Fraud requires deception, which didn't happen in my eyes. Decrypting the XORd questions and answers could be interpreted as breaking digital protection though.
As far as we know he legitimately acquired the ROM, he didn't hack the machine, he learnt about that type of machine.
If you used this against a machine in the wild you're using the machine in the intended way. The access is authorised; there's no interdition to using reference sources.
It doesn't seem like a breech of UK CMA to me.
If the OP published the ROM then it's possibly copyright infringement.
I will drop a message to my wider network and see if there is a section that could be interpreted to fit this situation.
Two issue would be:
1. Using a computer device to commit fraud. 2. Accessing the ROM which was digitally protected as well as not intended for general public consumption.