To those people who are still trying to crack the PSX boot protection. READ THIS

vbimport

#1

Hello,

This thread is for all the people who are trying to crack the PSX boot protection by using burn-over (aka re-burning to an already burned CD-R) but couldn’t.

Well I have some good news.

I have figured a way to use burn-over, and it works on all drives!

But first you will need the following things…

  1. CD-R drive

  2. Blank CD-R

  3. Another CD-R that you want to burn-over.

  4. Alcohol 120% CD recording software.

  5. An image you want to burn.

  6. Some kind of paper clip. Or something similar. (Has to be quite hard, not bend easy).

Ok this is what you need to do now.

  1. Put the blank CD-R into the CD-R drive, and wait for the drive to stop reading the disc.

  2. Open up Alcohol 120% and after it has loaded, right click on the drive with the blank CD-R in there, and click on properties.

  3. Now in the new window that just came up, click on Disc. It should say that its an empty CD-R disc and that its writable to.

  4. Now close that window, and add an image, and go through all the nessesary steps to get to the point where you are just about to burn the disc.

Now this is the trick, which will allow you to use burn-over, on any drive…

  1. Using your paper clip/ thin metal wire. Insert it into the hole of the front of your CD-R drive, this will cause the disc to come out, but you may need to give it a bit of a tugg, because there is a disc already in there, it may be a bit harder to get out. But don’t worry about it.

  2. Now then, swap that disc, for the disc you want to burn-over, and push the CD-R drive Tray, with the disc you want to burn-over. When pushing the tray back in make sure you give it a good push. (Not too hard though).

  3. And then click on write.

Now then, because the CD-R drive still thinks that there is a blank CD-R drive in there, it won’t check to see if the disc is writable to or not. And will just write to the disc regardless. It’s kind of like the PS2 swap trick. Don’t you think?

So now if someone does crack the PSX boot protection by using burn-over, we can all do it!

As for now I have only tried burn-over, by using Alcohol 120%, but im sure it will work with all other CD recording software.

Now that anyone can use burn-over, lets all do some tests and see what results we get, and post them here.

I hope people find this useful.

Cya, The Lillster.

UPDATE:

Shit I forgot to put what this method is for.

Basicly what this method does is create tracking errors on a CD-R.
And tracking error is what the PSX boot protection is, but its in a controled way.

So now we can all create SCEx type error patterns. But atm its in an uncontroled way. So that is why I am asking people who want to try out this method, and post any interesting results.

Thanks, The Lillster


#2

Wow no replies…

I thought there would be a few replies for this by now.

Anyway, has anyone tried out my method yet, and did it work?


#3

Ya gotta give it some time. Sometimes 2 days just isn’t enough. Not to mention that it was a holiday weekend and not everyone was able to get away from the family members to play.

:bigsmile:


#4

lol, i’m just curios thats all.


#5

Does this method work for PS2 ?


#6

I think you have missunderstood the point of this topic.

All this guide does is tell you how to use “Burn-Over” if you don’t own a LITEON CD-R drive.

As far as I know, no one has managed to burn a correct burn-over/wobble code pattern.

ATM we are only trying to crack the PSone boot protection. But if we succeed in that we will try and crack the PS2 boot protection. Which is similar except that the wobble code is in the TOC area of the disc.

BTW if you are wandering what the wobble code is, then here is a little description: (only brief)

The wobble code also known as the SCEx pattern. Is a special code that is EFM (Eight-to-fourteen-modulation) coded onto the Game Disc. The code is not normal data though. It is done by wobbled pits. These types of pits can’t be read by a normal CD reader. And so when the PSX/2 reads the game it checks for these wobbled pits and when it finds a pattern of wobbled pits it creates tracking error and no tracking error. 1=tracking error 0=no tracking error. By having this pattern on the disc it creates a pattern of 1’s and 0’s. And once the PSX/2 has read the code and it matches the code in your console it will load the game.

Atm though we can’t create tracking errors aka 1’s that are small enough.

So if you think you know a way to create burn-over patterns that are very small. And that can immitate the SCEx pattern, then please do tell.

BTW the SCEx pattern/wobble code is:

SCEE compressed at 150msec !


11100000 00011111 11100001 11100001 11100001 <- 3 instead 4 ‘1s’ @ start OK!
11100000 00011111 11111111 11000011 11000011 <- 15 instead 16 ‘1s’ OK
11000011 11000011 11111111 10000111 10001111 <- 3 instead 4 stop ‘0s’ OK!
00001111 00001111 11111110 00111100 00000000 <- 11 instead 12 ‘1s’ OK!
(By SAM)


#7

[I]“Just subscribing to thread”

Interesting reading :slight_smile: … [/i]


#8

Originally posted by The Lillster
[B]Atm though we can’t create tracking errors aka 1’s that are small enough.

Could the Plextor Premium’s Gigarec help with this? (As it has shorter pit lengths).


#9

Using your paper clip/ thin metal wire. Insert it into the hole of the front of your CD-R drive, this will cause the disc to come out, but you may need to give it a bit of a tugg, because there is a disc already in there, it may be a bit harder to get out. But don’t worry about it.

Pardon my French , but i actually do worry about that. This is a forced mechanical release on hardware that could still be electronically (and thus mechanically) locked. This could easily kill your writer.

If it works , it’s fine by me. But i’m not going to try this on my 48 speed writing cd recorder.

Now then, swap that disc, for the disc you want to burn-over, and push the CD-R drive Tray, with the disc you want to burn-over. When pushing the tray back in make sure you give it a good push. (Not too hard though).

Not too hard indeed or you might destroy/cripple the (servo) motor that is controlling the tray.

I think i understand why it has to be pushed rather than using the eject button. The eject button also flushes the internal buffers, doesn’t it ?

Risky business, writing cd’s like this.


#10

Well if you wait a couple of minutes so that the CD stops spinning and then do this trick, everything will be OK.

But I don’t know what the risk of burn-over is. I only posted this method for an alternative for people who don’t have a LITEON drive. Basicly Liteon writers can use this burn-over method, without swapping the disc.


#11

Sorry friend, I think you have misunderstood me.

You see the problem is the smallest amount we can burn is 1 sector, however 1 pit is a lot smaller than 1 sector. However if someone could find the correct incorrect EFM pattern that mimics the SCEx tracking errors, there might be hope.

Need anymore info just post.
cya,

Originally posted by Chriso
Could the Plextor Premium’s Gigarec help with this? (As it has shorter pit lengths).


#12

Hi Lillster,

Do you think PS2 machine can identify a pressed DVD and DVD-R by reading the ATIP?

May I know how do you know PS2 DVD is using EFM pattern to mimic the SCEx tracking errors?

From what I learnt from the previous post, the modchip keep insert SCEx pattern into the circuit so that the PS2 machine will think that the backup or import is a valid original disc. Which sector do you think the SCEx pattern lie in the DVD?

From www.PS2NFO.com, I heard something called “DNAS” and “Disc ID”. Do you think “Disc ID” is one of the keys that decide a PS2 DVD a self-bootable disc?


#13

Ok don’t get me wrong but I hardly have any info on the PS2 protection, but what I do know is that in the future DVD video will be using the same type of protection (Wobbled pits).

I’m not 100% sure if PS2 DVD games use the same protection as PS1 (Wobbled pits), and even if it does it probably has extra protection like each game could have its own unique wobbled ID? depending on the code in the game image. For example in the TOC area of the disc it could contain a decyption code for the PS2 to decrypte the PS2 wobble code? Who knows :confused:

Anyway, atm we are trying to crack the PS1 protection, if we ever crack this protection then PS2 games will be next I persume.

Ok let me explain the PS1 protection.

At a certain location (leadin) on an original PS1 disc there are these pits which are not in align with the centre of the track. And basicly there are a pattern of these wobbled pits. And basicly when the PS1/2 reads these wobbled pits it picks it up as a tracking error. And each tracking error represents a 1 to the PS1/2. And a non-wobbled pit represents a 0. And basicly there is a sequence of 1’s and 0’s which represent the code for your country. If the code on your game matches the code in your machine, then the PS1/2 will boot.

Ok now onto the EFM question.

If we can find some EFM bytes which cause tracking error and then use these bytes to cause tracking error that mimics the SCEE then we might have a chance. But first we must find out what EFM bytes cause tracking error.


#14

Hi Lillster,
Do you know how SAM learn about the SCEE pattern?
Is this pattern appears as bad sector in DVD?
Is it possible to rip the pattern by using software?

Last question,
Anybody know about any software that can rip the DVD including all the bad sector?


#15

To hirakawa;

  • SCEE pattern is ‘well’ documented in this forum. :bigsmile:
  • Pattern has nothing to do with bad sectors, more likely tracking errors. Read documents.
  • Normal CD/DVD - reader can NOT read that pattern and normal writer can NOT write that pattern. That kind of information is not included in well known iso formats so there is no way to handle that pattern in software. Btw, problem is to add that pattern, not rip.

I think Sony’s PSX/PS2 mastering systems are very well guarded like Coca Cola recipe. :iagree:

  • Tomba

#16

If the normal CD/DVD reader cannot read the pattern, how the SCEE pattern documented in this forum?

Beside that, what is the different between bad sector and tracking error?


#17

hirakawa,

All of those questions have been answered already. Please read the full story on the attempts to beat the PSX copy protection before posting questions. It wastes a lot of space to go over material that is easily found in this forum with a little looking a bit of time to read it over.


#18

Hey Lillster,

Since the “felt tipping” method appears to be the best method for defeating the protection, I was wondering, despite my previous poo-pooing of blind felt tipping, if you think those clear CD labels would work? I may be wrong, but I don’t think that the finest felt tip pens will make small enough dots, so a laser printer and some clear CD labels may be able to make small enough dots in a regular pattern enough to fool the PSX. I don’t have the O scope, to test it out, but I can easily buy clear CD labels. Unfortunately, without an Oscope, it is no better than blind felt tipping.

Just a thought (anyone with an Oscope who is paying attention to this thread willing to try this method?)


#19

Well I don’t know friend, I am trying different ideas atm. I am also in talks with Truman, however if I want to continue on my tests, I will have to wait for Truman to send me his results. If they are successful, we can continue.


#20

Does this mean you have something promising? :confused: :bow: :eek: