Hi! I'm not a big Sony/PSX person, but I've recently come across the need to directly write to the PS2 memory card. In a nutshell, I want to do the equivalent of a dd from an image to a real memory card. I thought (stress that I *thought*) there used to be an old ELF released by the Paradox team that allowed you to (for lack of a better term) "byte by byte copy" a memory card. The tools in uLe and similar only allow for file system level copies, I believe. Any help would be appreciated - I'm not below getting a programmer in the $200ish range or even pulling the TSOP out and trying to program it by some Flash standard. Any hints would be great!
Look out for the homebrewn program "HDProject" If what you intend to do is read NAMCO System 246/256 dongles it does that job majestically as long you move the flash chip to a standard PS2 memory card ... :lol:
Sounds very promising! I can't thank you enough for giving me a lead. I've had absolutely no luck for two straight weeks! Do you or anyone else viewing know if I can use an 8M PS2 original memory card in place of the dongle? I think your solution will definitely work if it's my Flash that's corrupt - but what if my MagicGate ASIC has bit the dust? Is the MagicGate ASIC in the 246 dongles different than the MagicGate ASIC in PS2 memory cards?
The ASIC on the System 246 dongle is exactly the same thing as an normal PS2 memory card one, but it has different firmware and encryption keys. Therefore an retail PS2 cannot unlock it/access the flash. (hence the hint of moving the flash to an retail card) The PS2 COH-31100 motherboard has an different mechanics controller and bios that of a retail PS2. Also the NAMCO custom board contains an different Syscon chip. You won't be able to use that board in combination with retail PS2 boards/parts in any way. The filesystem on the dongles are the vanilla standard FS used on retail PS2 memory cards. uLE can read it no problem. This is not complicated at all and the people who hacks/dumps arcade boards made a big fuss about it just because they could not figure how it works (because they never bothered in studying the PS2 to understand the formats). By the way the encrypted launcher file on the flash is tied to the dongle microcontroller through some scheme of digital signature so the flash from one dongle won't work on another. I've heard of people changing games around so they're probably exploiting the elf loader which is launched after the magic gate crap initialized. :lol: And I don't think I need to mention that such stuff is jailbait. :flamethrower: :evil::evil::evil:
Interesting. Just to make sure I understood that - you are under the impression that the flash contents are possibly encrypted or somehow keyed specifically to each dongle? Or did you mean that the contents of the flash can only be used by any System 246 dongle? There were a few people online that have stated they can reproduce System 246 dongles as long as you have a second dongle to sacrifice. I'm assuming the flash contents from one dongle will work on another dongle because of this. Again - I am not trying to do anything illegal! I just want to get my own legal and original Soul Calibur 2 working again. I have the original disc and original dongle - I have tested both in a working Soul Calibur 2. The disc with a different dongle works, but my dongle won't boot either disc. They're both SC2 Rev.D. I've attached a "good faith" picture of my System 246 with Soul Calibur 2 Rev. D and the original dongle just to confirm I do legally own this game, dongle and System 246.
If you manage to dump the flash of your original dongle you might be able to transfer the contents to another flash chip (provided that the dongle ASIC isn't broken). Other thing you might want to check is the ceramic resonator which clocks the dongle ASIC. By encryption I meant that the boot file which is first loaded by the COH BOOT ROM in the card is both Magic Gate encrypted and signed. Most files on the card are plain ELF/IRX files, the binary file containing logic gates configuration code for the Altera APEX FPGA chip, IOP replacement images and the game main elf (xored/obfuscated). All that stuff is started by the MG encrypted file and if the flash is put on an different card, the MG signature will mismatch, causing the system to halt boot. Like I said, you probably want to check the dongle ceramic resonator. Without clock the dongle ASIC will not work.
Thanks again for explaining all of this! This is absolutely invaluable and the best resource I've found so far. As I said, I've been searching for 2 weeks! I wonder how people have reproduced these in the past... I don't know if you're familiar with Alex, but his blog is here - Alex's Blog and he clearly states he can reproduce a different Flash content dump onto a totally different dongle. Of course - this is completely illegal, I'm sure. And again, it isn't what I'm trying to do.... I guess the only thing left to do is try - thanks again!
