Ripping problems

I can't distribute the fixed bins without permission, but the game will be released for donors soon probably, and later for everyone.

 

I just can't wait to get my sticky mitts on a copy. Well done to everyone concerned who was involved in getting this project back on track :nod: :thumbsup:

 

can't wait to see what the protection is.
I have "completed" code tracing the bios and the IP.BINs. There are still many unknown hardware registers and the GD_SEND_CMD is a complete mystery. cmd 18 is what caused the SPI 71 error but can't find any document about this and other GD cmds.
Any input is appreciated.

 

As i said, a non standard gd-rom syscall that made it read in mode1 even if mil-cd is in mode 2 ...

I hope it helps you!

 

And it boots on a standard Dreamcast? I see the one in the video has been bios modded with the intro mod.

 

The BIOS hack does not alter the syscalls in such a way so that would be a given.

 

That's great then. just didn't know if there was other hack on the bios as well, like GD-R booting or dev stuff. That is so cool, so glad its looking more positive now, Looking forward to hearing about the pressing soon.

 

One question,
How they have done this :
disassemble to do modification on the code ?
if yes, wich programm they used for this ?
Thanks

 

I'm sure we'll hear all the details in good time

 

actually, the bios knows the media is MIL-CD and will load the bootbin "descrambled" (which is isn't scrambled in this case.
the job of the hacked IP.BIN is to do 3 things:
1. Patch the bios (which copied itself to system ram on boot) to read in mode 2
2. to patch the "check media type" system call to report the MIL-CD as GD. This will defeat simple media check protections.
3. revert the descrambling

I still don't understand how point 1 failed. I believe it is some thing to do with mmu which NullDC is weak at emulating

 

@hian, the game seems to use direct syscalls to the gd-rom, and to ask in its call to read in mode1. I beleive it's like to force a cd-rom to read data as audio using a low-level command, it simply throws garbage ..

 

sounds like it geist force was made before the GD-rom API's were made of finalized
and they just never changed it when the API's were finally available

 

alex81, in your video it is shown that your dc's bios is modified to dev box's one, have you tested the game on retail dc without bios modification just like we have ?

 

as far as my code tracing goes, Geist Force is making direct system calls to 8c0010f0 instead of the standard way to jump via 8c0000bc to 8c001000 then 8c0010f0.

8c0010f0 then jump to different routines according to calling parameters.

What the IP.BIN patched are the destination routines so should work anyway - unless GF copies the codes from the routines and use them directly (and I missed them while tracing - unlikely) or GF has tweaked the mmu so that IP.BIN is patching the wrong area. I am not familiar with how the mmu works.

Thats why I need the fixed bootbin/ip.bin to study. But if they are not allowed to be released now, I have no choice but to wait.
They won't help me to crack GF (its been cracked) just to fulfill my curiosity and increase my knowledge.

 

I refer you to my post only a few post above yours...

I'm with you though hian I'm not so sure why there is secrecy when obviosuly the original hacker will take full credit for doing so.

 

Original hacker don't want any credits at all actually, it's just by respect that I don't spead his files without asking before.

FG

 

Well, once the discs are pressed, and sent out, people are going to pick at it and figure out what he did anyways.

I say get the person's permission and release the hack and details on how he did it once the discs are shipped.

 

The permission to post the files is pending. By respect, I'm waiting for it before to post the files for everybody, ASSEMbler already got them in order to make the real stuff.

That said I think he'll be positive about posting it. I'm just holding them by respect; since it's not my work, I can't spead it at my will. This kind of precaution is what build trust in the underworld of console hacking.

 

no problem mate. I am just being eager to learn

 

YAY!