[Suggestion] Convert eboot.pbp to bypass libcrypt / change game id #16
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi,
The program works great, PSX games launch flawlessly.
But I was thinking if it is possible to convert a pre-made PSX eboot.PBP.
Why? Because with a decrypted eboot.PBP you can easily change the "SxxS string" under "PSISOIMG" (example SCES-00111 -> SLES-00972)
This usually fixes certain emulation glitches / have a general speedup effect in certain games. (As an example, Silent Bomber)
I usually make all my eboots with POP-FE then hex edit the eboot.PBP
With the encrypted eboots this tool generate it is not possible.
POP-FE also injects libcrypt data so it will not trigger the protection, exactly like original games bought on PSN (ex. Vagrant Story, FF8)
I tested my bought PSN games like FF8, they boot inside adrenaline just fine... so maybe eboot.PBP inside PSPEMU/GAME/ is exactly the same as PSP format, but signed / encrypted?
I tried to make a bubble with Chovysign, then overwriting the eboot.pbp with another (same game, but eboot not made with chovy.) As expected, the bubble will throw an error but the game will work in Adrenaline.
Anyway, I understand if it is not possible. I will keep Adrenaline for libcrypt protected games / ones who have slowdown.
sadly, the decrypted format used by tools like POPSLoader is very different to the offical POPS format, and is completely incompatible.
please note that trying to edit the EBOOT.PBP on vita will always fail on retail consoles even if the file is completely correct; due to __sce_ebootpbp additional signature used on the vita- (use https://github.com/dots-tb/chovy-gen to regenerate this)
changing the disc id should be really easy though, i could probably add that to the game information settings; this could also be used to force PocketStation Support ... for example, so its actually a good idea for multiple reasons
as for libcrypt, iirc the PS1 stored that data in the subchannel data, which isn't included in the bin/cue format as far as i can tell., however the PBP format does actually support this, which is likely what is causing issues here- that is the main reason it wasnt included; though it works fine in emulators and stuff so i wonder how they get around that? i don't know anything really about how the libcrypt copy protection works; is there a way to like 'generate' this information? if you could point me to some information on how to do this, i could probably add it. i know exactly where and how; just.. didnt know what to put there.
anyway; there actually is a tool in here (though not compiled in the release) called PBPResign which is the original tool by SquallATF; which will resign an official PSN EBOOT.PBP file with different keys.
XD anyway i wonder why changing the disc id improves performance? maybe sony included special patches for certain games in the POPS emulator?
looking at POPS-FE it seems it patches the games to essentially crack the LibCrypt protection, not at all what i would like to do, I'm gonna try looking into how sony solves the problem instead.
About libcrypt: https://www.psx-place.com/threads/ps1-libcrypt-support-on-ps3-official-emus-research-thread.35836/page-14#post-356525
About handling game IDs:
ceb85a3271About special patches: Yeah, it seems that most games, like resident evil 2, have hardcoded patches in POPS... Using popsloader plugin it is apparent: if you pick a "recent" PSN classic game, and try to run it on an older POPS.prx it'll have problems. This didn't stop sony from not thoroughly testing their games during the first wave of PS1 games on PSP. The first jumping flash, official PSN release, slows down like crazy (ok, it is playable... but still, comparing it to an original PSX, the difference is clear). Change it's ID to the SLES-00972, resident evil 2 (pal) , and the game runs exactly like on original hardware. Another game, Strider 2. This one has a US/JP release on PSN and runs correctly. But if you try to make a PAL unofficial POPS, it will crash on stage 2. Solution? Either change the game ID to the US one (but the game will run at 60hz.) or, again, use the resident evil 2 ID which somehow fixes almost, 99% of PS1 games.
I don't think POP-FE uses patches anymore... If you look at the patches folder, it has, like, a very restricted list of games. As an example, no Italian/Spanish versions in sight. But when run my games trough it it injects subchannel data based on the magic word and they pass protection easily! At least, that's my basic understanding (psx-place link)
another useful resource;
https://red-j.github.io/Libcrypt-PS1-Protection-bible/index.htm
here is a built version of PBPResign program i mentioned earlier, can be used to take official EBOOT.PBP from PSN and resign it using another games keys,
this obviously doesn't allow you to play anything that wasnt released on PSN, but should allow you to workaround the issue for now if those games were released on the PSN.
(Credits to SquallATF..)
Thanks! It's going to be very useful for those games that need a PS3 to transfer if you don't have one. you can generate a dummy bubble with only the first disc, pbpresign & chovygen an official eboot, extract the data from a psvimg, then rebuild and transfer with CMA or copy all into PSP/GAME/xxxxx, if someone really wants to use the official eboot.pbp from a pkg [like me :)]
at some point i would like to completely bypass the drm checks in the psp emulator, xD with like a plugin or something
POPS-FE use subchannel data. only on PS3 version, i think?
not on PSP still useful information as the formats are very similar
2b32bcead1It is injected into Eboot.BIN (subchannel data on PSP.) On PS3 subchannel blob is stored inside ISO.BIN.DAT.
ISO.BIN.DAT is simply the PS1ISOIMG, and i beleive the eboot.pbp code is putting it into the PSAR section of the EBOOT.PBP, which in this case is used for PS1ISOIMG, so i think maybe the same
Yep.
Sahlberg on PSX-PLACE (about libcryp: "The main difference is that on PS3 ISO.BIN.DAT the offset is the physical file offset while on PSP the offset is relative to the start of the PSISOIMG section."
Sahlberg (conv. on github):"I think the PS3 only actually reads the disk sectors and the ATRAC3 audio streams from the EBOOT but it reads the PSISOIMG sections from ISO.BIN.DAT"
i believe,
6647b319a2should allow for LC games to be played, providing you have that games .SBI file (subchannel image)EDIT: CTR still crashes with this change :(
Crash Team Racing start successfully with this;
dd6707d5eftrying other games ..
huh seems Final Fantasy 9 starts fine using this method also, \neat. maybe that actually fixed it for everything?/
does that mean the actual direct subchannel inclusion is not needed? just magic word ^ 0x72d0ee59 at 0xED4 of ISOIMG header?
Can you try this one ? just make sure have SBI with same name as CUE in the same folder, and it should work
some sbi files; https://cdromance.com/guides/sbi-files-for-libcrypt/
Done, all libcrypt games now working with Chovy-Sign v2.0.1, as well as disc id override.
Hi, sorry for the late response...
Thank you for all the hard work.
I don't have my Vita at hand, but I'm really grateful, I trust it works =)