Some CEX PS2 HDD dumps...

Discussion in 'File Downloads - Share and Request' started by krHACKen, Dec 24, 2018.

  1. krHACKen

    krHACKen #CNNisISIS

    Joined:
    Oct 24, 2012
    Messages:
    650
    Likes Received:
    483
    PlayOnline Viewer ver.1.09.00j (Beta), North America, 20030410_C :
    POL Viewer 1.09.00j (Beta) USA.7z
    Fresh installation from CD/DVD.

    PlayOnline Viewer ver.1.11.00m, North America, 20031206_3 :
    POL Viewer 1.11.00m USA.7z
    Fresh installation from CD/DVD.

    PlayOnline Viewer ver.1.14.00c, North America, 20040706_3 :
    POL Viewer 1.14.00c USA.7z
    Fresh installation from CD/DVD.

    PlayOnline Viewer ver.1.14.03, North America, 20040914_0 :
    POL Viewer 1.14.03 USA.7z
    Fresh installation from CD/DVD.

    PlayOnline Viewer ver.1.18.03b, North America, 20070802_2 :
    POL Viewer 1.18.03b USA.7z
    Fresh installation from CD/DVD.

    PlayOnline Viewer ver.Goodbye!, North America, 20150901_X :
    POL Viewer goodbye! USA.7z
    Net update, from the above 1.18.03b installation.


    PlayOnline Viewer ver.1.04.00 (Beta 2), Japan, 20011120_3 :
    POL Viewer 1.04.00 (Beta 2) JPN.7z
    Fresh installation from CD/DVD.

    PlayOnline Viewer ver.1.05.00d, Japan, 20020516_4 :
    POL Viewer 1.05.00d JPN.7z
    Fresh installation from CD/DVD.

    PlayOnline Viewer ver.1.09.03d, Japan, 20030819_5 :
    POL Viewer 1.09.03d JPN.7z
    Donor HDD. Courtesy of Senyuki (whom provided the HDD dump).

    PlayOnline Viewer ver.1.14.00b, Japan, 20040706_2 :
    POL Viewer 1.14.00b JPN.7z
    Fresh installation from CD/DVD.

    PlayOnline Viewer ver.1.14.03, Japan, 20040914_0 :
    POL Viewer 1.14.03 JPN.7z
    Fresh installation from CD/DVD.

    PlayOnline Viewer ver.1.15.04x, Japan, 20050830_6 :
    POL Viewer 1.15.04x JPN.7z
    Donor HDD. kHn.

    PlayOnline Viewer ver.1.18.03b, Japan, 20070802_2 :
    POL Viewer 1.18.03b JPN.7z
    Fresh installation from CD/DVD.

    PlayOnline Viewer ver.Goodbye!, Japan, 20150901_X :
    POL Viewer goodbye! JPN.7z
    Net update, from the above 1.18.03b installation.


    Nobunaga No Yabou Online 1.00, Japan, Version 10003 Code 1000201 :
    Nobunaga No Yabou Online 1.00.7z
    Fresh installation from CD/DVD.

    Nobunaga No Yabou Beta Version 1.04, Japan, Version 10402 Code 1100201 :
    Nobunaga No Yabou Beta Version.7z
    Fresh installation from CD/DVD.

    Nobunaga No Yabou Online 0.50, Japan, Version 5000 Code 1000201 :
    Nobunaga No Yabou Online 0.50.7z
    Fresh installation from PKG.


    Bomberman Online (Base Version), Japan :
    Bomberman Online (Base Version).7z
    Fresh installation from PKG.


    Pop'n Taisen Puzzle-Dama Online, Japan :
    Pop'n Taisen Puzzle-dama Online.7z
    Fresh installation from CD/DVD. The offline mode is playable.


    PlayStation BB Navigator Version 0.32, Japan, bnux_ver_001-001-351, FOR GENUINE HDD :
    PSBBN Ver.0.32 (For Official HDD).7z
    Fresh installation from CD/DVD. Don't forget to restore your __net partition.

    PlayStation BB Navigator Version 0.32, Japan, bnux_ver_001-001-351, FOR NON-$ONY HDD :
    PSBBN Ver.0.32 (For Unofficial HDD).7z
    Fresh installation from CD/DVD. With the usual HDD DNAS threads bypass. Don't expect it to bind DLCs.


    The PSBBN channel backups featured in the two PSBBN 0.32 dumps were provided by unclejun. All I did is host the files as-is, I did not fix anything in the navigation, so don't blame unclejun but my lazy ass if something's br0ken.
    That other partial Namco-Ch backup from 2003, was recovered from the BBN cache of a donor HDD.

    All the above dumps (except the PSBBN ones, captain obvious) boot on HDD OSD 1.10U, with a homebrew ATAD driver in hosdsys. It was installed from SUDC4 if my memory serves me right.

    If you h4x0rz want to decode, mod, and encode back the PSBBN network config file, you can use this shit. Recover the i.Link ID first. The batch files are self explanatory.

    Last but not least, do NOT "repair" the drive with WinHIIP, or it would waste the binding.



    CONTINUING (Addition 1) :

    PlayStation BB Navigator Version 0.20, Japan, bnux_ver_001-001-138, FOR GENUINE HDD :
    PSBBN Ver.0.20 (For Official HDD).7z

    PlayStation BB Navigator Version 0.20, Japan, bnux_ver_001-001-138, FOR NON-$ONY HDD :
    PSBBN Ver.0.20 (For Unofficial HDD).7z

    Note : the two PSBBN 0.20 dumps have channel access errors. See this post for details.
     
    Last edited: Dec 25, 2018
    americandad, AKuHAK, Shademp and 12 others like this.
  2. nonijod

    nonijod Member

    Joined:
    Jul 1, 2015
    Messages:
    8
    Likes Received:
    5
    Do you by any chance also have the BC PS3's virtual HDD with PlayOnline installed?
    /game/SCUS97269/USRDIR/IMAGE.DAT (about 21 GB uncompressed)
     
    AKuHAK likes this.
  3. krHACKen

    krHACKen #CNNisISIS

    Joined:
    Oct 24, 2012
    Messages:
    650
    Likes Received:
    483
    Sadly no. I think I have one (or more) virtual HDD image with SOCOM (non-bootable) on it, but that's all :( .
    And to be honest, even if I had one, I believe that I couldn't crack it, since I don't know a way to dump the virtual HDD IDs on the PS3... Unless the emu uses fixed ID shit which could be isolated from the binaries, or there's a way to run my ID dumper with the HDD emulation enabled...
    The i.Link ID can be recovered from IMAGE.DAT, with the CoDec thing I've posted above. Because the emu (theoretically OSDSYS, of the BOOTROM) creates a PSBBN network config file in the HDD, for compatibility reasons. I've tried this when I made the tool, and it worked. Drag and drop IMAGE.DAT to the exe, and it should scan sectors and bruteforce the netcnf file lol.
     
  4. nonijod

    nonijod Member

    Joined:
    Jul 1, 2015
    Messages:
    8
    Likes Received:
    5
    Yeah, that's basically the end of what I'm trying to achieve (PS2 homebrew from XMB with HDD access) and it would certainly help once I figure out a way how to have HDD access even from a disc without having to mess with locked partitions first. However so far no luck in getting even the recreated .iso with hijacked title ID or modified .iso with injected wLE or OPL to boot, despite it working just fine if I don't use title ID that has whitelisted HDD access. Could be that it's simply just crashing at startup but I have my doubts.
    Shame that it can't be reinstalled anymore now that the DNAS is down.
     
  5. HI_Ricky

    HI_Ricky Intrepid Member

    Joined:
    Jun 7, 2007
    Messages:
    672
    Likes Received:
    214
    any chance have 0.2 FOR NON-$ONY HDD ?
    because 0.2 have MD support. 0.3 they stop this
     
  6. l_oliveira

    l_oliveira Officer at Arms

    Joined:
    Nov 24, 2007
    Messages:
    3,895
    Likes Received:
    252
    PS2 emu on the PS3 has code in the PS2 BIOS to sha1 check every KELF for HDD bootable stuff and the ELFs on the install discs. If it's not in the whitelist in the PS2 BIOS will be refused to launch. So no, you can't make stuff bootable from a HDD image on a PS3 using the PS2 emu without heavily modifying the emulator itself.
     
    AKuHAK, pool7 and good like this.
  7. nonijod

    nonijod Member

    Joined:
    Jul 1, 2015
    Messages:
    8
    Likes Received:
    5
    Certainly it isn't the only way of doing it, rogue .irx could also be a way or even a buffer overflow from a crafted file. That is to say, considering that both OPL and wLE's main purpose is to load other .elfs which would certainly trigger the checks, I suppose without patching out those checks it'd be quite useless.
     
  8. l_oliveira

    l_oliveira Officer at Arms

    Joined:
    Nov 24, 2007
    Messages:
    3,895
    Likes Received:
    252
    Native HDD software on a real, physical PS2 doesn't read executable files that aren't HDD DNAS encrypted and bound to the HDD/NET partition/Console ID combo. Injecting code in it won't happen unless you know how to modify RSA1024 encrypted files without having the keys for them. It's the chicken and egg problem. On a real, physical PS2 we can decrypt the DNAS loader (encrypted with MAGIC GATE) module then patch out it's purify protection. From that we can use a resident debugger like Kermit or PS2 RDB to edit or dump memory and spy on what is going on inside of the LIBDNAS HDD protected software. Still it's not possible to do that on a PS3 because the emulator tightened the security on both the PS2 software and the PS3 emulation side. Also, It doesn't emulate features the games don't use, making it even more difficult to use tricks to get inside.

    Hacking the emulator on a hacked PS3 is just silly. I've done that, ran Open PS2 Loader in it faking the PlayOnline software ID and it didn't work properly exactly because OPL use features of a real PS2 that the emulator did not fully implement. In the few cases it actually worked the read speed of the HDD was slower than what you would get from a real PS2. Also the PlayOnline disc ID doesn't give the emulator authorization to mount memory card images. You cannot save anything while using that.

    If you want to try disengaging the emulator protections yourself you have to:

    - Obtain the file from a hacked PS3 (ps2_emu.self or ps2_gxemu.self depending of your PS3 being CECHA/CECHB vs CECHC/CECHE)
    - Decrypt the file using SCETOOL
    - Hex edit the load list of the IOPRP replacement image on the PS2 BIOS replacing the entry for XLOADFILE (this one checks SHA1) with LOADFILE (You can also patch the XLOADFILE within it's asm code to make it skip SHA1 checking)
    - Re encrypt the file correctly using SCETOOL
    - Replace the original file with the file you just edited.

    Have fun.
     
    AKuHAK, uyjulian, nonijod and 3 others like this.
  9. l_oliveira

    l_oliveira Officer at Arms

    Joined:
    Nov 24, 2007
    Messages:
    3,895
    Likes Received:
    252
    And I forgot to mention, KELF files are also being sha1 checked so nope, tampering with them (HDD MBR sector, DNASLOAD module) will also trip the protection.
     
    pool7 and krHACKen like this.
  10. krHACKen

    krHACKen #CNNisISIS

    Joined:
    Oct 24, 2012
    Messages:
    650
    Likes Received:
    483
    Uploaded. See the end of the first post.
    There's a major problem though. Only the PS Now channel backup loads. All the other backups do -9000X errors:mad:...
    [​IMG]
    [​IMG]
    I don't know why. Cannot fix this now cuz I'm drunk, and anyway I don't want to tamper anymore with PSBBN 0.20... Plain boring stuff.
    Errors are probably related to bad syntax in top.xml or SERVER_KEYS, missing parameters or malformation of some kind...
     
    AKuHAK and pool7 like this.
  11. krHACKen

    krHACKen #CNNisISIS

    Joined:
    Oct 24, 2012
    Messages:
    650
    Likes Received:
    483
    Also, I forgot to say. If you've got an official HDD with some official content in it, make a backup NOW.
    Don't try to use it in your PS2, DUMP the damn thing, because :
    1) If it's got PSBBN installed, the PSBBN may flush the navigator cache or overwrite sectors, and precious bits of channel files would be lost...
    2) If it's tied to another console, the HDD DNAS libs may purge the security sectors of the __net partition, PSBBN may delete/overwrite the network config file. Bootable stuff will not be recoverable anymore...
    3) PlayOnline Viewer, if I remember correctly, does not connect to the [dead] DNAS server before if checks for update. And if I'm correct, it will update to the infamous "goodbye!" version and replace the possibly undumped version which you had before.
    You own an official HDD ? Dump it.
    You bought an official HDD ? Dump it on arrival.
    Preserve the damn PS2 history please;). Do not put the HDD in your console unless its image is archived.
     
    AKuHAK, pool7, svotib and 1 other person like this.
  12. nonijod

    nonijod Member

    Joined:
    Jul 1, 2015
    Messages:
    8
    Likes Received:
    5
    The reason why I wanted to do that is because I wanted to use cheat codes, for example to enable debug modes and such for what I still had to use my PS2.
    Nobunaga Online does have both MC and HDD, even though a few GB smaller so I used that instead.
    Thanks, that was much simpler and worked quite nicely. And sorry for the OT.
     
    krHACKen likes this.
  13. l_oliveira

    l_oliveira Officer at Arms

    Joined:
    Nov 24, 2007
    Messages:
    3,895
    Likes Received:
    252
    Glad to hear you managed to achieve your goal with information from me.
     
    krHACKen likes this.
  14. vitas155

    vitas155 Rapidly Rising Member

    Joined:
    Mar 13, 2011
    Messages:
    97
    Likes Received:
    56
    how should i use img images? Is it a disk image with the game itself? or do i need to write this to hdd with hdd raw copy tool? Do these img images do not overwrite already installed games if they are recorded via HDD Raw Copy Tool?
     
  15. krHACKen

    krHACKen #CNNisISIS

    Joined:
    Oct 24, 2012
    Messages:
    650
    Likes Received:
    483
    Yes, they are raw HDD images, starting from HDD sector 0. HDD Raw Copy Tool will be fine.
    Of course that will erase existing data in the disk, and the next partitions will be no longer accessible if you don't manually fix the APA chain and the header hashes (in __mbr and in the last app partition which comes from the dump).
    Whatever you do, do not repair the disk structure with WinHIIP. WinHIIP will unmarry the installed app, either by wiping out the security sectors from __net or by changing stuff in the partition headers, or both lol. The "lost" partitions will be recovered indeed, but the DNAS stuff will not run anymore.

    On a tech sidenote, all the installed shit is tied to the same hardware IDs (i.Link and HDD IDs), except Senyuki's HDD dump (and any other donor dump which may be shared). So if you want to go further in manipulating the disk structure, you could merge anything that doesn't have identical partition names, into one HDD. For example, PSBBN 0.32 + POL Viewer US + POL Viewer JP + maybe a beta POL Viewer + Nobuon 1.00 + Nobuon Beta + Pop'n + Bomberman, and why not dual boot it with HDD OSD for the fun of it:p (or simply because PSBBN sucks and it's hell slow).
     
    AKuHAK, good, svotib and 1 other person like this.
  16. vitas155

    vitas155 Rapidly Rising Member

    Joined:
    Mar 13, 2011
    Messages:
    97
    Likes Received:
    56
    I want to install all the dumps you put on the hard disk one by one, extracting the files from the section of each game, that is, on the PC it will look like a folder with the name of the section, and inside the files that I pull out through UlaunchELF, I want to install all this on official hard drive, and make 2 dumps, one with all NTSC / U games with official HDD support and another dump with all NTSC / J games with official HDD support, when I extract files from each game section I want to manually create through UlaunchELF the correct section for each game and copied There are corresponding files there, but I need these sections and games to be seen from PSBBN and HDD OSD, and even better so that they run if they officially have such an opportunity, what do I need to do besides creating a partition and copying files into it to get display and launch games from HDD OSD and PSBBN? By the way, I was able to start Nobunagu from the usual hard drive, it reached the connection with the server and could not move further, but it works :)
    I personally like the PSBBN more because of the huge number of possibilities compared to the HDD OSD, its slowness does not bother me, but the last build with the navigator that we did together with the obuhak turns the PS2 into almost a multimedia center, I have already learned myself and made instructions for others like I copy pictures of movies and music into it, I like its beautiful menu, built-in Linux, and I also see great potential in online channels, I constantly experiment with them, editing XML files and trying different scripts from those that exist crystals can be created virtually from scratch channel having filled it with all sorts of useful things, such as for example downloading and installing pkg games and video, and finishing just a mini website with various articles and news.
    As for the navigator, I also still have questions, can someone answer ?:
    1: I saw that the video files downloaded from the channels support an icon for myself, how can I make and display an icon for personally downloaded videos
    2: I suspect that the audio file player also supports icons and covers for each track and album, if I'm right, how can I make them?
    3: Is it possible to somehow unlock the 16: 9 mode in the navigator?
     
  17. vitas155

    vitas155 Rapidly Rising Member

    Joined:
    Mar 13, 2011
    Messages:
    97
    Likes Received:
    56
    surprisingly, by the way, PlayOnlineViever also earned me from the most ordinary HDD, I was able to launch it, upgrade, and even register to get into the menu and read the latest news for December 18, 2018 :D
    the only thing that didn’t work for me was for some reason I couldn’t log in from the menu, it showed that the password was wrong :)
     
  18. krHACKen

    krHACKen #CNNisISIS

    Joined:
    Oct 24, 2012
    Messages:
    650
    Likes Received:
    483
    pool7 likes this.
  19. vitas155

    vitas155 Rapidly Rising Member

    Joined:
    Mar 13, 2011
    Messages:
    97
    Likes Received:
    56
    AKuHAK, good and krHACKen like this.
  20. Tokimemofan

    Tokimemofan Dauntless Member

    Joined:
    Feb 8, 2012
    Messages:
    747
    Likes Received:
    79
    I should be able to pull that off my 60GB, next time I pull it out of storage
     
    pool7 and krHACKen like this.

Share This Page