Big thanks to Mitsurugi_w, Darksoft, MetalliC (p1pkin) and Brizzo (Nazarene) of Arcade Projects for finally allowing this to be published. Please direct message them with any questions! https://arcade-projects.com/
- written by hostile, with supporting information from the community at large, and lots of Google searches
As of 6/3/19, asking [email protected] "Is Lindbergh still supported hardware?" will prompt the following answer:
From: Technical <[email protected]>
To: xxxx
Cc: Technical <[email protected]>
Subject: RE: <Webpage Enquiry Lindbergh>
Thread-topic: <Webpage Enquiry Lindbergh>
Date: Mon, 03 Jun 2019 16:37:36 +0000
Hello xxxx,
Yes we do still support the Lindbergh's both red and yellow.
Kind regards,
...
Technical Support
Sega Amusements International Ltd
42 Barwell Business Park | Leatherhead Road
Chessington | Surrey | KT9 2NY | United Kingdom
T: +44 (0)208 391 8060 (Option 2) F: +44 (0)208 391 8099
M:+447903 200749
There are of course several Lindy variants, "I have red, blue, yellow, silver"!
https://www.arcade-projects.com/forums/index.php?thread/2184-lindbergh-differences/&pageNo=1
This specifically means that the Lindbergh Blue series can be considered End of Life.
Enough StarHorse2 parts have been sold on YAJ, it is a fair time to help folks attempt to restore these wonderful machines.
It's also clear there are several Derby Owners Club installs that require restoration work so people can still Feel The Rush"!
Lucky for you, after nearly 6 years of sales, the DarkDawg Lindbergh Multigame Kit is no longer a viable cash cow, so we are comfortable sharing more info on the system.
At first Mitsu didn't fully publish details on the kit, as usual contacting him via DM is the way to have your needs fulfilled.
"Decided to remove this video to fix some things. Contact me for details."
https://forums.arcade-museum.com/showthread.php?t=301907
Although not widely discussed, some of you remembered:
"This wasn't developed by us, it was developed for us... agreement to sell as a kit in the Americas"
"We will sell it in those regions, and provide support for it"
https://youtu.be/QEoRf_vhHUo?t=683
"He's not the one that made it, he just acquired the rights to sell it, I could be wrong"
https://youtu.be/UGPNoUuQrgk?t=149
Back in the early days DarkDawg Lindbergh Multigame Kit was one of few non hacked up multi's for Lindy!
"We sell a different version that does not have so many hacks and that stays more true to the original.'
https://www.arcade-projects.com/forums/index.php?thread/139-sega-lindbergh-help/
About a week after Formally introducing: DarkDawg Collaborations, Mitsu started selling the Lindy multi kit.
https://forums.arcade-museum.com/showthread.php?t=301907
DarkDawg Collaborations Presents: DarkDawg Lindbergh Multigame Kit
https://www.youtube.com/watch?v=QEoRf_vhHUo
Mitsu also sold single games for archival purposes, in fact single game kits were actually hot for a few years!
"I can get you a single game kit probably. What game do you want?"
https://www.arcade-projects.com/forums/index.php?thread/928-is-it-possible-to-un-multikit-a-lindbergh-multikit-multigame-system/
"We can sell you a kit with just VF5 Final Showdown for $145."
https://www.arcade-projects.com/forums/index.php?thread/139-sega-lindbergh-help/
Over time the scene evolved and tools were shared. Discussions were often censored, and the tools always disappeared.
"some of you might know crediar, he does alot in the console scene and now released some cool tools for Lindbergh"
https://www.arcade-projects.com/forums/index.php?thread/2488-new-lindbergh-tools/
An emulator even made a brief appearance that came and went quickly.
https://github.com/JayFoxRox/Lindbergh-Emulator (Based on a GPL request)
https://www.reddit.com/r/emulation/comments/9s71zr/emulation_of_sega_lindbergh_its_on_the_way/
"It was worked on by Jay, but he discontinued due to university etc."
https://assemblergames.org/viewtopic.php?t=2885
There was quite a bit of contention over who's multi was first, and most importantly who's was best.
"Long story short : 2 multis, one by Android ("authorization" sold to Darksoft & Mitsu who still sell kits here) and one by Jackalus (sold by mar.veto). Android claims Jackalus has hacked his hack to make his multi (multi is just a hack)."
https://www.arcade-projects.com/forums/index.php?thread/3921-ringedge-2-multi-legit/&postID=116115#post116115
"my name is Marco and I am from Italy... For sale Yellow Lindbergh with multigame installed..."
https://web.archive.org/web/20170708014939/http://www.neo-arcadia.com/forum/viewtopic.php?f=9&t=41853
"this multi does not come from Marco himself, it was produced by Jackalus (from the assemblergames site)."
https://www.gamoover.net/Forums/index.php?topic=29520.0
Former F-secure Jr Anti-Malware Analyst Nico eventually turned his work into a pay for play component of Teknoparrot.
https://www.linkedin.com/in/giansanti/
https://twitter.com/reaverteknogods/
https://twitter.com/reaverteknogods/status/1072569187292381184
https://archive.f-secure.com/weblog/archives/Jarno_Niemela_its_signed.pdf
Giansanti's Lindbergh work was done under the monikers Jackalus, Reaver, among others such a Junnumane
https://www.instagram.com/junnumane/?hl=en
"I doubt he will reveal the technical secrets behind that hack as it might dry out his source of income from it..."
http://forum.arcadecontrols.com/index.php?topic=149079.0
(2017) “TeknoParrot Emulator Announcement”
https://teknogods.github.io/compatibility/lindbergh-yellow.htm
https://teknogods.github.io/compatibility/lindbergh-red-ex.htm
"Until fall 2017, to own a multi you had to make a choice ... and go to the cashier! Darksoft version with its original versions but its keyboard selection and the Jackalus version without keyboard but deemed less stable. And then Crediar posted download links for a new version. A post appeared on Arcade Project but quickly deleted by the administrators. Official reason: system still in operation Unofficial reason: the multi still bring a lot of money to the two dealers holding the precious secret."
https://sega-lindbergh-underground.blogspot.com/2019/01/multi-jackalus-crediar.html
https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Fsega-lindbergh-underground.blogspot.com%2F2019%2F01%2Fmulti-jackalus-crediar.html
"[Tuto] Multiboot Free Lindbergh Crediar"
http://www.neo-arcadia.com/forum/viewtopic.php?t=61702
"Sega Lindbergh nedir? MultiGame Kurulumu"
http://www.commodore.gen.tr/forum/index.php?topic=15177.0
Crediar cf_multi.bin (archive)
https://archive.org/download/cf_multi
DarkDawg Collaborations was able to protect their Kit very well and maximize profits, both via censorship, and amazing technical means. They were beautiful!
https://forums.arcade-museum.com/showthread.php?t=269120
"So the multikits have a specific CF card and PIC. The CF card is locked so it can't be read and duplicated. Same with the PIC. The multikits were designed to be sold so the PIC is not interchangeable."
https://www.arcade-projects.com/forums/index.php?thread/928-is-it-possible-to-un-multikit-a-lindbergh-multikit-multigame-system/
Haha anyone still on "DDLindy 7.0"?
https://youtu.be/msBUzvSZ_lw?t=187
Some of you out here STILL trying to dump it ;)
"Security pic dump?thank you"
https://www.youtube.com/watch?v=PfDUp-cfdb8
Fast forward to today, and you'll notice Lindy Multi's are harder to find, and infomation on the platform is still scarce.
Some multi variants are very rarely mentioned at all these days...
"Le but de ce topic est de faire un point sur ce qu fait le multi boot Version Android (le créateur) en 3.20"
https://www.gamoover.net/Forums/index.php?topic=29522.0
Other versions are once again disappearing all together.
https://www.arcade-projects.com/forums/index.php?thread/9128-lindbergh-help/
"I'm not sure if they're being sold anymore."
https://www.arcade-projects.com/forums/index.php?thread/11480-multi-lindbergh/
"You wont find that here. Try in assemblergames or eBay. They pop up from time to time."
Please remember the wise words of Mitsurugi_w "The info itself is not new or special. It's all over the web anyways"
Additional text relevant to this document can be found below:
"Internet Archive Gets DMCA Exemption To Help Archive Vintage Software"
"Computer programs and video games distributed in formats that have become obsolete and which require the original media or hardware as a condition of access."
https://archive.org/about/dmca.php
"a side effect of dongle-based access control is that legitimate access to the software may be prevented if the dongle is lost, malfunctioning, damaged or obsolete"
"thus cannot be archived without circumventing the dongle-based access control"
https://web.archive.org/web/20060118092042/https://www.copyright.gov/1201/2003/reply/015.pdf
Exemptions to Prohibition against Circumvention of Technological Measures Protecting Copyrighted Works
Seventh Triennial Section 1201 Final Rule, Effective October 28, 2018
"Video games in the form of computer programs, where outside server support has been discontinued, to allow individual play and preservation by an eligible library, archive, or museum"
https://library.osu.edu/document-registry/docs/1027/stream
"Video games in the form of computer programs, lawfully acquired as complete games 37 CFR §201.40(b)(12)"
"For personal, local gameplay; or To allow preservation in a playable format..."
https://library.osu.edu/site/copyright/2019/03/20/2018-dmca-section-1201-exemptions-announced/
This document will serve as a reference guide to how the Sega Lindbergh works. The Sega Lindbergh is an arcade platform developed by Sega as a successor to the Sega NAOMI 2 arcade system. It was launched in 2005 and acted as Sega's "primary" arcade system until the release of the Sega RingEdge platform in 2009. Sega officially stopped supporting some versions of the system in 2018.
The motherboard inside the Sega Lindbergh is effectively an ATX PC Motherboard. The only real change from a standard PC Motherboard is the parallel port header used for the Security PIC and buttons. A CF card slot is also built into the motherboard, which is sometimes found on other industrial type ATX PCs.
There are three graphics cards that were used with the Lindbergh:
Nvidia GeForce 7600
Nvidia GeForce 6800
Nvidia GeForce 7800
Quote: The slow video might be the infamous nvidia cold bios bug? flash the bios on the card with the temp monitoring disabled, as it effects a lot of 7800gs (especially G71) - basically if the ambient temp is below 20 odd degrees, the card think it is overclocking and puts it in throttle mode (which is like 20% power), so games run extremely slooooow.
The JVS card is the main bit of proprietary hardware that sets the Lindbergh apart from a standard computer. A Linux driver for the card is installed on the operating system, and allows the games to communicate with memory stores on the card for saving settings, as well as the JVS line for talking to control interfaces.
The CF card is locked with an ATA password. An ATA password (also known as the ATA Security Feature Set) is part of the ATA specification and allows two 32 byte passwords to be set on the drive; a User Password and a Master Password.
The HDD drive is locked with an ATA password. An ATA password (also known as the ATA Security Feature Set) is part of the ATA specification and allows two 32 byte passwords to be set on the drive; a User Password and a Master Password.
Crediar released tools and notes for unlocking both on Twitter, and on Github
https://twitter.com/crediar/status/801159279952596992
https://github.com/crediar/lindbergh (now gone)
https://libraries.io/github/crediar/lindbergh (archived)
Long lost Crediar Lindbergh makekey tool: https://github.com/ArcadeHustle/LindyLiberation/blob/master/makekey/main.cpp
The extended inquiry 0xEC reply is required to create the keys. The easiest way is to use plscsi this exists for windows and linux and is very easy to use. Just send the following command to get the required bytes:
plscsi -v -p -x "85 08 0E 00 00 00 01 00 00 00 00 00 00 00 EC 00" -i x200 -t inq.bin
Each devices uses a slightly different unlock command again using plscsi will simplfiy things:
plscsi -v -p -x "85 0A 06 00 00 00 01 00 00 00 00 00 00 40 F2 00" -o x200 -f key.bin
plscsi -v -p -x "85 0A 06 00 03 00 01 00 AB 00 00 00 00 00 82 00" -o x200 -f key.bin
The tool will create the bytes for you simply insert them between the ""s
plscsi -v -p -x ""
mssvhy
- Hook up a keyboard via USB and press CTRL+ALT+S to enter the BIOS.
- Enter the password: mssvhy
- Set "Boot Lock Sequence" in the Advanced tab to disabled."
Games are stored on installation DVDs. These contain a section of custom sega header data followed by an ISO file system with multiple partitions. As explained in the security chip section, one of these partitions contains a bash script to unencrypt the other partitions which contain the game data and executable.
Although there are multiple partitions, most games only use one partition to store all of the files.
Probably should try this and explain better, but this is how you get the data from the DVDS:
- Mount the DVD drive from a USB Drive
- Using a hex editor to search the raw image for “CD001” (ISO Marker), this is found at 0x288000 and 0x390000 on HOTD4.
- Subtract 32768 (0x8000) as per the ISO9660 standard (en.wikipedia.org/wiki/ISO_9660)
0x288000 - 0x8000 = 0x280000 = 2621440
0x390000 - 0x8000 = 3702784
- On a linux machine you can then mount these:
losetup -o 2621440 /dev/loop1 /dev/scd0
mount -t iso9660 -o ro /dev/loop1 /mnt/cdrom/
These two partitions are encrypted. One contains the game data, and the other will contain a bash script that will unencrypt the game data folder. The PIC chip is used to unencrypt the smaller partition with the bash file, which then uses faster decryption for the game. It’s easy to find most of the bash files that unencrypt the game partitions with static keys by finding pre-decrypted Lindbergh images online. Some games use the same decryption keys, so if you find a game that hasn’t yet been decrypted that could be one way to do it. This is explained in more detail in the security chip section.
The sound card is made by Creative, but is branded by Sega. Some of the games require this, and other output on the motherboards onboard audio out channels. I’m still unsure why Sega decided to add a dedicated sound card when the motherboard has one on already that supports 5.1 surround. Games do actively check for this card, so for example Let’s Go Jungle cannot be started without one (unless of course you patched it out).
The Security chip in the Lindbergh is a PIC microcontroller which is connected via a Parallel port exposed on the front of the system. It contains the key needed to decrypt the contents of the smaller data partition from the partitions stored on the installation CD or HDD. Only one partition of the data is encrypted by the PIC Microcontroller, and this partition once decrypted contains a bash script which will unencrypt the rest of the partitions on the drive which contain the game data.
It is interesting to note that some games share the same internal encryption keys used by the bash script. For example Let’s Go Jungle and Let’s Go Jungle Special don’t share the same PIC security chip, however they do share the same internal encryption keys. This means that Let’s Go Jungle Special can be played even though we don’t have access to the original PIC chip.
The security chip also contains a program that will communicate with the game at start up. Each game does this differently, and some don’t seem to check for the key chip at all. Removing the security check from the game is generally doable and can generally be achieved by adding NOOP instructions where the game jumps to the error screen. A good way to get started with this is by getting a pre patched lindbergh dump online and comparing that to a non patched version. This will show the techniques used to get past the security key check.
The PCI card in the Lindbergh contains memory that stores game settings. When a game starts up it’ll try and overwrite the settings with the default ones - this is usually patched out on the playable dumps.
On GitHub there is some code that allows you to save and re-write the information on the PCI card. This software is said to be dangerous, and was recommended not to use it by the creator as it may brick your Lindbergh PCI card. The Jakulous multi however does use this technique even though it was recommended to be dangerous by its creator.
https://github.com/JayFoxRox/lindbergh-tools/blob/master/Utilities/src/backup.c
The next section will talk about the software that runs on the Lindbergh in order of the boot process.
- Boot Process
- Bios
- Grub
- MontaVista Linux Init.d
- SegaBoot (checks everything is in the right order before running the game)
- Game
- SegaBoot -t (the test mode (does no checks for HDD/CD etc))
- Goto 5.
The BIOS can be accessed by plugging a keyboard into the Lindbergh system and pressing Ctrl + Alt + F1. The password for the BIOS is ‘mssvhy’, without the quotes.
The BIOS unlocks the HDD/CF using the ATA password feature normally on startup. This prevents you from booting from any already unlocked device as it’ll attempt to unlock it first. Inside the Advanced options on the BIOS setup there is a feature labeled ‘Secure Boot Sequence’. If you turn this feature off, it’ll no longer unlock the CF/HDD which will allow you to boot of any normal HDD/CD/CF. Please note that whilst this feature is turned off, the system won’t be able to boot from the CF.
To Boot from a HDD you must also change the jumper settings on the motherboard to set the CF card to IDE slave rather than IDE master. I’ve also found that unplugging the CF card is generally a good idea.
It’s also possible to make the boot of the bios much faster by disabling the longer memory check. This generally for me shaves about 2 seconds off the boot time. This with an added 2 more gigs of ram considerably speeds up loading times for the whole system.
The system runs a very old version of Grub 1. There is a separate partition on the disk for grub, which contains all the configuration files and can be modified here. Segaboot Executable The Segaboot executable is the application which shows the large white screen with the Lindbergh text on, which enforces everything is correct on the machine (game chip, hdd etc.). This can be executed in the same way as the other games, however you will need to invoke the xserver first so that the application has something to draw on.
You can provide the -t parameter to the segaboot executable to show the test menu. When exiting out of the segaboot executable test mode, it doesn’t run any of the checks again and just exits cleanly.
The ‘Game Test Mode’ option is only available if the file ‘test’ is available in ‘/home/tmp/’ (this needs to be verified, it could just be ‘/tmp’). Making a bootable development OS To create a bootable version of the Lindbergh operating system, with shell access do the following:
- Obtain a copy of the Linux image from a Lindbergh CF card. There are different versions labeled Rev A to Rev D. Rev A and B run the 2.4 Linux kernel, whilst all other revisions run the 2.6 Linux kernel. Games generally function much better on their respective original kernels.
- Using a command like ‘dd’, write the CF image to a hard disk drive. You may want to write the image to a Sata HDD now that you can use the Sata port on the motherboard. Although this sometimes works, a lot of games don’t work properly through the Sata port and will experience slow downs and issues. A Sata to IDE converter can be used so that you can use an SSD, but it’s pretty trial and error which brands work.
- You will see there are two partitions on the newly created boot drive. One is smaller and contains GRUB1. The other contains the kernel and other files used for the Lindbergh OS. At this point you should enlarge the OS partition to fill the entire HDD. This can be done with something like GParted.
- Mount the OS partition and navigate to ‘/etc/init.d/killallx.sh’. This is one of the last bash files which runs during the boot process. At the bottom of this add the line ‘./bash’. This will cause the system to run bash instead of the segaboot executable that is normally started. If you type ‘exit’ into the bash prompt, the system will continue to boot up.
- Folders containing data can now be placed onto the drive. I normally placed them under ‘/usr/games/’.
- Insert the drive into the Lindbergh and boot up the system. Follow the BIOS section of this guide to learn how to boot from unlocked drives.
- Games run from the ‘/home’ folder and should be symlinked there before they are run. Start by removing the home folder by typing ‘rm -rf /home’. Now symlink a game to the home directory by typing ‘ln -s /usr/games/lets-go-jungle /home’. Now you can run the game executable from home by typing ‘./home/run.sh’.
- To run the test mode of a game, suffix it’s startup script with -t (works on most games). For example Lets Go Jungle test mode would be run with ‘./home/run.sh -t’.
Game uses the guns in reverse (x=y,y=x) to every other Sega gun game. Patching out the key chip check on this game is very simple, and without it runs fine with no key chip present. All online dumps seem to already be patched with the guns reversed and the key chip check taken out.
Both InitialD games use a settings file to set up some of the settings and the Sync line on the JVS card.
Patched version does not support networking for some reason.
For more info stop by Arcade Projects and hit the Lindy forums.
https://www.arcade-projects.com/forums/index.php?board/72-sega-lindbergh/
Alternately submit a git issue for any problems, or additions you have for this document. https://github.com/ArcadeHustle/LindyLiberation/issues