Genesis Earthion encryption

[cloudsets]

Users keep complaining that they purchased a copy of the latest aftermarket Genesis craze on Steam and cannot run it in their emulator of choice or off their EverDrive, MegaSD, or Open-ED flash cartridge.

The reason behind this is simple: game.bin is 7 different versions of the game encrypted using a relatively simple cipher, compressed using the LZMA algorithm, and concatenated into a single file. The 7 versions are the English, Japanese, and Portuguese localized releases as well as four prototype builds. The emulator application bundled with the Steam release extracts and decrypts the ROM image for each version of the game when you select it from the options menu.

You can use this anonymously published Python script to extract the ROMs from game.bin:

# Earthion game.bin file unpacker
# v2.0.1
# Please support Ancient and buy the official release:
# https://store.steampowered.com/app/3597580/Earthion/

import lzma
import sys

with open('game.bin', 'rb') as f:
    b = bytearray(f.read())

print('Decrypting game.bin')

fnv_seed = 0xdeafcafe
fnv_prime = 0x1000193

fnv_hash = fnv_seed
for i in range(len(b)):
    b[i] ^= (fnv_hash >> 9) & 0xff
    fnv_hash = ((fnv_hash ^ b[i]) * fnv_prime) & 0xffffffff

if fnv_hash == 0x2bbe2a9f:  # 2025-07-31
    roms = [
        ('Earthion English.md', 0x43, 0x4bbeb8, 0x780000),
        ('Earthion Japanese.md', 0x4bbefb, 0x4b8836, 0x780000),
        ('Earthion Portuguese.md', 0x974731, 0x4bc5a8, 0x780000),
        ('Earthion Summer 2024 Demo.md', 0xe30cd9, 0x259279, 0x6a0000),
        ('Earthion Fall 2024 Demo.md', 0x1089f52, 0x35e3f6, 0x6a0000),
        ('Earthion Winter 2024 Demo.md', 0x13e8348, 0x40e7e8, 0x740000),
        ('Earthion Early Prototype.md', 0x17f6b30, 0x1894a, 0xa0000),
    ]
    confusion = bytes.fromhex('bff058108a26d4775754e507f3e8c999312536c914bb23ca72aef391d93580eda4a3c33babee30b317d6d11ee2478ac9d1b0a623c361aa45424901da8dd439bb939c89bf087976de88669e0fcc7d8995b267fd9ddc2da7c2a959e84f7007cf4680eb4d0a558b4616277c8104494e48e09ecfd00c854a9da4ff7a698f9081b524bb41a32606a6542c878b9968b4969296e0ec78defb5e1881564bf5bc71df72330612b9da175f1ad7a63e1030b30ff8b0198f409ae0a584694b7458d02cdd54a56d41d8c98cb3052a5548e0bd1fb753098767cfc2eebc68f15ef41810423ca0808a1ae108009a14f851add52a0ce04b24243de53325f015f0ac352dd2e77ded3a')
elif fnv_hash == 0x4a3d1a69:  # 2025-08-04
    roms = [
        ('Earthion English.md', 0x43, 0x4c5f44, 0x780000),
        ('Earthion Japanese.md', 0x4c5f87, 0x4c15ae, 0x780000),
        ('Earthion Portuguese.md', 0x987535, 0x4c639d, 0x780000),
        ('Earthion Summer 2024 Demo.md', 0xe4d8d2, 0x2591ca, 0x6a0000),
        ('Earthion Fall 2024 Demo.md', 0x10a6a9c, 0x35e304, 0x6a0000),
        ('Earthion Winter 2024 Demo.md', 0x1404da0, 0x40dc1d, 0x740000),
        ('Earthion Early Prototype.md', 0x18129bd, 0x188d3, 0xa0000),
    ]
    confusion = bytes.fromhex('311664841554eb1a575459352174843ceb0ed90f71bb0cb35a96397a4dd897eda4a3c33babee30b317d6d11ee2478ac9d1b0a623c361aa45424901da8dd439bb939c89bf087976de88669e0fcc7d8995b267fd9ddc2da7c2a959e84f7007cf4680eb4d0a558b4616277c8104494e48e09ecfd00c854a9da4ff7a698f9081b524bb41a32606a6542c878b9968b4969296e0ec78defb5e1881564bf5bc71df72330612b9da175f1ad7a63e1030b30ff8b0198f409ae0a584694b7458d02cdd54a56d41d8c98cb3052a5548e0bd1fb753098767cfc2eebc68f15ef41810423ca0808a1ae108009a14f851add52a0ce04b24243de53325f015f0ac352dd2e77ded3a')
else:
    print('Unsupported version')
    sys.exit(1)

for filename, offset, size, usize in roms:
    print(f'Uncompressing {filename}')
    packed = b[offset:offset + size]
    # Workaround for https://github.com/python/cpython/issues/92018
    packed[5:13] = b'\xff' * 8
    unpacked = lzma.decompress(packed, format=lzma.FORMAT_ALONE)
    assert len(unpacked) == usize

    print(f'Decrypting {filename}')
    decrypted = bytearray(usize)
    for i in range(usize):
        #x = (active_banks[(i >> 19) & 7] << 19) | (i & 0x7ffff)
        x = i
        y = x ^ ((i >> 6) & 0xf80) ^ ((x >> 16) & 0xfffffffe) ^ 0xa56
        z = (((x >> 14) ^ (i >> 7)) & 0xfe) ^ (i & 0xff)
        decrypted[x] = unpacked[y] ^ confusion[z]

    print(f'Writing {filename}')
    with open(filename, 'wb') as f:
        f.write(decrypted)

To use it on Windows, make sure Python is installed and available in your PATH. Then download either version of the LZMA SDK from here, extract the files anywhere you like, and copy lzma.exe from the bin folder into the same place as your earthion-unpack.py script (or whatever you might have named it). Finally, place your game.bin file in that directory next to earthion-unpack.py and lzma.exe.

To run it, open a PowerShell window or a command prompt, navigate to the folder where your script is, and type the following:

python earthion-unpack.py

Simply wait for it to finish decompressing and decrypting the games, and take your desired version of the ROM image to your favorite emulator or flash cartridge where you can use it as you normally would.

Seeing as I do not own a flash cartridge, I cannot test on original hardware, but the output runs as expected in Genesis Plus GX, Ares, PicoDrive, and BlastEm.

For convenience's sake, I have attached the script alongside lzma.exe from version 2501 of the SDK to this post. Be sure to install Python if you have not. Python 3.13.6 is the latest stable version available at the time of writing: https://www.python.org/downloads/release/python-3136/

Enjoy your game!

 

[Ikagura Ikagura]

The issue between overprotecting a game or letting it go to the cost of having it pirated easily...

 

[aquova]

off their EverDrive, MegaSD, or Open-ED flash cartridge

It should also be noted that the decrypted ROM is about 7.5 MB, which is larger than all but the most expensive Everdrives will support. I have an old Everdrive-MD, and the game won't boot because of it. I think it's only the Mega Everdrive Pro that will work.

I do appreciate the script though, it's nice to be able to decrypt my purchased copy of the game. It looks like with each update though, the script will need to be slightly updated to adjust for the file sizes of the individual ROMs inside it. I imagine that's not too hard to do, you'd just have to open the new file and find where the Genesis/Mega Drive headers are spaced.

Post automatically merged: Aug 10, 2025

Although, I don't understand what the 'confusion' does or what steps you'd need to take to figure that out..

 

[Egg (McMuffin) Man]

I'll wait for the cartridge release to play it ¯\_(ツ)_/¯ Yuzo and his team worked hard on this game for 2 years, I'll pay full price and play it on the proper hardware.

 

[cloudsets]

It should also be noted that the decrypted ROM is about 7.5 MB, which is larger than all but the most expensive Everdrives will support. I have an old Everdrive-MD, and the game won't boot because of it. I think it's only the Mega Everdrive Pro that will work.

I do appreciate the script though, it's nice to be able to decrypt my purchased copy of the game. It looks like with each update though, the script will need to be slightly updated to adjust for the file sizes of the individual ROMs inside it. I imagine that's not too hard to do, you'd just have to open the new file and find where the Genesis/Mega Drive headers are spaced.

Post automatically merged: Aug 10, 2025

Although, I don't understand what the 'confusion' does or what steps you'd need to take to figure that out..

In the context of cryptography, “confusion” refers to the process of obfuscating the relation between a cryptographic key and ciphertext. The use of confusion in this case implies that a simple type of cryptography called a substitution-box cipher was used.

I am not familiar with this particular algorithm and suspect it may be bespoke.

Post automatically merged: Aug 10, 2025

Additionally, I didn't realize that 7.5 MiB was above the limit for an EverDrive. I will make note of that for future reference.

The ROM images resulting from this script are fully compatible with all the emulators I tried them in, though, and they should work fine on original Genesis hardware assuming you can find a cartridge large enough to contain them.

Post automatically merged: Aug 10, 2025

I'll wait for the cartridge release to play it ¯\_(ツ)_/¯ Yuzo and his team worked hard on this game for 2 years, I'll pay full price and play it on the proper hardware.

This is not a means of pirating the game. You will need to purchase the game from Steam to get the encrypted ROM bundle.

If anyone wished to pirate it, I am sure there already exist numerous places across the web to download extracted copies. This only benefits those who own a purchased copy and wish to access the ROM files without resorting to piracy.

 

[IrkenElite]

Didn't expect to see this here. Nice. Will buy my copy on steam soon. Still playing other stuff. I def have a genesis and my Mega Everdrive Pro waiting to try this out.

 

[spacebear]

I'll wait for the cartridge release to play it ¯\_(ツ)_/¯ Yuzo and his team worked hard on this game for 2 years, I'll pay full price and play it on the proper hardware.

Save yourself the headache of dealing with LRG. If you don't want to pirate it then buy the Steam release and use the decrypter to play your legally obtained ROM. Otherwise enjoy dealing with a year or two of delays by LRG after buying the cart before it arrives. That's if you even make it past all the scalper bots first.

 

[prnzoDraGoonZweiOrta]

I bought Earthion along with Ninja Gaiden: RB the day after they came out... but with the romset just the way it is - they all run on Ares perfectly.

but game is only $20, if you like it n you got the dough - buy it... I tend to buy everything that I sample first soon after, with the exception ofc being... N. I'll never purchase a Nintendo console again as long as I live - even if I pick up retro-collecting again

 

[der_kalle1]

Awesome thanks! Can I somehow transfer my Steam saves to the ROM?
Some sounds are weird on the RS36S but otherwise it plays fine!

 

[aquova]

Awesome thanks! Can I somehow transfer my Steam saves to the ROM?
Some sounds are weird on the RS36S but otherwise it plays fine!

I'm fairly certain this game doesn't save any data at all, it's all done via the password system. If you write down your password, you can then enter it into any version of the game and continue on.

 

[Egg (McMuffin) Man]

Save yourself the headache of dealing with LRG. If you don't want to pirate it then buy the Steam release and use the decrypter to play your legally obtained ROM. Otherwise enjoy dealing with a year or two of delays by LRG after buying the cart before it arrives. That's if you even make it past all the scalper bots first.

I'm pretty sure Yuzo said there would be a local distributor for Japan

 

[ilker2495]

The game is great. Shame the discussion around it boils down to people wanting to extract their ROMs for convenience's sake and others who call out piracy based on Yuzo Koshiro's tweets. Can't talk about the game without mentioning the "scandal". I do not think being able to extract game.bin affects sales at all, I think it was a bad move on their part for even giving public attention to it on Twitter.

Honestly I don't even think the ROM is that convenient. If the Steam port was any good, and maybe had savestates/stage select, I wouldn't want to deal with the whole extraction ordeal. Right now the only way I can practice a stage is installing Python, getting the script, extracting game.bin, running in an emulator, getting to the stage I want and setting up a good savestate, and when the game updates I'll have to do it all over again. Just give me a stage select dammit!

Seems like there's going to be a future patch involving some kind of final boss milk where people would use passwords to rack up lives and sacrifice them all at the final boss for massive points. I wonder if the script will work at all in that case. The guy who posted the script on 4chan included some comments in his screenshot that had like, the first 4 steps of figuring out the encryption yourself using Ghidra. No more information though. Not understanding a lick of cryptography, I just have no idea where someone would even find these magic numbers. I'm going to copy what little he shared into this post anyways:

Spoiler

0. Load up Earthion.exe in Ghidra

1. Search >> Memory
2. Decrunching (String, all blocks, us-ascii, search all)
3. Click "Search All" and double click the hit
4. Right click function name (FUNXXXXXX)
[Rest is cut off]

Obviously, you need to own the game to do this. Maybe these first few steps will point someone in the right direction, meanwhile I'll be monitoring the threads for the return of the anon.

Also hello! This is my first post on this forum. I don't normally type this much.

 

[cloudsets]

The game is great. Shame the discussion around it boils down to people wanting to extract their ROMs for convenience's sake and others who call out piracy based on Yuzo Koshiro's tweets. Can't talk about the game without mentioning the "scandal". I do not think being able to extract game.bin affects sales at all, I think it was a bad move on their part for even giving public attention to it on Twitter.

Honestly I don't even think the ROM is that convenient. If the Steam port was any good, and maybe had savestates/stage select, I wouldn't want to deal with the whole extraction ordeal. Right now the only way I can practice a stage is installing Python, getting the script, extracting game.bin, running in an emulator, getting to the stage I want and setting up a good savestate, and when the game updates I'll have to do it all over again. Just give me a stage select dammit!

Seems like there's going to be a future patch involving some kind of final boss milk where people would use passwords to rack up lives and sacrifice them all at the final boss for massive points. I wonder if the script will work at all in that case. The guy who posted the script on 4chan included some comments in his screenshot that had like, the first 4 steps of figuring out the encryption yourself using Ghidra. No more information though. Not understanding a lick of cryptography, I just have no idea where someone would even find these magic numbers. I'm going to copy what little he shared into this post anyways:

Spoiler

0. Load up Earthion.exe in Ghidra

1. Search >> Memory
2. Decrunching (String, all blocks, us-ascii, search all)
3. Click "Search All" and double click the hit
4. Right click function name (FUNXXXXXX)
[Rest is cut off]

Obviously, you need to own the game to do this. Maybe these first few steps will point someone in the right direction, meanwhile I'll be monitoring the threads for the return of the anon.

Also hello! This is my first post on this forum. I don't normally type this much.

If this script had not been published already, I would have made one myself. Once you have a little experience with a disassembler, it isn't especially difficult to crack most games. Earthion is no exception.

 

[GordyOwl]

Can anyone make a video tutorial about it to follow this resource step by step please?

 

[supershredder]

If this script had not been published already, I would have made one myself. Once you have a little experience with a disassembler, it isn't especially difficult to crack most games. Earthion is no exception.

Is a disassembler a tool used for reverse engineering?

 

[Michael Frank]

[link removed]

I doesn't run on Kega Fusion so...nah it isn't working for me chief

 

[cloudsets]

Is a disassembler a tool used for reverse engineering?

Yes. A disassembler takes compiled executables and converts them to a more human-readable assembly language format. Most tools for this purpose also allow you to step through the code one instruction at a time and see what it does in memory as it runs. This can be used to extract decrypted data or an encryption key from memory as it gets used.

 

[hgage2003]

Update 3.3.0 is out. Is there new script?

 

[aquova]

Bit of a band-aid fix at this point but apparently you can add this:

elif fnv_hash == 0x50d53ff6:  # 2025-09-10
    roms = [
        ('Earthion (En)(v3.3.0).md', 0x43, 0x4706eb, 0x700000),
    ]
    confusion = bytes.fromhex('979692102CF7EB5F6F3DB6640AE8E1825F827C26FD76522772966806AAF097EDA4A3C33BABEE30B317D6D11EE2478AC9D1B0A623C361AA45424901DA8DD439BB939C89BF087976DE88669E0FCC7D8995B267FD9DDC2DA7C2A959E84F7007CF4680EB4D0A558B4616277C8104494E48E09ECFD00C854A9DA4FF7A698F9081B524BB41A32606A6542C878B9968B4969296E0EC78DEFB5E1881564BF5BC71DF72330612B9DA175F1AD7A63E1030B30FF8B0198F409AE0A584694B7458D02CDD54A56D41D8C98CB3052A5548E0BD1FB753098767CFC2EEBC68F15EF41810423CA0808A1AE108009A14F851ADD52A0CE04B24243DE53325F015F0AC352DD2E77DED3A')

into the previous script inbetween the other elseif statements to extract only the English ROM. I haven't tested this myself yet but found this on another forum.

Just tried this, and unfortunately it doesn't work. I suspect the 'confusion' value is wrong. If I try to run it in Ares I get an invalid instruction error. I tried a bit to fix it myself/add the extra languages, but I'm afraid I don't understand enough about how they figure out the values.

 

[ilker2495]

Just tried this, and unfortunately it doesn't work.

I am sorry, I deleted my post. I got the script from someone in another forum. He clarified that there are illegal opcodes and the ROM came out a little short. He thinks they might've baked these into the emulator, which would allow ROMs to be extracted, but emulators can't run those extracted ROMs.

Post automatically merged: Sep 10, 2025

A script was made by Sharpnull on another forum, I'm sharing it here. I have also mirrored it all on Archive.org, cheers!

 

[YoShoeMitsu]

I am sorry, I deleted my post. I got the script from someone in another forum. He clarified that there are illegal opcodes and the ROM came out a little short. He thinks they might've baked these into the emulator, which would allow ROMs to be extracted, but emulators can't run those extracted ROMs.

Post automatically merged: Sep 10, 2025

A script was made by Sharpnull on another forum, I'm sharing it here. I have also mirrored it all on Archive.org, cheers!

I have Python & my Steam purchase of Earthion, but I have no idea how to follow those steps due to the terminology. Can someone explain how to do this like I'm five?

 

[user_4958474]

I am sorry, I deleted my post. I got the script from someone in another forum. He clarified that there are illegal opcodes and the ROM came out a little short. He thinks they might've baked these into the emulator, which would allow ROMs to be extracted, but emulators can't run those extracted ROMs.

Post automatically merged: Sep 10, 2025

A script was made by Sharpnull on another forum, I'm sharing it here. I have also mirrored it all on Archive.org, cheers!

This appears to work for me, thanks!

What other forum did you find this script posted? and does this latest one you posted correct the issue of 'the ROM coming up short'?

 

[newageretrohippie]

I am sorry, I deleted my post. I got the script from someone in another forum. He clarified that there are illegal opcodes and the ROM came out a little short. He thinks they might've baked these into the emulator, which would allow ROMs to be extracted, but emulators can't run those extracted ROMs.

Post automatically merged: Sep 10, 2025

A script was made by Sharpnull on another forum, I'm sharing it here. I have also mirrored it all on Archive.org, cheers!

i tried it right quick. tried to play on mednafen to verify, but gfx were garbled... but maybe it just doesn't work on that? I just wanted to play it on mister, anyway. so, i'll check that in a minute. I appreciate it.

Post automatically merged: Sep 14, 2025

I have Python & my Steam purchase of Earthion, but I have no idea how to follow those steps due to the terminology. Can someone explain how to do this like I'm five?

hahahaha.

1. download and install this:

https://www.python.org/downloads/

1. put the "game.bin" rom and the python script in the same folder.
2. Double click the python script.
3. Wait a little while

i tried it on another emulator, (md.emu on android) and it was still garbled mess. so it still might not work the sound was good tho.

Still haven't tried mister

 

[ilker2495]

This appears to work for me, thanks!

What other forum did you find this script posted? and does this latest one you posted correct the issue of 'the ROM coming up short'?

I don't know how okay it is to give the name of another forum here but Sharpnull hangs out in the Emu-Land forums. It's in Russian. Apparently, they changed it so that the emulator would interpret interrupts differently (I'm not sure because I'm dumb and don't understand this stuff) and that's what's been causing the issues. If you look at the script, you'll see an extra operation in the v3.3.0 section specifically. This does fix the issue, and he actually posted multiple other fixes such as a title screen start button fix, a Mednafen fix, etc. He seems quite involved with decrypting this game. I have mirrored his files and also some of his patches to the Internet Archive.

i tried it right quick. tried to play on mednafen to verify, but gfx were garbled... but maybe it just doesn't work on that? I just wanted to play it on mister, anyway. so, i'll check that in a minute. I appreciate it.

I don't quite get why Mednafen doesn't run the decrypted ROMs right away, considering they have headers and all, but apparently there's a patch for that as well on the forum I've mentioned. I'm going to link to an .ips patch that should fix both the Mednafen thing and the title screen start button. Now to be clear the extracted ROMs are proper, but they've changed the way the Earthion executable puts in a start button prompt based on which controller you have connected, and so on. These are just QoL patches.
Title screen & Mednafen fix: https://pixeldrain.com/u/dqyn62ZD

There has also been an update that changed around some offsets without modifying the ROMs. So if you forgot to extract your files and already updated to latest Earthion on Steam, you can use this updated script, again made by Sharpnull to extract files: https://pixeldrain.com/u/dCKa7NkG
If you have already extracted your data before the update, it's the exact same ROM so you don't need to extract again. This is for people who forgot and updated the game without extracting first.

Post automatically merged: Sep 23, 2025

I have Python & my Steam purchase of Earthion, but I have no idea how to follow those steps due to the terminology. Can someone explain how to do this like I'm five?

On the subject of performing the extraction. First you need lzma.exe from the 7-zip website, under LZMA SDK. Just download whatever fits your system architecture and look inside the downloaded archive for an lzma.exe
Make a folder, put the Python script and lzma.exe in that folder, alongside game.bin from your Steam copy of the game. So there should be those three files in that folder, all right next to each other.
Download and install Python. Don't forget to check "Add to PATH" during install.
Open Powershell/Terminal/Command Prompt in that folder we just created and type "py script.py" -- of course, replace "script.py" with the full name of the script.
That's it.

 

[newageretrohippie]

I don't quite get why Mednafen doesn't run the decrypted ROMs right away, considering they have headers and all, but apparently there's a patch for that as well on the forum I've mentioned. I'm going to link to an .ips patch that should fix both the Mednafen thing and the title screen start button. Now to be clear the extracted ROMs are proper, but they've changed the way the Earthion executable puts in a start button prompt based on which controller you have connected, and so on. These are just QoL patches.
Title screen & Mednafen fix: https://pixeldrain.com/u/dqyn62ZD

Preciate it. I will try that. i did try the game on Mister and it worked fine other than than the title screen, of course, but i think it's kind of funny like that.