2017.06.22
"Fall of the M68705"
Have you ever played one of the following Taito titles in MAME?
Rumba Lumber
https://mamedev.emulab.it/haze/pics2017/rumba_mcu_1.png
https://mamedev.emulab.it/haze/pics2017/rumba_mcu_2.png
Chack’n Pop
https://mamedev.emulab.it/haze/pics2017/chack_mcu_1.png
https://mamedev.emulab.it/haze/pics2017/chack_mcu_2.png
Onna Sanshirou – Typhoon Gal
https://mamedev.emulab.it/haze/pics2017/onna_mcu_1.png
https://mamedev.emulab.it/haze/pics2017/onna_mcu_2.png
Field Day (The Undoukai)
https://mamedev.emulab.it/haze/pics2017/field_mcu_1.png
https://mamedev.emulab.it/haze/pics2017/field_mcu_2.png
Get Star (Guardian)
https://mamedev.emulab.it/haze/pics2017/getstar_mcu_1.png
https://mamedev.emulab.it/haze/pics2017/getstar_mcu_2.png
or either of the following by Technos and Kaneko respectively.
Nekketsu Kouha Kunio-kun (original Japanese release of Renegade)
https://mamedev.emulab.it/haze/pics2017/kuni_mcu_1.png
https://mamedev.emulab.it/haze/pics2017/kuni_mcu_2.png
Prebillian
https://mamedev.emulab.it/haze/pics2017/pbillian_mcu_1.png
https://mamedev.emulab.it/haze/pics2017/pbillian_mcu_2.png
If you have played any of them it may (or may not) surprise you to hear that
until now they’ve been relying on high level simulations of the protection
devices present on the original PCBs, which may have resulted in inaccuracies
in the emulation.
The protection devices used were M68705P5 MCUs, a secure part protected
against reading. For some Taito games we got lucky and found parts without
the security bits set, and for some we found bootlegs and have been
unknowingly using bootleg versions of the MCU code for years (much as was the
case with Bubble Bobble when we thought the M68705 protected set was the
original) however for the above games we simply had no dumps at all of the
MCUs and had to rely on simulations.
Thankfully due to new techniques + hardware developed by Brizzo (+ a team of
collaborators including Sean Riddle) and access to the collections of
ShouTime, Team Japump, and ‘Anonymous Donator’ a way was found to read out
even protected M68705 chips with a reasonable degree of success. The
technique isn’t perfect yet, as some games gave completely invalid results,
but hopefully that’s just a case of further refinement.
As a result of the new techniques the MCUs for the games listed at the start
of the article have been dumped, and added to MAME. The relevant Git commits
can be seen below
As you can see, this allows the removal of a large amount of simulation code,
which has been simply replaced with emulation of the actual MCU using the
freshly dumped code. In cases like Rumba Lumber the simulation was known to
be inaccurate so the game is now emulated correctly, in others, the
simulation code was doing things that simply wouldn’t reflect how the MCU
would work (plucking values straight from main RAM etc.) so the new handling
is a lot more correct to hardware.
In addition to the previously mentioned games the dumps have helped confirm
the MCUs MAME is already using for ‘The Fairyland Story’, ‘The Legend of
Kage’, ‘Buggy Challenge’, ‘Arkanoid’ (some versions), ’40 Love’, ‘
Elevator Action’, ‘Puzznic’ and a number of others to be the correct
original MCU code (the dumps MAME expects might change because the new
technique can dump previously unreadable parts of the MCU)
The new technique also confirms something that was long suspected: the MCU we
’re using for ‘Return of the Invaders’ is a bootleg reproduction.
Unfortunately that’s one of the ones where the dumping technique didn’t
give us a usable dump at this point, so for now we’re still depending on the
bootleg MCU.
The M68705 was a widely used protection device, so having the ability to dump
any of them without having to decap is an important step in the preservation
of these systems.
Those who have been paying attention to MAME releases may have noticed that
back in 0.181 ‘Tokio’ aka ‘Scramble Formation’ also had it’s M68750
dumped and emulated. This was part of the same process and got the ball
rolling with some M68705 CPU CORE refactoring in MAME to make the addition of
these new dumps a smoother process. Obviously that’s older news now, but a
couple of people have asked me if it was related, and yes, it was, it was
also one of the more important cases because until then there was no remotely
correct simulation of the MCU, only a bootleg where the bootleggers had also
failed to understand the protection properly, resulting in many game features
not working in their bootleg. The dumping of that MCU was the first time
anybody could experience the gameplay correctly outside of the original PCB.
Tokio / Scramble Formation
https://mamedev.emulab.it/haze/pics2017/tokio_1.png
https://mamedev.emulab.it/haze/pics2017/tokio_2.png
The other piece of news worth writing about is the addition of a game called
Jump-Kun. Ironically this comes from a Taito PCB with a socket for a M68705
but for this game, maybe due to it being a prototype, the socket was left
unpopulated and the game unprotected. (The PCB is a Pit ‘n’ Run PCB, in the
case of Pit ‘n’ Run the MCU is actually used) It’s believe to have been
developed by Kaneko and plays like you’d expect a classic arcade platformer
to play. Again, thanks to ShouTime, Team Japump and ‘Anonymous Donator’ for
this one.
Jump Kun (prototype)
https://mamedev.emulab.it/haze/pics2017/jumpkun_1.png
https://mamedev.emulab.it/haze/pics2017/jumpkun_2.png
https://mamedev.emulab.it/haze/pics2017/jumpkun_3.png
https://mamedev.emulab.it/haze/pics2017/jumpkun_4.png
I also put a video of that one on my YouTube channel
https://www.youtube.com/watch?v=SgyXHWxLM5w
https://mamedev.emulab.it/haze/