Some interesting cryptanalysis has been going on over in Italy. I'm referring, of course, to the ROM opcode encryption used by Capcom Play System 2 (CPS-2) arcade games. The founder of the MAME emulation project, Nicola Salmoria, and his friend Andreas Naive (this link in Spanish only, sorry), successfully reverse engineered the encryption method used by CPS-2 over the past few months. Nicola's blog goes into great technical detail of the encryption system (it's a double 16-bit Feistel network with a 64-bit key) and how they went about figuring it out.
A bit of background: the arcade game industry is rife with bootleg hardware which cuts into the profits of arcade game manufacturers, so a lot of effort has been put into making the games difficult to clone. The CPS-2 system is especially devious at protecting its game data because the decryption key and the decryption code are stored in a battery-powered SRAM and programmable logic device that loses its contents once power is removed. The battery is applied to the circuit board, then a JTAG connector is used to program the SRAM and PLD with the necessary information needed to decrypt the ROM contents, and the game works fine. But any attempt to remove either the SRAM or PLD to examine its contents means that the board dies. Coincidentally, this also means that once the battery dies, the game is dead... but arcade games don't generally have much of a shelf life, so this is OK from the arcade manufacturer's point of view.
In 2001, a group dedicated to reverse-engineering CPS-2 arcade game hardware developed a hardware hack that would allow them to pull unencrypted game opcodes off of a data bus running between two logic controllers. They published a series of "XOR files" which were the XOR combination of the encrypted ROM and the plaintext. This allowed emulators to reconstruct the decrypted information if they had the original ROM contents. The legality of these XOR files was highly disputed, particularly by Capcom, who was still making CPS-2 games as late as December of 2003.
For the MAME project, which prides itself on accurate emulation of original game hardware, the XOR system was seen as an ungraceful kludge. Nicola and Andreas set out to reverse engineer the actual encryption algorithm, which would allow them to emulate the game with nothing other than the original ROM contents. Reading Nicola's blog is a fascinating look into this process. Various brute force attacks were devised, statistics were examined, optimizations made, etc. until finally, just last month, the breakthrough was made and the 64-bit keys for the games started to reveal themselves.
Each game has a different key, and the difficulty of backing it out with brute force varies from game to game as well. With the latest round of optimized attacks on CPS-2, Nicola and Andreas have been able to retrieve the keys for every CPS-2 game ever made.... except Super Puzzle Fighter 2 Turbo, my favorite game in MAME. Because the new system is so much more elegant than the XOR system used up to now, they decided to do away with the XORs entirely and implement the decryption algorithm using the known keys. This means that SPF2T has been relegated to "non-working" status as of the current version of MAME. Boo!!
If you're interested in reading through Nicola's notes on breaking the CPS-2 encryption, start at the December 17, 2006 entry in his blog, entitled "CPS2 notes, part 1." It's about two-thirds of the way down this archive page.
