Skip to content

Tome of historic Sega Lindbergh information that was previously gate kept.

Notifications You must be signed in to change notification settings

ArcadeHustle/LindyLiberation

Repository files navigation

Big thanks to Mitsurugi_w, Darksoft, MetalliC (p1pkin) and Brizzo (Nazarene) of Arcade Projects for finally allowing this to be published. Please direct message them with any questions! https://arcade-projects.com/

  • written by hostile, with supporting information from the community at large, and lots of Google searches

Stage One:

As of 6/3/19, asking [email protected] "Is Lindbergh still supported hardware?" will prompt the following answer:

From: Technical <[email protected]>
To: xxxx
Cc: Technical <[email protected]>
Subject: RE: <Webpage Enquiry Lindbergh>
Thread-topic: <Webpage Enquiry Lindbergh>
Date: Mon, 03 Jun 2019 16:37:36 +0000

Hello xxxx,

Yes we do still support the Lindbergh's both red and yellow.

Kind regards,
...
Technical Support


Sega Amusements International Ltd
42 Barwell Business Park | Leatherhead Road
Chessington | Surrey | KT9 2NY | United Kingdom
T: +44 (0)208 391 8060 (Option 2) F: +44 (0)208 391 8099
M:+447903 200749

There are of course several Lindy variants, "I have red, blue, yellow, silver"!
https://www.arcade-projects.com/forums/index.php?thread/2184-lindbergh-differences/&pageNo=1

This specifically means that the Lindbergh Blue series can be considered End of Life.

Enough StarHorse2 parts have been sold on YAJ, it is a fair time to help folks attempt to restore these wonderful machines.
Star Hourse 2

It's also clear there are several Derby Owners Club installs that require restoration work so people can still Feel The Rush"!

Lucky for you, after nearly 6 years of sales, the DarkDawg Lindbergh Multigame Kit is no longer a viable cash cow, so we are comfortable sharing more info on the system.

At first Mitsu didn't fully publish details on the kit, as usual contacting him via DM is the way to have your needs fulfilled.
"Decided to remove this video to fix some things. Contact me for details."
https://forums.arcade-museum.com/showthread.php?t=301907

Although not widely discussed, some of you remembered:
"This wasn't developed by us, it was developed for us... agreement to sell as a kit in the Americas"
"We will sell it in those regions, and provide support for it"
https://youtu.be/QEoRf_vhHUo?t=683

"He's not the one that made it, he just acquired the rights to sell it, I could be wrong"
https://youtu.be/UGPNoUuQrgk?t=149

Back in the early days DarkDawg Lindbergh Multigame Kit was one of few non hacked up multi's for Lindy!
"We sell a different version that does not have so many hacks and that stays more true to the original.'
https://www.arcade-projects.com/forums/index.php?thread/139-sega-lindbergh-help/

About a week after Formally introducing: DarkDawg Collaborations, Mitsu started selling the Lindy multi kit.
https://forums.arcade-museum.com/showthread.php?t=301907

DarkDawg Collaborations Presents: DarkDawg Lindbergh Multigame Kit
https://www.youtube.com/watch?v=QEoRf_vhHUo

Mitsu also sold single games for archival purposes, in fact single game kits were actually hot for a few years!
"I can get you a single game kit probably. What game do you want?"
https://www.arcade-projects.com/forums/index.php?thread/928-is-it-possible-to-un-multikit-a-lindbergh-multikit-multigame-system/

"We can sell you a kit with just VF5 Final Showdown for $145."
https://www.arcade-projects.com/forums/index.php?thread/139-sega-lindbergh-help/

Stage Two:

Over time the scene evolved and tools were shared. Discussions were often censored, and the tools always disappeared.
"some of you might know crediar, he does alot in the console scene and now released some cool tools for Lindbergh"
https://www.arcade-projects.com/forums/index.php?thread/2488-new-lindbergh-tools/

An emulator even made a brief appearance that came and went quickly.
https://github.com/JayFoxRox/Lindbergh-Emulator (Based on a GPL request)
https://www.reddit.com/r/emulation/comments/9s71zr/emulation_of_sega_lindbergh_its_on_the_way/
"It was worked on by Jay, but he discontinued due to university etc."
https://assemblergames.org/viewtopic.php?t=2885

There was quite a bit of contention over who's multi was first, and most importantly who's was best.

"Long story short : 2 multis, one by Android ("authorization" sold to Darksoft & Mitsu who still sell kits here) and one by Jackalus (sold by mar.veto). Android claims Jackalus has hacked his hack to make his multi (multi is just a hack)."
https://www.arcade-projects.com/forums/index.php?thread/3921-ringedge-2-multi-legit/&postID=116115#post116115

"my name is Marco and I am from Italy... For sale Yellow Lindbergh with multigame installed..."
https://web.archive.org/web/20170708014939/http://www.neo-arcadia.com/forum/viewtopic.php?f=9&t=41853

"this multi does not come from Marco himself, it was produced by Jackalus (from the assemblergames site)."
https://www.gamoover.net/Forums/index.php?topic=29520.0

Former F-secure Jr Anti-Malware Analyst Nico eventually turned his work into a pay for play component of Teknoparrot.
https://www.linkedin.com/in/giansanti/
https://twitter.com/reaverteknogods/
https://twitter.com/reaverteknogods/status/1072569187292381184
https://archive.f-secure.com/weblog/archives/Jarno_Niemela_its_signed.pdf

Giansanti's Lindbergh work was done under the monikers Jackalus, Reaver, among others such a Junnumane
https://www.instagram.com/junnumane/?hl=en

"I doubt he will reveal the technical secrets behind that hack as it might dry out his source of income from it..."
http://forum.arcadecontrols.com/index.php?topic=149079.0

(2017) “TeknoParrot Emulator Announcement”
TeknoParrot Emulator Announcement
https://teknogods.github.io/compatibility/lindbergh-yellow.htm
https://teknogods.github.io/compatibility/lindbergh-red-ex.htm

"Until fall 2017, to own a multi you had to make a choice ... and go to the cashier! Darksoft version with its original versions but its keyboard selection and the Jackalus version without keyboard but deemed less stable. And then Crediar posted download links for a new version. A post appeared on Arcade Project but quickly deleted by the administrators. Official reason: system still in operation Unofficial reason: the multi still bring a lot of money to the two dealers holding the precious secret."
https://sega-lindbergh-underground.blogspot.com/2019/01/multi-jackalus-crediar.html
https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Fsega-lindbergh-underground.blogspot.com%2F2019%2F01%2Fmulti-jackalus-crediar.html

"[Tuto] Multiboot Free Lindbergh Crediar"
http://www.neo-arcadia.com/forum/viewtopic.php?t=61702

"Sega Lindbergh nedir? MultiGame Kurulumu"
http://www.commodore.gen.tr/forum/index.php?topic=15177.0

Crediar cf_multi.bin (archive)
https://archive.org/download/cf_multi

DarkDawg Collaborations was able to protect their Kit very well and maximize profits, both via censorship, and amazing technical means. They were beautiful!
https://forums.arcade-museum.com/showthread.php?t=269120

"So the multikits have a specific CF card and PIC. The CF card is locked so it can't be read and duplicated. Same with the PIC. The multikits were designed to be sold so the PIC is not interchangeable."
https://www.arcade-projects.com/forums/index.php?thread/928-is-it-possible-to-un-multikit-a-lindbergh-multikit-multigame-system/

Haha anyone still on "DDLindy 7.0"?
https://youtu.be/msBUzvSZ_lw?t=187

Some of you out here STILL trying to dump it ;)
"Security pic dump?thank you"
https://www.youtube.com/watch?v=PfDUp-cfdb8

Fast forward to today, and you'll notice Lindy Multi's are harder to find, and infomation on the platform is still scarce.

Some multi variants are very rarely mentioned at all these days...

"Le but de ce topic est de faire un point sur ce qu fait le multi boot Version Android (le créateur) en 3.20"
https://www.gamoover.net/Forums/index.php?topic=29522.0

Other versions are once again disappearing all together.

https://www.arcade-projects.com/forums/index.php?thread/9128-lindbergh-help/
"I'm not sure if they're being sold anymore."

https://www.arcade-projects.com/forums/index.php?thread/11480-multi-lindbergh/
"You wont find that here. Try in assemblergames or eBay. They pop up from time to time."

Stage Three:

Please remember the wise words of Mitsurugi_w "The info itself is not new or special. It's all over the web anyways"

Additional text relevant to this document can be found below:

"Internet Archive Gets DMCA Exemption To Help Archive Vintage Software"
"Computer programs and video games distributed in formats that have become obsolete and which require the original media or hardware as a condition of access."
https://archive.org/about/dmca.php

"a side effect of dongle-based access control is that legitimate access to the software may be prevented if the dongle is lost, malfunctioning, damaged or obsolete"
"thus cannot be archived without circumventing the dongle-based access control" https://web.archive.org/web/20060118092042/https://www.copyright.gov/1201/2003/reply/015.pdf

Exemptions to Prohibition against Circumvention of Technological Measures Protecting Copyrighted Works
Seventh Triennial Section 1201 Final Rule, Effective October 28, 2018
"Video games in the form of computer programs, where outside server support has been discontinued, to allow individual play and preservation by an eligible library, archive, or museum"
https://library.osu.edu/document-registry/docs/1027/stream

"Video games in the form of computer programs, lawfully acquired as complete games 37 CFR §201.40(b)(12)"
"For personal, local gameplay; or To allow preservation in a playable format..."
https://library.osu.edu/site/copyright/2019/03/20/2018-dmca-section-1201-exemptions-announced/

Sega Lindbergh Hacking

This document will serve as a reference guide to how the Sega Lindbergh works. The Sega Lindbergh is an arcade platform developed by Sega as a successor to the Sega NAOMI 2 arcade system. It was launched in 2005 and acted as Sega's "primary" arcade system until the release of the Sega RingEdge platform in 2009. Sega officially stopped supporting some versions of the system in 2018.

Hardware

Motherboard

The motherboard inside the Sega Lindbergh is effectively an ATX PC Motherboard. The only real change from a standard PC Motherboard is the parallel port header used for the Security PIC and buttons. A CF card slot is also built into the motherboard, which is sometimes found on other industrial type ATX PCs.

Graphics Cards

There are three graphics cards that were used with the Lindbergh:

Nvidia GeForce 7600
Nvidia GeForce 6800
Nvidia GeForce 7800

Quote: The slow video might be the infamous nvidia cold bios bug? flash the bios on the card with the temp monitoring disabled, as it effects a lot of 7800gs (especially G71) - basically if the ambient temp is below 20 odd degrees, the card think it is overclocking and puts it in throttle mode (which is like 20% power), so games run extremely slooooow.

JVS Card

The JVS card is the main bit of proprietary hardware that sets the Lindbergh apart from a standard computer. A Linux driver for the card is installed on the operating system, and allows the games to communicate with memory stores on the card for saving settings, as well as the JVS line for talking to control interfaces.

CF Card

The CF card is locked with an ATA password. An ATA password (also known as the ATA Security Feature Set) is part of the ATA specification and allows two 32 byte passwords to be set on the drive; a User Password and a Master Password.

Hard Disk Drive

The HDD drive is locked with an ATA password. An ATA password (also known as the ATA Security Feature Set) is part of the ATA specification and allows two 32 byte passwords to be set on the drive; a User Password and a Master Password.

Crediar released tools and notes for unlocking both on Twitter, and on Github
https://twitter.com/crediar/status/801159279952596992
https://github.com/crediar/lindbergh (now gone)
https://libraries.io/github/crediar/lindbergh (archived)

Long lost Crediar Lindbergh makekey tool: https://github.com/ArcadeHustle/LindyLiberation/blob/master/makekey/main.cpp

Getting the inquiry bytes

The extended inquiry 0xEC reply is required to create the keys. The easiest way is to use plscsi this exists for windows and linux and is very easy to use. Just send the following command to get the required bytes:

plscsi -v -p -x "85 08 0E 00 00 00 01 00 00 00 00 00 00 00 EC 00" -i x200 -t inq.bin
Unlocking Commands

Each devices uses a slightly different unlock command again using plscsi will simplfiy things:

Unlock Maxtor HDDs:
plscsi -v -p -x "85 0A 06 00 00 00 01 00 00 00 00 00 00 40 F2 00" -o x200 -f key.bin
Unlock ADTec CF cards:
plscsi -v -p -x "85 0A 06 00 03 00 01 00 AB 00 00 00 00 00 82 00" -o x200 -f key.bin
Unlock SanDisk:

The tool will create the bytes for you simply insert them between the ""s

plscsi -v -p -x ""
BIOS password
mssvhy
Run your own stuff
  1. Hook up a keyboard via USB and press CTRL+ALT+S to enter the BIOS.
  2. Enter the password: mssvhy
  3. Set "Boot Lock Sequence" in the Advanced tab to disabled."

Game DVDs

Games are stored on installation DVDs. These contain a section of custom sega header data followed by an ISO file system with multiple partitions. As explained in the security chip section, one of these partitions contains a bash script to unencrypt the other partitions which contain the game data and executable.

Although there are multiple partitions, most games only use one partition to store all of the files.

Probably should try this and explain better, but this is how you get the data from the DVDS:

  1. Mount the DVD drive from a USB Drive
  2. Using a hex editor to search the raw image for “CD001” (ISO Marker), this is found at 0x288000 and 0x390000 on HOTD4.
  3. Subtract 32768 (0x8000) as per the ISO9660 standard (en.wikipedia.org/wiki/ISO_9660)
0x288000 - 0x8000 = 0x280000 = 2621440
0x390000 - 0x8000 =  3702784
  1. On a linux machine you can then mount these:
losetup -o 2621440 /dev/loop1 /dev/scd0
mount -t iso9660 -o ro /dev/loop1 /mnt/cdrom/

These two partitions are encrypted. One contains the game data, and the other will contain a bash script that will unencrypt the game data folder. The PIC chip is used to unencrypt the smaller partition with the bash file, which then uses faster decryption for the game. It’s easy to find most of the bash files that unencrypt the game partitions with static keys by finding pre-decrypted Lindbergh images online. Some games use the same decryption keys, so if you find a game that hasn’t yet been decrypted that could be one way to do it. This is explained in more detail in the security chip section.

Sound Card

The sound card is made by Creative, but is branded by Sega. Some of the games require this, and other output on the motherboards onboard audio out channels. I’m still unsure why Sega decided to add a dedicated sound card when the motherboard has one on already that supports 5.1 surround. Games do actively check for this card, so for example Let’s Go Jungle cannot be started without one (unless of course you patched it out).

Security Chip

The Security chip in the Lindbergh is a PIC microcontroller which is connected via a Parallel port exposed on the front of the system. It contains the key needed to decrypt the contents of the smaller data partition from the partitions stored on the installation CD or HDD. Only one partition of the data is encrypted by the PIC Microcontroller, and this partition once decrypted contains a bash script which will unencrypt the rest of the partitions on the drive which contain the game data.

It is interesting to note that some games share the same internal encryption keys used by the bash script. For example Let’s Go Jungle and Let’s Go Jungle Special don’t share the same PIC security chip, however they do share the same internal encryption keys. This means that Let’s Go Jungle Special can be played even though we don’t have access to the original PIC chip.

The security chip also contains a program that will communicate with the game at start up. Each game does this differently, and some don’t seem to check for the key chip at all. Removing the security check from the game is generally doable and can generally be achieved by adding NOOP instructions where the game jumps to the error screen. A good way to get started with this is by getting a pre patched lindbergh dump online and comparing that to a non patched version. This will show the techniques used to get past the security key check.

The PCI card in the Lindbergh contains memory that stores game settings. When a game starts up it’ll try and overwrite the settings with the default ones - this is usually patched out on the playable dumps.

On GitHub there is some code that allows you to save and re-write the information on the PCI card. This software is said to be dangerous, and was recommended not to use it by the creator as it may brick your Lindbergh PCI card. The Jakulous multi however does use this technique even though it was recommended to be dangerous by its creator.
https://github.com/JayFoxRox/lindbergh-tools/blob/master/Utilities/src/backup.c

Software

The next section will talk about the software that runs on the Lindbergh in order of the boot process.

  1. Boot Process
  2. Bios
  3. Grub
  4. MontaVista Linux Init.d
  5. SegaBoot (checks everything is in the right order before running the game)
  6. Game
  7. SegaBoot -t (the test mode (does no checks for HDD/CD etc))
  8. Goto 5.

BIOS

The BIOS can be accessed by plugging a keyboard into the Lindbergh system and pressing Ctrl + Alt + F1. The password for the BIOS is ‘mssvhy’, without the quotes.

The BIOS unlocks the HDD/CF using the ATA password feature normally on startup. This prevents you from booting from any already unlocked device as it’ll attempt to unlock it first. Inside the Advanced options on the BIOS setup there is a feature labeled ‘Secure Boot Sequence’. If you turn this feature off, it’ll no longer unlock the CF/HDD which will allow you to boot of any normal HDD/CD/CF. Please note that whilst this feature is turned off, the system won’t be able to boot from the CF.

To Boot from a HDD you must also change the jumper settings on the motherboard to set the CF card to IDE slave rather than IDE master. I’ve also found that unplugging the CF card is generally a good idea.

It’s also possible to make the boot of the bios much faster by disabling the longer memory check. This generally for me shaves about 2 seconds off the boot time. This with an added 2 more gigs of ram considerably speeds up loading times for the whole system.

GRUB

The system runs a very old version of Grub 1. There is a separate partition on the disk for grub, which contains all the configuration files and can be modified here. Segaboot Executable The Segaboot executable is the application which shows the large white screen with the Lindbergh text on, which enforces everything is correct on the machine (game chip, hdd etc.). This can be executed in the same way as the other games, however you will need to invoke the xserver first so that the application has something to draw on.

You can provide the -t parameter to the segaboot executable to show the test menu. When exiting out of the segaboot executable test mode, it doesn’t run any of the checks again and just exits cleanly.

The ‘Game Test Mode’ option is only available if the file ‘test’ is available in ‘/home/tmp/’ (this needs to be verified, it could just be ‘/tmp’). Making a bootable development OS To create a bootable version of the Lindbergh operating system, with shell access do the following:

  1. Obtain a copy of the Linux image from a Lindbergh CF card. There are different versions labeled Rev A to Rev D. Rev A and B run the 2.4 Linux kernel, whilst all other revisions run the 2.6 Linux kernel. Games generally function much better on their respective original kernels.
  2. Using a command like ‘dd’, write the CF image to a hard disk drive. You may want to write the image to a Sata HDD now that you can use the Sata port on the motherboard. Although this sometimes works, a lot of games don’t work properly through the Sata port and will experience slow downs and issues. A Sata to IDE converter can be used so that you can use an SSD, but it’s pretty trial and error which brands work.
  3. You will see there are two partitions on the newly created boot drive. One is smaller and contains GRUB1. The other contains the kernel and other files used for the Lindbergh OS. At this point you should enlarge the OS partition to fill the entire HDD. This can be done with something like GParted.
  4. Mount the OS partition and navigate to ‘/etc/init.d/killallx.sh’. This is one of the last bash files which runs during the boot process. At the bottom of this add the line ‘./bash’. This will cause the system to run bash instead of the segaboot executable that is normally started. If you type ‘exit’ into the bash prompt, the system will continue to boot up.
  5. Folders containing data can now be placed onto the drive. I normally placed them under ‘/usr/games/’.
  6. Insert the drive into the Lindbergh and boot up the system. Follow the BIOS section of this guide to learn how to boot from unlocked drives.
  7. Games run from the ‘/home’ folder and should be symlinked there before they are run. Start by removing the home folder by typing ‘rm -rf /home’. Now symlink a game to the home directory by typing ‘ln -s /usr/games/lets-go-jungle /home’. Now you can run the game executable from home by typing ‘./home/run.sh’.
  8. To run the test mode of a game, suffix it’s startup script with -t (works on most games). For example Lets Go Jungle test mode would be run with ‘./home/run.sh -t’.

Games

Let’s Go Jungle

Game uses the guns in reverse (x=y,y=x) to every other Sega gun game. Patching out the key chip check on this game is very simple, and without it runs fine with no key chip present. All online dumps seem to already be patched with the guns reversed and the key chip check taken out.

Initial D 4/5

Both InitialD games use a settings file to set up some of the settings and the Sync line on the JVS card.

OutRun 2 SP

Patched version does not support networking for some reason.

Final Boss

For more info stop by Arcade Projects and hit the Lindy forums.
https://www.arcade-projects.com/forums/index.php?board/72-sega-lindbergh/

Alternately submit a git issue for any problems, or additions you have for this document. https://github.com/ArcadeHustle/LindyLiberation/issues

About

Tome of historic Sega Lindbergh information that was previously gate kept.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages