What's new
By:
Filters

Dongle conversion

ok thanks both, oliveira the boot.ini is the same for all the namco dongles or game specific?, to change the game in the nand is just copy and paste with the ulaunchelf?
 
It's both: GAME specific and CARD specific. It's BOUND to the card through Magic Gate binding. And that's what the hex editing part is about.
 
@l_oliveira do you think that If I get some logs of the communication between a 246 and the dongle we will be able to figure out the keys?

My guess is that each MCU indentifies itself differently. Then the content of the special bytes in the boot.bin are being checked with the MCU identification string. This would happen in the Mechacon.

It looks too complex to me that the MCU in the dongle would do that.

So theoretically with some data loggin we could create a universal MCU or just simulate it's behaviour.
 
i don't understand, let me tell you what i understand, the discs for the games are specific for the game and the dongle too, in the dongle are archives for that game and the boot.bin that is different for every game, that's right?, so if i have the nand of for example time crisis 3 i can backup it but are useless for other games, so if i want to transfer the data of a tekken 5 dongle i must rewrite all archives including the boot.bin of tek5 into the nand or i should edit the boot.bin in hex?
 
The explanation goes like this:

The dongle is a "secure device". So because they thought it would be secure they put the game .EXE inside the dongle. The board only boot Magic Gate encrypted files because it's designed to only accept boot "trusted" files. Magic Gate is used there to make sure only SONY could access the contents of the card and author boot.bin files. Part of the protection has 32 bytes of the file "encrypted" with some information from the card it's written to. If that is wrong the file will fail loading. So you're NOT supposed to move that particular chunk of data from one card to another. It happens to be into the boot.bin file for obvious reasons (binding).


@DarkSoft: The communication between the PS2 and the card is not encrypted. What is encrypted is the unlock exchange they perform while initializing. The PS2 won't accept access anything that doesn't perform the auth. Nor will the card. That auth is between the MCU on the card and the CD drive Mechacon (which the Arcade PS2 still have even though it has no drive in it).
 
l_oliveira said:
The explanation goes like this:

The dongle is a "secure device". So because they thought it would be secure they put the game .EXE inside the dongle. The board only boot Magic Gate encrypted files because it's designed to only accept boot "trusted" files. Magic Gate is used there to make sure only SONY could access the contents of the card and author boot.bin files. Part of the protection has 32 bytes of the file "encrypted" with some information from the card it's written to. If that is wrong the file will fail loading. So you're NOT supposed to move that particular chunk of data from one card to another. It happens to be into the boot.bin file for obvious reasons (binding).


@DarkSoft: The communication between the PS2 and the card is not encrypted. What is encrypted is the unlock exchange they perform while initializing. The PS2 won't accept access anything that doesn't perform the auth. Nor will the card. That auth is between the MCU on the card and the CD drive Mechacon (which the Arcade PS2 still have even though it has no drive in it).
Click to expand...
Can you elaborate on the "unlock exchange"
 
It's a exchange of encrypted messages where the PS2 auths with the card and the card auths with the PS2. Before that init is performed no communication is possible. Exactly because that exchange protocol is different for the dongle it's not possible to read it on a retail PS2. The System 246 can auth both dongles and PS2 memory cards. But it can only auth one dongle per session (they were worried about people using the board to copy dongles so the board requires a power cycle to acknowledge a different dongle).
 
ok, i understand that the exe is on the boot.bin, i can read that boot.ini or i will find only raw data?, to save the new data of a new game on the nand is just copy and paste with ulaunchelf, please answer this, thanks
 
i read it again and now i noticed that: (So you're NOT supposed to move that particular chunk of data from one card to another. It happens to be into the boot.bin file for obvious reasons (binding).), so how can i write the data into the nand?
 
you open both boot.bin which came from your card and the one you want to put in. then move the 32bytes from your boot.bin to the new one.
 
thekingmtg, I dropped you a private message, not sure if you saw it, but please let me know if you have what I'm looking for, it'd be a great help for everyone here!

thanks!
 
defor: done it

oliveira:ok so that 32 bytes are exclusively for that dongle card, where are that 32 bytes in the start?, which program i should use to do that winhex for example?
 
different for each dongle? or game?, i mean for any individual donlge is a different code for each one? damn
 
anyway, if that's the case i have the code of my dongle inside so i can copy it, but where is it? in the start? in the end? how i can search for it?, thanks
 
So are you guys saying a ps2 with ulaunchelf can access the contents of a Dongle without damaging it?

Also, does anyone know if a ps2 can format a memory card for Soul Calibur 2, and does any other 246/256 game use a memory card?
 
the dongle no, the nand that get soldered on a ps2 memory card, and all 246 have a dongle, tomorrow i will get a ps2 with matrix so then i can say you if i can access the mc with the ulaunchelf
 
i wil do some thing, i will read 2 time crisis 3 dongles, then i will compare them in winhex, the program is the same so the only difference could be those 32 bytes, i'm wrong oliveira?
 
You must log in or register to reply here.
Back
Top