Sunday, 28 December 2014

Capcom Kabuki CPU - Part 5

Welcome to the sixth and final post in the Capcom Kabuki reverse engineering series, you can find all previous posts here:

Reprograming Kabuki

Last week's journey under the microscope gave us a better understanding of all the Kabuki internals. In this week's final post we will learn all of its reprograming secrets. 



Kabuki is no longer a secret, thank you for watching and I hope you enjoyed this journey as much as I did. See you again in 2015!


at

9 comments:

  1. Unknown29 December 2014 at 01:27

    Nice work!

    ReplyDelete
  2. Anonymous29 December 2014 at 03:50

    Well done, I was impressed with your decapping and deprocessing of the die, I know how hard this is to do. Given that this is a fairly clever keyloading method, I wonder if Capcom reused it, or something similar for the CPS2 encrypted cpu. I know that the decryption is radically different (took quite a while to break by very clever mame contributors), however since no one has worked out how the key loading works, I wonder if it is worth another look at the die shots of the cps2 encrypted 68k... Cheers, Pete

    ReplyDelete
  3. Anonymous29 December 2014 at 04:00

    On another subject, can you make available your "Kabuki-reprogramming" pdf, since this would be a great reference text for other reverse engineers.
    Cheers, Pete

    ReplyDelete
  4. Anonymous29 December 2014 at 20:18

    Niiiiice.
    I also do think there is a logical explanation why the secret key is what it is. It might be useful to add a link to the decapped die image as it might help finding the origin of the secret key, I think...

    ReplyDelete
  5. Anonymous2 January 2015 at 16:46

    For me it seems trivial that the 20 bits are 4 x 5 bits which cover the japanese characters in JIS/Shift JIS (with 0xA0 offset). It then gives out カセイ・ (KA SE I [comma]). The problem is kasei can mean anything. The word itself has at least ten meanings (I'd choose metamorphosis), and a quick search brings for example a company which makes everything (Asahi Kasei), a period (see kasei kabuki), a university and so on. It can even be a twisted "engrish" acronym for KAbuki SEcret Initialization.
    Take your pick.

    ReplyDelete
  6. Unknown29 January 2015 at 09:07

    Wow your posts are amazing! You've mentioned that you're not a hw engineer. How did you learn about identifying components on the decap image and things like this?

    ReplyDelete
    Replies
    1. Eduardo Cruz29 January 2015 at 09:31

      Hi Norbert, thanks for watching. There's several blogs/sites that discuss RE, some of them have great amounts of information. eg: http://siliconpr0n.org/

      Delete
  7. Sassan2 February 2015 at 15:35

    Is it possible to have these last two parts in a text format similar to the first 3?

    I greatly enjoyed the first 3, but prefer to read than watch.

    ReplyDelete
    Replies
    1. Eduardo Cruz2 February 2015 at 15:45

      Unlike but I will consider your comments when preparing future posts.

      Delete