@SylverReZ (Example is Resident Evil Survivor USA). The PAL BIOS Bypass code disables the whole anti-piracy module so it will work on non-stealth mod-chip consoles.
Hacking PS1/2 Homebrew app APrip - Patch Out Additional Anti-Piracy Copy Protection Found In Some Later PSX Games
- Thread starter alexfree
- Start date
- Views 7,307
- Replies 42
- Likes 11
Have you ever wanted to SEE what a CD image patch actually does? I've always wanted a way to just see what user data bytes a patch actually edits when applied. CD images make that more wonky then you might think... See, CD images contain much more data then just the actual game. There is header data, user data, checksum on said user data, and repair data for said user data if that checksum doesn't match. EXTREME simplification, but a good overview.
When investigating how an actual CD image patch works, you only care about the user data bit. That is the actual data read from the CD on a console into memory in the end. That is the actual changes made. The header info is irrelevant because it is consistent between the original and the patched image. The checksum/repair data is irrelevant because it is based off of the user data, which is not consistent between a patched image and an unmodified one, so it will always be different anyways. To just look at the actual changes the CD will load into memory is something I am unaware of any tool ever trying to do.
The implications of this are insane. I want to add automated support for trying to port patching METHODS themselves from one release of a game in a specific region to another. For example we have a Final Fantasy 9 LibCrypt patch for the Europe release without any trainers/cracktro, but not one for all the other releases (Italy, France, Germany, etc..). With this functionality, you can easily reverse engineer how the patch for the Europe release is working and then port that to the other releases with context. Which is the beginning of what I'm trying to do here to fix right now https://github.com/alex-free/libcrypt-patcher/issues/7 .
The example below is of a patch method I've already reversed just to sanity check my work so far. One is an unpatched image, the other is an aprip patched image using the built in functions to detect LibCrypt v1.You can see plain as day just the actual relevent data changes made to bypass the protection.
In the future I can expand this even further. Automated in memory PS-EXE patches, etc.
When investigating how an actual CD image patch works, you only care about the user data bit. That is the actual data read from the CD on a console into memory in the end. That is the actual changes made. The header info is irrelevant because it is consistent between the original and the patched image. The checksum/repair data is irrelevant because it is based off of the user data, which is not consistent between a patched image and an unmodified one, so it will always be different anyways. To just look at the actual changes the CD will load into memory is something I am unaware of any tool ever trying to do.
The implications of this are insane. I want to add automated support for trying to port patching METHODS themselves from one release of a game in a specific region to another. For example we have a Final Fantasy 9 LibCrypt patch for the Europe release without any trainers/cracktro, but not one for all the other releases (Italy, France, Germany, etc..). With this functionality, you can easily reverse engineer how the patch for the Europe release is working and then port that to the other releases with context. Which is the beginning of what I'm trying to do here to fix right now https://github.com/alex-free/libcrypt-patcher/issues/7 .
The example below is of a patch method I've already reversed just to sanity check my work so far. One is an unpatched image, the other is an aprip patched image using the built in functions to detect LibCrypt v1.You can see plain as day just the actual relevent data changes made to bypass the protection.
In the future I can expand this even further. Automated in memory PS-EXE patches, etc.
Last edited by alexfree,
Aprip v1.0.8
Changes
Changes
- Implemented sector user data compare function. This allows you to display only differences in user data (and not ECC/EDC) between i.e. an unmodified disc image vs a patched one.
- Implemented Aprip-style patch creation/applicator functions. An APrip-style patch searches all sector user data for a pattern of bytes and then patches specific bytes in the pattern (pre-defined in the patch) without using known offsets. It can be used to 'port' patch methods.
