PS2 DVD ELF help?

Hello, would anybody with an 00 region fat PS2 and a method of running homebrew be able to dump their DVDELF file for me please? I am trying to set up my HDD OSD to have bootable applications but need a 1.6 MB DVDELF file of the same region as my console to inject an ELF file into with the Free McBoot installer. I had been waiting for l_oliveira to get back to me some days ago, but he never did, so I would be grateful if someone would help. I thank you in advance.

 

would like to help you out, but my injected elfs for hackedULE, ESR and OPL are for region "03/04" only :/
i would need someone to make them region free for better sharing.

 

yes, i have japan PS2 with 1.0 DVD player disc, XD
but, what step dump the file ?
XD

 

he needs the "DVDELF.BIN" from a japanese PS2 ROM, but from a SCPH-50000 or maybe SCPH-55000

 

With a bit of patience everything will be achieved.

The main dev for the current PS2 HDD dashboard tools development contacted me recently and we might have an automated tool for doing this soon enough.

This is a temporary placeholder for until a automated install app is made D:

http://www.4shared.com/zip/6CtACRuL/PS2_bootable_app_for_OSD_manua.html

 

I don't want to sound like an "ass" or something, but I'm not really going through the best time of my life and there's not much time left for me to pour on the hobbies I have. I am sorry for taking my while on posting this. It's not a "secret" uber rare or awesome ultra stuff I want to keep to myself, it's just that I barely have time to check the forum here or to reply threads/post. I am just replying to threads I'm currently signed to and a very few of them at it.

 

i made also a tutorial here http://www.mediafire.com/?56thfylx49qr24f, might be not as clear as this one but, but this works i guess.
needed files http://www.mediafire.com/?0vstzhhkgpd86

 

I thank you for replying l_oliveira. The "premade" uLaunchELF install works fine, but how would I add other applications to my HDD? How did you inject the application to the KELF?

Richi, I thank you also; your instructions are also helpful (for my PAL console), but until I can somehow inject an application into a working JP DVDELF.BIN, it is of no use to that JP machine. I ripped the one from my SCPH-18000 but it was very small (only about 527 KB if I remember correctly) and did not work using your method involving using Free McBoot's installer to inject the application to the DVDELF.BIN.

 

is it not working because the DVDELF.BIN is too small?
or dose the whole process i described in my tutorial not work?

 

I do not see why the instructions after the injecting step would not work (as I verified them to work on my PAL console), but the Free McBoot installer fails when it attempts to inject the ELF to the DVDELF.BIN from my JP machine, so I am going to assume that the issue is due to the file being too small, yes.

 

To inject a file, you need to do it on the actual machine as it involves the process of unpacking, decoding the file. Obviously the PS2 need to be able to open the file. (Region match or file being region hacked and re-hashed)

In some cases, the "patcher" program is unable to find an large enough unprotected segment within the KELF to inject the trojan code and payload.

Because I don't have an Japanese 50000 unit (the only one you would find such a large DVD player elf) I used an USA 50001 DVD player elf as "material".

Check the bootkelf.elf file on the archive and you will see the "U" at the first line.

 

All right then, that is good to know, but how do I do that? Can you please give me the instructions on how you would inject an application, and provide me with your region free DVDELF.BIN?

 

I'll look around here if I still have the file on it's original form. If I don't I'll have to extract it again from a SCPH-50001.

 

is it possible to inject another elf into the DVDELF.BIN meaning to overwrite the elf that was before in there?
so for example: the first time it had uLE injected and overwrite that with lets say ESR, and would it still be region free, using the FMCB installer?

 

Severe problems...

Wow, this isn't going well for me at all. The (l_oliveira) instructions seem to assume some familiarity with hex editing programs, or my installation is configured completely differently. The instructions are as follows (comments in red are mine):

1- create a partition with *hacked* ULE with the following name:
PP.SCUS-20001 or
PP.SLES-20001 or
PP.SLPS-20001 (what matters is the format : PP.wxyz-NNNNN)
Make sure the created partition has NO "+" on front of it's name.

Okay, no problem; done.


2- Take the HDD out of the PS2 ans connect to a PC.
Use HDLDUMP to figure out where the PS2 HDD is:
----
C:\HDL>hdl query
Hard drives:
hdd0: 476937 MB
hdd1: 476937 MB
hdd2: 76316 MB
hdd3: 953875 MB
hdd4: 38146 MB, formatted Playstation 2 HDD
Optical drives:
cd0: The device is not ready.
Optical drives via SPTI:
j:
---
After figure out where the PS2 HDD is on your pc get it's table of contents:
-----
C:\HDL>hdl toc hdd4:
type start #parts size name
0x0001 00000000.: 1 128MB __mbr
0x0100 00040000.: 1 128MB __net
0x0100 00080000.: 1 256MB __system
0x0100 00100000.: 1 512MB __sysconf
0x0100 00200000.: 1 1024MB __common
0x0100 00400000.: 1 1024MB PP.SCUS-97269.1000.POLVIEWER
0x0100 00600000.: 1 128MB PP.SCUS-97269.0002.TETRAMASTER
0x0100 00640000.: 1 128MB HDLoader Settings
0x1337 00680000.: 3 640MB PP.HDL.ICO
0x1337 007c0000.: 1 128MB PP.HDL.Black Lotus _ 4 Edges
0x0100 00800000.: 10 10240MB PP.SCUS-97266.0001.FFXI
0x0100 01d00000.: 1 128MB PP.SCUS-20001
0x1337 01d40000.: 7 4224MB PP.HDL.Soul Calibur 3
0x1337 02580000.: 3 1536MB PP.HDL.DDR Super Nova USA
0x1337 02880000.: 7 2304MB PP.HDL.Guitar Heroes
0x1337 02a00000.: 5 1792MB PP.HDL.Amplitude
0x1337 02c00000.: 7 3584MB PP.HDL.Over Zenith
0x1337 03100000.* 4 1408MB PP.HDL.Grim Grimoire
0x1337 03600000.: 6 3968MB PP.HDL.FF12
0x1338 049c0000.: 1 128MB ToxicOS ELF Storage
Total slice size: 38146MB, used: 33408MB, available: 4736MB
----
In my hypothetic case the created partition is "PP.SCUS-20001" type "0x0100" starting at sector "0x01d00000".


Also no problem; done. My table looks like this:
C:\HDL>hdl toc hdd4:
type start #parts size name
0x0001 00000000.: 1 128MB __mbr
0x0100 00040000.: 1 128MB __net
0x0100 00080000.: 1 256MB __system
0x0100 00100000.: 1 512MB __sysconf
0x0100 00200000.: 1 1024MB __common
0x0100 00400000.: 1 1028MB PP.ULES-20001
Total slice size: 38146MB, used: 2176MB, available: 35968MB

Fire up Winhex or any hex editor capable of writting to a harddrive and fast forward into the sector your boot partition starts:
Once again, no poblem; I can open the disk.


Mine starts at "0x01d00000". Jump to that sector and you should find an APA header:
----
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
01D00000 43 47 56 C9 41 50 41 00 00 00 D4 01 00 00 C0 01 CGVEAPA O A
01D00010 50 50 2E 53 43 55 53 2D 32 30 30 30 31 00 00 00 PP.SCUS-20001
01D00020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01D00030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01D00040 00 00 D0 01 00 00 04 00 00 01 00 00 00 00 00 00 D
01D00050 00 1B 21 0B 0B 03 DA 07 00 00 00 00 00 00 00 00 ! U
01D00060 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00
----

Now this is where things fall apart for me. As you could see my table above, my partition "starts" at 00400000. So I go to that offset in Winhex with the "go to offset" and in there, enter "00400000", relative to bege
inning, bytes hexadecimal, and there I do not see any APA header, just some apparently nonsensical text after a bit.

But I then thought that I would search for the partion header by name (PP.ULES-20001), and came across two: one at offset 000001C00/7168 and one at offset 080000000/2147483648 (according to Winhex).

Paste the prefabricated OSD data header included on this archive "osd_data.bin" at offset 1000 within the partition.

This is cofusing also. I told winhex to "jump" to offset 1000 relative to my current position (one of the above two offsets), opened the osd_data.bin in notepad and pasted the data there. I did it at offset 1000 from either offset (refomatting with the hdd disc before I tried the other, of course). So for example for the 000001C00/7168 offset, I would go to 000001FE8/8168 and paste the data there, and for 080000000/2147483648 I would paste the data at ...080001000/2147484648, but niether of them worked after reformatting to try the other.

Once that the HDD is confirmed to work correctly, go to the file browser on the hacked ULE and paste the file named
"bootkelf.elf" inside the partition. Exit to OSD and click it. The partition should cause the PS2 to boot into the
hacked uLE.

Unfortunately for me, none of this worked, and the partition still just shows as corrupted after pasting the bootkelf. Help me please! Where am I going wrong? This is with an SCPH-30000 and HDD utility disc 1.00.

 

the first one is the one in the mbr(i think), the second one will be the one you need

but you could also try to follow my tutorial here: http://www.mediafire.com/download.php?56thfylx49qr24f

all need files are here :http://www.mediafire.com/?0vstzhhkgpd86

 

Offsets are in sectors (hexadecimal btw) when you use the number from hdl dump. not BYTES, SECTORS.

 

I'm sorry but that still isn't quite clear enough. Is it a logical sector or physical sector in Winhex? The physical sector option asks for cylinder/track and head/side, so if that is where I should enter it, please let me know what to enter in those fields. Also, why did you add a "0x" to your "01d00000" when it only said "01d00000" in hdl dump?

And once I find the partition, where should I paste the data? How will I "jump" to the point? Please let me know exactly where to enter the "1000" to locate that point. Please just spell it out to me. I have only used a hex editor a few times before, and also let me know if it is sectors or an offset, since the readme says "offset" here. There appears to be a lot of ambiguity in your guide for somebody who is not so familiar with a hex editor.

Also, is there any chance of you uploading the DVDELF.BIN with nothing injected, as was requested a few days ago.

richi902, you mentione the following in your tutorial:

Sector 0 - APA Header. partition name. dont change anything.
Sector 8 - OSD parameters (equivalent to 1st half of icon.sys on a MC save) write icon.dat here
Sector 9 - BOOT CONF (same as system.cnf)write system.cnf.dat here. you need to match the BOOT2 parameter, depending on how you named your "ELF".
Sector 10 - User friendly name, 3D Icon lighting parameters and up to 3 uninstall messages (equivalent to the 2nd half of the icon.sys file on a MC save) write osdinfo.dat here.
you need to match the title to fit your application, example "u Laucnh Elf".
Sector 11 (or 12) - Partition icon (same format as an memory card icon) copy any memory card icon here you wish to use.

once I find the partition, how do I get to those points? Do I have to use the "logical sectors" or "physical sectors" option? If physical sectors, please let me know what to enter in the three fields (cylinder/track and head/side and "sectors").

Also, how do I write the files? Do I just drag and drop them in the Winhex window?

And lastly, is an icon really necessary, other than to make it look nice?

 

ok, to make things clearer/easier for you:

1 hard drive sector is 512 bytes (aka 0x200 in hexadecimal) and the offsets on HDLDUMP are in sectors, not bytes so the correct position in bytes at the HDD is whatever HDLDUMP outputs x512 (or 200 in hexadecimal).

After you jump to the correct SECTOR (not bytes, if you use bytes for jumping please multiply by 200 hex or 512 if working with decimal numbers) you will see a APA header which is SIMILAR to mine, not identical as it varies per harddrive and by where it's stored on the drive, you add 1000 hexadecimal (4096 decimal or 8 sectors) bytes from the start of the APA header for that partition in particular and you paste the OSD header there.

Actually the stuff richi mentions on his tutorial are actually defined by the few bytes after the PS2ICON3D text string. That also include CRCs which are checked by PSBBN. So if the CRCs are wrong (I'm not sure about my OSD data as I never used it on PSBBN) PSBBN will refuse it. At first I thought it was white listing stuffs but actually it's just checking integrity more aggressively.

Finally about the clean KELF, I'll have to extract it again so I'll have to find another 5000x or early 7000x console to extract. As soon as I get it done I'll let you guys know.

Also no, you can't reuse already injected KELFs for other injections as far as I know.

 

hm... didnt knew psbbn would do any aditional checks, because everythings works same as for the hdd-osd, well if you do it right :x.