When you say "There's no way to make a disc that boots without ...", I want to scream, "No way man, this can't be happening!".
The commercial games boot just fine. How do they do it? I know Sony has taken steps to protect their franchise from illegal copying. I read on another forum about rippers that can make game copies. That doesn't do me any good because my simple game doesn't have the right MBR or configuration to rip in the first place. I want to follow up on the possibility that we can write iso's of our games and utilities that boot on a PS2 console without having to resort to exploits, etc.
Tutorial: Homebrew Booting on Unmodified Consoles
There's no way to make a disc that boots without a mod or similar.Steve F wrote:When you say "There's no way to make a disc that boots without ...", I want to scream, "No way man, this can't be happening!".
The commercial games boot just fine. How do they do it? I know Sony has taken steps to protect their franchise from illegal copying. I read on another forum about rippers that can make game copies. That doesn't do me any good because my simple game doesn't have the right MBR or configuration to rip in the first place. I want to follow up on the possibility that we can write iso's of our games and utilities that boot on a PS2 console without having to resort to exploits, etc.
Not going to happen. Period. End of discussion.
Shoot Pixels Not People!
Makeshift Development
Makeshift Development
Okay, this is getting on my nerves. I've been replying LOTS of time about that, to many different people. So let my copy/paste one of my replies.
SONY doesn't protect games on a per-game basis. The whole console is locked down so that you can't run ANY code at all by booting a CD or a DVD straight if the CD or DVD hasn't been produced by them.
-) The "Region info" and other SONY watermarks is somewhat stored near the inner "ATIP" of the disc (I don't know the name of that section for non-CD-R medias), so that it can't be read with normal PC drives, and utterly not be written by normal burners, especially since the ATIP is already written on any blank media you get.
-) The whole thing is encrypted/signed, so that IF you have the right hardware to press silver cd/dvds with custom data in the ATIP, you can't generate any random title. Only SONY can do that, and neither Datel or other company managed to create a "new" disc.
-) There are only a few ways to get unsigned material running straight on the PS2, without any hardware modification of the console, and without any trick like exploit or "knife swapping", and Datel does that by "copying" (not that this is done using big, costly hardware) the inner tracks of a game, and altering only some bits of the rest of the disc so that they keep the game's signature, but the contents changed.
So, finally, the only chances of getting a custom, unsigned title running on the PS2 gameconsole are:
-) Having Datel or other "success" company pressing your title for you, which is the only way of getting the software running straight, without any trick.
-) Using Datel's Action Replay Max Evo's mediaplayer to load an elf file from the usb stick (and maybe other pressed software "loaders" that I never tested)
-) Using the Independance Exploit, which has been fixed in the latests versions of the console anyway.
-) Using other "warez" methods to boot your unsigned code, such as having hardware modifications, or knife trick or so.
SONY doesn't protect games on a per-game basis. The whole console is locked down so that you can't run ANY code at all by booting a CD or a DVD straight if the CD or DVD hasn't been produced by them.
pixel: A mischievous magical spirit associated with screen displays. The computer industry has frequently borrowed from mythology. Witness the sprites in computer graphics, the demons in artificial intelligence and the trolls in the marketing department.
I'mmmm Baaaaak
I get the copy protection thing now. It looks like the best solution (actually) is to get a publisher and have Sony make my game disks on official pressed disks. Sounds easy. Now I only have to make a game.
Which leads me to a question about getting the exploit installed on my memory card. I ordered an x-port. Hasn't arrived yet. I also bought a PS2/Linux kit on ebay. I got it yesterday. Now I have two PS2s, one plain and the other with linux HD. On the linux PS2 I patched the kernal with mrbrown's memory card changes that allow reading everything on the card. Now when I plug in a regular save memory card I can see all the game saves of the games I've been playing. I can write to the card too.
So, looking at the exploit instructions I see the various ways of getting the exploit files on to the memory card. Unfortunatly, nothing there says what to do if you have direct access to the memory card. From what I can see so far it looks like all I have to do is:
make a directory on the memory card called BADATA-SYSTEM
make a TITLE.DB with the code for the PS1 game I have.
copy one of the .elf programs like PS2LINK.ELF to BOOT.ELF
copy the TITLE.DB and BOOT.ELF to BADATA-SYSTEM
move the memory card from my linux PS2 to the plain PS2
boot the plain PS2 with my PS1 game
Does that sound right? Is there anywhere a more detailed description of the memory card file structure needed for the exploit to work? Isn't there some other program that needs to be there to cause the buffer overrun?
Thanks,
I get the copy protection thing now. It looks like the best solution (actually) is to get a publisher and have Sony make my game disks on official pressed disks. Sounds easy. Now I only have to make a game.
Which leads me to a question about getting the exploit installed on my memory card. I ordered an x-port. Hasn't arrived yet. I also bought a PS2/Linux kit on ebay. I got it yesterday. Now I have two PS2s, one plain and the other with linux HD. On the linux PS2 I patched the kernal with mrbrown's memory card changes that allow reading everything on the card. Now when I plug in a regular save memory card I can see all the game saves of the games I've been playing. I can write to the card too.
So, looking at the exploit instructions I see the various ways of getting the exploit files on to the memory card. Unfortunatly, nothing there says what to do if you have direct access to the memory card. From what I can see so far it looks like all I have to do is:
make a directory on the memory card called BADATA-SYSTEM
make a TITLE.DB with the code for the PS1 game I have.
copy one of the .elf programs like PS2LINK.ELF to BOOT.ELF
copy the TITLE.DB and BOOT.ELF to BADATA-SYSTEM
move the memory card from my linux PS2 to the plain PS2
boot the plain PS2 with my PS1 game
Does that sound right? Is there anywhere a more detailed description of the memory card file structure needed for the exploit to work? Isn't there some other program that needs to be there to cause the buffer overrun?
Thanks,
You may also need a valid icon.sys file. But otherwise that looks correct,
assuming BADATA is your region. The first ps1 game I tried didn't work
but the second did... you may wish to test a few.
Or...
There is also another trick you may wish to investigate. You can run
PS2LINK.ELF using the RTE boot menu.
First get a loadhigh version of ps2link.elf. You can build this yourself,
or get a copy from here http://nnoble.nerim.net/ps2dev .
Second... 'fix' this file with reload1 from playstation2-linux (thanks
Mrbrown!). Copy this into BWLINUX/.
Third, edit the BWLINUX/p2lboot.cnf file with an entry like this:
"PS2LINK" reload1.elf "" 203 /dev/hda1 "" PS2LINK
Now you can just select it in the RTE boot menu. No need to install the
exploit.
assuming BADATA is your region. The first ps1 game I tried didn't work
but the second did... you may wish to test a few.
Or...
There is also another trick you may wish to investigate. You can run
PS2LINK.ELF using the RTE boot menu.
First get a loadhigh version of ps2link.elf. You can build this yourself,
or get a copy from here http://nnoble.nerim.net/ps2dev .
Second... 'fix' this file with reload1 from playstation2-linux (thanks
Mrbrown!). Copy this into BWLINUX/.
Third, edit the BWLINUX/p2lboot.cnf file with an entry like this:
"PS2LINK" reload1.elf "" 203 /dev/hda1 "" PS2LINK
Now you can just select it in the RTE boot menu. No need to install the
exploit.
So basically using BWLINUX, reload1, and embedded PS2LINK.ELF is a second type of exploit that accomplishes the same result in a similar way. Once I have the memory card set up, I would move the memory card over to my plain PS2 and boot from the PS2Linux RTE disk. Select PS2LINK.ELF, or any other ELF I install on it. From that point I could do all the things I could do with the original expolit?
ps: I found it difficult, maybe impossible, to create the directory BADATA-SYSTEM on the memory card using PS2Linux. I can create other directories and files, just not one with that name. I looked in the sources for a trap on the name and didn't find anything. Either it is already some kind of block or character device, or maybe the RTE has a name trap and won't allow it to be created or an existing directory renamed to it. Could they have been thinking about ways to prohibit PS2Linux from being used to create exploit memory cards? Or, maybe because my memory card is PS2 and formated for PS2 save games, it is not able to have a directory called BADATA-SYSTEM? Does the original exploit require a PS1 memory card?
Sorry for all the questions (not). If I could return the favor, I will be glad to writeup the steps to patch the PS2Linux kernel. It's mostly standard linux kernel recompiling but I did have to stop and look up some information for the config settings and the README has some misleading information (like, describing how to compile the kernel for installation on a boot floppy and no information about how to install on the PS2Linux HD).
ps: I found it difficult, maybe impossible, to create the directory BADATA-SYSTEM on the memory card using PS2Linux. I can create other directories and files, just not one with that name. I looked in the sources for a trap on the name and didn't find anything. Either it is already some kind of block or character device, or maybe the RTE has a name trap and won't allow it to be created or an existing directory renamed to it. Could they have been thinking about ways to prohibit PS2Linux from being used to create exploit memory cards? Or, maybe because my memory card is PS2 and formated for PS2 save games, it is not able to have a directory called BADATA-SYSTEM? Does the original exploit require a PS1 memory card?
Sorry for all the questions (not). If I could return the favor, I will be glad to writeup the steps to patch the PS2Linux kernel. It's mostly standard linux kernel recompiling but I did have to stop and look up some information for the config settings and the README has some misleading information (like, describing how to compile the kernel for installation on a boot floppy and no information about how to install on the PS2Linux HD).
The linux is open source. I couldn't find the trap there. That doesn't mean it isn't there, just that after 3 hours of looking, I didn't find it. The RTE is not open source and the source isn't available (I think). If the trap is in the RTE then the only way to create the directory is using an execution environment that is not PS2linux.
Second, the method for executing ps2link using reload1 from the PS2linux RTE boot process accomplishes the same result as the original exploit without overriding the boot process; it is the boot process (and a very elegent solution).
Third, I was messing around with recompiling the kernel in order to get the exploit files onto a memory card before I learned of the easier way. Still, I included my experiences so the next guy can benefit from my work. An interesting side effect of patching the kernel is that now I can backup my game saves to my PC and free up one of my memory cards to use for dev work. According to the PS2linux documentation, only memory cards formated by PS2linux can be read by PS2linux. The documentation explicitly states that you cannot read PS2 game save format cards using PS2linux. Well, they are wrong about that. Probably other things as well.
Later that day ...
I put the ps2link.elf (embedded), ipconfig.dat, and reload1.elf (16k file downloaded from playstation2-linux.com) in the BWLINUX directory. I edited the p2lboot.cnf file. On booting I get the linux boot screen. I select PS2LINK and the progress bar shows it loading. Then the console goes into colorbars and constant audio test tone. The reset button doesn't work. If I press buttons on the game pad I can change to other video test signals and turn off the audio tone. On the PC I tried PS2EXEC and XLink. I couldn't figure out how to configure the IP addresses with PS2EXEC and XLink showed the PS2 offline (XLink looks like very nice work; thanks). Anybody have this happen to them?
First, the exploit isn't 'installed' with ps2link. The original exploit allowed execution of programs like ps2link by overriding the boot process of a PS1 game and executing, i.e., ps2link instead. This kind of misleading statement causes no end to problems for new PS2 developers trying to sort out how these things work.But why bother compiling kernel modules if you can install the exploit
with ps2link.
Second, the method for executing ps2link using reload1 from the PS2linux RTE boot process accomplishes the same result as the original exploit without overriding the boot process; it is the boot process (and a very elegent solution).
Third, I was messing around with recompiling the kernel in order to get the exploit files onto a memory card before I learned of the easier way. Still, I included my experiences so the next guy can benefit from my work. An interesting side effect of patching the kernel is that now I can backup my game saves to my PC and free up one of my memory cards to use for dev work. According to the PS2linux documentation, only memory cards formated by PS2linux can be read by PS2linux. The documentation explicitly states that you cannot read PS2 game save format cards using PS2linux. Well, they are wrong about that. Probably other things as well.
Later that day ...
I put the ps2link.elf (embedded), ipconfig.dat, and reload1.elf (16k file downloaded from playstation2-linux.com) in the BWLINUX directory. I edited the p2lboot.cnf file. On booting I get the linux boot screen. I select PS2LINK and the progress bar shows it loading. Then the console goes into colorbars and constant audio test tone. The reset button doesn't work. If I press buttons on the game pad I can change to other video test signals and turn off the audio tone. On the PC I tried PS2EXEC and XLink. I couldn't figure out how to configure the IP addresses with PS2EXEC and XLink showed the PS2 offline (XLink looks like very nice work; thanks). Anybody have this happen to them?
well i'm sorry for giving you an alternative. i wouldn't want to scare offThis kind of misleading statement causes no end to problems for new PS2 developers trying to sort out how these things work
new PS2 developers who have troubles downloading a binary file and
editing a text file.
what you are doing wrong is obvious, at least to anyone who read the
reload1 readme. it's not like you followed my instructions, or even
downloaded the prepared file (thanks boomint).
perhaps if you actually put some effort in, you would realise that
your reload1.elf does not contain ps2link.elf.
you spent 3 hours figuring out *-SYSTEM is protected? sucks to be you.
Geee, it does suck to be me!
For your rudness I will give you some homework:
1) What is the difference between criticize and ridicule?
2) I spent 3 hours to learn about BADATA-SYSTEM. You said you recall reading something about it. Produce evidance that knowing "-SYSTEM is protected" is easily acquired or common knowledge.
3) Explain in detail what "ps2link.elf ... fix this file with reload1" means to a person with two days experience in ps2 development and hasn't completed the first step in the tutorial, 'method of loading your programs', let alone the remaining steps of setting up the tools and sdk.
4) Defend your statement, "But why bother compiling kernel modules if you can install the exploit with ps2link.", that I claimed was misleading.
For my homework I will tell you that over those two days I jumped from web site to web site, articles to How-To's, conflicting and confusing description of 5 different ways of using three different programs that come in 4 varieties of 2 versions and none of them quite work 'straight out of the box'. And there is no way to find out what h/w you are missing to make one of them work until you download and read how to use it, guessing at every turn what the terminology actually means.
I didn't see the light of day, rinco, until you described a very elegant method that I actually had the h/w necessary to implement. I was well prepared that your instructions, while providing an overall outline of what to do, contained an error referring to the loadhigh version of ps2link. I was lost trying to understand all the instructions in the various ps2link readme's. That and I tried to use the Reality mcloader version of reload1. The one I downloaded that was supposed to work with ps2link actually was configured, get this, for 'nc0:BWLINUX/PS2MENU.ELF'. I never got the ps2link versions to work until your most recient e-mail pointed out my mistakes. I didn't 'get' what embedded means and I didn't 'get' how it applied differently to embedded ps2link and that reload1 is expected to be built with whatever you want to run embedded inside it. Your timely pointing out that boomint provided a link to an 'all in one' elf cleared everything up and I was able to communicate between my PC and my PS2. I loaded a main.elf that is a stand up video game rotating. I expect I'll remember for a long time the first homebrew program to run on my PS2. Do you remember your first few days?
5) For extra credit tell your best horror story developing for homebrew PS2.
My thanks to you, rinco
p.s. It still sucks to be me!
For your rudness I will give you some homework:
1) What is the difference between criticize and ridicule?
2) I spent 3 hours to learn about BADATA-SYSTEM. You said you recall reading something about it. Produce evidance that knowing "-SYSTEM is protected" is easily acquired or common knowledge.
3) Explain in detail what "ps2link.elf ... fix this file with reload1" means to a person with two days experience in ps2 development and hasn't completed the first step in the tutorial, 'method of loading your programs', let alone the remaining steps of setting up the tools and sdk.
4) Defend your statement, "But why bother compiling kernel modules if you can install the exploit with ps2link.", that I claimed was misleading.
For my homework I will tell you that over those two days I jumped from web site to web site, articles to How-To's, conflicting and confusing description of 5 different ways of using three different programs that come in 4 varieties of 2 versions and none of them quite work 'straight out of the box'. And there is no way to find out what h/w you are missing to make one of them work until you download and read how to use it, guessing at every turn what the terminology actually means.
I didn't see the light of day, rinco, until you described a very elegant method that I actually had the h/w necessary to implement. I was well prepared that your instructions, while providing an overall outline of what to do, contained an error referring to the loadhigh version of ps2link. I was lost trying to understand all the instructions in the various ps2link readme's. That and I tried to use the Reality mcloader version of reload1. The one I downloaded that was supposed to work with ps2link actually was configured, get this, for 'nc0:BWLINUX/PS2MENU.ELF'. I never got the ps2link versions to work until your most recient e-mail pointed out my mistakes. I didn't 'get' what embedded means and I didn't 'get' how it applied differently to embedded ps2link and that reload1 is expected to be built with whatever you want to run embedded inside it. Your timely pointing out that boomint provided a link to an 'all in one' elf cleared everything up and I was able to communicate between my PC and my PS2. I loaded a main.elf that is a stand up video game rotating. I expect I'll remember for a long time the first homebrew program to run on my PS2. Do you remember your first few days?
5) For extra credit tell your best horror story developing for homebrew PS2.
My thanks to you, rinco
p.s. It still sucks to be me!
Ok, I am a n00b here, and I've read through these posts, but I feel like my question hasn't been answered quite yet. I (unfortunatially) was a bit late hopping onto the ps2 train, and, I have a Slim PSTwo. Is there currently ANY way to run any form of homebrew on it without modding it or buying any fancy memcard>pc loading equiptment (as I almost did with my PS1). I do have a generic USB Memory Key. Is there any way this can be used? Is there Any hope for PSTwo Slim owners??!
-=Sachiel7=-
If you can get a hold of a ps2linux dvds (ebay if they're sold out in your country) then you can use that to boot ps2client (or anything, really) off your mem card, instead of the linux kernel.
Hopefully you should be able to boot linux right off the dvds (since no hdd on psTwo) and from there you could mount the mc and copy across/modify required files.
Alternatively, I hear stories about people using things like action replay or something, but i've never even seen them in stores, so i can't comment on that.
If you are serious about ps2dev, I strongly suggest the first option.. included on the dvd's are invaluable documentation on the ps2 hardware.
Good Luck!!
- cheriff
Hopefully you should be able to boot linux right off the dvds (since no hdd on psTwo) and from there you could mount the mc and copy across/modify required files.
Alternatively, I hear stories about people using things like action replay or something, but i've never even seen them in stores, so i can't comment on that.
If you are serious about ps2dev, I strongly suggest the first option.. included on the dvd's are invaluable documentation on the ps2 hardware.
Good Luck!!
- cheriff
Damn, I need a decent signature!
-
mat.edwards
- Posts: 1
- Joined: Mon Oct 31, 2005 3:58 am
i use an ar max and whenever i uncrush the bedata-system.max from my pen drive to my memory card all i get on the memory card is a ps2lin k v1 2 file i once had the exploit working all i did was add a new elf file and now it is not working and i also get the same error with my old bedata-system.max file and with an unmodified one from the download i have even tried formatting the memory card and to no avail i would be grateful for any ideas you could give
AR MAX Emulator
I'm a noob to this forum, and ps2 development, but, today, i found something that you guys appear to not be aware of. A few months back i bought an Action Replay MAX kit, the one with the 16MB USB stick (I was intent on using it to play mp3s). The thing is, among other utilities - the save manager, region free player, etc - there is a SEGA Genesis emulator included. But, the thing is that, you have to create a disk with roms and the emulator, using the PC CD in the pack. Here's the nice part. The emulator is a .elf file. You're supposed to run it using the mp3 player. But, by copying any other elf file onto the USB stick, it will show up in the mp3 player's list, and you can select and run it. The downside is that the app can't use any external modules (.irx) due to a probable limitation in the software. And, some (most) elfs on the net don't work. This far i managed to run 3stars, bootAdvance, ps2link (it loads but coughs out an error, being unable to load the irxs) and another one or two things. Initially i thought some wouldn't run because of the massive size of the elfs compared to the emulator.elf supplied. But seems this is not the case, as bootAdvance is around 500k, and worked. I am going to keep poking some other posibilities to see what happens. First i want to try to use bootAdvance to run another launcher off the memory card in order to get rid of the no-irx constraint (hopefully) - the "emulator" appears to get unrestricted access to most hardware, and you have to reset the console after using the emu. If any of you ppl happen to have the same hardware/software i have, try stuff out, and let me know. I will post news as they come. (I hope no one got this before and realised there isn't anything to do about it - making me a monkey for this post, and reinventing the light bulb).