Genesis Earthion encryption

[cloudsets]

Users keep complaining that they purchased a copy of the latest aftermarket Genesis craze on Steam and cannot run it in their emulator of choice or off their EverDrive, MegaSD, or Open-ED flash cartridge.

The reason behind this is simple: game.bin is 7 different versions of the game encrypted using a relatively simple cipher, compressed using the LZMA algorithm, and concatenated into a single file. The 7 versions are the English, Japanese, and Portuguese localized releases as well as four prototype builds. The emulator application bundled with the Steam release extracts and decrypts the ROM image for each version of the game when you select it from the options menu.

You can use this anonymously published Python script to extract the ROMs from game.bin:

# Earthion game.bin file unpacker
# v2.0.1
# Please support Ancient and buy the official release:
# https://store.steampowered.com/app/3597580/Earthion/

import lzma
import sys

with open('game.bin', 'rb') as f:
    b = bytearray(f.read())

print('Decrypting game.bin')

fnv_seed = 0xdeafcafe
fnv_prime = 0x1000193

fnv_hash = fnv_seed
for i in range(len(b)):
    b[i] ^= (fnv_hash >> 9) & 0xff
    fnv_hash = ((fnv_hash ^ b[i]) * fnv_prime) & 0xffffffff

if fnv_hash == 0x2bbe2a9f:  # 2025-07-31
    roms = [
        ('Earthion English.md', 0x43, 0x4bbeb8, 0x780000),
        ('Earthion Japanese.md', 0x4bbefb, 0x4b8836, 0x780000),
        ('Earthion Portuguese.md', 0x974731, 0x4bc5a8, 0x780000),
        ('Earthion Summer 2024 Demo.md', 0xe30cd9, 0x259279, 0x6a0000),
        ('Earthion Fall 2024 Demo.md', 0x1089f52, 0x35e3f6, 0x6a0000),
        ('Earthion Winter 2024 Demo.md', 0x13e8348, 0x40e7e8, 0x740000),
        ('Earthion Early Prototype.md', 0x17f6b30, 0x1894a, 0xa0000),
    ]
    confusion = bytes.fromhex('bff058108a26d4775754e507f3e8c999312536c914bb23ca72aef391d93580eda4a3c33babee30b317d6d11ee2478ac9d1b0a623c361aa45424901da8dd439bb939c89bf087976de88669e0fcc7d8995b267fd9ddc2da7c2a959e84f7007cf4680eb4d0a558b4616277c8104494e48e09ecfd00c854a9da4ff7a698f9081b524bb41a32606a6542c878b9968b4969296e0ec78defb5e1881564bf5bc71df72330612b9da175f1ad7a63e1030b30ff8b0198f409ae0a584694b7458d02cdd54a56d41d8c98cb3052a5548e0bd1fb753098767cfc2eebc68f15ef41810423ca0808a1ae108009a14f851add52a0ce04b24243de53325f015f0ac352dd2e77ded3a')
elif fnv_hash == 0x4a3d1a69:  # 2025-08-04
    roms = [
        ('Earthion English.md', 0x43, 0x4c5f44, 0x780000),
        ('Earthion Japanese.md', 0x4c5f87, 0x4c15ae, 0x780000),
        ('Earthion Portuguese.md', 0x987535, 0x4c639d, 0x780000),
        ('Earthion Summer 2024 Demo.md', 0xe4d8d2, 0x2591ca, 0x6a0000),
        ('Earthion Fall 2024 Demo.md', 0x10a6a9c, 0x35e304, 0x6a0000),
        ('Earthion Winter 2024 Demo.md', 0x1404da0, 0x40dc1d, 0x740000),
        ('Earthion Early Prototype.md', 0x18129bd, 0x188d3, 0xa0000),
    ]
    confusion = bytes.fromhex('311664841554eb1a575459352174843ceb0ed90f71bb0cb35a96397a4dd897eda4a3c33babee30b317d6d11ee2478ac9d1b0a623c361aa45424901da8dd439bb939c89bf087976de88669e0fcc7d8995b267fd9ddc2da7c2a959e84f7007cf4680eb4d0a558b4616277c8104494e48e09ecfd00c854a9da4ff7a698f9081b524bb41a32606a6542c878b9968b4969296e0ec78defb5e1881564bf5bc71df72330612b9da175f1ad7a63e1030b30ff8b0198f409ae0a584694b7458d02cdd54a56d41d8c98cb3052a5548e0bd1fb753098767cfc2eebc68f15ef41810423ca0808a1ae108009a14f851add52a0ce04b24243de53325f015f0ac352dd2e77ded3a')
else:
    print('Unsupported version')
    sys.exit(1)

for filename, offset, size, usize in roms:
    print(f'Uncompressing {filename}')
    packed = b[offset:offset + size]
    # Workaround for https://github.com/python/cpython/issues/92018
    packed[5:13] = b'\xff' * 8
    unpacked = lzma.decompress(packed, format=lzma.FORMAT_ALONE)
    assert len(unpacked) == usize

    print(f'Decrypting {filename}')
    decrypted = bytearray(usize)
    for i in range(usize):
        #x = (active_banks[(i >> 19) & 7] << 19) | (i & 0x7ffff)
        x = i
        y = x ^ ((i >> 6) & 0xf80) ^ ((x >> 16) & 0xfffffffe) ^ 0xa56
        z = (((x >> 14) ^ (i >> 7)) & 0xfe) ^ (i & 0xff)
        decrypted[x] = unpacked[y] ^ confusion[z]

    print(f'Writing {filename}')
    with open(filename, 'wb') as f:
        f.write(decrypted)

To use it on Windows, make sure Python is installed and available in your PATH. Then download either version of the LZMA SDK from here, extract the files anywhere you like, and copy lzma.exe from the bin folder into the same place as your earthion-unpack.py script (or whatever you might have named it). Finally, place your game.bin file in that directory next to earthion-unpack.py and lzma.exe.

To run it, open a PowerShell window or a command prompt, navigate to the folder where your script is, and type the following:

python earthion-unpack.py

Simply wait for it to finish decompressing and decrypting the games, and take your desired version of the ROM image to your favorite emulator or flash cartridge where you can use it as you normally would.

Seeing as I do not own a flash cartridge, I cannot test on original hardware, but the output runs as expected in Genesis Plus GX, Ares, PicoDrive, and BlastEm.

For convenience's sake, I have attached the script alongside lzma.exe from version 2501 of the SDK to this post. Be sure to install Python if you have not. Python 3.13.6 is the latest stable version available at the time of writing: https://www.python.org/downloads/release/python-3136/

Enjoy your game!

 

[Ikagura Ikagura]

The issue between overprotecting a game or letting it go to the cost of having it pirated easily...

 

[aquova]

off their EverDrive, MegaSD, or Open-ED flash cartridge

It should also be noted that the decrypted ROM is about 7.5 MB, which is larger than all but the most expensive Everdrives will support. I have an old Everdrive-MD, and the game won't boot because of it. I think it's only the Mega Everdrive Pro that will work.

I do appreciate the script though, it's nice to be able to decrypt my purchased copy of the game. It looks like with each update though, the script will need to be slightly updated to adjust for the file sizes of the individual ROMs inside it. I imagine that's not too hard to do, you'd just have to open the new file and find where the Genesis/Mega Drive headers are spaced.

Post automatically merged: Aug 10, 2025

Although, I don't understand what the 'confusion' does or what steps you'd need to take to figure that out..

 

[Egg (McMuffin) Man]

I'll wait for the cartridge release to play it ¯\_(ツ)_/¯ Yuzo and his team worked hard on this game for 2 years, I'll pay full price and play it on the proper hardware.

 

[cloudsets]

It should also be noted that the decrypted ROM is about 7.5 MB, which is larger than all but the most expensive Everdrives will support. I have an old Everdrive-MD, and the game won't boot because of it. I think it's only the Mega Everdrive Pro that will work.

I do appreciate the script though, it's nice to be able to decrypt my purchased copy of the game. It looks like with each update though, the script will need to be slightly updated to adjust for the file sizes of the individual ROMs inside it. I imagine that's not too hard to do, you'd just have to open the new file and find where the Genesis/Mega Drive headers are spaced.

Post automatically merged: Aug 10, 2025

Although, I don't understand what the 'confusion' does or what steps you'd need to take to figure that out..

In the context of cryptography, “confusion” refers to the process of obfuscating the relation between a cryptographic key and ciphertext. The use of confusion in this case implies that a simple type of cryptography called a substitution-box cipher was used.

I am not familiar with this particular algorithm and suspect it may be bespoke.

Post automatically merged: Aug 10, 2025

Additionally, I didn't realize that 7.5 MiB was above the limit for an EverDrive. I will make note of that for future reference.

The ROM images resulting from this script are fully compatible with all the emulators I tried them in, though, and they should work fine on original Genesis hardware assuming you can find a cartridge large enough to contain them.

Post automatically merged: Aug 10, 2025

I'll wait for the cartridge release to play it ¯\_(ツ)_/¯ Yuzo and his team worked hard on this game for 2 years, I'll pay full price and play it on the proper hardware.

This is not a means of pirating the game. You will need to purchase the game from Steam to get the encrypted ROM bundle.

If anyone wished to pirate it, I am sure there already exist numerous places across the web to download extracted copies. This only benefits those who own a purchased copy and wish to access the ROM files without resorting to piracy.

 

[IrkenElite]

Didn't expect to see this here. Nice. Will buy my copy on steam soon. Still playing other stuff. I def have a genesis and my Mega Everdrive Pro waiting to try this out.

 

[spacebear]

I'll wait for the cartridge release to play it ¯\_(ツ)_/¯ Yuzo and his team worked hard on this game for 2 years, I'll pay full price and play it on the proper hardware.

Save yourself the headache of dealing with LRG. If you don't want to pirate it then buy the Steam release and use the decrypter to play your legally obtained ROM. Otherwise enjoy dealing with a year or two of delays by LRG after buying the cart before it arrives. That's if you even make it past all the scalper bots first.

 

[prnzoDraGoonZweiOrta]

I bought Earthion along with Ninja Gaiden: RB the day after they came out... but with the romset just the way it is - they all run on Ares perfectly.

but game is only $20, if you like it n you got the dough - buy it... I tend to buy everything that I sample first soon after, with the exception ofc being... N. I'll never purchase a Nintendo console again as long as I live - even if I pick up retro-collecting again

 

[der_kalle1]

Awesome thanks! Can I somehow transfer my Steam saves to the ROM?
Some sounds are weird on the RS36S but otherwise it plays fine!

 

[aquova]

Awesome thanks! Can I somehow transfer my Steam saves to the ROM?
Some sounds are weird on the RS36S but otherwise it plays fine!

I'm fairly certain this game doesn't save any data at all, it's all done via the password system. If you write down your password, you can then enter it into any version of the game and continue on.

 

[Egg (McMuffin) Man]

Save yourself the headache of dealing with LRG. If you don't want to pirate it then buy the Steam release and use the decrypter to play your legally obtained ROM. Otherwise enjoy dealing with a year or two of delays by LRG after buying the cart before it arrives. That's if you even make it past all the scalper bots first.

I'm pretty sure Yuzo said there would be a local distributor for Japan

 

[ilker2495]

The game is great. Shame the discussion around it boils down to people wanting to extract their ROMs for convenience's sake and others who call out piracy based on Yuzo Koshiro's tweets. Can't talk about the game without mentioning the "scandal". I do not think being able to extract game.bin affects sales at all, I think it was a bad move on their part for even giving public attention to it on Twitter.

Honestly I don't even think the ROM is that convenient. If the Steam port was any good, and maybe had savestates/stage select, I wouldn't want to deal with the whole extraction ordeal. Right now the only way I can practice a stage is installing Python, getting the script, extracting game.bin, running in an emulator, getting to the stage I want and setting up a good savestate, and when the game updates I'll have to do it all over again. Just give me a stage select dammit!

Seems like there's going to be a future patch involving some kind of final boss milk where people would use passwords to rack up lives and sacrifice them all at the final boss for massive points. I wonder if the script will work at all in that case. The guy who posted the script on 4chan included some comments in his screenshot that had like, the first 4 steps of figuring out the encryption yourself using Ghidra. No more information though. Not understanding a lick of cryptography, I just have no idea where someone would even find these magic numbers. I'm going to copy what little he shared into this post anyways:

Spoiler

0. Load up Earthion.exe in Ghidra

1. Search >> Memory
2. Decrunching (String, all blocks, us-ascii, search all)
3. Click "Search All" and double click the hit
4. Right click function name (FUNXXXXXX)
[Rest is cut off]

Obviously, you need to own the game to do this. Maybe these first few steps will point someone in the right direction, meanwhile I'll be monitoring the threads for the return of the anon.

Also hello! This is my first post on this forum. I don't normally type this much.

 

[cloudsets]

The game is great. Shame the discussion around it boils down to people wanting to extract their ROMs for convenience's sake and others who call out piracy based on Yuzo Koshiro's tweets. Can't talk about the game without mentioning the "scandal". I do not think being able to extract game.bin affects sales at all, I think it was a bad move on their part for even giving public attention to it on Twitter.

Honestly I don't even think the ROM is that convenient. If the Steam port was any good, and maybe had savestates/stage select, I wouldn't want to deal with the whole extraction ordeal. Right now the only way I can practice a stage is installing Python, getting the script, extracting game.bin, running in an emulator, getting to the stage I want and setting up a good savestate, and when the game updates I'll have to do it all over again. Just give me a stage select dammit!

Seems like there's going to be a future patch involving some kind of final boss milk where people would use passwords to rack up lives and sacrifice them all at the final boss for massive points. I wonder if the script will work at all in that case. The guy who posted the script on 4chan included some comments in his screenshot that had like, the first 4 steps of figuring out the encryption yourself using Ghidra. No more information though. Not understanding a lick of cryptography, I just have no idea where someone would even find these magic numbers. I'm going to copy what little he shared into this post anyways:

Spoiler

0. Load up Earthion.exe in Ghidra

1. Search >> Memory
2. Decrunching (String, all blocks, us-ascii, search all)
3. Click "Search All" and double click the hit
4. Right click function name (FUNXXXXXX)
[Rest is cut off]

Obviously, you need to own the game to do this. Maybe these first few steps will point someone in the right direction, meanwhile I'll be monitoring the threads for the return of the anon.

Also hello! This is my first post on this forum. I don't normally type this much.

If this script had not been published already, I would have made one myself. Once you have a little experience with a disassembler, it isn't especially difficult to crack most games. Earthion is no exception.

 

[GordyOwl]

Can anyone make a video tutorial about it to follow this resource step by step please?

 

[supershredder]

If this script had not been published already, I would have made one myself. Once you have a little experience with a disassembler, it isn't especially difficult to crack most games. Earthion is no exception.

Is a disassembler a tool used for reverse engineering?

 

[Michael Frank]

[link removed]

I doesn't run on Kega Fusion so...nah it isn't working for me chief

 

[cloudsets]

Is a disassembler a tool used for reverse engineering?

Yes. A disassembler takes compiled executables and converts them to a more human-readable assembly language format. Most tools for this purpose also allow you to step through the code one instruction at a time and see what it does in memory as it runs. This can be used to extract decrypted data or an encryption key from memory as it gets used.