Search options (Page 4 of 57)

2023-10-02 13:58:41

Edness wrote:

is the PFI data dumping currently only limited to FW 3.52 (or rather any FW below 3.70 where NIDs weren't randomized?)

Unfortunately yes.

Edness wrote:

in FW 6.60 and 6.61, sceUmdExecReadUMDStructureCmd() should use the NID 0x406E8F99 if my understanding is correct.

NID is correct but the correct function name is sceUmdExecReadUMDStructureCmd + 128 bits string.
https://uofw.github.io/upspd/docs/Silve … index.html

These new nids are not actually “random” but instead, they now append a new 128bit “randomising key” to the end of each string before the SHA1 hash is calculated. A 128bit value is almost impossible to bruteforce practically so these new nids cannot be cracked anymore.

For this reason, we cannot know the real function name. If quantum computers reach a practical level, they may solve the problem.

2023-10-02 11:06:55

Edness wrote:

It sends the command 0xBD, so your 2nd assumption is correct. umd9660.prx seems to set the 2nd argument to 16, but I agree with the visible padding data that it's likely meant to be 14. They probably just set it bigger just to be safe from accidentally truncating data.

Thank you.

Edness wrote:

I noticed there's sceUmdExecReadUMDStructureCmd() here too.

I changed the code and confirmed not to crash.

    unsigned char bufStruct[2064] = {};
    bufStruct[9] = 8;
    res = _sceUmdExecReadUMDStructureCmd(pUmdDrive, bufStruct, &bufStruct[16]);
    if (res < 0) {
        OutputPspError("_sceUmdExecReadUMDStructureCmd", 0, res);
        sceKernelDelayThread(5 * 1000000);
    }
    else {
        uid = sceIoOpen("ms0:/_sceUmdExecReadUMDStructureCmd.bin", PSP_O_CREAT | PSP_O_TRUNC | PSP_O_WRONLY, 0777);
        sceIoWrite(uid, bufStruct, sizeof(bufStruct));
        sceIoClose(uid);
        pspPrintf("_sceUmdExecReadUMDStructureCmd.bin is generated\n");
    }

Dissidia 012: Duodecim Final Fantasy

 00 00 00 00 00 00 00 00 FC 07 00 00 00 00 00 00
 08 00 00 00 80 00 31 E0 00 03 00 00 00 FC AB 2F
 00 09 C0 BF 00 01 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 :
 :
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

2023-10-02 08:10:32

@Edness
Do you know what data is outputted by sceUmdExecMechaStatCmd? This func is called by umd9660.prx. https://github.com/saramibreak/UmdImage … asm352.txt

I think it's Mechanical Status of Mode Sense (5Ah) or Mechanism Status (BDh).

    unsigned char bufMecha[16] = {};

    res = _sceUmdExecMechaStatCmd(pUmdDrive, 16, bufMecha);
    if (res < 0) {
        OutputPspError("_sceUmdExecMechaStatCmd", 0, res);
        sceKernelDelayThread(5 * 1000000);
    }
    else {
        uid = sceIoOpen("ms0:/_sceUmdExecMechaStatCmd.bin", PSP_O_CREAT | PSP_O_TRUNC | PSP_O_WRONLY, 0777);
        sceIoWrite(uid, bufMecha, sizeof(bufMecha));
        sceIoClose(uid);
        pspPrintf("_sceUmdExecMechaStatCmd.bin is generated\n");
    }

LocoRoco http://redump.org/disc/33078/

 00 00 00 00 00 01 00 04 80 00 00 00 27 09 27 09

Jigen Kairou http://redump.org/disc/54489/
Changed the buf size to 30.

 00 00 00 00 00 01 00 04 80 00 00 00 37 02 37 02
 37 02 37 02 37 02 37 02 37 02 37 02 37 02

Dissidia 012: Duodecim Final Fantasy http://redump.org/disc/25036/
Changed the buf size to 106.

 00 00 0D 2C AF 01 00 04 80 00 00 00 22 D9 22 D9
 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9
 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9
 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9
 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9
 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9 22 D9
 22 D9 22 D9 22 D9 22 D9 22 D9

It seems the correct buf size is 14.

2023-10-01 14:08:21

Edness wrote:

Looks like those functions might be meant for the DVD drive present on devkits? ... IsUmdDrive returns 0 or 1 if the (unsigned) value there is less than 1 (in other words a bool on whether the value is 0 or not.) And both functions that later call sceUmdExecGetConfigurationCmd() and sceUmdExecReadDiscInfoCmd(), first also call sceAtaIsUmdDrive() and exit out of it, if it doesn't return 0.

As you say, if sceAtaIsUmdDrive returns 0, that is NOT UMD DRIVE, sceUmdExecReadDiscInfoCmd is called.

    0x0000C794: 0x0C003FA5 '.?..' - call func sceAtaIsUmdDrive(delay)
    0x0000C798: 0x00000000 '....' - nop        
    0x0000C79C: 0x1040000E '..@.' - if($v0 == 0) goto loc_0000C7D8 (delay)

loc_0000C7D8:        ; Refs: 0x0000C79C 
    0x0000C7D8: 0x3C060393 '...<' - $a2 = 0x393 << 16
    0x0000C7DC: 0x0C0029D6 '.)..' - call func sceUmdManSetAlarm(delay)
    0x0000C7E0: 0x34C48700 '...4' - $a0 = $a2 | 0x8700
 :
 :
    0x0000C824: 0x2405000C '...$' - $a1 = 12
    0x0000C828: 0x0C001368 'h...' - call func sceUmdExecReadDiscInfoCmd(delay)

2023-09-29 16:45:11

user7 wrote:

DIC is treating intentional C2 errors (unlicensed) with /sf like regular C2 errors. keeps trying to re-read.
Looks like DUMMY.ZIP is triggering the issue (it's usually BIG.DAT).

Ok, I'll add it.

2023-09-29 16:37:32

Edness wrote:

Random side note: The C library functions (at least the two that I've encountered - strncmp(), and memset()) seem to be unnamed in your asm dump. Instead they're generic SysclibForKernel_NID() names, but luckily JPCSP has a more complete list of resolved NID hashes which was useful in cases like these.

Added the fuction name in documents.
https://github.com/saramibreak/UmdImage … asm352.txt
https://github.com/saramibreak/UmdImage … m352_c.txt

2023-09-26 04:08:22

sceUmdExecGetConfigurationCmd()
I coded, but the fuction error occurred (0x8021100f).

    unsigned char bufConfig[0x36] = {};
    memset(&bufConfig[0x20], 0xff, 8);
    bufConfig[0x30] = 8;

    _sceUmdManWaitSema();
    res = _sceUmdExecGetConfigurationCmd(pUmdDrive, &bufConfig[0x30], &bufConfig[0x20]);
    _sceUmdManSignalSema();
    if (res < 0) {
        OutputPspError("_sceUmdExecGetConfigurationCmd", 0, res);
        sceKernelDelayThread(5 * 1000000);
    }
    else {
        uid = sceIoOpen("ms0:/_sceUmdExecGetConfigurationCmd.bin", PSP_O_CREAT | PSP_O_TRUNC | PSP_O_WRONLY, 0777);
        sceIoWrite(uid, bufConfig, sizeof(bufConfig));
        sceIoClose(uid);
    }

sceUmdExecReadDiscInfoCmd()
Also 0x8021100f error occurred.

    unsigned char bufDiscInfo[0x2c] = {};
    memset(&bufDiscInfo[0x20], 0xff, 12);

    _sceUmdManWaitSema();
    res = _sceUmdExecReadDiscInfoCmd(pUmdDrive, 12, &bufDiscInfo[0x20]);
    _sceUmdManSignalSema();
    if (res < 0) {
        OutputPspError("_sceUmdExecReadDiscInfoCmd", 0, res);
        sceKernelDelayThread(5 * 1000000);
    }
    else {
        uid = sceIoOpen("ms0:/_sceUmdExecReadDiscInfoCmd.bin", PSP_O_CREAT | PSP_O_TRUNC | PSP_O_WRONLY, 0777);
        sceIoWrite(uid, bufDiscInfo, sizeof(bufDiscInfo));
        sceIoClose(uid);
    }

2023-09-24 13:35:49

Edness wrote:

I know you've already confirmed the multi-partition UMD GAME+MOVIE discs are most likely correct size in your original post, but out of curiosity if you have any on hand, could you provide the PFI for one of those too?

Stealth feat. WipEout Pure Stealth Edition http://redump.org/disc/57052/

 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 16 00 00 80 00 31 E0 00 03 00 00 00 FC D3 3F
 00 09 C0 BF 00 03

Edness wrote:

Anyway: sceUmdExecGetConfigurationCmd() - Sends the expected command 0x46

Edness wrote:

Lastly: sceUmdExecReadDiscInfoCmd() - Sends the expected command 0x51

Thanks research. I'll code and test in the near future.

Edness wrote:

Random side note:

Thanks to you I know SysclibForKernel_NID().

2023-09-23 13:47:41

Kyaerosaber wrote:

Logs for DiscImageCreator_test dump of Ys Book I & II (USA) [TurboDuo]:

"Sub Indexes" tracks/cue are created. I think it's no problem.

2023-09-22 14:06:39

I tried "bufStruct[9] = 8" (0x800). Function call succeed, but hardware hanged up.
And tried "bufStruct[9] = 16" (0x1000). Function call failed.

By the way, if possible, could you research sceUmdExecReadDiscInfoCmd and sceUmdExecGetConfigurationCmd? Both are also SCSI-like fuctions.

2023-09-22 07:23:00

Changed to 16.

bufStruct[8] = 16;

The result is same as you expected. Disc is Dissidia 012.

 00 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 10 00 00 80 00 31 E0 00 03 00 00 00 FC AB 2F
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00

EDIT:
PFI of DVD is 2048 bytes. According to Ecma-365, it's the same for UMD, but byte 19 - 2047 of UMD are all zeros. That is why dumping 18 bytes is sufficient for preservation.

2023-09-22 04:11:28

Edness wrote:

it also writes the number 40 at 0x08 in the 1st function

As you say, I set 40 at 0x08.

    unsigned char bufStruct[72] = {};
    bufStruct[8] = 40;
    _sceUmdManWaitSema();
    res = _sceUmdExecReadUMDStructureCmd(pUmdDrive, bufStruct, &bufStruct[32]);
    _sceUmdManSignalSema();
    if (res < 0) {
        OutputPspError("_sceUmdExecReadUMDStructureCmd", 0, res);
        sceKernelDelayThread(5 * 1000000);
    }
    else {
        uid = sceIoOpen("ms0:/_sceUmdExecReadUMDStructureCmd.bin", PSP_O_CREAT | PSP_O_TRUNC | PSP_O_WRONLY, 0777);
        sceIoWrite(uid, bufStruct, sizeof(bufStruct));
        sceIoClose(uid);
    }

As a result, non-zero bytes are written in _sceUmdExecReadUMDStructureCmd.bin
Disc is Mugen Kairou http://redump.org/disc/53372/

 00 00 00 00 00 00 00 00 24 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 28 00 00 80 00 01 E0 00 03 00 00 00 04 5D 5F
 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00

It seems 0x28 at 0x21 is the size from 0x20 to 0x47. Other non-zero bytes are unknown now.

EDIT1:
Disc is Dissidia 012: Duodecim Final Fantasy http://redump.org/disc/25036/

 00 00 00 00 00 00 00 00 24 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 28 00 00 80 00 31 E0 00 03 00 00 00 FC AB 2F
 00 09 C0 BF 00 01 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00

EDIT2:
Disc is Jigen Kairou http://redump.org/disc/54489/

 00 00 00 00 00 00 00 00 24 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 28 00 00 80 00 01 E0 00 03 00 00 00 05 07 BF
 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00

2023-09-21 14:10:32

@Edness
Thanks the detailed information.

2023-09-09 09:28:44

https://github.com/saramibreak/DiscImag … g/20230909
*2023-09-09
- added: support dumping RVT-R/NR with Plextor drive
- added: reading speed for /c2
- added: subchannel correction when the lead-in is dumped
- added: command-line message to the log file
- changed: transfer length when fixes C2 errors on BW-16D1HT drive with firmware 3.10
- changed: (Track AA).scm filesize

2023-08-15 01:35:14

F1ReB4LL wrote:

Can you add more debug info logging to understand the problem?

Added it.
https://www.mediafire.com/file/eq80y20l … st.7z/file

2023-08-14 13:14:35

F1ReB4LL wrote:

the log is full of "Subchannel & TOC doesn't sync." messages, but no "Sub Indexes" tracks/cue created? Why?

I dumped Tengai Makyou: Ziria(http://redump.org/disc/37134/) and "Sub Indexes" are dumped. I'm not sure why Ys Book I & II (USA) are not dumped.

2023-06-06 07:22:07

https://github.com/saramibreak/DiscImag … g/20230606
20230606
- added: support BD-RE BH16NS40 1.03
- added: print ProductRevisionLevel and VendorSpecific of the drive in the command-line screen
- added: /v for printing the version & build info
- added: _suppl.dat for .scm, .img, .raw, _SS.bin, _DMI.bin, _PFI.bin, _PIC.bin
- added: support GC/Wii dumping for Plextor
- added: when used /raw, .iso is generated using .raw
- added: support dvd raw dumping for ASUS/LG/Lite-on drives
- added: generate (Track 00)(Session 1), (Track 00)(Session 2), (Track AA)(Session 1), (Track AA)(Session 2), (Track 01)(-LBA), (Track xx)(Pregap)
when multi-session disc is dumped [xx is the 1st track number of the 2nd session]
- added: /ra for dumping a specified range of sectors
- added: support macOS (It's alpha)
- added: support /rr and /ps when /r is used
- changed: C2 error rereading logic
- changed: generate (Track 0), (Track 1)(-LBA), (Track AA) for all single-session disc (not only audio but data)
- changed: when /ps is used, transfer length is 1
- changed: /ps val accepts from 0x00 to 0xff
- changed: targetname for linux
- fixed: crash when fix C2 errors by the non-plextor drive
- fixed: if ext is not specified and dvd command is used, .iso is added automatically
- fixed: subReadableLog when track is aa
- fixed: scsi error handling when /raw is used
- fixed: Failed to get (Track 01)(-LBA) when the 1st sector is MCN
- deleted: /ms and the related code

2023-05-26 02:00:42

bikerspade wrote:

Is it possible that because DIC doesn't directly check ScsiStatus, that it is missing some bad reads?

Try this test version in this thread(https://github.com/saramibreak/DiscImag … 1551409465)
And use /ps aa, please.
https://github.com/saramibreak/DiscImag … r_test.zip

2023-05-18 01:27:42

"Lead-out length of 1st session" is 6750.
"Lead-in length of 2nd session" is 4500.
"Pregap length of 1st track of 2nd session" is 150.
They are always same.

2023-05-13 04:55:55

@mictlantecuhtle
I'm changing the code for dumping the multi-session disc https://github.com/saramibreak/DiscImag … issues/208 . Please wait a few days.

EDIT
Updated test version. https://github.com/saramibreak/DiscImag … r_test.zip
- deleted: /ms and the related code

2023-05-09 14:50:47

MrPepka wrote:

Plextor is not able to fix C2 errors on this disc.

Does it means that plextor cannot fix errors by 5000 times? If yes, plz specify 10000, 20000, 30000...

MrPepka wrote:

The problem only affects this one disc and interestingly only the LG drive

Can you check yourself the different bytes of the two "SHOK_PL_CD1.bin"?

2023-05-06 10:45:40

withered.silence wrote:

Am I doing something obviously wrong here?

Firstly, please use the latest version. https://github.com/saramibreak/DiscImag … g/20230413
And try without /am, plz.

2023-04-08 14:19:52

MrPepka wrote:

dumping it on sectors with SCSI errors

Disc can't be dumped due to this problem. I recommend this disc is polished.

2023-04-01 08:05:58

https://github.com/saramibreak/DiscImag … g/20230401
*2023-04-01
- added: Track[0] to _SubReadable.txt
- added: (Track 0), (Track 1)(-LBA), (Track AA), (Track all) when audio CD is dumped
- added: get non-zero byte position (1st and last) of the each track to the _disc.txt
- added: SIZE_OF_ARRAY macro
- deleted: /vrfy option and related code
- fixed: universal hash (changed sample base, not byte)
- fixed: the range of the SubQ check
- fixed: and improved C2 error recovering

2023-03-27 17:17:27

reentrant wrote:

Thx. Btw, could you also add command line parameter for setting c2 offset value (if there's no value assume 0)?

https://www.mediafire.com/file/eq80y20l … st.7z/file
2nd value of /c2 is the c2 offset

Search options (Page 4 of 57)

Posts found: 76 to 100 of 1,411

76 Reply by sarami 2023-10-02 13:58:41

Re: UmdImageCreator (53 replies, posted in General discussion)

77 Reply by sarami 2023-10-02 11:06:55

Re: UmdImageCreator (53 replies, posted in General discussion)

78 Reply by sarami 2023-10-02 08:10:32

Re: UmdImageCreator (53 replies, posted in General discussion)

79 Reply by sarami 2023-10-01 14:08:21

Re: UmdImageCreator (53 replies, posted in General discussion)

80 Reply by sarami 2023-09-29 16:45:11

Re: DiscImageCreator (3,535 replies, posted in General discussion)

81 Reply by sarami 2023-09-29 16:37:32

Re: UmdImageCreator (53 replies, posted in General discussion)

82 Reply by sarami 2023-09-26 04:08:22

Re: UmdImageCreator (53 replies, posted in General discussion)

83 Reply by sarami 2023-09-24 13:35:49

Re: UmdImageCreator (53 replies, posted in General discussion)

84 Reply by sarami 2023-09-23 13:47:41

Re: DiscImageCreator (3,535 replies, posted in General discussion)

85 Reply by sarami 2023-09-22 14:06:39

Re: UmdImageCreator (53 replies, posted in General discussion)

86 Reply by sarami 2023-09-22 07:23:00

Re: UmdImageCreator (53 replies, posted in General discussion)

87 Reply by sarami 2023-09-22 04:11:28

Re: UmdImageCreator (53 replies, posted in General discussion)

88 Reply by sarami 2023-09-21 14:10:32

Re: UmdImageCreator (53 replies, posted in General discussion)

89 Reply by sarami 2023-09-09 09:28:44

Re: DiscImageCreator (3,535 replies, posted in General discussion)

90 Reply by sarami 2023-08-15 01:35:14

Re: DiscImageCreator (3,535 replies, posted in General discussion)

91 Reply by sarami 2023-08-14 13:14:35

Re: DiscImageCreator (3,535 replies, posted in General discussion)

92 Reply by sarami 2023-06-06 07:22:07

Re: DiscImageCreator (3,535 replies, posted in General discussion)

93 Reply by sarami 2023-05-26 02:00:42

Re: DiscImageCreator (3,535 replies, posted in General discussion)

94 Reply by sarami 2023-05-18 01:27:42

Re: DiscImageCreator (3,535 replies, posted in General discussion)

95 Reply by sarami 2023-05-13 04:55:55

Re: DiscImageCreator (3,535 replies, posted in General discussion)

96 Reply by sarami 2023-05-09 14:50:47

Re: DiscImageCreator (3,535 replies, posted in General discussion)

97 Reply by sarami 2023-05-06 10:45:40

Re: DiscImageCreator (3,535 replies, posted in General discussion)

98 Reply by sarami 2023-04-08 14:19:52

Re: DiscImageCreator (3,535 replies, posted in General discussion)

99 Reply by sarami 2023-04-01 08:05:58

Re: DiscImageCreator (3,535 replies, posted in General discussion)

100 Reply by sarami 2023-03-27 17:17:27

Re: DiscImageCreator (3,535 replies, posted in General discussion)

Posts found: 76 to 100 of 1,411