The login prompt is a little unresponsive at start, but no basic combinations of login appear to work. It's also ~1-2 seconds of delay for each wrong password, so bruteforce won't be very efficient.
Boot:
NAND ID: 2c 44 44 4b a9 0 0 0
[NAND] got lsb and readretry table!
startaddr 81055754, size 64, count 64, count_per_line 16
00000000: 2c 44 44 4b a9 ff ff ff 01 10 2e 28 00 01 50 08
00000010: ce 03 28 02 83 00 08 e0 00 00 00 00 00 00 00 00
00000020: 11 80 00 00 35 85 11 80 01 00 01 70 78 78 00 00
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 01 02
[SCAN] ScanSearchZoneTbls: (DieNo: 0) enter., 1st blk 8, count:1024
Zonetbl.is GOOD DieNo = 0.
lcd_probe: start
lcd_mfp_set: start
cvbs_probe: start
hdmi_probe: start
asocdss_probe: start
de_sclcoef_config:write DE_SCLCOEF1 fail, so rewrite
asoc_fb_probe: start
get_logo_addr_in_3rd_mbrc: trd_mbrc_start_addr=0x81000000, trd_stage_byte_size=0x7e000, logo_size=0x26000
get_logo_addr_in_3rd_mbrc: logo_addr=0x81058000
asocfb_unblank: pdisp_info->single_display_mode(2)
asocfb_unblank: pdisp_info->single_display_mode(2)
back_light_probe: start, CMU_DEVCLKEN1=0x50040011, PWM2_CTL=0x100
display_welcome: done
load vmlinux from disk0
BusyBox vdebug.14.3 (2018-07-17 07:10:16 PDT) multi-call binary
Usage: insmod FILE [symbol=value]...
Load the specified kernel modules into the kernel
/init: line 422: /Mount: not found
e2fsck 1.41.14 (22-Dec-2010)
/dev/actd: clean, 41/64000 files, 8480/256000 blocks
mknod: /dev/mmc: File exists
mknod: /dev/tty0: File exists
Load usb driver finished
waiting receive ...
(none) login: Property file ok
sort load crc1 2102828029, crc2 2102828029
Launching Metal Slug 3:
--------- gameID: 32Pressing Start + Select to launch the interrupt menu:
-----Close font
w: 1280, h : 720
Property file ok
launchDir = /usr/local/etc/dmenu/
cache_dir = /vendor/res/cache
game_dir = /vendor/res/roms
game_name = mslug3h
--cache_name = /vendor/res/cache/mslug3h_cache isForceCache = 1
CHECKING_BIOS neogeo_bios = -1
neogeo_bios = 12
ALL_NVRAM_FILES_ARE_REMOVED
CHECKING_ROM_INFO
MALLOC addr = 0x2cc7a008 size = 0x44fe4
FREE addr = 0x2cc7a008 size = 0x44fe4
+++ gamew = 304 gameh = 224 +++
CHECKING_ROM_INFO OK
ROMSET_mslug3h_PARENT_mslug3
MALLOC addr = 0x608e78 size = 0x1000
MALLOC addr = 0x609e80 size = 0x4000
MALLOC addr = 0x2cc6a008 size = 0x80000
MALLOC addr = 0x2ccfb008 size = 0x500000
LOADING 256-ph1.p1
LOADING 256-ph2.sp2
+++ neogeo_ngh = 0x256 +++
MALLOC addr = 0x60de88 size = 0x20000
LOADING_BIOS neo-po.bin (Japan AES)
MALLOC addr = 0x2d1fc008 size = 0x90000
LOADING 256-m1.m1
MALLOC addr = 0x62de90 size = 0x20000
LOADING sfix.sfix
MALLOC addr = 0x2d28d008 size = 0x80000
LOADING_DECRYPTED_GFX2_ROM
MALLOC addr = 0x64de98 size = 0x20000
LOADING 000-lo.lo
MALLOC addr = 0x66dea0 size = 0x10000
MALLOC addr = 0x2d30e008 size = 0x1000000
LOADING_DECRYPTED_SOUND1_ROM
LOADING_CACHE_INFORMATION_DATA
65536KB_GFX3_CACHE_FILE(ZYH)
-------open gameDSP
rate is 44100
--dsp fd: 13
reader 4
DONE2
p1 key: 0x300
-------close gamedsp
w: 1280, h : 720
Mode: 0
Hey Man, I don't know if you still check this, but I have some interesting info, I need help deciphering from someone smarter than I.
ReplyDeleteThis came from looking at the neo geo nand via Ultra Edit, just a sample
PWD_Path=$(pwd)
cd /usr/local/etc
source init.ebox.rc
mount -o remount, rw /
I have the nand image dunmped, and I have no idea how to extract it, please feel free to reach out to me rukzero@gmail.com, i'd be more than willing to provide it