BLEEMCAST HACKED!

He didn't release any documents on the cracking. I had a email correspondence with "Patriot" on the BC! subject where he shows some finds, but he don't want me to display it. He wants to remains anonymous.

However I can tell you what I found on this disc by myself over the 4 years I've tried to crack it (without success on my side):

First thing you see if you try to rip this disc is that it has a whole lot of bad sectors. I mean a shitload of it. I killed a cd-rom drive dumping it over and over. And there's some tiny sector chunk of potentially useful data lost in a sea of bad sectors, what makes it impossible to do a "scan" to skip bad sectors, you gotta read them one by one. I think there was duplicated sectors also, but I can't swear about that one ...

There's data between the two sessions, in the lead-in of session2 actually. Without this data the disc reboot at the "legal stuff" screen. If you look at the cdi image and search for "SEGAKATANA" (beginning of ip.bin very first block of session2, LBA45000) you'll see that there's some data right before it. By inputting this data into the session2 pregap of a cdi image of the disc, and burning it with a compatible drive (that won't assume pregap is full of zeros), you can make the BC! backup boot up to the "insert disc" screen. However once a game disc (gt2/mgs/tekken) is inserted it won't boot it.

There's an hidden session passed the TOC of the disc with only one file named "bleem" in it, consisting of "bleem<NL>" (<NL> is linefeed or carraige return I don't remember). Burning this session with a swap trick, as I tried, doesn't make the game boot the psx disc. As this session is not in Patriot's release we can assume he cracked the code that checks for it.

And finally there's more thing that I haven't found that he did. I doesn't have the skills to reverse engineer compiled code, all I could do is figure out some physical protections. The real cracker is a real master of SH4-ASM.


I can also tell you he had no help from the BC! team and that he reverse engineered the disc by "looking" at the sectors of the disc and "figuring" out what it'd do on a Dreamcast.

Cheers,

FG

 

This guy sounds like freakin Rain Man!

 

Seriously, he should work for NASA.

 

Interesting finds. Too bad we'll probably never know the real truth.

 

Thanks for that, FG. That is some serious security.