Well ... While we're at it (Dreamcast region modchip thread) I took my old MEGA-CD out of storage and started to thinker with it.
Since 2004/2005 (I don't remember well) I've been buying US and EU games and re-burning them on CDRs.
Because I don't like Datel's CDX and other similar stuff occupying my Mega Drive cartridge slot, I started to research how actually the SCDCONV program works. I found out that it *tries* to relocate the boot loader of the game and injects the proper "security program" for the target region.
Also I found out that the three regions have respectively:
Japanese security program: 342 Bytes -> "PRODUCED BY OR UNDER LICENCE FROM KABUSHIKI KAISHA SEGA ENTERPRISES"
European security program: 1390 bytes -> "PRODUCED BY OR UNDER LICENSE FROM SEGA ENTERPRISES, LTD"
U.S. security program: 1412 bytes -> "PRODUCED BY OR UNDER LICENSE FROM SEGA ENTERPRISES, LTD"
So what I do to make PAL and US games work on my asian Mega CD is manually paste the japanese security program at the correct offset (0x00200) of the first sector and pad the size difference with 68000 NOP instructions (4E 71).
Still, it doesn't solve the problem of the Mega-CD itself having a Mega Drive console region check on it's own BIOS ROM.
This is how I got that check defeated: (For Asian Mega-CD Bios ROM: EPR-14563H 12/28-1991 1.00)
This routine checks the status of the region bit at 0x00A10001 and returns (RTS) if the region is *NOT* set to "Export":
00000716 1039 00a1 0001 MOVE.B A_00a10001,D0
0000071C 6a06 BPL B_724
0000071E 0800 0006 BTST #6,D0
00000722 6702 BEQ B_726
00000724 4e75 RTS
This routine prints the dreaded region error screen and locks itself on a endless loop:
00000726 007c 0700 OR #0x700,SR
0000072A 4eba 01f8 JSR (D_01f8,PC)
0000072E 4eba 0cba JSR (D_0cba,PC)
00000732 43fa 0022 LEA (D_0022,PC),A1
00000736 23fc c000 0000 00c0 0004 MOVE #0xc0000000,A_00c00004
00000740 23d9 00c0 0000 MOVE (A1)+,A_00c00000
00000746 203c 4604 0003 MOVE #0x46040003,D0
0000074C 4eba 0c74 JSR (D_0c74,PC)
00000750 4eba 0518 JSR (D_0518,PC)
00000754 60fe BRA B_754 <- this instruction locks the system up
After this, the data with the text message "ERROR! THIS IS A PAL-COMPATIBLE MEGA-CD FOR EXCLUSIVE USE IN SOUTHEAST ASIA."
I changed this:
00000722 6702 BEQ B_726
Into this:
00000722 4E71 NOP
Causes the conditional "Branch if EQual" to never happen, the next instruction (RTS) is executed and the Mega-CD boots as if nothing had happened.
Fixed the checksum with a ROM repair tool, tested it on a emulator, byte swapped, burned on a 128BK 16 bit eprom (27C210) and was ready to go.
I've always thought of hacking the MCD BIOS, but then I got the MegaCart and I'm really unmotivated...
Anyway, great work !!!
I'm certainly impressed. I wonder if I can hack the LaserActive BIOS to do similar things.
While I'm at it:
For the US Laseractive rom (03/29-1993 BR 000001-0.985 )
0000091A 1039 00a1 0001 MOVE.B A_00a10001,D0
00000920 0200 00c0 AND.B #0xc0,D0
00000924 0c00 0080 CMP.B #0x80,D0
00000928 6602 BNE B_92c <- Victim (change to 4E71 or 4E75)
0000092A 4e75 RTS
For the Japanese Laseractive ROM (03/29-1993 BR 000001-0.985)
00000840 1039 00a1 0001 MOVE.B A_00a10001,D0
00000846 0200 00c0 AND.B #0xc0,D0
0000084A 6602 BNE B_84e <- There is !
0000084C 4e75 RTS
Have fun modding your Laser Active :)
I recommend using the Japanese bios since patching the CD discs for it is piece of cake... But I don't know how that would affect the MEGA-LD playback ... lol (I've never seen a Laser Active)
US Mega LD titles play on a Japanese Mega LD. (My US LD of Hyperion boots no probs).
Mega CD games are still locked afaik tho.
That hack allows you to run a japanese bios on your US Unit without a region switch mod.
Also that hack allows you to install a language switch mod and play your LDs and CDs without having to change it back to the original region switch.
I really wanted to hack the Mega-CD/SEGA-CD security program but it's on the sub CPU bios and it's compressed. I can dump the sub CPU bios but the problem is that I cannot re-compress it and put it back on the ROM image. That's beyond my knowledge at the moment.
If LDs have no region then it's very likely they use the same security program on both versions of the bios, for LD discs.
Is there or is it possible to make boot cd that will allow to play imports?
It shouldn't be hard, but I don't actually know, I don't quite think I'm going to mess with MCD... 32X seems more interesting.