Unofficial Deunan's GDEMU Thread

Discussion in 'Sega Dreamcast Development and Research' started by duskdawn, Jul 8, 2015.

  1. toxic9

    toxic9 Active Member

    Joined:
    Jun 30, 2017
    Messages:
    33
    Likes Received:
    6
    This is the link for my folder:
    https://mega.nz/#F!8KBAyBYA!DpJQIxUaN9Cw8aAZzxLdXQ

    I hope now you accept me with good reputation on the comunity, because I didn't want to trick anybody. I just made a mistake, and I corrected it. Again I didn't came here to proove anything. This was a challenge I put myself on, because I lost my dump, and somehow swapped it for F.Guy+Patriot's release, =/
    Now I have mine again. I will keep it safet this time!
    After all, I just came here to share my knowledge and maybe we all together can find a way to make Bleem work on GDemu. This is my only objective.

    Props.
     
    truemaster1 likes this.
  2. toxic9

    toxic9 Active Member

    Joined:
    Jun 30, 2017
    Messages:
    33
    Likes Received:
    6
    I was investigating until now, and I just found what causes GDemu to fail to boot =D
    The "copy protection" of the disc is found on the subchannels P+Q.
    If this data is not found, it won't pass the Legal Stuff screen and freezees here.
    GDemu can't read subchannels, as they are not necessary for other games.
    I will ask Deunan if he can change that on the firmware.

    Another way is to disable this check, maybe @Patriot can help us here?

    Also, it doesn't matter the speed! I just burned at 48x and it boots just fine.
     
    Last edited: Jul 23, 2017
  3. -=FamilyGuy=-

    -=FamilyGuy=- Site Supporter 2049

    Joined:
    Mar 3, 2007
    Messages:
    3,097
    Likes Received:
    1,046
    What makes you believe it's subchannels?

    There are more than that as far as copy protections go. They were not all cracked in the 2009 release, those that were easily burned were left in. The bleem cracker interest has been picked, and he may look into it in the relatively-near future.

    As far as our situation goes, toxic9, I'll look into your new dump in the next weeks. I'll be glad honestly if your story checks out, being a bit flabbergasted as to why one would pretend such weird accomplishment, but I'll have to take this with a grain of salt meanwhile. You know, strangers on the internet and stuff. No hard feelings.
     
  4. megavolt85

    megavolt85 Peppy Member

    Joined:
    Jan 8, 2015
    Messages:
    332
    Likes Received:
    483
    "0A" is fake, all magic in second bootstrap of IP.BIN ;)
     
    toxic9 and -=FamilyGuy=- like this.
  5. -=FamilyGuy=-

    -=FamilyGuy=- Site Supporter 2049

    Joined:
    Mar 3, 2007
    Messages:
    3,097
    Likes Received:
    1,046
    Exactly, it's a red herring. Tons of them in that disc.
     
    toxic9 likes this.
  6. toxic9

    toxic9 Active Member

    Joined:
    Jun 30, 2017
    Messages:
    33
    Likes Received:
    6
    I believe the "trick" is on the subchannel P+Q because if I check that checkbox on Dicjuggler, it boots. If I do not check it, the disc won't boot. It doesn't matter the other checkboxes. Just this one makes the disc boot or not boot.
    New tests: Unfortunatelly it still doesn't load the Psx Gt2 disc. I'm working on that but it will take some time/days. I'm almost certain of what I missed. I'm too close right now and I will not give up!
    Thx for no hard feelings. I just want to be part of community.
     
  7. japanese_cake

    japanese_cake Spirited Member

    Joined:
    Jul 24, 2009
    Messages:
    125
    Likes Received:
    125
    Hi there,

    Sorry to join that late. I am really busy, so busy that I can barely make time for new dreamcast stuff ^^

    So as @-=FamilyGuy=- said, I worked a bit on the bleemcast thingy months ago because I also wanted to have it working on gdemu and also have a simple "autonomous" binary so that we can build cdi images that contain both the psx game + bleemcast... I haven't had a chance recently to refresh my memory and to remember all my findings but here there are some of them:
    - Once the boot sector (IP.BIN) has decrypted "the main binary" (not really the main binary, just a small piece of code, referenced in the IP.BIN under the nice name of "0xA0" in hex), the control is passed to the latter. The "main" binary does some initialization, more or less basic (+ MMU setup) then loads the sector 11946 to 0x8c004000 and finally jumps to that address (in p2 area).
    - From this point, there is what I would call a boot chain. The sector 11946 is a small program that, among other things, loads a new sector from the disc, at 0x8c006000. At the end of sector 11946, the execution continues to that address. Then what happens? Well that freshly loaded sector loads another one at 0x8c004000 and guess what... it jumps to it... Ok now you understand what I meant by a chain, right? So what I have described is happening 46 times until we reach the point where the actual main binary gets loaded.
    - While some sectors seem to do nothing but making the chain longer, some others perform integrity checks, initialize hardware or even load assets (like the bleemcast home screen or the legal screens some of you have seen on my twitter).

    I have the feeling that I am close to dump all I need to make a standard mil-cd (can decrypt/encrypt almost whatever sectors). Unfortunately, now there is the gdemu issue that needs to be overcome. I need to buy cdr to test. Do you guys know a good cdr brand I can use with the dreamcast? I bought like 3 differents brands, sony audio, tdk azao (I know there are not good now!) and I don't remember the last one and none of them is compatible with the dc. Thanks!
     
    LuizNai, toxic9, fafadou and 2 others like this.
  8. neuroacid

    neuroacid Rising Member

    Joined:
    Jul 3, 2014
    Messages:
    50
    Likes Received:
    79
    Randy and Roderick weren't messing around, they went to great lengths to discourage people from reversing it.

    What I can tell you, is that the bleemcast is loaded in stages, and there's a whole lot of them, each one requiring its own set of keys to decrypt.

    Edit: sorry didn't see your message above before posting ;)
    Although your sector offsets are different from what I got, I guess because you worked on a different bleem disc.
     
    Last edited: Jul 23, 2017
  9. truemaster1

    truemaster1 Enthusiastic Member

    Joined:
    Nov 10, 2015
    Messages:
    572
    Likes Received:
    275
    go for verbatim media or even better tayo yunden. also be sure your gdrom is working you may need to make a pot clibration either.(is 17 years old after all) about your projects i know your full of stuff. try to complere and relese the easy ones and work later on the hard ones.
     
    fafadou likes this.
  10. fafadou

    fafadou Enthusiastic Member

    Joined:
    Aug 3, 2016
    Messages:
    542
    Likes Received:
    225
    You can find verbatim in lot of shops in france, the quality is good. And the price is correct.
    Burn with imgburn give excellent results and no parameters to config.
     
  11. truemaster1

    truemaster1 Enthusiastic Member

    Joined:
    Nov 10, 2015
    Messages:
    572
    Likes Received:
    275
    @toxic9 im also interested to see your release and far more a cdi with gdemu compatibility. as far i know the dc games make the so called lba check for example if a cdi backup is made on lba 11702 there are some files that need patching (vary between the games) because the backup has them in different lba that meent to be. if we use the data-data 45000 lba selfboot tools, there is no need for patching because all files are in the corerect lbas. same can happen on bc (i havend try to backup any of those just saying) if you jump the bad sectors but only the blank data on original disk and keeping the actual data without jump a single valid sector. the recorder will zero fill the jumped sectors and write the actual data in the corerect lbas. the subchannel copy protection was famous back then. but wasnt used in dc games. but it maybe used on bc. just like it started to used sudeden in 1998 on european psx games (the so called libcrypt copy protection) with todays recorders that can clone subchannels i have my psx libcrypted games working completely unpatched. the subchannel copy protection was introduce on pc games too. so the bc team maybe use the same method on bc.
     
    toxic9 likes this.
  12. truemaster1

    truemaster1 Enthusiastic Member

    Joined:
    Nov 10, 2015
    Messages:
    572
    Likes Received:
    275
    no imgburn not all games can burn corect my word on that. i used to make good burns with diskjuggler and clone cd. and with the latter method for a friend that still has gdrom
     
  13. toxic9

    toxic9 Active Member

    Joined:
    Jun 30, 2017
    Messages:
    33
    Likes Received:
    6
    Great information @japanese_cake ! It's good to hear somebody is still dedicated to reverse this chain of traps!
    ...
    The best media for me is Memorex, and then Verbatim. Memorex is so rare in my country =/
    After all my tests and wasted CD's, I can say for sure, the brand of CD-R is not the most important thing after all.
    The more important is to have a compatible burner. You need to burn the CDI with the right software (DJ), with the right settings, and with the right burner. My LG burner can burn working DC discs even at 48x. If I use all the same settings with another burner, the disc will not work.
    I noticed it's better to use a burner that uses "CAV" for burning CD's technology. Not ZCLV or something...

    Check this link:
    www.videohelp.com/dvdwriters
     
  14. toxic9

    toxic9 Active Member

    Joined:
    Jun 30, 2017
    Messages:
    33
    Likes Received:
    6
    That's completely right @truemaster . PSX games started to use subchannel based protections. DC games doesn't use this method, but I believe Bleem does.

    I hope I will have my 1:1 (no mods) dump finished ASAP =)
    As you may know, my latest dump (available for download on my MEGA link) boots until the "Insert CD screen" but misses the final step: to load the GT2 PSX disc. I found some differences between my burned CD-R and the original.
    I don't have the same excellent equipment for CD duplication, but I'm doing my best.
     
  15. fafadou

    fafadou Enthusiastic Member

    Joined:
    Aug 3, 2016
    Messages:
    542
    Likes Received:
    225
    I had no problem with imgburn lastest version except for old dreamshell RC3...
    But if you know parameters using DJ is the best way for sure.

    And a good burner like said toxic.

    Hope you'll can find an issue for bleem with gdemu.

    I'm saying probably something wrong or something you know already but in full bleem game pack the boot file is not an 1st_read.bin it's called 1bleem.bin and the ip.bin is with, you can find also a readme.txt.
    And after, in a second track, when the bleem is running you have probably a 1st_read.bin classic for booting the game. Probably his lba hack is not 11702 or 45000 standard as we know.

    I'm just seeing toxing you have done a request at gdemu for editing the software of gdemu. GDemu manufacturer is looking for this. Crossing fingers ^^
     
    Last edited: Jul 24, 2017
    toxic9 likes this.
  16. truemaster1

    truemaster1 Enthusiastic Member

    Joined:
    Nov 10, 2015
    Messages:
    572
    Likes Received:
    275
    @toxic9 do this also, make 2 identical backups with clone cd the one that works but dont load gt2 and the other that freeze on legal stuff. you say the difference between those too is the reading method on subchannel and everything else is the same settings. if the 2 imgs have same crc then definetly one of the protections is the subchannel. if you dont use clone cd dump with diskjuggler the crc between image is needed to prove things
     
    fafadou likes this.
  17. japanese_cake

    japanese_cake Spirited Member

    Joined:
    Jul 24, 2009
    Messages:
    125
    Likes Received:
    125
    Actually it is not that fake. Even if the filename violates the iso9660 standard, it is loaded by the bios and later decrypted by bleem "magic" boot sector. That boot sector is later checked to ensure the product number and filename (and another things I cannot remember) are unchanged.

    The sector number is for the mgs version. But wih what I sent you, I think you know exactly what I mean ;)
     
    SONIC3D likes this.
  18. Spec

    Spec Rising Member

    Joined:
    Apr 14, 2015
    Messages:
    62
    Likes Received:
    25
    Hey Rocky5 are you able to upload those files (4 DISCS) converted from >CDI to .GDI of Shenmue II English translation Uncompressed, or know of a place I can get them in this format already, all I can find is .CDI. (If you upload, mega is fine. ;))

    Thanks.
     
  19. Scribe 86

    Scribe 86 Member

    Joined:
    Nov 22, 2015
    Messages:
    6
    Likes Received:
    1
    hi guys,
    Could someone please provide me with a link to madsheep's GDEMU SD CARD MAKER 1.06 as the ones in this thread don't seem to work for me.

    Thanks guys
     
    jopamo likes this.
  20. madsheep

    madsheep Peppy Member

    Joined:
    Jul 19, 2013
    Messages:
    320
    Likes Received:
    85
    http://sheep.host22.com/GDEMU_SD.rar
     
    Nopileus and jopamo like this.

Share This Page