Bad dump or ludicrous protection?

[forgotusername]

A 319-in-1 handheld console was recently dumped, which is labeled as being NES-based in MAME. I was quite curious to see what's on this console, as it appears to use the new "Timemax" game set, with its weird Inventor-based hacks and whatnot.

However, the format of the ROM is...borderline incomprehensible. I initially assumed this was a bad dump, as I could find nothing visible using YY-CHR. I came across graphics resembling the corrupted remains of Donkey Kong Jr. at one address; but inexplicably, it visibly displayed as two Inventor hacks (Rescue Kuck and Conte Enegy) when set to 4BPP SNES/PCE mode. The graphics are seemingly further scrambled from here, swapping the second and third lines compared to the unaltered CHR data.

I still can't make enough sense out of the code to do much with it, but could anyone verify if this actually is some ridiculous scrambling/protection method? MAME does label the ROM as potentially being scrambled, but I'm still tempted to deem this a bad dump to some level. Image example and ROM (with probably-incorrect header) attached below.

[NewRisingSun]

This seems like simultaneous data and address scrambling. I would have to know what game's graphics are there at offset 0 to have any hint at how to deduce the bit order.

[forgotusername]

This seems like simultaneous data and address scrambling. I would have to know what game's graphics are there at offset 0 to have any hint at how to deduce the bit order.

If it helps, here is the best approximation I could get of addresses 10-400F and 100010-10400F (which are comprised of Nice Code games):

10 = unknown CHR bank w/ large font; does not appear to be a game, possibly multicart menu CHR
1010 = Spider-Man (Nice Code) CHR bank 1
2010 = blank, likely tied to unknown CHR bank
3010 = Spider Man (Nice Code) CHR bank 2

100010 = Garden War/Resistant CHR bank 1
101010 = Gate CHR bank 1
102010 = Garden War/Resistant CHR bank 2
103010 = Gate CHR bank 2

Note that Garden War and Resistant (as its unaltered ROM) share the same file as each other, so I can't say which one it is off of CHR alone. The following byte areas are swapped around (while still under 4BPP display for the 319-in-1, x16 display mode for the unaltered NES ROMs):

code lines [xx]20-3F and [xx]40-5F are swapped with each other
code lines [xx]A0-BF and [xx]C0-DF are swapped with each other

[NewRisingSun]

Wow, that was tough.

Code: [Select]

for (unsigned int i =0; i <prgnew.size(); i+=2) {
uint32_t j =    i &~0x48F618 |
    i >>1 & 0x005208 |
    i <<1 & 0x00A410 |
    i >>3 & 0x080000 |
    i <<3 & 0x400000;
uint16_t val1 =nes.prgrom[j +0] | nes.prgrom[j +1] <<8;
uint16_t val2;
val2 = val1  &  ~0x3C6C |

       val1 >>7 &0x0060 |
       val1 <<7 &0x3000 |

       val1 >>8 &0x000C |
       val1 <<8 &0x0C00
;
prgnew[i +0] =val2 &0xFF;
prgnew[i +1] =val2 >>8;
}
All games seem to work, though "Puzzle" games 123-126 are incorrectly labelled. I think there are a few previously-unavailable Inventor hacks on there, such as Inclement Trip. Don't see anything new from Nice Code though.

[forgotusername]

Looks perfect, thank you for decoding it. At least a few Nice Code variants here appear to be undumped (one I spotted was the "caveman" version of 100 Meter Dash), though it is mostly Inventor in terms of newly-dumped content.

[NewRisingSun]

Has the Classic Max Pocket PCMX11 already been decrypted?

[forgotusername]

Has the Classic Max Pocket PCMX11 already been decrypted?

It's set to be emulated in the next MAME update (alongside the vertical-resolution version "Mx-10"), though I would assume that's decoded through emulation rather than a modified ROM. Both are VT168 systems, so I'm not too familiar with the hardware.

[forgotusername]

Here are extracts of the verifiably-undumped 319-in-1 titles; mainly as I realized the aforementioned 100 Meter Dash appears to be unused in the code, unless I'm missing it in the list somehow... I also ripped a couple weird revisions, which may pertain to the Timemax set (Bandits has a Timemax notice at the very least).