well i spent some good time a few years back messing around with some games and stuff. ive got some old txt files with notes i wrote my self on stuff, conversations with other crackers, and some jpegs pointing out hex locations, with things that i made some progress on but never got around to doing too much on... not quite sure which stuff currently i still have stuff on, but id be willing to post it all if anyone can use the info and possibly put it to some good use....
Hey there,
Have you ever heard of the "Yamaha 400/GD-R firmware?" A friend of mine somehow came across the file (KAL-GDRF.zip) and told me it was a firmware update which enables the Katana GD-Writer to read GD-ROM disc media while connected directly to a computer.
I did not want to load the firmware update since I do not really know how safe it is.
Any help would be appreciated!
Hey, could I see this stuff? If it would be somehow connected to the stuff on my website (www.hacking-cult.org), I could host it there :)
Lostuse: sure it would be cool, to see some crackers info :)
Did you know that sex is illegal without a condom in the state of Nevada ?
"Historien lærer os, at folk aldrig har lært noget af historien" - G.W.F. Hegel
"history teach us, that nobody learns from history" G.W.F. Hegel
Language Learning Resources
I did a little more research and found that it's a hack from the release group Kalisto.
Here's what I could pull up:
._______ /\______ _______. ________/_________________________/\
| |/ /______/\ | | eNf \___ / ______/\____ ____/ \
| / // \| |__________\/_______ | |/ \
| _// \ | / \ . | |. _// | \_
|: \ \ | / \ | |: \ | /
:|: \ \ /\ \\ | // \ || \ /
:::_____|\______\ /_________\______/___________\__________|_____|\ _______/
<::-------------\/----------------/-------------------------------\/-------->
:. Proudly Presents : |
| |
| Game : Yamaha 400/GD-R firmware checksum : A252B838 |
| Origin : katana devkit r9 Filename : KAL-GDRF.zip |
| Released : August 6, 2000 zip : 1 |
| Platform : Sega Dreamcast (DC) Format : BIN/firmware |
| |
+--|- - - -|--+
| Release Notes ------------------------------------------------- |
+--|- - - -|--+
| |
| Information seems to be leaking out about this one so we decided to |
| make a public release to avoid "fixed" firmware that may not be so |
| friendly to the precious yamaha 400. |
| |
| Well, the rumors are true. This does work, we now have 8 of these |
| units, and all of them can now read GD's |
| |
| This is not the original way that we began ripping GD's. we have an |
| actual serial link setup that our hardware engineers figured out. |
| This method of ripping is much more efficient as you may imagine |
| we have known about this method for 3 weeks now but have chosen to |
| keep it secret to protect Sega and the various developers that |
| are licsenced by sega. |
| |
| To date, Dreamcast Iso's are only available mostly to those with |
| high speed internet access, or other connections. |
| |
| This will soon all change and only patches will need to be released |
| to make self ripped games playable. |
| |
| We hope that Sega and it's developers are up the the challenge that |
| sony has been facing with the PSX. Sony has realized that the scene |
| could help them and they used it to their advantage |
| |
| "Adversity Brings Greatness" |
| |
| Directions |
| -------------- |
| |
| The utility's filename is dld_dos.exe. The utility |
| takes four command-line parameters: |
| |
| |
| 1) The flash file. For this parameter, use |
| the scsicom.bin file path. |
| 2) The SCSI ID of the GD Writer to be reflashed. |
| 3) The ASPI ID of the SCSI card on which the GD |
| Writer resides. This is a zero-based index |
| to the card. |
| 4) The value 11000. |
| For example: |
| dld_dos.exe scsicom.bin 5 0 11000 |
| will reflash the GD Writer on ASPI ID #0, on |
| SCSI ID #5. |
| |
+--|- - - -|--+
| Contact Information & Recruitment ----------------------------- |
+--|- - - -|--+
| |
| Ever wanted to be a part of KALISTO? Well, now is your chance. We are |
| currently on the lookout for new members who can help the current #1 |
| team on the Playstation. |
| |
| If you are able to: |
| |
| 1) Supply Brand New & Un-released USA/PAL/JAP Playstation games. |
| 2) Crack/Code on the Playstation and are interested in having several |
| opportunities to display your work. |
| 3) Supply PC hardware on a regular basis. |
| 4) Run a T3+ Unix Shell Box in America or Europe with at least 3 gigs |
| of free space. |
| |
| NOTE: We do not need any more sites or couriers at this time, do not |
| bother asking, thank you. |
| |
| Then, contact us as soon as possible at kalisto@paki.com. We are |
| interested to hear what you may have to offer our group and will |
| be willing to negotiate details with you. |
| |
| If you need to reach us for any other reason, we can be reached via |
| the following ways: |
| |
| E-Mail: kalisto@paki.com |
| IRC: #kalisto on EFNet |
| |
+--|- - - -|--+
| Greets -------------------------------------------------------- |
+--|- - - -|--+
| |
| Class - Fairlight - Aggression - Menace - Cife - Paradox |
| Static - Accession - Eurasia - Capital - Lightforce - Nil |
| Trsi - Mups - Wackyiso - Myth - Deviance - Risciso - Rns |
| |
| .____ /\__________: ____________________/\ |
| | |/ / \ | | \_ ___/__ ___/ \ kalisto psx 1998-2000+ |
| | / / \ |_/\ |____ | / | \ |
| || \ \ /\ \\ | \ |. | | \\ | / we set the standards |
| |___|\ _\/______\____/_|_______|___\ ____/ we are the benchmark |
| \/ \/- eNf .:
<------------------------------------------------------------------------::>
any info on where to get this file ??
thanx
Mark
Always one more try, I'm not afraid to die - Manowar
I've uploaded the file to the Rare Game Media FTP. ;-)Originally Posted by manopac
It's not very big, around 100KB in size...
well i checked through my info i gotta make it all nice and postable but i think ive got almost all the work i have when i was spending my time trying to crack the bleemcast retails... unfortunitly i think thats all i have still after a little looking... i spent alot of time working on magic the gathering, the japanesse version but all the info seems to be gone ill just sum up right now what i can remeber exactly(its been like 2 years sense i messed around) magic the gathering was scheduled for a us release but was canceled if you look around through the contents of the cd straight off its got a section for jp cards and us cards. when you go through the hex every single bit of the jp text is followed(if i remeber correctly) by english text, for everything in the game i think except the main menu... now i spent a good weeks messing around with it (nobody else i knew at the time that i talked to about it really cared to waste their time with it other then me), but if i remeber correctly (Sorry i dont seem to have any of my notes or photos anymore) its pretty easy to just go through and change the hex locations to point to the english text instead of the jap text... i cant remeber exactly how much progress i made, it became alot of montomous work going through changing all the damned text, and without any real interest from anyone else i lost motivation... ill post everything i can find after i clean it up and stuff soon but its the weekend and its def party time for me :-P
alrighty thanks to some drugs to keep me going, i sat down and wrote up a little summary of my experience messing around with the retail bleemcasts hope it can help someone out. sorry i didnt spell check or really care too much for punctuation or anything. :-P
http://lostuse.hacking-cult.org/bleem.txt
http://lostuse.hacking-cult.org/badsectors1a
http://lostuse.hacking-cult.org/badsectors2a
thanks to drx for hosting it
Last edited by Lostuse; 03-13-2006 at 05:30 AM.
Nice stuff. If you have anything else about others games, please go ahead and post them :-)
PD
Out of curiosity, what were you trying to crack? Are you saying that it was impossible to copy a bleem disc? (I don't know much about bleem, i've never seen it).
From your notes, it seems as if the security is similar to the ps2 hdloader disc, only in this case, i think the bad crc data is part of the protection. If you make a forensic copy and tell the ripping software not to check the crc data, you should be able to make a good rip.
I thought about this some more.
I'd almost guarantee that the "bad sectors" are the protection scheme. When someone was able to make a perfect copy of the data, all they got was the splash screen. Here's what's going on inside: The program starts (you get the splash screen), it looks for the protection (the bad sectors), when it doesn't find them it exits. You need to copy the bad sectors along with the real data. A forensic disc copy set to ignore the crc will work for this.
The other solution would be to start the program up with a debugger attached to the process. Find the point where the copy protection check goes, then bypass it in assembly code. Hex edit the original executable to always return a good value on the protection.
Solution A is easier, solution B is guaranteed. I won't touch comercially availible programs, but at least i'll give the guidelines on how to do it. Thanks to lostuse, the notes you took pointed out exactly how the protection works.
Last edited by ProgrammingAce; 03-13-2006 at 10:35 AM.
did you burn the gap correctly? the bleemcast iso has 3 tracks (normal toc 0 - 77006 (audio + data mode 2) and a hide track 77007 - xxxxxx (data mode 2) ).
For read the hide track you must use hot swap with other disc and use cdrwin for extrac the sectors.
Make sure to burn the gap correctly for the dreamcast doesn't reboot.
For burn the hide track.... use your brain,and try to complete the first data track with some bad sectors ;)
Last edited by kortex; 03-13-2006 at 03:08 PM.
bleemcast the retail dreamcast versions of bleem there isnt anyone who has been able to make a sucessfull backup copy
my original thinking was the same that it would be possible to use copying progs to copy it
i tried pratcitcally every combination of settings on blindread, clone cd, alchohol 120% all i ended up with was a stack of costers lol
hrm hot swap? not sure what your describing with that. thinking about it i wonder if the addition of the garbage sector data when making an iso could possiblisbly offset the lba of the last track if the game checked for just the last track to be on the right lba then that could be the solution.
actually the jc-bleem boots the whole menu you can go around in it to each of the sections, but you cant actually boot the psx game from it.
anyone here know alot about psx game structure i was looking around at a psx game and was wondering other then the obvious name changes what would be need to change a diff game into looking like lets say tekken 3
How do you get permission to access the page???
smf
the page has been deleted due to various reasons. so you can't get permission to view it, since it doest exists anymore :(
My Feedback thread | My Sales thread (lot's of interesting and rare stuff) | Also for sale lot's of X360 debug discs |
WTB: Dreamkey 3.1 (help me complete my Dreamcast PAL-set!)
Soooo...would something like a whole bunch of 'Exploder/Codebreaker' code turn the game into English? That would be pretty damn cool. It's still a very hard to find game, though.
Good money paid for all Sega Saturn Demo's/Promos/Proto's and beta's. PM me!
[Daily SEGA news @ SEGANEWS.NET][Saturn Odds & Ends][Youtube channel]
Posting Permissions
Reply With Quote
Bookmarks