I think (or hope I’m now very near these tricky little bits.
Here are some nice results:
I’ve done a very cool reconnaissance: Now I know exactly where the PSX Laser searchs for the countrycode-bootsector. The place is exact 16-17 mm from the begin of the inner CD circle. I simply glued a small paper near the laser-lens and watched from the (under-)side at which location the lense moves when the BIOS looks for the “Bootsector”. And because I have a switchable ModChip, I know now exact the location and priod of this 2 times, when this happens.
The location must be on the very edge of the LEAD-IN. And I’ve found Information that its possible to read out the Bootsector, and the next info, it was in italian language, but I’ve understanded it so far, the first! CountryCode protection is in the PREGAP!!
An other info told us the Country Code Bytes are streamed from the Subchannels, so its logic this Country Code is located in the PreGaps Subcode (this is a 2 seconds or 150 sector big “unused” space directly before the usual ISO or BIN Sector start, but on PSX-CDs these sectors start with 00 00 20 00 00 00 20 00 Subheader, which is Mode2 Data!).
O.K., What we need: A software which is able to Read out and burn the RAW uncorrected Pregap with Subchannels. I have already a burning Soft called “Gamejack” which is able to read out the Pregap, but doesn’t write the 2448 Bytes big Sectors 1:1 on the CD.
I hope in the future Clone CD could implement this feature!! Write and Read RAW the very first Pre Gap.
(Yes, and eventually in the future we need a new ISO File Standard - 2352 Bytes Mainchannel and 96Bytes Subchannel = one Sector).
Then I have the problem because I don’t know if my Subchannel data is correct.
My old 16x Liteon Reader spits out Subchanneldata with only: 55 55 55 55 AA AA AA AA 55 55 55 55 AA AA repeated
The new Liteon CD-ReWriter 32x12x40:
80 C0 80 C0 80 80 80 C0 80 80 and this all in all 96 Bytes long in the PreGap and 00 40 00 00 00 00 00 40 00 00 40 40 00 00 Patterns (@'s) in the “usual” Data area.
Please if you want to help me in this case read out an original PSX-CD with a Software and Drive which is able to read this PreGap Subchannel and tell me how they look!
Anyway, I think this PreGap is our last chance at all to burn selfbootable backups. If the bootprotection is encoded in the datatrack-wobble or something we can forget it, my opinion. By the way I checked the PS-X-Change and they used a Replication Mastering Software which was able to write the PreGap - they used Prassi.
If someone knows tricks or possibilities how to easy burn pregaps pls let me know.
One day and 8h of testing later:
The Boot Code is direct on this PreGap place!
Proov it: You can cover whole 16mm (0,63 inch) from the inner circle or totally a circle with 2,4 cm (0.95 inch) radius of a orig. PSX-CD and they will still boot! But if you cover only a little and very small stripe beyond that, finito! You can still read out the whole Data, but the bootprocess halts on the Originals.
What is the importance of these discoverys:
The bootsector is far away from the inner circle, and so its never near the ATIP or the BarCode!
The Bootsector is NOT inside the LEAD-IN, its directly on the End near where the Data starts!
I’m as good as shure its encoded in the PreGaps Subchannel, and its possible to READ out and burn this Pregap with RAW subchannels.
If it should not be possible to burn the PreGap with Subchannels RAW and Uncorrected, there maybe still is a way to move or manimpulate this Subcode Data until it Works!
I know here on this forum are the best and talented CD-Craxx so please help to beat this 8 Year old Protection once and forever. THX U!
by the way here’s how it started our 2 months long and crazy hunt for the PSX-boot: