But no, it's simplicity suggests - it is the same for all X3s, and may be for other X's.
TAITO TYPE X3 DUMP PASSWORD
The actual password is quite simple, I was expecting some long cryptic string, unique for each machine, or at least for each machine/game combination. Void PasswordEncode(CHAR16 *Password, int MaxSize) Suprisingly there is not much information about this default alghorithm on the Internet, but in 2013 a manufacturer, called Jetway, accidently leaked AMI BIOS toolchain and partial sources, if you would look carefully thru - you would spot Still don't see the pattern?ĭespite AMI BIOS toolkit has all necessary hooks for a manufacturer to implement their own encryption routine - X3 uses AMI's default, with default key. Taito's AMITSESetup looks the same, just first half is zero'ed, as "Administrator" password is not set, only "User" password is active. Just looking at this data and two passwords (111) from that post, I already can see some patterns. Each character is represented by 2 bytes. (Original post) was very helpful with confirming that the password is actually stored in AMITSESetup structure. Looking thru the listing you can see it is an AMI Bios. There are tons of interesting stuff inside, and I would return to that later, as ATASec hashing functions are also sitting somewhere there, but for now we need to understand where the BIOS stores it's password. Which can be read and parsed by many different tools like these: Intel ME Flash Tools or UEFITool. Long story short - I was able to completly dump SPI flash chip. I really don't get it how people can manually repair stuff like QFP240. One trace was damaged and I had to rebuilt it. With some damage, as it looks like it was not just soldered to the m/b, but also glued. Had to de-solder the chip from the mainboard. Then it turned out that it is not possible to communicate with SPI chip without removing onboard battery, what we do not want to do for sure, as our precious keys from CMOS ram would be gone. I was able to use FlashROM Tools with an Arduino UNO, programmed with "frser-duino"ĭo not use under virtual machine - it would not work, because of messed timingsĪs a side note: Adafruit's bidirectional logic level shifter did not work for me, and I have converted my Arduino Uno to 3.3v by replacing voltage regulator. I have spent a whole day playing with different combinations of Arduino, level converters and clips. It is half the size, but command set and pinout is compatible. I have removed the sticker to discover that the chip is MX25L6406E, which is Macronix 64 Mbit (8Mbytes) SPI flash, with a standart command set.īefore messing with the chip I have decided to try dumping SPI flash chip from NodeMCU clone. Looking at the mainboard - you can spot it immediatly, in comes with yellow/green color sticker. Alternative way is to store things in the NVRAM, which is actually a memory area inside SPI flash chip, that holds BIOS image itself (as well as many more stuff like Intel ME, GbE bios, etc).Īs we know from other guy's experience of killing his X3 with a CMOS reset - bios password is in the NVRAM, on the SPI flash chip. So modern BIOSes can store data both in CMOS RAM, which is now part of chipset itself, and is a battery backedup very small memory area of 128 or 256 bytes. As this stuff fall out of my interests area, and last time I was playing with BIOS internals was somewhere in i80386 era. So - where it keeps the password? I had to do some self-education to catch up on how modern BIOS works, where it can store things, what is all that UEFI stuff, etc. Actually it is not something Taito invented, AMI bios manufacturer toolkit has a configurable option to keep bios setup passwords on cmos reset. Resetting CMOS RAM kills some valuable information, used for ATAsec disk key calculation, but it does not remove the BIOS password. BIOS Setup has a non-standart hotkey combination Ctrl + Alt + F9 And then you are greeted by very familiar looking AMI bios password prompt.Īs I have read on different forums - people tried resetting the CMOS to remove the password, and it did not work. You should legally own the machine, hard drive and matching hardware key.Īs every X3 owner knows - it comes with a locked BIOS, that just shows you a nice startup fullscreen logo.
This research is provided for INFORMATIVE AND EDUCATIONAL PURPOSES ONLY. Taito X3 is current commercial arcade system, beeing shifted-out by X4, but still.
0 kommentar(er)
