From 1997-2000 I was an avid player of button smashing 2D fighting games, Street Fighter III 3rd Strike: Fight for the future was a favorite. With the advent of arcade game emulation on the PC I played NEOGEO and CPS2 games on Windows and Linux emulators. But I was not able to play the SFIII series because there are no known workarounds against the encryption of CPS3 (Capcom Play System III) boards.
The CPS3 has nasty protection built-in to prevent reverse engineering. There is a encrypted game CD and a cartridge for protection. When the system boots up, the CD is flashed into memory and then decrypted on-the-fly by the cartridge. The cartridge is very sensitive to manipulation and if the watchdog detects tampering, the decryption key is erased and the board becomes unusable. The CPS2 has a similar feature dubbed 'Capcom Suicide'. CPS2's encryption was previously worked around using XOR decryption tables but now it is fully cracked.
The same person that cracked CPS2 has cracked the CPS3 encryption, quoting Andreas Naive (Spanish to English):
As we had predicted from the beginning, the algorithm is cryptographically weak, so that, once discovered, it has not been too difficult develop an attack with which to recover the keys.
Andreas' spanish language blog entries from April to June 2007 has the details of the CPS3 attack. Another blog of interest is Nicola Salmoria's blog which has details of the CPS2 attack. Read the cryptoanalysis stuff on their blogs, these folks crack encryptions for fun.
It is also interesting to note that Capcom used some 'birth dates' in the keys of CPS2 and CPS3 games. Here are the keys for the CPS3 games:
jojo: 0x02203ee3 0x01301972
jojoba: 0x23323ee3 0x03021972
sfiii: 0xb5fe053e 0xfc03925a
sfiii2: 0x00000000 0x00000000
sfiii3: 0xa55432b4 0x0c129981
warzard: 0x9e300ab1 0xa175b82c
The lesson here is that closed encryption algorithms (specially if weak) can be cracked given the demand and challenge. Now I can play Street Fighter III 3rd Strike on my PC, thanks to crypto geeks and of course to Capcom.
