New Life Games LLC
**Video Poker, Keno, Slots, 21** Gaming machines => Konami Games => Topic started by: TopDogElec on November 07, 2018, 06:10:32 PM
-
So I've got a Wild Magic machine, changed it to Inspector Winmore kit, have the EL 0 key for it. Getting a 928 error "Backup ram" it says. Does the Audit/Reset key need to be turned also? I have the lock but no key, not sure I can replace this anywhere locally, not much here where I live. Probably going to go to a locksmith to see if they can make a key for me. Any ideas? Attached is pics of the lock removed
-
*Delete please*
-
**Update**
Turns out the EL key I have is dead, makes sense since the lifespan is only 10-12 years, this game is from 2002. Contacted Konami, no help of course, not surprised really. Thought maybe getting a 1wire programmer from Maxim who makes the key, called an iButton, maybe it can be reprogrammed? Or program a new one? Anyone happen to maybe possibly have the bin files for Konami? I know it's a long shot but worth a try
-
Are we sure iButton and EL Key are the same thing?
If the interface on the machine is also 1 wire, might be able to write a brute force hacker.
Would be a fun project...
-
** Update **
Turns out there are many iButton key models.
The one's used seem to be model 1991.
** End of Update **
Also, the datasheet for the iButton says it is powered from the bus ..
?
datasheet attached.
-
1. It appears that Konami use an iButton DS1991L-F5.
2. These do appear to still be available on EBay. https://www.ebay.com/itm/DS1991L-F5-TM-card-iButton-MultiKey-iButtonTM-USA-ship/192932232467?epid=720958152&hash=item2ceba83d13:g:-BUAAOSwcLxYDWsD (https://www.ebay.com/itm/DS1991L-F5-TM-card-iButton-MultiKey-iButtonTM-USA-ship/192932232467?epid=720958152&hash=item2ceba83d13:g:-BUAAOSwcLxYDWsD)
3. There seem to still be (or were) readers/decipherers/writers for these as well (not cheap). http://www.setchief.com/english/ProductShow.asp?ID=147 (http://www.setchief.com/english/ProductShow.asp?ID=147)
I have zero knowledge on how to go about duplicating an original one but if that's the only way I can get rid of a 928 Backup Data Error on my Konami Advantage slot machine, I'm willing to help with some experimentation and eventual possible marketing of fresh EL Keys to the 25 people who own Konami machines that may need these?
-
I spent the evening googling...
The iButton I have for Konami is model 1991 (as mentioned above). It is protected by 3 passwords. It is vulnerable to dictionary attack..
Here is a link with a bit more information and a link to the security bulletin, http://www.grandideastudio.com/ds1991-ibutton-dictionary-attack/ (http://www.grandideastudio.com/ds1991-ibutton-dictionary-attack/)
There is also an executable to launch the attack. (source code included, but you need some libraries to compile it.. Use it to write your own dictionary attacker)
There are dictionaries available on the web..
However, very tired now and not sure what the reader hardware is. Math says it will take many years to crack it, but with the use of many computers it can be reduced. Also, assuming the passwords do not use extended characters the time is also reduced. Once one key is cracked we assume they use the same passwords for all keys.
Typical dictionary brute force stuff.
Interesting read, the code is very old. A reader can be made pretty simply from my googling. 1Wire interface, a USB to Serial adapter, a 1Wire IC ( DS2480B+ ) might be a good start.
What to do once the password has been discovered? Not sure. Maybe it will be clear after some rest. Maybe it is clear for someone else.
Hope someone picks up the ball and runs with it.
Attached is the source code from the zip file available from the articles in this message (made to .txt, system will not allow a .c file attachent...
Perhaps a bus sniffer between machine and iButton would reveal something good?