Presentation on Hacking the MegaTouch Force 2011 to bypass security key

Just been reading through the thread and read the information on the site, just wanted to say that I think this is very impressive work, as someone who has had several megatouch keys just stop working (and received no help from Merit) something like this is essential to keep our machines alive for the future, cant wait to read more and thank you!
 
Thx appreciate the kind words. I hope to post the part walk through soon, just been too busy.
 
Not yet wanted to finish last weekend but did not get a chanc
 
take your time , i finish my conversion of a sega rally CRT cab to LCD , don't forget to make a little donation to him , his job is really appreciated :)
 
Man Each weekend for the last 6-7 weeks I've been saying to myself "this weekend" but always busy, maybe this weekend? Lol.
 
take your time , i finish my conversion of a sega rally CRT cab to LCD , don't forget to make a little donation to him , his job is really appreciated :)

I did a SEGA Rally conversion a couple of years ago, went from the huge CRT to a nice LCD TV and also replaced the failing main boards with a laptop running the SEGA Model 2 emulator and using an a-pac for the controls, works good but doesn't have force feedback as that required custom boards etc. that I was not able to get hold of, apart from that you wouldn't know the difference.

Didnt realise you were taking donations for the MegaTouch stuff, happy to contribute if you can tell me where do I send it?
 
I did a SEGA Rally conversion a couple of years ago, went from the huge CRT to a nice LCD TV and also replaced the failing main boards with a laptop running the SEGA Model 2 emulator and using an a-pac for the controls, works good but doesn't have force feedback as that required custom boards etc. that I was not able to get hold of, apart from that you wouldn't know the difference.

Didnt realise you were taking donations for the MegaTouch stuff, happy to contribute if you can tell me where do I send it?

For donate simply here : http://megatouch.arcade-cabinets.com/

In my race cab i put a good PC and i've got the board L2M2 with that i have the force feedback :)
 
For donate simply here : http://megatouch.arcade-cabinets.com/

In my race cab i put a good PC and i've got the board L2M2 with that i have the force feedback :)

Thank you, Donation sent

ah yes the L2M2 that was the board I was thinking of but I was not able to get hold of one at the time, maybe once I have moved and get some time I will update it

thanks!
 
awesome, thank you very much for the donation! It is much appreciated.

-brian

Thank you, Donation sent

ah yes the L2M2 that was the board I was thinking of but I was not able to get hold of one at the time, maybe once I have moved and get some time I will update it

thanks!
 
Something I've found while poking around on my MegaTouch is if you want to hijack the system to run non-MegaTouch games on Ion+ this is possible.

There is a file /usr/local/bin/launcher.sh which is used to launch games for ion only platform and you can hijack this script should you want to do something like Mame.

Basically you would need to edit launcher.sh to include a case for when $GAMEID equals the game you want to hijack i.e changing the code:

https://pastebin.com/5umh6vhh

To hijack hunks dice to launch xterm:

https://pastebin.com/Tpu8qHt8

If you were to setup centos vault repos you would be able to compile something such as Mame which would let you play other touch screen games. I didn't go further than just a proof of concept hijacking the launcher because mine is the ECS Athlon XP 900mhz version and using SDLMame 0.115 (precompiled) I was only able to get 60% speed on a completely broken MegaTouch 1 implementation. You could also theoretically install Wine to launch Windows games however the partition layout doesn't have enough space on / which would require using gparted to move things around to grow / large enough for compiling.
 
I have 2 questions about your walkthrough. In step 6 should the last b be in caps? \x63\x6b\x65\x64"

Also is the order of step 9 correct? part 1 and 2 and command order? or are they reversed?
you have the first part on command 1
you say use part 2 for command one but the example is reversed.
 
I have 2 questions about your walkthrough. In step 6 should the last b be in caps? \x63\x6b\x65\x64"

honestly it doesn't matter, but thanks for pointing it out, I changed it to be capital B just to be not confusing but that's just the hex representation and in this case
\x6b == \x6B that is case doesn't matter.


Also is the order of step 9 correct? part 1 and 2 and command order? or are they reversed?
you have the first part on command 1
you say use part 2 for command one but the example is reversed.

lol ugg I don't even remember honestly, I'll tell you what, try both and let me know which one it is :)

you can actually do these commands multiple times if they don't work
-bash-3.00# perl -e 'print "\x0C\x2B\xC5\xFB"' | dd bs=1 count=4 seek=3160118 of=/usr/local/bin/start conv=notrunc
-bash-3.00# perl -e 'print "\x00\x00\x00\x5E"' | dd bs=1 count=4 seek=3160125 of=/usr/local/bin/start conv=notrunc

basically it's saying "open up /usr/local/bin/start" then "search/seek in
3160118 byte" then write these 4 bytes overtop whatever was there
the second line seeks to offset 3160125

so as long as you don't type in the the "count" or the "seek" wrong you can do these commands multiple times, each time they'll just overwrite whatever you previously wrote
if you mess up the the bs=1, count=4 or seek=xxxx then you have to restart all over

also let me know what you think of the write up? was it easy enough to follow?
I wanted to do it where I"m giving the commands not distributing an image for legal reasons.
I tried ot write it up so it's basically cut and paste, but I'm a horrible technical writer :(

I was especially worried about the first part of the first walk through
 
Last edited:
Looks simple enough.
first time I did it I got a key range mismatch.
I tried again and it just kept restarting to do matenance it said.
When I have some free time i''l retry.
Anyone else try it?
 
Back
Top Bottom