A9VG电玩部落论坛

 找回密码
 注册
搜索
查看: 4965|回复: 13

这款软件的出现标志着ps2彻底被软解

[复制链接]

精华
0
帖子
796
威望
0 点
积分
846 点
种子
20 点
注册时间
2009-2-11
最后登录
2024-10-22
 楼主| 发表于 2022-4-12 09:24  ·  内蒙古 | 显示全部楼层 |阅读模式
MechaPwn

Any issue opened that not an actual issue, but a question will be closed.

Disclaimer: DO NOT USE A ON A REAL DTL/DEX; This sets the QA flag which forces the use of the retail keystore, this would break memory card compatibility.
Real DEX (non QA) flags have not been added to the public version of mechapwn for your own safety.

The authors hold no responsibility should you break/damage your Playstation 2 console using this software

This tool can be used to change the region and configuration flags from Dragon based mechacon consoles

This means Playstation 2 consoles from the SCPH-5000X systems all the way to the SCPH-90000X are supported (with the exception of the DESR (PSX) consoles which are not supported at this time, a future update is planned to address this)

Older Playstation 2 units do NOT use a Dragon based mechacon and therefore are not supported, no support is planned for those in the future.

How to use?
Make sure if you are using FMCB you have v1.966 "multi install" installed.

Run Mechapwn once to install the exploit patch/payload an initial backup of your mechacon eeprom will be made to the usb mass storage device (keep it safe!),then power off the console by disconnecting it from the mains when asked (mechacon is on even when the ps2 cpu is off, so you really need to disconnect the power chord!)

Run Mechapwn again to choose which region you want.

Choose whether you want to use force unlock or restore the original patch set (and uninstall the exploit patch) from your mechacon backup.

You will need to reinstall the exploit patch to change your region again

Explanations of the menu options:
CEX (Retail) will just set the region flag and machine ID of your chosing (it is not advised to mix and match different machine ID types, for example setting an SCPH-75001 ID to an SCPH-50004 console.

Retail-DEX (Debug) will let you set a QA Flagged DEX configuration/region with a DEX machine ID of your chosing, this allows mechacon to read discs from all regions as well as masterdiscs (the retail option does not).

How does it work?

The Dragon based MechaCon (SCPH-500xx and newer) store configuration flags and patches encrypted in their eeprom, the patch DES key was eventually bruteforced which allowed code execution on those units and for the full keystore to be dumped.

Normally the patch area is write protected and cannot be written to at runtime except while using PMAP in TEST mode (this requires soldering) furthermore the configuration area can only be written to when it is empty.

This is done to prevent an attacker or anyone outside of Sony's own factory to overwrite mechacon configuration.

However an exploitable bug was found in the writeconfig function which allows to write arbitrary data to the patch area,

this allows to write a mechacon patch which disables the write protection on mechacon configuration bits and thus set specific regions and flags to mechacon.

This allows the following:

On SCPH-500xx and SCPH-700xx:

Disable disc region checks (ps1 and ps2 discs from all region as well as masterdiscs mount with data accessible)

Change the region the console reports as, as well as change the disc/kelf region that mechacon allows

BOOT original PS2 discs from NTSC-J and NTSC-U regions directly from the OSD (NTSC-J units only)

BOOT original PS2 discs all regions directly from the OSD (NTSC-U and ASIA (non NTSC-J) units only)

BOOT original PS2 discs all regions as well as PS2 Masterdiscs from all region by skipping the logo check (for example by loading a disc using ulaunchelf)

NTSC-J and PAL consoles: BOOT PS1 disc originals from the console's original region

NTSC-U and ASIA (non NTSC-J) consoles: BOOT PS1 disc originals from all regions

On SCPH-7500X and later models (also known as Deckard consoles)

Disable disc region checks (ps1 and ps2 discs from all region as well as masterdiscs mount with data accessible)

Change the IOP ROM region (the ROM sets a specific bank according to the mechacon region flags)

Change the region the console reports as, as well as change the disc/kelf region that mechacon allows

BOOT original PS2 discs all regions directly from the OSD

BOOT original PS2 discs all regions as well as PS2 Masterdiscs from all region by skipping the logo check (for example by loading a disc using ulaunchelf)

BOOT PS1 disc originals from all regions

FAQ:

Why do PAL/NTSC-J consoles do not play NTSC/PAL discs (on scph-70000 and earlier) ?
The IOP ROM on those consoles have enforced strict logo decryption checks both in the PS1 and PS2 BIOS which the NTSC-U (also used in ASIA consoles) BIOS does not have.

Why do consoles not run masterdiscs directly from the OSD?
An additional protection exists on the DSP, which is different in retail and debug consoles, the debug one allows mechacon to store the masterdisc xor key in its registers, the retail one does not. Bypassing the logo check bypasses this protection (this can be done using ule or a future cdvdman patch using a ps2 homebrew)

My PS2 has a modchip. Will it work for me?
We don't know. This depends on what modchip you are using, it has been reported that some revisions of the modbo 4.0 chip do not truly disable when "disabled" causing conflicts/compatibility issues with mechapwn region changes, whereas we have seen it work with a modbo 5.0 with disable that does work as intended (with all modchip features still working when enabled on the converted console).

Why is my PS2 doesn't play DVDs anymore / FreeDVDBoot stopped working?
The DVD Player KELF inside the BootROM (BIOS) is region locked on non-deckard (pre SCPH-750XX). Since you changed the region of the console it can't run that file. To fix that you need to install a DVD Player update to your memory card.

Why did FreeMCBoot stopped working?
Version 1.8 is piggybacking a DVD Player KELF and faces the same issue as DVD Player players.

Version 1.9 is supported, but you have to make sure you have the multi-region ("multi install") version installed.

What is force unlock?
Force-Unlock is a very much needed feature for homebrew applications, like Neo Geo emulation, PS2 Linux for reading CD and DVD-ROM discs. What it's meant to do is unlock the disk drive for access.

Important note: If you enable force unlock every CD and DVD will be detected as a PS2 disc, meaning it breaks PS1 games and DVD-Video

精华
0
帖子
796
威望
0 点
积分
846 点
种子
20 点
注册时间
2009-2-11
最后登录
2024-10-22
 楼主| 发表于 2022-4-12 09:25  ·  内蒙古 | 显示全部楼层
本帖最后由 sceips8 于 2022-4-12 09:30 编辑

mechapwn.elf这是程序的全称。英文不太好,没全看明白怎么操作运行流程。
大概的意思就是FMCB启动然后运行U盘里的这款程序,然后断电,再运行,再断电,再开机就可以了。可以完美运行备份的PS1/PS2游戏。
限制是只支持SCPH-5000X一直到SCPH-90000X的Playstation 2(除了目前不支持的DESR(PSX),计划在未来进行更新以解决此问题)。以上型号之前的机型m都不支持,未来也不会支持。

圣骑士

流放者(禁止发言)

精华
0
帖子
3377
威望
0 点
积分
3443 点
种子
127 点
注册时间
2014-2-18
最后登录
2024-11-14
发表于 2022-4-12 13:38  ·  四川 | 显示全部楼层
原理是对系统核心打破界补丁吗

精华
0
帖子
796
威望
0 点
积分
846 点
种子
20 点
注册时间
2009-2-11
最后登录
2024-10-22
 楼主| 发表于 2022-4-12 14:25  ·  内蒙古 | 显示全部楼层
闇黑双子 发表于 2022-4-12 13:38
原理是对系统核心打破界补丁吗

How does it work?

The Dragon based MechaCon (SCPH-500xx and newer) store configuration flags and patches encrypted in their eeprom, the patch DES key was eventually bruteforced which allowed code execution on those units and for the full keystore to be dumped.

Normally the patch area is write protected and cannot be written to at runtime except while using PMAP in TEST mode (this requires soldering) furthermore the configuration area can only be written to when it is empty.

This is done to prevent an attacker or anyone outside of Sony's own factory to overwrite mechacon configuration.

However an exploitable bug was found in the writeconfig function which allows to write arbitrary data to the patch area,

this allows to write a mechacon patch which disables the write protection on mechacon configuration bits and thus set specific regions and flags to mechacon.

This allows the following:

On SCPH-500xx and SCPH-700xx:

Disable disc region checks (ps1 and ps2 discs from all region as well as masterdiscs mount with data accessible)

Change the region the console reports as, as well as change the disc/kelf region that mechacon allows

BOOT original PS2 discs from NTSC-J and NTSC-U regions directly from the OSD (NTSC-J units only)

BOOT original PS2 discs all regions directly from the OSD (NTSC-U and ASIA (non NTSC-J) units only)

BOOT original PS2 discs all regions as well as PS2 Masterdiscs from all region by skipping the logo check (for example by loading a disc using ulaunchelf)

NTSC-J and PAL consoles: BOOT PS1 disc originals from the console's original region

NTSC-U and ASIA (non NTSC-J) consoles: BOOT PS1 disc originals from all regions

On SCPH-7500X and later models (also known as Deckard consoles)

Disable disc region checks (ps1 and ps2 discs from all region as well as masterdiscs mount with data accessible)

Change the IOP ROM region (the ROM sets a specific bank according to the mechacon region flags)

Change the region the console reports as, as well as change the disc/kelf region that mechacon allows

BOOT original PS2 discs all regions directly from the OSD

BOOT original PS2 discs all regions as well as PS2 Masterdiscs from all region by skipping the logo check (for example by loading a disc using ulaunchelf)

BOOT PS1 disc originals from all regions

能看懂且能看明白么?我是完全不懂

圣骑士

流放者(禁止发言)

精华
0
帖子
3377
威望
0 点
积分
3443 点
种子
127 点
注册时间
2014-2-18
最后登录
2024-11-14
发表于 2022-4-12 14:36  ·  四川 | 显示全部楼层
大致看了下是对主机eeprom的加密进行patch,大概就是打内核补丁建议转发到怀旧区,那里关注的人多一些.

精华
0
帖子
796
威望
0 点
积分
846 点
种子
20 点
注册时间
2009-2-11
最后登录
2024-10-22
 楼主| 发表于 2022-4-12 17:04  ·  内蒙古 | 显示全部楼层
闇黑双子 发表于 2022-4-12 14:36
大致看了下是对主机eeprom的加密进行patch,大概就是打内核补丁建议转发到怀旧区,那里关注的人多一 ...

我去看看,谢谢

精华
0
帖子
1061
威望
0 点
积分
1116 点
种子
13 点
注册时间
2004-12-23
最后登录
2024-10-30
发表于 2022-4-12 19:03  ·  四川 | 显示全部楼层
意思就是打了这个内核补丁后
运行自治磐
就没值毒啥子事了嘛!

精华
0
帖子
796
威望
0 点
积分
846 点
种子
20 点
注册时间
2009-2-11
最后登录
2024-10-22
 楼主| 发表于 2022-4-12 21:43  ·  内蒙古 | 显示全部楼层
zybttt 发表于 2022-4-12 19:03
意思就是打了这个内核补丁后
运行自治磐
就没值毒啥子事了嘛!

按照说明来说,是的。有没有人试试啊

精华
0
帖子
1061
威望
0 点
积分
1116 点
种子
13 点
注册时间
2004-12-23
最后登录
2024-10-30
发表于 2022-4-13 14:22  ·  四川 | 显示全部楼层
sceips8 发表于 2022-4-12 21:43
按照说明来说,是的。有没有人试试啊

感觉意义不大,毕竟现在PS2基本都是免盘了。想玩自知盘,也得要光头良好才行。

圣骑士

模拟器 游戏机外部硬件探讨

精华
0
帖子
3302
威望
0 点
积分
3367 点
种子
45 点
注册时间
2003-10-13
最后登录
2023-9-23
发表于 2022-4-18 05:32  ·  美国 | 显示全部楼层
有没有翻译好的  看得一头雾水  我已经使劲看了
您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|A9VG电玩部落 川公网安备 51019002005286号

GMT+8, 2024-11-15 05:10 , Processed in 0.219875 second(s), 14 queries , Redis On.

Powered by Discuz! X3.4

Copyright © 2001-2020, Tencent Cloud.

返回顶部