Silverbull's Kermit videos on youtube

You could try this perfectly legal program which was used for testing when FMCB was being developed:

http://www.4shared.com/file/JPcFE9gt/dvd_elf_dumper.html


Beats me up why the folks at PSX Scene deleted it, though. :shrug:

Have fun !

 

Nice! Thank you.

 

Yes, thanks l_oliveira~!

npt

:thumbsup:

 

Thank you, that would be great :thumbsup:

Technically, its not about the H10000 but my own laziness. uLE defaults to reset the IOP on startup unless being told my a config file not to do so, but the call fails on 10k units due to a missing rom0:EELOADCNF.

I just tried it, but got an "Archive is either corrupt or password protected" error :banghead:.

For a TOOL, I recommend DSEDB (preferrably from a Linux PC/VM) or my own Load/Exec command from the PC-side GUI (via EE DECI2 to the TOOL's IP). Please note that uLE will not work on the TOOL due to massive differences in the BIOS; you need to execute KERMIT.ELF (or KERMIT-TOOL.ELF) directly.
For a TEST, you can try to use FMCB if your unit supports it (most I known of don't). An uLE "master disc" is also an option, but it'd expect it not to work on a H10000 without a modified config file. I use the Independence exploit with ps2link for testing, which seems to work fine (as long as the next application being launched fixes the mess ps2link has caused to the kernel; Kermit does ;-)).

That's the best option, but unfortunately its only available to people having an official HDD and HDDOSD installation (which is currently impossible to get for european/PAL consoles). I prefer the FMCB menu with entries for uLE and Kermit.

 

Niiice ! Thanks ! Any video of the debugger in action through 1394 ?

Almost all has been done on PS2 for running software from multiple sources and on all models. The next step would be use of a generic HDD instead of the Sony/Maxtor drive with thier specific firmware for PS2.

 

You are welcome .

Did you see this link from l_oliveira's first post? It shows the OSD being modified via the debugger (host) connection:
http://www.youtube.com/watch?v=Fx47jRF6fwU

To create a video of the PC side, we would have to somehow capture VGA output; or, preferrably VGA and TV at the same time, but unfortunately I muss the equipment for doing so :shrug:.

Do you have any idea for VGA-in? I think I could convert it to CVBS and record that, but the quality would be abysmal (and the PS2 output still be missing).

Do you have something special in mind that goes beyond regular ATAD patching?

 

On the PC side you can use some screencasting software like VLC media player. Simple, and works pretty well. For recording both side PC and PS2, a little window with PS2 screen (through capture card if you have one) + debug window maybe works.

--> open a video capture device (PS2) with a soft like MPC
--> run the app that you want to screencast
--> record by using a screencast soft. VLC is able to record your desktop + overlay, but I don't know if it gives a proper framerate.

Humm... Some hardware device between hdd and ide adaptor (ide plug not dev9) which intercepts and wrap the customs ATAD commands on both side... But it requiere a lot of skill and only few users have realy need this.

Other solution is to dump firmware (from flash, not from disk). One original from the same drive model and the patched one from PS2's hdd.

- compare them...
- if this are the same,
- dump the firmware part which is on the disk and compare them.

But, I don't how to dump the disk part of maxtor's firmware.

 

Dr. Willy:

Usually, hard drives store their firmware on the disk platter as flash memory is too expensive for this purpose.

That's one of the (now several) reasons why IDE HDDs cannot be truly low level formatted.

Firmware (or overlays as the HDD people refer to it) is stored on a special area which is out of reach for the host computer (it's accessible only through vendor specific commands) and it varies from model to model, even slight hardware changes can make the unit require an completely different firmware.

I once hacked an retail MAXTOR ROMULUS (4D040H2 or Diamond MAX D540X) to work as a SONY drive. It didn't go too well as it would not pass on DNAS checks. But it was bootable for the OSD.

I would not care much about the hacked drive because atm I have like six official drives, even one Seagate which has DNAS disabled (it's an early DTL-H20401 drive) which only work for using with the OSD.

Btw someone need to make a tool to create bootable OSD partitions now

 

Okay, I'll give it a try once I find the same. However, I use a very old laptop (~8 years or so), so it probably won't be able to capture screen at real time.

Will think about that. Should be a rather simple ATAPI target+initiator and some hard-coded logic in between to handle the special SCE commands.

What is the maximum transfer mode the PS2 supports? I assume my FPGA won't be able to handle the higher UDMA modes at full speed.

I guess I could extract some code from the ODEM Manager and make that into a separate application. The process is rather simple, though:

• Open partition
• Write HDDOSD header
• Write system.cnf (into the attribute area)
• Write icon (into the attribute area)

Afterwards, simply copy the bootloader (hacked DVD player KELF containing some program like my hddload_mono.elf) and real boot ELF onto the pfs. It gets a bit tricky if you don't use pfs for the partition (like for HDL images), though :033:.

 

Had a look at the various readme files.

Can't really get my head around it at the moment because I'm not feeling so well, but I've successfully got my PC and PS2 to communicate. So that's a start.

 

I'm currently stuck on how to decrypt my DVDELF.bin file. Can someone point me in the right direction (like what program to use, etc)?

 

Which region you're trying to change with, out of curiosity ?

You need an obscure tool called HDProject X (version x.xx) it's an mod of the old HDProject tool which allowed to use memory card images on the hard disk.

 

Thanks for the reply. I'm not trying to change my region. The instructions stated:

I really want to try this out.

 

I typed change but I meant exploit. I was refering to the KELF you want to change into an hacked KELF. What's the region of your system ?

 

NTSC-U. I assume you wanted me to dump my dvdelf to my memory card, use HDPROJECT X to dump the card to my usb, and then...? I have it in the image and as a separate file. Not sure what to do next.

 

Nope. For the embed tool to work, you need to know which parts of the encrypted file are "moddable" so you need the bittable.

In the end you need it to be still passable as a valid encrypted file so the PS2 accepts it as a boot file. What HDProjectX does for you is send the file to the PS2 mechanics controller chip and have it perform part of the decryption. This results on two files:

bittable.bin
output.elf

Bittable.bin contains the header for the encrypted blocks and a map of all sectors in the file (bit table)

Output.elf is the exectuable code itself, but still compressed.

You copy the two files together and make a file called "DVDELF.dec":

Copy /b bittable.bin + output.elf DVDELF.dec

The extracted file from the PS2 ROM (should have the exact same size as the DEC file) will be renamed to "DVDELF.bin".

From that follow the instructions on neme's embed readme.

If you have any doubts post here.

 

Alright, I got it! Thank you!

 

Make an empty folder on your USB device. For making your life easier, make sure the USB device is empty. Name this new folder as "A" just for being convenient.

Put the file from the PS2 ROM on the root of the USB drive.

Make sure the USB drive is already detected by the PS2 (browse it with uLE) before you start HDProjectX.

Inside the program choose "Decrypt MG ELF" and set encryption type to "DISC". Do not change anything else. Browse the file on usb and press *start* or X to select it.

Choose the "A" folder on the destination menu and press *start*. (This is important. HDProject X is a quick hack which was meant to be used just once or twice so it's not an easy to use tool.)

Choose "Decrypt MG ELF" on the bottom and wait a bit. Once it's done, pick the bittable.bin file at the USB device root and the decrypted contents of the file will be inside the "A" folder.

 

I must've done something wrong, because no matter what, I choose "Save
HDDOSD Data", I then choose Set and execute, yet it still doesn't show up.

 

Hm ... you need an *working* official Hard Disk drive, formatted with an official utility disc for the HDD to show on the PS2 screen.

The OSD data only serves to the purpose of allowing you to launch Kermit with ODEM from an installed HD Loader game icon on the OSD browser. As I demonstrated on the Youtube video.