Has anyone been able to dump the Mechacon firmware from a PS2? It would be very interesting to look at it for back doors and exploitable bugs to, say, unlock unauthorized disk reading.
https://assemblergames.com/threads/ps2-mechacon-firmware-dump.41345/ Doesn't look like there's been any updates since the last thread.
I wonder whether the TOOL has a different Mechacon versus a debugging station, and whether it can be reflashed and such. I wonder this because Sony had to do development somehow.
Yup, it's different. There seems to be a line for PWE (Write Enable) on some mainboards, which corresponds to the pinout for the CXP973F064. However, it is possible that the programming pin is a leftover feature from the development days of the mainboard. From the SCPH-70000 service manual, there was an evaluation version of the MECHACON, which is a different device from the one installed on all RTM boards. Here are some (this list is inexhaustible): SCPH-10000: CXP101064-605R DTL-H10000: CXP101064-602R / CXP102064-003R DTL-H300xx: CXP102064-752R DTL-T10000(H): CXP102064-751R If I remember right, the CXP102064-003R also appears in the SCPH-15000, but the one in the DTL-H10000 has no support for MagicGate file decryption.
Most of the MagicGate magic was already leaked when ps2_emu from the PS3 firmware got decrypted and reverse engineered. However, a dump of the mechanics controller firmware will allow further research into if there are any backdoors or bugs that could allow unlocking of the reading of DVDs and CDs of any type from any region. It might also allow "special discs" like Wii and Dreamcast discs to be dumped, but I'm not sure about that.
A modchipped or debug PS1 (or PS2 in PS1 mode) can actually read Dreamcast disks up to 89:59:74, after which they get confused by the 9x:xx:xx marking in subchannel Q. This discovery led to me figuring out how to modify a Sony CRX-100E / HP 8100 CD writer's firmware to read Dreamcast disks.
