Yep. SUD wobble finder v0.01 only supports BitSet 07h (DecSet 72h) and BitSet 05h (DecSet 53h). I found a firmware wobble in the PSBBN 0.32 disc. It's BitSet 03h obfuscated :
 |
Цитата: |
 |
|
|
|
|
|
|
|
|
|
kHn's SUD wobble finder v0.02 (WIP)
2048 bytes per sector
Dump size is 654796800 bytes
Analyzing Sectors...
Unscrambler [BitSet : 0x03, DecSet : 0x33] reports the following firmware package size : 1275840 bytes
Obfuscation algorithm seems to be v2 (as seen on most Utility Discs)
This possible wobble has been found at offset 0x1A311000 (LBA 214562)
|
|
 |
|
 |
|
So, a possible cdvdKey would be 03 22 46 03 00 00 01...
Generally, JAP Utility Discs have 2 wobbles. Couldn't find the second one :( . I'm gonna MagicGate decrypt and unpack that package to see if it contains both DVD and OSD files...
EDIT1 :
/BIEXEC-DVDPLAYER/dvdplayer.elf
/BIEXEC-DVDPLAYER/dvdplayer.irx
/BIEXEC-DVDPLAYER/dvdplayer.id
/BIEXEC-DVDPLAYER/dvdplayer-j.ver
/BIEXEC-DVDPLAYER/dvdplayer-e.ver
/BIEXEC-DVDPLAYER/icon.sys
/BIEXEC-DVDPLAYER/dvdplayer.ico
/BIEXEC-DVDPLAYER/dvdplayer.dmy
/BIEXEC-SYSTEM/osdsys.elf
/BIEXEC-SYSTEM/osdsys-j.ver
/BIEXEC-SYSTEM/osdsys-e.ver
/BIEXEC-SYSTEM/icon.sys
/BIEXEC-SYSTEM/sysdrv.ico
Just like I expected, the wobble lacks the OSD update (that one has DVD Player update and the Kernel Patch for early JAP consoles). It means that there's another wobble in the disc and I didn't find it. The possible cdvdKey I've mentioned above might be wrong too. So, I'll hunt for the other wobble but before, I'm gonna mess up with DVD Player 3.04 files hehehehe
.
By the way, the MG DISK signature of the firmware package is :
A7 11 35 1B D2 B0 C9 5B AF 62 0E 0B 7B 1E 3A 06
FB 00 16 ED F7 DE 06 46 51 33 B8 BE E3 74 09 4F
EDIT2 :
Hmm, wait, I'm retarded. I didn't read the whole DOS terminal hahaha, the second wobble is here :
|
|
Цитата: |
|
|
|
|
|
|
|
|
|
|
Unscrambler [BitSet : 0x03, DecSet : 0x33] reports the following firmware package size : 1951456 bytes
Obfuscation algorithm seems to be v2 (as seen on most Utility Discs)
This possible wobble has been found at offset 0x1C0D2000 (LBA 229796)
|
|
|
|
|
|
|
EDIT3 : Aaah, the joy of hacking an Utility Disc, I'm creaming myself
.
/BIEXEC-SYSTEM/osdsys.elf
/BIEXEC-SYSTEM/osd110.elf
/BIEXEC-SYSTEM/osd130.elf
/BIEXEC-SYSTEM/icon.sys
/BIEXEC-SYSTEM/sysdrv.ico
/BIEXEC-SYSTEM/SNDIMAGE
/BIEXEC-SYSTEM/TEXIMAGE
/BIEXEC-SYSTEM/UMEIMAGE
MagicGate DISK signature of the package :
13 47 5C 02 88 17 EE 72 A7 B8 A0 51 26 3A DC BC
74 06 8C 16 FB 53 09 1C 5A 4A DD 80 79 0B 55 9A
EDIT4 :
I'm about to release a new version of the RPC patcher. Now I'm logging scans and I did one against 3.04J :
|
|
Цитата: |
|
|
|
|
|
|
|
|
|
|
PS2 DVD Player RPC Patcher Version 0.03
Reading input file `3.04J.BIN'... assuming FAT DVDELF... DONE !
== Now performing RPC scans ==
By searching the pattern CD 01 00 00 ?? FF 00 10, I found the `Sabotage Routine'
The `break' instruction should be located at output file offset 0x255C0 (EE RAM Addr 0x002255C0)
The call to the memory wiping function should be 0x0C089518, located at output file offset 0x255B0 (EE RAM Addr 0x002255B0)
Patch for this firmware (fnc call) -> _sw(0x00000000, 0x002255B0);
Patch for this firmware (break instr) -> _sh(0x0000, 0x002255C0);
Other memory wiping function calls :
None.
By searching the pattern 01 00 ?? 3C 04 ?? ?? 00,
I found the `GetDVDVzone' function which should start at output file offset 0x3CD60 (EE RAM Addr 0x0023CD60)
The region code of the inserted DVD-Video should be buffered at EE RAM Addr 0x0126B8E8...
Patch for this firmware -> _sw(0x24020000, 0x0023CD68);
-- All RPC scans done --
== Now performing additional scans ==
-- All additional scans done --
Writing the hacked firmware to `BUFFER.BIN'... DONE ! :)
All Done
|
|
|
|
|
|
|
EDIT5 : I've published PS2 DVD Player RPC Patcher Version 0.03 :
EDIT6 : The RPC cracked DVD Player 3.04J as ELF :
I don't add it to the DVD Player firmware thread because I want to repack them all with my new loader.
MG DISK keys...
osdsys.elf :
B9 FB 55 01 5E A6 AD 63 E3 55 5E 5C F3 C0 AD A6
09 17 0E 6F 68 E6 B9 F4 E7 CB 47 C2 57 94 13 91
dvdplayer.elf :
0B 36 1D 41 B0 5F 46 74 B2 BE 1E C4 AC 2F E2 52
F4 35 E1 0F 1E EC 07 52 8F 6B 7D E8 00 D8 4F 52
dvdplayer.irx :
83 1E 4E 4B 42 CA 7F 39 0C B7 C5 FB 81 B1 10 DA
D2 C6 8F C2 EB A0 5B 63 3F 0B F8 7B 46 0E 0D 93