Hi all, I USED to be active here but it appears my account was pruned. Probably in a huge forum upgrade because this place has changed radically since I was last here. Anyway, I really need some suggestions / links for a primer on PS2 stuff, particularly in regards to magic gate relating to HDD stuff. The biggest problem I am running across is everything regarding the ps2 is drown out by piracy tools and covered in acronym soup so I am having a VERY hard time finding a good starting place. I know at least one of you has seen some of the work I have done on other systems, but compared to this, they were very simple. The end goal I want to achieve is to be able to replace broken hard drives in a Konami Python 2 (which is literally a ps2 in a box). Currently you can send your board in for repair for ~1000 USD and they just change out the hard drive. Eventually, these drives will die and there will be no mechanism to fix them when they are inevitably deemed unsupported. I know the file system on the drives is different (I think it is called PFS or HPFS, I keep seeing different acronyms), and I noticed some of the files (like fsck) are stored unencrypted (well in the filesystem sense) on the drive. If anyone is able to help point me in the right direction, I would appreciate it. Thanks.
Information on the PS2 KELF is a little hard to find because it's something that Sony wants to remain as a secret. The "FreeVast" thread on PSX-scene contains quite a bit of information on how decryption of the KELFs (Memory Card KELFs vs HDD KELFs included) works. One large problem is that the Sony ATAD.IRX module (ATA Device/Disk driver) will check whether the drive supports the Sony Magicgate/security commands. Normal ATA drives do not support those commands and hence will probably be useless as substitutes for Sony HDDs. What do you need to do anyway?
ATAD patching via modchip should fix the ATAD problem from the sound of things. For all that it matters you could simply dump a working HDD and write it out to a CF card assuming the HDD is less than 64gb or so. Less moving parts and 100% ATA compatible. Also less heat.
Alternatively, the software could be patched to use a non-Sony ATA disk. Unless the arcade software was secured with more than just the Sony KELF encryption, it should be easy to patch.
Essentially I have a dump of my PS2 in a box's hard drive from DD. I need to be able to restore that image to a new drive when the current one dies. This PS2 works a little different from a regular PS2 I think. When others have taken a look at these, here is what we think happens. On boot, the ps2 checks it's hard drive for some piece of software (we refer to this as the Konami OS). If it is not found, the PS2 boots just like a normal JPN region ps2. If it is found, the PS2 boots this Konami OS. The Konami OS first checks for an update DVD, if a DVD is not found, it begins the normal startup tests and boots the game. If a DVD is found, it installs the update. There is no way to install the Konami OS if it is not already present on the drive. The update DVDs will not boot in regular PS2 mode, only the Konami OS; looks like they are in a special layout compared to a regular PS2 disc. So pretty much everything of interest happens on the HDD if that makes any difference. Now again, I am new to PS2 stuff, but doesn't ATAD patching just say "Hey this hard drive is an official Sony drive and supports magic gate ATA commands." or is there more to it than that? If that is all it does, I don't think that will work. We have tried to transplant a hard drive from one Konami PS2 and tried to use it on another Konami PS2 (so it should already support the ATA commands needed) but that did not work. It would appear the data is "married" to a combination of the drive and the console it was in originally. As far as FreeVast goes, I checked out psx-scene and read that is was released under the name Free MC Boot which everything I find about it is running pirated games and patching CD/DVD images to run with it. But it also looks like you need a ps2 of the same region that can generate the image. My little brother has a USA ps2 slim with a DMS4Pro in it but since this system is a JPN one, it doesn't look like I can use that to make the image. Thank you all for the suggestions so far, I really appreciate it.
Interesting. Can you please post the TOC/Layout of a update DVD? Smells really bad:nightmare:. I hope it is an ATA driver issue and not a protection scheme based on DNAS libraries. Can you open your Python 2 HDD in an HEX editor (like "HxD" mh-nexus.de/en/) and see if there are "DNAS" strings on it? Files are crypted but we could have a clue seeing a file named dnasblablabla.elf in the TOC. I think the last version of the FMCB installer makes region free installation with a region free KELF. Also, I recommend you to have a look at SP193's excellent unofficial FMCB installer @ http://ichiba.geocities.jp/ysai187/PS2/FMCB/index.htm A modified version of uLaunchELF 4.40 (labeled 4.40h) allows you access your HDD system partitions. See this topic for more info: http://www.assemblergames.com/forums/showthread.php?37821-PS2-DVD-ELF-help
Konami Python is DNAS protected just like PSBBN/ HDD games such as PlayOnline Viewer/Final Fantasy XI or Nobunaga Online. DNAS provides hardware binding, encryption and protection. Magic Gate is used just to protect the DNAS code from being reverse engineered and to make sure it can't be modified/hacked. I did PM the OP with some information regarding this. I am waiting a reply. Well you can lead a horse to water, but you can't make it drink...
First, l_oliveira I am sooo sorry I missed your messages, I did not get an email that I had received a PM. I will see if I can enable this. It sounds very promising and do not worry, I will not get bored at all! Segment_Fault, if you mean just a file listing, sure, I can do that when I get home. It does smell of dnas but in a hex editor there is no reference to dnas in the files that I saw. I will look at those links later. P.S. HXD is my FAVORITE hex editor anyway haha!
dnasload.elf is a very dirty self protected file. If you try to leave terminate and stay resident programs on the PS2 memory to attempt snooping on it's workings it will crash the PS2. (It attempts to clean the kernel memory areas where modchip and debug handles get installed to) It's also heavily encrypted and packed. And once unpacked, it's also obfuscated at least two more times on the more important code regions. -_-; NASTY STUFF. :\
@PKGINGO: Yes, just a file listing with LBAs if possible. It can be done with Isobuster for example. Or could you please share a dump of your DVD (if it doesn't break the forum rules)? Thanks in advance. @l_oliveira: What's the "role" of the dnasldnk.elf KELF? Does it perform the same "job" as dnasload.elf? I saw it resets the IOP with a dnasload module set and mounts a "cfs:" virtual device along with common pfs: and hdd:. Oh, and another stupid question. I suppose PSBBNstyled DNASâ„¢ libs and MagicGateâ„¢ gadgets have not been distributed to licensed developers; how does a software *which is not developed by Sony* come out DNAS protected nor MagicGate crypted? Sorry for asking this and that gentlemen, I'm fascinated by this kind of obscure stuff:witless:.
The purpose of DNAS is identify the hardware and prevent copy of contents from a drive to another. So, dnasload takes an encrypted package, and launches it if it can find all encryption keys for it. If the package is executed from the wrong hardware the keys will mismatch and the software will be unable to boot.
That DVD is a licensed PS2 disc, but it does not have any boot files in it because it's the game which (after boot up from HDD) that tries to detect if it's inserted and installs whatever is in the disc on to the HDD.
can you use "hacked-ule" to browse these hdd's like the "normal" sony hdd's and look at the partition table ? if they use the standart sony layout, which i guess they do(?) just curious
They're retail PS2s with retail HDDs and retail DNAS protection. It's just customized to not show that it's a PS2 running inside of the case and to auto boot the game when powered on.
dnasldnk.elf retrieves all necessary keys from the game partition itself. Such games can be copied as-is, they do not need any console- or HDD-specific data to be run. The MagicGate specification (as required by some Sony digital cameras and respective memory devices) is available under NDA. I have never seen it, but I suppose it doesn't help with the PS2 implementation. DNAS libraries are available as part of different DNAS SDKs (at least one with and one without HDD support), but they all require access to a Sony-controlled server for encryption and signing for a particular target device.
Ah just a heads up, "dnasldnk" means "DNAS LOADER NO KEY". DNASLOADNK binds the content solely to the hard drive. Any PS2 that satisfies the region lock for that content will play just fine. Phython2 uses DNASLOAD instead. DNASLOAD binds the content to the hard drive and PS2 console at same time, making it work only on that specific PS2 unit it was installed to originally. Edit: @Segment_Fault It's very possible that Konami had an arrangement with SCEI to setup their system this way. Good for Konami as it's a pretty damn secure platform we're only getting started on plying it open. It's specifications were developed in 2001 and we're in 2012 and only now we're starting to see what's inside. Very good security for it's time. Good for SONY as it gets rid of stuck inventory with PS2 units, network adapters and Hard Drives that it no longer wished to sell (at that time they decided that HDD sucked, HD LOADER was eating their profit and the PS2 slim was just recently released)... DNAS has an Server-Client model which requires the machine willing to install DNAS content on the HDD to first authenticate to a server to receive authorization keys and the encrypted boot up package. So you see, SONY never ever needed to give anything out to anyone as the contents are packaged at the DNAS server on request and only after the hardware is authenticated, checked for hacks and deemed legitimate/authorized for such a install. Pretty damn secure, no ?
just for curiosity, did the devolpers need to get a special DNAS devkit if they wanted to make online games or psbbn download games? because the ps2 sdk that i have is completly missing any documentation regarding dnas etc...
