How to modify Utility Disc *.PAK files

[Segment_Fault]

Not sure it is the right section... I want to edit the INSTALL.PAK file of the HDD utility disc (i.e replace hosdsys.elf with another KELF). The PAK file is crypted. I've changed one random byte in it and burnt the disc, for installed files/untouched files comparison. The installation starts but fails, saying the HDD is not connected.
How did kHn modify .PAK files ? Is there a tool that decrypts and recrypts INSTALL.PAK ?
I made a comparison between the original file and the SUDC file. It didn't help me much :(.
HDD Utility Disc 1.10 INSTALL.PAK Vs. SUDC I INSTALL.PAK

[richi902]

i would also be very intrested in this!
this would allow a fully region-free installable hdd-utility disc, as far as my understanding goes!

[Segment_Fault]

i would also be very intrested in this!
this would allow a fully region-free installable hdd-utility disc, as far as my understanding goes!

Such a disc is already floating on the web. Google for "SUDC" or "Sony Utility Discs Compilation". I'd really like to know how the guy has modified the PAK files. Me wanna install an Open PS2 Loader KELF with the HDD Utility Disc.

[l_oliveira]

I have a tool that *unpacks* them. And I don't think it's encrypted. It's packed. (hence the .pak name ? lol)

The source is in a thread at PSX-SCENE. (just search there for pak and utility disc)

ALL Utility discs use this PAK format for "to be installed" contents (partitions, files and such) and resources for the main program (graphics, sound and menu resources).

Data meant to be installed to memory card are scattered around the giant VOB file which is Magic Gate encrypted. Since the disc protection uses the DISC ID information as "seed" to find the pieces of to be installed data within the VOB file, you can't install MC files from a pirated copy of a utility disc or have success in a install with a MODCHIP active. (The modchip will disrupt the disc-id retrieval process...)

Unpack code quoted here for your convenience (and great justice).

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <errno.h>


struct pak_header_data {
unsigned char magic[4];
unsigned short flags;
unsigned short unknown1;
unsigned int block_sz;
unsigned int num_entries;
};

struct pak_entry_data {
unsigned int flags;
int startsector; // byte offset = startsector * 2048
int filesize;
char ident[4];
unsigned int unknown2;
unsigned int crc;
int unknown4;
int unknown5;
unsigned char namelen;
unsigned char filepath[255];
};

unsigned char *p_tab1;
unsigned char *p_tab2;

static unsigned char init_parm[4] = { 0x36, 0x05, 0xbf, 0xce };

unsigned char tab1[] =
{
0xf8, 0x96, 0x54, 0x41,
0xc7, 0x04, 0xb8, 0x41,
0x7c, 0x5d, 0xbe, 0x07,
0x6b, 0x62, 0x54, 0xc1,
};

unsigned char tab2[] =
{
0x15, 0xa0, 0x38, 0x25,
0x35, 0x1c, 0xad, 0x5b,
0x6d, 0x52, 0x7a, 0x36,
0xa8, 0x17, 0x1d, 0x20,
};

static struct _codec_parm
{
unsigned int seed;
unsigned int variable;
} codec_parm;

unsigned int get_u32_be(unsigned char *p)
{
unsigned int ret = 0;
if (p)
{
ret |= p[3];
ret |= p[2]<<8;
ret |= p[1]<<16;
ret |= p[0]<<24;
}
return ret;
}

unsigned int get_u32_le(unsigned char *p)
{
return *(unsigned int *)p;
}

unsigned int (*get_u32)(unsigned char *p);


#define SZ_KEYS (sizeof(tab1)/sizeof(unsigned int))

unsigned int Cal_KEY(unsigned int s_1, unsigned int s_2)
{
unsigned char i = 0;

for (;i < SZ_KEYS; i++)
{
unsigned int lo, hi, temp, seed = s_2;

temp = seed ^ get_u32(p_tab1+(i*4));

hi = ((temp >> 16) & 0xffff);
lo = ((temp) & 0xffff);
temp = (lo * lo) + ~(hi * hi);
temp = (temp << 16) | (temp >> 16);

s_2 = temp ^ get_u32(p_tab2+(i*4));
s_2 += lo * hi;
s_2 ^= s_1;
s_1 = seed;

}
return s_2;
}

void codec(unsigned char *buff, unsigned int size, struct _codec_parm *p_parm)
{
unsigned char *p_buff = buff;
unsigned int res, offset = 0;
unsigned char key[4];
struct _codec_parm temp;

temp.seed = ~(p_parm->seed - 1);
temp.variable = p_parm->variable;

while(size > offset)
{
if (!(offset & 3))
{
res = Cal_KEY(temp.seed, temp.variable);
key[3] = res;
key[2] = res >>= 1;
key[1] = res >>= 1;
key[0] = res >>= 1;
temp.variable += 1;
}
*p_buff++ ^= key[offset++ & 3];
};
p_parm->variable = temp.variable;
}

static unsigned int crc32_table[256];

static __inline unsigned int crc_reflect(unsigned int ref, unsigned int ch)
{
unsigned int value = 0, i;
for(i = 1; i < (ch + 1); i++)
{
if(ref & 1)
value |= 1 << (ch - i);
ref >>= 1;
}
return value;
}

void crc_init()
{
#define POLY (0x04c11db7)

unsigned int value = 0, i, j;

for(i = 0; i <= 256 - 1; i++)
{
crc32_table[i] = crc_reflect(i, 8) << 24;
for (j = 0; j < 8; j++)
crc32_table[i] = (crc32_table[i] << 1) ^ (crc32_table[i] & (1 << 31) ? POLY : 0);
crc32_table[i] = crc_reflect(crc32_table[i], 32);
}

}

static __inline unsigned int get_crc(unsigned char *p, unsigned int len, unsigned int crc)
{
while(len--)
crc = (crc >> 8) ^ crc32_table[(crc & 0xFF) ^ *p++];
return ~crc;
}

void endian_init(void)
{
unsigned short endian = 1;
unsigned char *p_e = (unsigned char *)&endian;
if (!*p_e)
get_u32 = get_u32_be;
else
get_u32 = get_u32_le;
}

unsigned char init(unsigned int variable)
{
unsigned char t_tab1[] = {
0xbc, 0x1f, 0x46, 0x64,
0x09, 0x99, 0x82, 0x34,
0xc0, 0x25, 0x4f, 0xe5,
0xb7, 0xdb, 0x26, 0x25,
};

unsigned char t_tab2[] = {
0x35, 0xe0, 0xb8, 0x25,
0x9d, 0x4d, 0x0e, 0x1d,
0xdc, 0x31, 0xbc, 0xbb,
0x78, 0xb6, 0x5e, 0xa7,
};

p_tab1 = t_tab1;
p_tab2 = t_tab2;

codec_parm.seed = 0x6C69746E;
codec_parm.variable = variable;
codec((unsigned char*)init_parm, sizeof(unsigned int), &codec_parm);

codec(tab1, sizeof(tab1), &codec_parm);
codec(tab2, sizeof(tab2), &codec_parm);

p_tab1 = tab1;
p_tab2 = tab2;

codec_parm.seed = get_u32(init_parm);
codec_parm.variable = 1;

if (get_crc(tab1, sizeof(tab1), 0-1) != 0x5CBE2D0F ||
get_crc(tab2, sizeof(tab2), 0-1) != 0x7BA1A34F)
return 0;
else
return 1;
}

#define _UC(p) ((unsigned char *)p)

int main(int argc, char **argv)
{
FILE *infp, *outfp;
struct pak_header_data h;
struct pak_entry_data e;
char *f_name = "FILES.PAK";
unsigned int i, crc_f = 0;

if (argc > 2)
{
printf("Usage: codec_pak file.ext\n");
exit(1);
}
if (argc == 2)
f_name = argv[1];
if (!(infp = fopen(f_name, "rb")))
{
printf("Error: cannot open %s : %s\n", f_name, strerror(errno), NULL);
exit(1);
}
fread(&h, sizeof(h), 1, infp);

crc_init();
endian_init();
if (!init(get_u32((unsigned char*)&h.magic)))
goto out;

if (h.flags >> 9)
{
codec((unsigned char*)&h.unknown1, sizeof(h.unknown1), &codec_parm);
codec((unsigned char*)&h.block_sz, sizeof(h.block_sz), &codec_parm);
codec((unsigned char*)&h.num_entries, sizeof(h.num_entries), &codec_parm);
}
printf("HDR: ID:%c%c%c%c, entries:%d\n", h.magic[0], h.magic[1], h.magic[2], h.magic[3], get_u32(_UC(&h.num_entries)));

mkdir("extracted",0777);
chdir("extracted");

codec_parm.seed = get_u32(_UC(&h.num_entries)) + (1 << 31);
codec_parm.variable = 1;

#define entry_start(n) (sizeof(struct pak_header_data) + (sizeof(struct pak_entry_data) * n))

for (i = 0; i < get_u32(_UC(&h.num_entries)); i++)
{

static unsigned char temp[4*1024];
unsigned int count, sz, crc;
struct _codec_parm t_parm;

fseek(infp, entry_start(i), SEEK_SET);
if (fread(&e, sizeof(struct pak_entry_data), 1, infp) != 1)
{
printf("failed reading file: %s\n", strerror(errno));
break;
}
if (h.flags >> 8)
codec((unsigned char*)&e, sizeof(struct pak_entry_data), &codec_parm);

printf("E:%d: ID:%c%c%c%c, filepath:%s, size:%d, ", i+1, e.ident[0], e.ident[1], e.ident[2], e.ident[3], e.filepath, get_u32(_UC(&e.filesize)));
{
char *p_name = (char *)&e.filepath;
int ii = e.namelen - 1;
for (; ii > 0; ii --)
{
if ((p_name[ii] == '/') || (p_name[ii] == '\\'))
{

int iii;
char slash = p_name[ii];
p_name[ii] = '\0';
for (iii = 0; ii > iii;iii ++)
{
if ((p_name[iii] == '/') || (p_name[iii] == '\\')) {
p_name[iii] = '\0';
mkdir(e.filepath,0777);
p_name[iii] = slash;
}
}
mkdir(e.filepath,0777);
p_name[ii] = slash;
break;
}
}
}

/*
temp = (unsigned char *) calloc(1, get_u32(_UC(&e.filesize)));
fseek(infp, get_u32(_UC(&e.startsector)) * get_u32(_UC(&h.block_sz)), SEEK_SET);
fread(temp, get_u32(_UC(&e.filesize)), 1, infp);
*/
fseek(infp, get_u32(_UC(&e.startsector)) * get_u32(_UC(&h.block_sz)), SEEK_SET);

if (get_u32(_UC(&e.flags)) >> 31) // coded
{
t_parm.seed = get_u32(_UC(&e.filesize)) + get_u32(_UC(&e.flags));
t_parm.variable = 1;
}

if (!(outfp = fopen(e.filepath, "wb"))) {
printf("Error: cannot open %s for writing: %s\n", e.filepath, strerror(errno));
continue;
}
crc = 0-1;
for(count = get_u32(_UC(&e.filesize)); count > 0;)
{
sz = count > get_u32(_UC(&h.block_sz)) ? get_u32(_UC(&h.block_sz)) : count;
fread(temp, sz, 1, infp);

if (get_u32(_UC(&e.flags)) >> 31) // coded
codec((unsigned char*)temp, sz, &t_parm);

crc = ~get_crc(temp, sz, crc);
fwrite(temp, sz, 1, outfp);
count -= sz;
}
fclose(outfp);
printf("crc32:");
if (get_u32(_UC(&e.crc)) == ~crc)
printf("OK\n");
else
printf("%s %0X != %0X\n", (crc_f++, "FAIL"), get_u32(_UC(&e.crc)), crc);
}
printf("Files OK:%d, FAIL:%d\n", h.num_entries - crc_f, crc_f);
out:
fclose(infp);
exit(0);
}

[Segment_Fault]

Thanks for the explanations and for the source. I've compiled it, loads of warnings but works like a charm.

INSTALL.PAK of the HDD Utility Disc Version 1.10, from the SUDC 1 (folder 97395) :

HDR: ID:fpkr, entries:44
E:1: ID:rkpf, filepath:MBRDM.XIN, size:0, crc32:OK
E:2: ID:rkpf, filepath:MBR_A.XIN, size:214080, crc32:OK
E:3: ID:rkpf, filepath:SYSTEM/OSD/SNDIMAGE, size:407188, crc32:OK
E:4: ID:rkpf, filepath:SYSTEM/OSD/ICOIMAGE, size:105122, crc32:OK
E:5: ID:rkpf, filepath:SYSTEM/OSD/FNTOSD, size:1489358, crc32:OK
E:6: ID:rkpf, filepath:SYSTEM/OSD/TEXIMAGE, size:236964, crc32:OK
E:7: ID:rkpf, filepath:SYSTEM/OSD/JISUCS, size:53186, crc32:OK
E:8: ID:rkpf, filepath:SYSTEM/OSD/OSDSYS_A.XLF, size:914784, crc32:OK
E:9: ID:rkpf, filepath:SYSTEM/OSD/SKBIMAGE, size:247891, crc32:OK
E:10: ID:rkpf, filepath:SYSTEM/FSCK/FSCK_A.XLF, size:545056, crc32:OK
E:11: ID:rkpf, filepath:SYSTEM/FSCK/FILES/FILES_A.PAK, size:3325952, crc32:OK
E:12: ID:rkpf, filepath:SYSCONF/FONT/S22J201.GF, size:61952, crc32:OK
E:13: ID:rkpf, filepath:SYSCONF/FONT/S22J213.GF, size:2138312, crc32:OK
E:14: ID:rkpf, filepath:SYSCONF/FONT/S22I646.GF, size:30976, crc32:OK
E:15: ID:rkpf, filepath:SYSCONF/FONT/S22ULST.GF, size:61952, crc32:OK
E:16: ID:rkpf, filepath:SYSCONF/FONT/S26J201.GF, size:86528, crc32:OK
E:17: ID:rkpf, filepath:SYSCONF/FONT/S26J213.GF, size:2986568, crc32:OK
E:18: ID:rkpf, filepath:SYSCONF/FONT/S26I646.GF, size:43264, crc32:OK
E:19: ID:rkpf, filepath:SYSCONF/FONT/S26ULST.GF, size:86528, crc32:OK
E:20: ID:rkpf, filepath:SYSCONF/FONT/SCE20I22.GF, size:2138312, crc32:OK
E:21: ID:rkpf, filepath:SYSCONF/FONT/SCE24I26.GF, size:2986568, crc32:OK
E:22: ID:rkpf, filepath:SYSCONF/ICON/ICON.SYS, size:318, crc32:OK
E:23: ID:rkpf, filepath:SYSCONF/ICON/OTHERS.ICO, size:33688, crc32:OK
E:24: ID:rkpf, filepath:SYSCONF/ICON/AUDIO/ICON.SYS, size:317, crc32:OK
E:25: ID:rkpf, filepath:SYSCONF/ICON/AUDIO/AUDIO.ICO, size:33688, crc32:OK
E:26: ID:rkpf, filepath:SYSCONF/ICON/HTML/ICON.SYS, size:316, crc32:OK
E:27: ID:rkpf, filepath:SYSCONF/ICON/HTML/HTML.ICO, size:33688, crc32:OK
E:28: ID:rkpf, filepath:SYSCONF/ICON/IMAGE/ICON.SYS, size:317, crc32:OK
E:29: ID:rkpf, filepath:SYSCONF/ICON/IMAGE/IMAGE.ICO, size:33688, crc32:OK
E:30: ID:rkpf, filepath:SYSCONF/ICON/TEXT/ICON.SYS, size:316, crc32:OK
E:31: ID:rkpf, filepath:SYSCONF/ICON/TEXT/TEXT.ICO, size:33688, crc32:OK
E:32: ID:rkpf, filepath:SYSCONF/ICON/VIDEO/ICON.SYS, size:317, crc32:OK
E:33: ID:rkpf, filepath:SYSCONF/ICON/VIDEO/VIDEO.ICO, size:33688, crc32:OK
E:34: ID:rkpf, filepath:SYSCONF/CONF/SYSTEM.INI, size:382, crc32:OK
E:35: ID:rkpf, filepath:SYSCONF/CONF/SYSTEM101.INI, size:430, crc32:OK
E:36: ID:rkpf, filepath:SYSCONF/CONF/SYSTEMDUT.INI, size:430, crc32:OK
E:37: ID:rkpf, filepath:SYSCONF/CONF/SYSTEMEUK.INI, size:430, crc32:OK
E:38: ID:rkpf, filepath:SYSCONF/CONF/SYSTEMFCA.INI, size:430, crc32:OK
E:39: ID:rkpf, filepath:SYSCONF/CONF/SYSTEMFRE.INI, size:430, crc32:OK
E:40: ID:rkpf, filepath:SYSCONF/CONF/SYSTEMGER.INI, size:430, crc32:OK
E:41: ID:rkpf, filepath:SYSCONF/CONF/SYSTEMITA.INI, size:430, crc32:OK
E:42: ID:rkpf, filepath:SYSCONF/CONF/SYSTEMPOR.INI, size:430, crc32:OK
E:43: ID:rkpf, filepath:SYSCONF/CONF/SYSTEMSPA.INI, size:430, crc32:OK
E:44: ID:rkpf, filepath:SYSCONF/CONF/FILETYPE.INI, size:194, crc32:OK
Files OK:44, FAIL:0

And guess what; output files MBR_A.XIN, OSDSYS_A.XLF and FSCK_A.XLF have the same "MG zone hack" as richi902's files.

Data meant to be installed to memory card are scattered around the giant VOB file which is Magic Gate encrypted. Since the disc protection uses the DISC ID information as "seed" to find the pieces of to be installed data within the VOB file, you can't install MC files from a pirated copy of a utility disc or have success in a install with a MODCHIP active. (The modchip will disrupt the disc-id retrieval process...).

This copy protection has been cracked on all "A2" builds of DVD Player discs and all A2+ builds of HDD Utility discs. I was a tester during the project. IIRC, A2s are just bugfixed builds of A1s : "Trouduculteur" found what caused the crash with already present "BREXEC-DVDPLAYER" folders.
I wonder if they made builds that install region free DVD files. Stand alone DVD Player ELFs make it useless anyway, but I'd still like to have simple and ready to use installation discs for all console regions.

[l_oliveira]

This copy protection has been cracked on all "A2" builds of DVD Player discs and all A2+ builds of HDD Utility discs. I was a tester during the project. IIRC, A2s are just bugfixed builds of A1s : "Trouduculteur" found what caused the crash with already present "BREXEC-DVDPLAYER" folders.
I wonder if they made builds that install region free DVD files. Stand alone DVD Player ELFs make it useless anyway, but I'd still like to have simple and ready to use installation discs for all console regions.

I wonder why I have never been told of that ... :P

Anyway pm me and I can show you something more fun than that.

Make that algorithm work in the reverse and we can rebuild the PAK files.

Make we able to rebuild the PAK files and you will have utility discs that install hacked OSD on a non SONY OSD.

[Segment_Fault]

I can't send PM anymore. The cursor stays stuck on the left and I can't write anything neigher copy/paste. What the hell ? Certainly due to my outdated browser. I changed the forum skin in my profile settings, the problem persists.

I wonder why I have never been told of that ... :P

The group that reverse engineered utility discs and DVD player discs had hard times with thieves of PS2OWNZ then with a popular French forum on 2007. They had enough of seeing their stuff ruined by m*rons that put their own name on loaders nor URL shortcuts. Later on they decided to hack things for themselves and stop publishing docs/softwares.
Most members of that group moved to PS3, real life or non-PS2 projects. The former project maintainer does PSone/PS2 3rd party software (i.e GameShark) dumps for a Russian w@rez forum, but he has recently released a fixed version of the SUDC. So I asked him if he could share some informative damn stuff about their Utility Disc related work(s). He answered that everything got trashed after a DMCA takedown upon their Github and the fall of Megaupload, and he's too lazy to restart everything from the beginning.

Make that algorithm work in the reverse and we can rebuild the PAK files.

Good to know. Unfortunately I'm a total noob at coding. I can't even understand how the original code works from A to Z.

Make we able to rebuild the PAK files and you will have utility discs that install hacked OSD on a non SONY OSD.

We can already do that with the precompiled disc, but if we had a rePAKing software, we could update and finalize it. I mean, they've hacked the installer ATA driver but not the MBR & OSD ATA driver. The guy told me it's harder to hack the ATA driver of the PSBBN, because it's in an IOP module set which is packed inside of osdboot.elf. It can be done by reversing a DVD Player firmware stub and making a packer. The same goes for the infamous MBR, which is a headerless ELF loaded and executed by HDDLOAD.

Data meant to be installed to memory card are scattered around the giant VOB file which is Magic Gate encrypted.

I found an old piece of doc for those who want to play around with obfuscated DVD Player firmware packages. It's supposed to be sector locations (= Disc IDs less the DecSet value) of firmware packages that are decrypted by the DVD Player installer, then CARD signed and installed to the mc0.
This is an old thing, infos may be totally incorrect :

DVD Player Version 2.10 (PAL) [PBPX-95208]
FIRMWARE | Offset 2048 : 0FA75800-0FC50000 | LBA : 128235-129184

DVD Player Version 2.12 (PAL) [PBPX-95218]
FIRMWARE | Offset 2048 : 188A0000-18AB7800 | LBA : 201024

HDD Utility Disc Version 1.00 (NTSC J) [PBPX-95211]
FIRMWARE | Offset 2048 : 0D648800-0D713000 | LBA : 109713-110118

HDD Utility Disc Version 1.00 (NTSC U/C) [PBPX-95216]
FIRMWARE | Offset 2048 : 0DD46000-00DF06800 | LBA : 113292-114189

HDD Utility Disc Version 1.00 (NTSC U/C) [SCUS-97395]
FIRMWARE | Offset 2048 : 0DD46000-00DF06800 | LBA : 113292-114189

HDD Utility Disc Version 1.10 (NTSC UC) [SCUS-97395]
FIRMWARE | Offset 2048 : 1FCD9000-1FEFC000 | LBA : 260530-261624

It concerns original discs and 1:1 dumps. I think "Offset 2048" means 2048 bytes/sector (MODE 1 ISO).

And for those who wants to see what a Disc ID looks like, this is the Disc ID of an original DVD Player Version 2.10 (PAL) [PBPX-95208] disc :

07,EB,F4,01,00

Reverse it, you get 01F4EB07. 01F4EB is the LBA (128235 in decimal), 07 is the DecSet value used to de-obfuscate the package.
The Disc ID is acquired with sceCdReadKey cmd 1096h.

[l_oliveira]

I suppose SONY would be pissed to know that now it's possible to take things that are already installed/bound to one MC, unbind them and re-tie to another cards ...

[HI_Ricky]

I wonder why I have never been told of that ... :P

Anyway pm me and I can show you something more fun than that.

Make that algorithm work in the reverse and we can rebuild the PAK files.

Make we able to rebuild the PAK files and you will have utility discs that install hacked OSD on a non SONY OSD.

oh! you always make a cool stuff :)

[richi902]

I suppose SONY would be pissed to know that now it's possible to take things that are already installed/bound to one MC, unbind them and re-tie to another cards ...

cool would it be to get DNASLOAD.ELF to run other-region consoles :P, atleast for the psbbn download games.

[sp193]

I haven't tested it with a Sony utility disc yet, but it can unpack the encrypted archives that it creates.

Downloads/Links
PAKer v1.00: http://www.mediafire.com/?nigou84i5iaz3bd
PAKer v1.00 (source code archive): http://www.mediafire.com/?bme8u8kzu8uaxlx

[unclejun]

I have a tool that *unpacks* them. And I don't think it's encrypted. It's packed. (hence the .pak name ? lol)

The source is in a thread at PSX-SCENE. (just search there for pak and utility disc)

ALL Utility discs use this PAK format for "to be installed" contents (partitions, files and such) and resources for the main program (graphics, sound and menu resources).

Data meant to be installed to memory card are scattered around the giant VOB file which is Magic Gate encrypted. Since the disc protection uses the DISC ID information as "seed" to find the pieces of to be installed data within the VOB file, you can't install MC files from a pirated copy of a utility disc or have success in a install with a MODCHIP active. (The modchip will disrupt the disc-id retrieval process...)

Unpack code quoted here for your convenience (and great justice).

Thanks, it works fine with the DESR update discs :)

[Segment_Fault]

Thanks, it works fine with the DESR update discs :)

Now that's interesting ! Could you please post the logs so we can see what they contain ?

[unclejun]

Here are the logs, you can also get the discs in the downloads section.

[Segment_Fault]

Thanks for the time you spent dumping your discs and extracting PAKs. I'll sure look around at disc contents and disassemble a bunch of files. Too bad I don't have a PSX. I may check if discs have PS2-like copy protections that I'm familiar with, but should certainly break my teeth on MG crypted stuff.
Final round of presidential elections is coming. kHn must be pissed about who's gonna rule the country, he doesn't reply to my emails LOL. Got a Japanese DVD Player FW for him and need him to tell me more bout DESR discs.

[richi902]

i just checked the ps-bbn files, and all the files, that are installed in the seperate partitions, are in special ".daz" archives or some sort.

linux_p1.daz
linux_p2.daz
linux_p4.daz
linux_p5.daz
linux_p6.daz
linux_p7.daz

maybe someone is able to look into this...