Taiko Drum Master 11&12-Asian Edition is Stoped at system error.

[andymage593]

13th Gen Intel(R) Core(TM)i7-1370OKF DDR 5 32.0GB NVIDIA GeForce RTX2060 Windows 10 64 Bit Play!-0.62-137-g71d509c9

Taiko Drum Master 11-Asian Edition { "id": "taiko11more", "name": "太鼓の達人 11亚洲版", "dongle": { "name": "NM00046 T111004-NA-A, Ver.A10 a026381985006a.bin" }, "cdvd": { "name": "NM00046 T11100-4-NA-DVD0-A (DVD-ROM).chd" }, "inputMode": "drum", "eeFrequencyScale": [4, 3], "boot": "ac0:TEBLOAD", "patches": [ ] }

Taiko Drum Master 12-Asian Edition { "id": "taiko12more", "name": "太鼓の達人 12亚洲版", "dongle": { "name": "NM00054 T121004-NA-A, Ver.A03 a026531386742a.bin" }, "hdd": { "name": "NM00054 T12100-4-NA-HDD0-A (HDD).chd" }, "inputMode": "drum", "eeFrequencyScale": [4, 3], "boot": "ac0:TEDLOAD", "patches": [ ] }

[nanonya]

According to this post https://www.arcade-projects.com/threads/taiko-drum-master-region-hack-development-testing-thread.1311/ , the Asian versions check the NVRAM when booting. If it doesn't contain specific data 32 1F C7 FA D6 EE F0 1C the game will refuse to boot and show "SYSTEM ERROR". Japanese versions have a reversed mechanism - it won't start when the NVRAM contains such data.

It seems that there are 3 possible solution for this issue:

1. Invert the conditional statement in the binary of Asian versions.
2. Find out what the NVRAM contains in Play! emulator, and modify the dongle file as in the post I mentioned.
3. Modify the source code of Play! emulator to set the NVRAM to what the game requires.

I modified TEDGAME from Taiko12Asian's dongle in different ways including copying hex codes from JP version, but all my attempts failed. Tomorrow I will try again. I don't find a tool that can disassemble TEDGAME - it is not standard PS2 ELF binary. PS2DIS and Ghidra won't work, or maybe I lack some steps. And I currently have neither the time nor the ability to deal with the emulator's source code. BTW, you can use PCSX2 to extract & repack the dongle dump.

There is still possibilty that the cause of this issue is not region lock; if it is true, what I wrote above will be totally nosense.

---

我看了下这个帖子 https://www.arcade-projects.com/threads/taiko-drum-master-region-hack-development-testing-thread.1311/ ，11 亚和 12 亚启动的时候要检查 NVRAM 里的数据。如果没有检测到 32 1F C7 FA D6 EE F0 1C 就无法启动，然后显示「SYSTEM ERORR」。日版的逻辑是相反的，检测到这段就无法启动。

可能有三种思路可以解决：

1. 直接把亚版里面这个判断改成反向的。
2. 看看 Play! 模拟器里默认的 NVRAM 到底是啥，按原帖的内容换到加密狗里面。
3. 直接去改模拟器的源码，指定游戏需要的 NVRAM 内容。

试了下改 12 亚的加密狗，用了很多方式包括把日版 12 同一段数据粘贴进去都不管用，明天我再试试。 用了一些工具试图反汇编，但 12 亚的 TEDGAME 根本就不像是标准的 PS2 ELF 二进制格式。PS2DIS 和 Ghidra 都无法正常反汇编（也可能是我缺少了某些步骤）。 目前我没有能力也没有时间去看 Play! 的源码。 顺便提一句，你可以用 PCSX2 的存档管理器解包和重新打包加密狗。

当然，也有可能压根就不是锁区的原因，那上面这些说了也是白说。

[Tonymiugrey]

According to this post https://www.arcade-projects.com/threads/taiko-drum-master-region-hack-development-testing-thread.1311/ , the Asian versions check the NVRAM when booting. If it doesn't contain specific data 32 1F C7 FA D6 EE F0 1C the game will refuse to boot and show "SYSTEM ERROR". Japanese versions have a reversed mechanism - it won't start when the NVRAM contains such data.

It seems that there are 3 possible solution for this issue:

1. Invert the conditional statement in the binary of Asian versions.
2. Find out what the NVRAM contains in Play! emulator, and modify the dongle file as in the post I mentioned.
3. Modify the source code of Play! emulator to set the NVRAM to what the game requires.

I modified TEDGAME from Taiko12Asian's dongle in different ways including copying hex codes from JP version, but all my attempts failed. Tomorrow I will try again. I don't find a tool that can disassemble TEDGAME - it is not standard PS2 ELF binary. PS2DIS and Ghidra won't work, or maybe I lack some steps. And I currently have neither the time nor the ability to deal with the emulator's source code. BTW, you can use PCSX2 to extract & repack the dongle dump.

There is still possibilty that the cause of this issue is not region lock; if it is true, what I wrote above will be totally nosense.

我看了下这个帖子 https://www.arcade-projects.com/threads/taiko-drum-master-region-hack-development-testing-thread.1311/ ，11 亚和 12 亚启动的时候要检查 NVRAM 里的数据。如果没有检测到 32 1F C7 FA D6 EE F0 1C 就无法启动，然后显示「SYSTEM ERORR」。日版的逻辑是相反的，检测到这段就无法启动。

可能有三种思路可以解决：

1. 直接把亚版里面这个判断改成反向的。
2. 看看 Play! 模拟器里默认的 NVRAM 到底是啥，按原帖的内容换到加密狗里面。
3. 直接去改模拟器的源码，指定游戏需要的 NVRAM 内容。

试了下改 12 亚的加密狗，用了很多方式包括把日版 12 同一段数据粘贴进去都不管用，明天我再试试。 用了一些工具试图反汇编，但 12 亚的 TEDGAME 根本就不像是标准的 PS2 ELF 二进制格式。PS2DIS 和 Ghidra 都无法正常反汇编（也可能是我缺少了某些步骤）。 目前我没有能力也没有时间去看 Play! 的源码。 顺便提一句，你可以用 PCSX2 的存档管理器解包和重新打包加密狗。

当然，也有可能压根就不是锁区的原因，那上面这些说了也是白说。

I tried to modify the dongle in hex editor directly,

NM00046 T111004-NA-A, Ver.A10 Taiko 11 Asian Edition: FIND: 32 1F C7 FA D6 EF EE F0 1C REPLACE: FF FF FF FF FF EF FF FF FF However, the problem still exists.

Did you have any new findings?

我直接用16进制编辑器修改了加密狗里的内容，但是依然报错 比较好奇你这两天有啥新发现吗

[nanonya]

I tried to modify the dongle in hex editor directly,

NM00046 T111004-NA-A, Ver.A10

Taiko 11 Asian Edition:

FIND: 32 1F C7 FA D6 EF EE F0 1C

REPLACE: FF FF FF FF FF EF FF FF FF

However, the problem still exists.

Did you have any new findings?

我直接用16进制编辑器修改了加密狗里的内容，但是依然报错

比较好奇你这两天有啥新发现吗

I didn't have time to try in the past few days; maybe I'll continue at this weekend. Your approach is on the right track. However (if the arcade-projects post is correct) your modified Taiko no Tatsujin 11 Asian Edition requires the NVRAM filled with FF, and it may work on real Japanese arcade hardware. Also, perhaps you should modify the extracted TEBGAME file rather than whole dongle dump. I have no knowledge of Play! emulator's machenism, so I am not clear about its implementation of System 256 emulation. In the case that the SYSTEM ERROR is caused by region locking, the emulated NVRAM may have different data that in Japanese arcades. As mentioned in the previous comment, it seems that only Asian versions require specific, unique data.

---

前几天我没时间试验，也许这周末会继续。 你这里思路应该是对的，但是如果 arcade-projects 的帖子没说错，你修改过的《太鼓 11 亚》需要的是 NVRAM 内容都是 FF，在真机上有可能可以跑通。此外你可能需要修改的是解包后的 TEBGAME 文件而非整个的加密狗 dump。 Play! 的具体机制我一无所知，无法确定模拟器是如何实现的。如果是触发锁区机制引发的 SYSTEM ERROR，有可能在模拟器里运行时它取到的 NVRAM 是和日版真机不同的其他数值。前面的回复也提到，可能只有亚洲版会严格要求必须是特定的值。

[nanonya]

YATTA! FINALLY I FOUND IT! I searched “memset” in the source codes, and I found that some codes fill “0xAA” to buffers (like in Iop_Cdvdman.cpp). So I assumed the BR9080F NVRAM is filled with 0xAA when booting, then modified the dongle. AND IT WORKS! ... for Taiko 12A only. Modified Taiko no Tatsujin 11 Asian Edition still can't boot, and it displays red text which reads “SYSTEM256 MODE SETTING ERROR”. There may be issues besides region locking. Maybe there could be a taiko12a.arcadedef file with patches? (Note: it should not be “taiko12more”.)

Temporary solution: ~~For Taiko no Tatsujin 11 Asian Edition, use a hex editor to open t111004-na-a.ic002, starting from 0x0019CBC00D, replace 32 1F C7 FA D6 EF EE F0 1C to AA AA AA AA AA EF AA AA AA~~

For Taiko no Tatsujin 12 Asian Edition, use a hex editor to open t121004-na-a.ic002, starting from 0x001FC4700A, replace 32 1F C7 FA D6 EE 97 F0 1C to AA AA AA AA AA AA 97 AA AA

PS. Perhaps this should be considered a bug as the emulated BR9080F NVRAM data doesn't match real arcade hardwares (that are filled with 0xFF in most cases).

---

终于！搞定了！ 在源码里找了一下“memset”，发现某些地方会将缓冲区填充“0xAA”（如 Iop_Cdvdman.cpp）。 假设启动的时候游戏从 BR9080F NVRAM 里读取到的都是 0xAA，按这个来修改加密狗。成功了！……只有 12 亚。 现在《太鼓之达人 11 亚洲版》修改后启动时会显示红字 SYSTEM256 MODE SETTING ERROR，可能有锁区之外的问题。 也许应该来一个带 patches 的 taiko12a.arcadedef 文件？（注意：不应该是“taiko12more”，那是增量版。）

临时解决方法： ~~对于《太鼓之达人 11 亚洲版》，用 16 进制编辑器打开 t111004-na-a.ic002，从 0x0019CBC00D 开始将 32 1F C7 FA D6 EF EE F0 1C 替换为 AA AA AA AA AA EF AA AA AA~~

对于《太鼓之达人 12 亚洲版》，用 16 进制编辑器打开 t121004-na-a.ic002，从 0x001FC4700A 开始将 32 1F C7 FA D6 EE 97 F0 1C 替换为 AA AA AA AA AA AA 97 AA AA

PS.这估计得算是模拟器的 bug，因为 BR9080F NVRAM 的数据和真机不一样，真机应该一般都是填满 0xFF。

[Tonymiugrey]

COOL! I will try it! Thanks for your amazing explorations!

[nanonya]

Now Taiko no Tatsujin 11 Asian Edition can be successfully emulated too. What caused the "SYSTEM256 MODE SETTING ERROR" is that the .arcadedef config has incorrect settings. The Taiko11A arcade uses a hard drive rather than an optical disc drive. However the default taiko11.arcadedef sets up a DVD drive. (At first I directly copied and modified this config.) Therefore, the problem is fixed by replacing cdvd to hdd. (Edit: The real reason is not about the storage. Please see Yuki1404's reply below.)

So again - For Taiko no Tatsujin 11 Asian Edition, use a hex editor to open t111004-na-a.ic002, starting from 0x0019CBC00D, replace 32 1F C7 FA D6 EF EE F0 1C to AA AA AA AA AA EF AA AA AA

A correct taiko11a.arcadedef:

{
    "id": "taiko11a",
    "name": "Taiko no Tatsujin 11 Asian Edition",
    "dongle":
    {
        "name": "t111004-na-a.ic002"
    },
    "hdd":
    {
        "name": "t11100-4-na-hdd0-a.chd"
    },
    "inputMode": "drum",
    "eeFrequencyScale": [4, 3],
    "boot": "ac0:TEBLOAD",
    "patches":
    [
    ]
}

《太鼓之达人 11 亚洲版》也成功模拟了。 导致之前出现「SYSTEM256 MODE SETTING ERROR」问题的原因是 .arcadedef 配置文件设置有误。 《太鼓 11 亚》用的是硬盘而不是光驱，但自带的 taiko11.arcadedef 配置的是 DVD 光驱（我一开始直接拿这个配置改了）。所以把亚洲版配置里面的 cdvd 换成 hdd 就解决了。 （编辑：真正的原因不是存储方式。请参考下方 yuki1404 的回复。）

那么再来一次—— 对于《太鼓之达人 11 亚洲版》，用 16 进制编辑器打开 t111004-na-a.ic002，从 0x0019CBC00D 开始将 32 1F C7 FA D6 EF EE F0 1C 替换为 AA AA AA AA AA EF AA AA AA

正确的 taiko11a.arcadedef：（见前文）

[yuki1404]

Now Taiko no Tatsujin 11 Asian Edition can be successfully emulated too. What caused the "SYSTEM256 MODE SETTING ERROR" is that the .arcadedef config has incorrect settings. The Taiko11A arcade uses a hard drive rather than an optical disc drive. However the default taiko11.arcadedef sets up a DVD drive. (At first I directly copied and modified this config.) Therefore, the problem is fixed by replacing cdvd to hdd.

So again - For Taiko no Tatsujin 11 Asian Edition, use a hex editor to open t111004-na-a.ic002, starting from 0x0019CBC00D, replace 32 1F C7 FA D6 EF EE F0 1C to AA AA AA AA AA EF AA AA AA

A correct taiko11a.arcadedef:

《太鼓之达人 11 亚洲版》也成功模拟了。 导致之前出现「SYSTEM256 MODE SETTING ERROR」问题的原因是 .arcadedef 配置文件设置有误。 《太鼓 11 亚》用的是硬盘而不是光驱，但自带的 taiko11.arcadedef 配置的是 DVD 光驱（我一开始直接拿这个配置改了）。所以把亚洲版配置里面的 cdvd 换成 hdd 就解决了。

那么再来一次—— 对于《太鼓之达人 11 亚洲版》，用 16 进制编辑器打开 t111004-na-a.ic002，从 0x0019CBC00D 开始将 32 1F C7 FA D6 EF EE F0 1C 替换为 AA AA AA AA AA EF AA AA AA

正确的 taiko11a.arcadedef：（见前文）

I also encountered the "SYSTEM256 MODE SETTING ERROR" issue. Thank you for your enlightenment. I fixed it by modifying the.arcadedef configuration file. However, I found that the error was not in "cdvd", but in the fact that "eeFrequencyScale" was set to [16, 9]. Modifying it to [4, 3] made it work.

我也遇到了“SYSTEM256 MODE SETTING ERROR”问题。 感谢您的启发。 我通过修改 .arcadedef 配置文件修复了它。 然而，我发现错误不在“cdvd”中，而在于“eeFrequencyScale”设置为[16, 9]。 修改为[4, 3]就可以了。

[nanonya]

I also encountered the "SYSTEM256 MODE SETTING ERROR" issue. Thank you for your enlightenment. I fixed it by modifying the.arcadedef configuration file. However, I found that the error was not in "cdvd", but in the fact that "eeFrequencyScale" was set to [16, 9]. Modifying it to [4, 3] made it work.

我也遇到了“SYSTEM256 MODE SETTING ERROR”问题。 感谢您的启发。 我通过修改 .arcadedef 配置文件修复了它。 然而，我发现错误不在“cdvd”中，而在于“eeFrequencyScale”设置为[16, 9]。 修改为[4, 3]就可以了。

Thank you for pointing this out. It seems that I accidentally fixed the config.