Announcement

Collapse
No announcement yet.

New FMCB Installation Method Discovered

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    New FMCB Installation Method Discovered

    Here's jimmikaelkael's post describing this new development:

    Originally posted by jimmikaekael
    We recently found a new way to install FMCB with the PlayStation3 Memory Card Adaptor (CECHZM1) connected to your PC. Since this device is somewhat cheap, it could be a good alternate way for those who don't have access to an already hacked PS2.

    The method consist of a command line software and using set of commands (or scripts) in order to install the fmcb hack properly. It also has the advantage to do a multi region/models installation. One restriction is that the software doesn't work with datel's mc (mainly related with setting a proper termination code for comunications) and maybe with some other brands, however it was tested successfully with official 8MB Memory Cards and with some crappy chinese clones too.

    Currently the FMCB loader being installed is v1.8c which contain an important kernel fix for the 10K.

    The util to allow to communicate and sign the file for the MC was made by me and "someone who wants to stay anonymous". Note that without this anonymous contributor it would have been impossible to achieve it.
    From: psx-scene: A new way to install FMCB

    Sadly, Sony has decided to prove Github is a very bad place to post code related to Sony products. The repository link found in the above thread is entirely useless.

    Attached below is the libusb driver pack and needed INF to use the binaries posted in the referenced thread. At least for the time being I'm abstaining from duplicating the compiled binaries of ps3mca on this server. Sony seems to be up to something nasty as of late.

    Thank Sony for making this technically a GPL violation, as I'm unable to provide the source files.

    ps3mca-tool-fmcb-1.8c.zip @ Mediafire
    ps3mca-tool-fmcb-1.8c.zip @ Hotfile

    Below is the windows driver for use with ps3mca.
    Attached Files
    Tags: None
  • #2
    Nice.

    jimmikaelkael should have a copy of the source somewhere...
    I may be lazy, but I can...zzzZZZzzzZZZzzzZZZ...

    Comment

    • #3
      A lot of development for an old machine, and yet we still can't directly boot burnt discs without a mod chip...

      Comment

      • #4
        Directly booting burned discs without something being done to the hardware is very likely impossible. The mechacon is a very picky little bastard. Which is probably why Sony decided to get rid of this project. In specific their DMCA notice mentioned a "mecha_emu.c" file.

        Damn Sony and their attempts at destroying all evidence they've been utterly incompetent about security...

        Comment

        • #5
          I think it can be done. If you boot a custom OSD and don't initialize the IOP, you can put in a burnt disc and it won't shut off the cd drive. It doesn't stop the disc like it would if it detected a non-ps2 format disc, it stays active. The only trouble about it is that you didn't initialize the IOP making it unable to operate the CDVD drive. However still shows that you can do something via software

          Comment

          • #6
            If you could boot a custom OSD via MC or USB, then you could also launch a TSR app that would modify the routine that handles deciding whether the disc is a genuine game, DVD, music CD, or burned, launchable media.
            I may be lazy, but I can...zzzZZZzzzZZZzzzZZZ...

            Comment

            • #7
              TSR? Well if you know what routine it is that handles the media format check then it is easily a done deal. If you read through the BIOS files it shows the OSD boot up sequence does the check for the custom OSD on the memory card (which is what Jimmy's FreeMC Boot takes advantage of). Using his functions to sign the file to the memory card you are able to load the custom OSD. I used his functions to sign the file to the memory card in order to have "CL-BOOT" operate as a direct boot from memory card (yes proper credit was given for the use of his open source software). I noticed that when I did NOT initialize the IOP that I could put any disc into the tray and it would read it, spin up and keep it idling. It would not let me read it (the IOP was not active), but it did not stop it and tell me it's invalid format (it instead just showed that it couldn't read the disc as if there was no disc). This proves you can in fact have software directly boot burnt CD / DVD's, but the question is, what is the function that needs to be modified. The modification part is the easy part, the knowing what function is the unknown factor.

              Comment

              • #8
                Originally posted by Gtlcpimp View Post
                TSR? Well if you know what routine it is that handles the media format check then it is easily a done deal. If you read through the BIOS files it shows the OSD boot up sequence does the check for the custom OSD on the memory card (which is what Jimmy's FreeMC Boot takes advantage of). Using his functions to sign the file to the memory card you are able to load the custom OSD. I used his functions to sign the file to the memory card in order to have "CL-BOOT" operate as a direct boot from memory card (yes proper credit was given for the use of his open source software). I noticed that when I did NOT initialize the IOP that I could put any disc into the tray and it would read it, spin up and keep it idling. It would not let me read it (the IOP was not active), but it did not stop it and tell me it's invalid format (it instead just showed that it couldn't read the disc as if there was no disc). This proves you can in fact have software directly boot burnt CD / DVD's, but the question is, what is the function that needs to be modified. The modification part is the easy part, the knowing what function is the unknown factor.
                This is not 'as easy'. (think about ESR).
                Once IOP will be active, the mechacon will require an auth to let you access the disk, what about this auth with burnt disc ?

                Comment

                • #9
                  But with a custom OSD, couldn't you launch an app or module that stays resident and overwrites what the mechacon does?
                  I may be lazy, but I can...zzzZZZzzzZZZzzzZZZ...

                  Comment

                  • #10
                    Originally posted by jimmikaelkael View Post
                    This is not 'as easy'. (think about ESR).
                    Once IOP will be active, the mechacon will require an auth to let you access the disk, what about this auth with burnt disc ?
                    Think outside the box here. The "mechacon", is this a module that is loaded onto IOP or is it part of the ROM? As long as the "mechacon" is executed outside of ROM0 space, it is able to be over written. Therefore it can be easily patched into forcing the disc to read with or without authentication.

                    As for ESR, the concept I understood about it (never tried it), is that you burn a game disc in DVD Video Disc mode. So when the PS2 reads it, it activates DVD Video mode and lets it spin up. However due to the modifications the disc image requires to make it read as a video I would assume ESR would have to perform IOP restoration in order to keep it's modules active while playing the game. Another words, same exact thing as an HD Loader, only for video DVD's instead of a partition on hard drive. To me, I hate that. It throws the game out of it's area and has to keep the game patched to be out of it's area and forces you to lose compatibility with games. I like to make things universal and work with as much as possible if you can't get it all (efficiency lecture).

                    Originally posted by Lazy Bastard View Post
                    But with a custom OSD, couldn't you launch an app or module that stays resident and overwrites what the mechacon does?
                    Yup. Hell you don't even need a custom OSD to do that, just an executable that allows you to boot home brew!

                    Must collect more information on "mechacon"...
                    Last edited by Gtlcpimp; 06-24-2011, 04:23:28 PM.

                    Comment

                    • #11
                      Originally posted by Gtlcpimp View Post
                      Think outside the box here. The "mechacon", is this a module that is loaded onto IOP or is it part of the ROM? As long as the "mechacon" is executed outside of ROM0 space, it is able to be over written. Therefore it can be easily patched into forcing the disc to read with or without authentication.
                      Oh well... I'm a noob then...
                      The DMCA takedown request reason was those functions that were emulating the MechaCon cipher.
                      Last edited by jimmikaelkael; 06-25-2011, 01:39:02 AM.

                      Comment

                      • #12
                        I didn't say you were a noob, I said think outside the box. Nothing is impossible with computers, there is always a loop hole.

                        Everyone tried to tell me having graphical output during gameplay was impossible... LiveDebug v1 - v3 proved that wrong.
                        Y'all told me that it was impossible to hack CodeBreaker using CodeBreaker in order to boot the fake PCB files, I wrote that exploit code to let it happen.

                        My point is, stop putting things on a pedastool and worshiping them. It's only a computer, it can easily be reprogrammed.

                        Oh, and sorry for taking this thread wayyyyyy off topic... lol
                        Last edited by Gtlcpimp; 06-25-2011, 01:29:19 PM.

                        Comment

                        Previous template Next
                        Working...
                        X