Not sure it is the right section... I want to edit the INSTALL.PAK file of the HDD utility disc (i.e replace hosdsys.elf with another KELF). The PAK file is crypted. I've changed one random byte in it and burnt the disc, for installed files/untouched files comparison. The installation starts but fails, saying the HDD is not connected. How did kHn modify .PAK files ? Is there a tool that decrypts and recrypts INSTALL.PAK ? I made a comparison between the original file and the SUDC file. It didn't help me much . HDD Utility Disc 1.10 INSTALL.PAK Vs. SUDC I INSTALL.PAK
i would also be very intrested in this! this would allow a fully region-free installable hdd-utility disc, as far as my understanding goes!
Such a disc is already floating on the web. Google for "SUDC" or "Sony Utility Discs Compilation". I'd really like to know how the guy has modified the PAK files. Me wanna install an Open PS2 Loader KELF with the HDD Utility Disc:victorious:.
I have a tool that *unpacks* them. And I don't think it's encrypted. It's packed. (hence the .pak name ? lol) The source is in a thread at PSX-SCENE. (just search there for pak and utility disc) ALL Utility discs use this PAK format for "to be installed" contents (partitions, files and such) and resources for the main program (graphics, sound and menu resources). Data meant to be installed to memory card are scattered around the giant VOB file which is Magic Gate encrypted. Since the disc protection uses the DISC ID information as "seed" to find the pieces of to be installed data within the VOB file, you can't install MC files from a pirated copy of a utility disc or have success in a install with a MODCHIP active. (The modchip will disrupt the disc-id retrieval process...) Unpack code quoted here for your convenience (and great justice).
Thanks for the explanations and for the source. I've compiled it, loads of warnings but works like a charm. INSTALL.PAK of the HDD Utility Disc Version 1.10, from the SUDC 1 (folder 97395) : And guess what; output files MBR_A.XIN, OSDSYS_A.XLF and FSCK_A.XLF have the same "MG zone hack" as richi902's files:congratulatory:. This copy protection has been cracked on all "A2" builds of DVD Player discs and all A2+ builds of HDD Utility discs. I was a tester during the project. IIRC, A2s are just bugfixed builds of A1s : "Trouduculteur" found what caused the crash with already present "BREXEC-DVDPLAYER" folders. I wonder if they made builds that install region free DVD files. Stand alone DVD Player ELFs make it useless anyway, but I'd still like to have simple and ready to use installation discs for all console regions.
I wonder why I have never been told of that ... Anyway pm me and I can show you something more fun than that. Make that algorithm work in the reverse and we can rebuild the PAK files. Make we able to rebuild the PAK files and you will have utility discs that install hacked OSD on a non SONY OSD.
I can't send PM anymore. The cursor stays stuck on the left and I can't write anything neigher copy/paste. What the hell ? Certainly due to my outdated browser. I changed the forum skin in my profile settings, the problem persists. The group that reverse engineered utility discs and DVD player discs had hard times with thieves of PS2OWNZ then with a popular French forum on 2007. They had enough of seeing their stuff ruined by m*rons that put their own name on loaders nor URL shortcuts. Later on they decided to hack things for themselves and stop publishing docs/softwares. Most members of that group moved to PS3, real life or non-PS2 projects. The former project maintainer does PSone/PS2 3rd party software (i.e GameShark) dumps for a Russian w@rez forum, but he has recently released a fixed version of the SUDC. So I asked him if he could share some informative damn stuff about their Utility Disc related work(s). He answered that everything got trashed after a DMCA takedown upon their Github and the fall of Megaupload, and he's too lazy to restart everything from the beginning. Good to know:encouragement:. Unfortunately I'm a total noob at coding. I can't even understand how the original code works from A to Z. We can already do that with the precompiled disc, but if we had a rePAKing software, we could update and finalize it. I mean, they've hacked the installer ATA driver but not the MBR & OSD ATA driver:love-struck:. The guy told me it's harder to hack the ATA driver of the PSBBN, because it's in an IOP module set which is packed inside of osdboot.elf. It can be done by reversing a DVD Player firmware stub and making a packer. The same goes for the infamous MBR, which is a headerless ELF loaded and executed by HDDLOAD. I found an old piece of doc for those who want to play around with obfuscated DVD Player firmware packages. It's supposed to be sector locations (= Disc IDs less the DecSet value) of firmware packages that are decrypted by the DVD Player installer, then CARD signed and installed to the mc0. This is an old thing, infos may be totally incorrect : It concerns original discs and 1:1 dumps. I think "Offset 2048" means 2048 bytes/sector (MODE 1 ISO). And for those who wants to see what a Disc ID looks like, this is the Disc ID of an original DVD Player Version 2.10 (PAL) [PBPX-95208] disc : Reverse it, you get 01F4EB07. 01F4EB is the LBA (128235 in decimal), 07 is the DecSet value used to de-obfuscate the package. The Disc ID is acquired with sceCdReadKey cmd 1096h.
I suppose SONY would be pissed to know that now it's possible to take things that are already installed/bound to one MC, unbind them and re-tie to another cards ...
cool would it be to get DNASLOAD.ELF to run other-region consoles , atleast for the psbbn download games.
PAKer Utility v1.00 - unpacks and creates PAK files I haven't tested it with a Sony utility disc yet, but it can unpack the encrypted archives that it creates. Downloads/Links PAKer v1.00: http://www.mediafire.com/?nigou84i5iaz3bd PAKer v1.00 (source code archive): http://www.mediafire.com/?bme8u8kzu8uaxlx
Now that's interesting:love-struck: ! Could you please post the logs so we can see what they contain ?
Thanks for the time you spent dumping your discs and extracting PAKs. I'll sure look around at disc contents and disassemble a bunch of files:biggrin-new:. Too bad I don't have a PSX. I may check if discs have PS2-like copy protections that I'm familiar with, but should certainly break my teeth on MG crypted stuff. Final round of presidential elections is coming. kHn must be pissed about who's gonna rule the country, he doesn't reply to my emails LOL. Got a Japanese DVD Player FW for him and need him to tell me more bout DESR discs.
i just checked the ps-bbn files, and all the files, that are installed in the seperate partitions, are in special ".daz" archives or some sort. linux_p1.daz linux_p2.daz linux_p4.daz linux_p5.daz linux_p6.daz linux_p7.daz maybe someone is able to look into this...
sorry for necropost, but i have a problem... Trying to rebuild pak archive with this functions: /c - Create PAK archive Syntax: PAKerUtility /c <PAK file> <Manifest file> /m - Create a (CSV) manifest file of the PAK archive Syntax: PAKerUtility /m <PAK file> <Manifest file> Original file "INSTALL3.PAK" from 1.31 ofw is 73,9 MB, extracted files is 72,3 MB (DESR update disc); Rebuilded file (without any mods or with doesn't matter) from created manifest file always will be 17,5 MB!? And so rebuilded file always corrupted in output, why this is happened? Is it my error with something? Thanks.
PAKer v1.01 released! Changelog for v1.01: Bugfix: fixed memory corruption that occurs when building a PAK archive, as an 8-bit variable was used for indexing. PAKer will now fail and remove the broken PAK archive, if at least one file could not be added successfully. Changed the internal handling structure, so that there will be space for the NULL terminator of the name and ident fields. Downloads/links: PAKer v1.01: http://www.mediafire.com/download/ne6jb2j6s4js2ud/[140707]PAKer-0101-bin.7z PAKer v1.01 (source code): http://www.mediafire.com/download/5h3jnx21qjz2vbz/[140707]PAKer.7z
