Hey guys, Recently got my hands on an NPDP Dolphin cartridge, and I was just wondering how exactly I should try to find out what's on it (if anything). I opened it up and it's just a normal HDD, so I was thinking that if I just connect it to a pc, I would be able to get the files from it. Any help would be greatly appreciated! Also, could anyone recommend me a good HDD dock? I think the drive is a 44 pin 2.5 inch, and it would be useful to be able to dock other size hard drives as well. -Chief
Connecting to a PC won't do anything- the contents are encrypted. The only way to test it is to get an NPDP reader or a GBOX/GDEV. None of those solutions are worth you time or money, however. You would end up spending hundreds of dollars for what's probably a beta of Spongebob. Unless you want the item as a collector's piece or you have reason to believe that it came from an interesting studio, I would recommend that you sell it. It would fetch a few hundred dollars, even untested.
If you dump it and upload it somewhere then someone might take a look at it. If the encryption is similar to the retail and NR readers then it might not be too difficult to reverse engineer.
It has some stupidly simple password, someone posted it here. Like 0000 or 1234, something easy like that.
Okay, I got a dock and plugged it in. It disk management it shows up as 6.7gb or so of unallocated space, and the drive makes some really high-pitched spinning noises. Hoe exactly would I go about this?
It sounds like the drive is screwed (which is not uncommon, since they seem to be rather fragile - I got a box of those things once and ALL the drives were busted) - it's also locked based on the developer ID of the unit it was supplied for use with (this is the same string that comes up on the screen when you boot the NPDP-reader) - luckily they all seem to have the same master password, which is something hugely imaginative like "NPDP Master Password". The actual game data is "encrypted" - although only in the loosest sense of the term, since all that's done is to XOR every word in the data with a 32 bit constant (that also changes depending on the developer ID) - the obvious flaw with this is that there are lots of zeroes in the game header, and as a result the "encrypted" data stored in those locations IS the key. I suspect whoever was implementing it thought it was stupid (since this was a developer tool) and put no effort into it whatsoever. Note that the drive lock means that you can't just go swapping over drives between cartridges - although you can put an unlocked drive in there and the cartridge firmware will proceed to lock it (and also to set the passwords - which is how I found out what the master password was). Incidentally, the cartridge is basically an optical drive emulator - the interface between the cartridge and the NPDP-Reader is essentially the same as the one on the original GC optical drive, just with a different connector. That's about all I know about it - my incentive to find out anything more was lost when I found that all the HDDs were bad...
If the HDD was bad, then it wouldn't have showed up in disk management with the correct file size that matches the label on the drive itself though, right? Wouldn't it be completely unrecognizable by the pc?
It's hard to say - the drives I checked were completely dead (just made a clicking noise) - and they didn't identify - but if the drive is making any appreciable sound above a faint whirring, then is not a good sign at all. I would start off by getting a piece of software that can check the status of the ATA security on the drive. Back when I was playing with this I used a program called "ATAPWD" - this runs under DOS, though - it will also tell you the current security mode of the drive (which in my case was "HIGH" rather than "MAXIMUM" - so it was unlockable using the master PW).
If you can start a PC up with the drive attached, it's recognised by the OS and you're not asked for a p/w when it's booting up, the drive is dead. If the drive password isn't entered, you cannot get info about the drive, therefore no p/w = no 'unallocated space' unless it has a hardware problem.
The IDENTIFY DEVICE command will still work even if it's locked, so the system will be able to get the raw device size. The only commands that are prohibited when the device is locked are the ones that access the user data area on the drive. Of course, as far as the drive is concerned reading the boot sector to get the partition info is an "access to user data", so no partitioned space on the drive will be visible. Also not all BIOSes have support for the ATA security features - and the ones that don't will typically not even notice that the drive is locked, and will just return a failure response from any of the prohibited commands (with an indication that the drive aborted the command).
On systems I've tested with AMIBIOS yes, you're prompted before BIOS has finished, never sucessfully entered a password though (but I've never known the passwords). Not sure if the master p/w will work or if it's the normal p/w's only. I tried on AWARD BIOS systems too and they don't detect the drive at all when it's been locked.
Assuming the drive is compliant, then it depends on the way the drive was locked - if it was locked in "high security" mode, then it will accept either the user or master passwords in the unlock command - if it was locked in "maximum security" mode then only the user password is accepted. In the latter case, the only thing you can do with the master password is issue an erase unit command, which will unlock the drive - but only after it's erased every sector on the disc, which can take a rather long time.
Yes, you can dump the carts like this, it's how I've dumped some in the past. Unlock the HDD, dump it, look near the start of where a ISO appears (near the header vs apploader section), you should see some constant 32bit data repeating, XOR the entire 6.7GB or whatever it is with that 32bit word and you'll have a decrypted dump. The games are at certain offsets, I'd started a while back documenting this stuff but gave up: http://www.gc-forever.com/wiki/index.php?title=NPDP_Cartridge
