image
1
5
After patching those rutines, I managed to play the game until the end without using the original cartridge. But to be honest, it has no much merit to crack a MSX game using current emulators. (I also had to disassemble the final boss logic to find out how to defeat him ^^!)
5
13
I believe BiFi removed the crack some years ago, in service of Sunrise who had - back then - a deal with Cas to release a multicartridge with 'the best of' Cas's games. Sadly with the demise of Sunrise that project halted. Maybe you and or Matra can contact Cas for that?
1
2
Replying to and
I could produce the cartridges if Cas agrees. In fact, I was going to produce the cartridges for Sunrise. If the games are released on cartridge, there is no need to crack the game, because the same protection can be included into the FPGA.
4