Simple EA boot fixing Playstation 2 tutorial
/\
/ \ _ _
/ /\ \ | | _ | |
/ / \ \ __ __ __ __ | | _ |_| __ | |
/ / \ \ _\ \\ \ / /| \ | | /\ | | _ | \ | |
/ / \ \___/| |\ \\ \ / / | \ \ | | / \ | || | | \ \ | |
/ / __\/__/ | | \ \\ \/ />>| |\ \ | | / /\ \ | || | | |\ \ | |
/ / ___/__/\ \ | | / // /\ \>>| | \ \| | / / \_//| || | | | \ \| |
/ /___/__/ \ \ | |/ // \ \ \ | | \ \ |/ /__//\ \\ \\ \ | | \ \ |
/__ /__/ \_\|___//_/\_\ \_\|_| \__|__// \_\\_\\_\|_| \__|
========================================================================
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
========================================================================
SIMPLE EA BOOT FIXING (PS2) TUTORIAL
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Written by Mookie
July 13th 2001
GROUP BACKGROUND
ADRENALIN was first established in the early 1990s in order to crack/pack/train and menu computer games for the Atari STFM / STE 16 Bit Home Computer. We had to change our name to ADRENALIN UK to stop the people getting confused between us and another Atari ST group who did demo coding (ADRENALINE).
ADRENALIN UK were productive for four years before the home computer slump brought on by Japanese companies introducing Game Consoles into the home market. As the console market grew the Atari ST/ AMIGA market seem to die and so the group drifted apart.
In the four year period that ADRENALIN UK were active we released over 100 floppy discs worth of computer games (each disc containing more than one game), many single disc game releases, Public Domain game compilations and module music discs not to mention coding our own intros and demos. We also attended the first British Coding Party held in Bradford by the Demo Packing Group Ripped Off which gave us a chance to meet face to face with the rest of the talent on the ST / Amiga scene.
In September 2000 I resurrected the old ADRENALIN UK name and brought back my original pseudo name Mookie in order to do some NTSC 2 PAL patches on PS One for my friends and contacts. After nearly 6 years away from coding etc. I face the challenge of fixing various games which other groups may not have touched, using very little knowledge except for what I pick up from other contacts, groups and Web Sites which is why I am happy to release any info on doing constructive stuff on DC / PSX / PS2.
I welcome any new members to work with me on fixing games etc. and have starting to build up the ADRENALIN membership again with Bleemer2 (PSX), Ran Tidy (DC) and TZoneman (PS2).
INTRODUCTION
PLEASE NOTE THAT THE INFORMATION CONTAINED IN THIS TUTORIAL IS FOR EDUCATIONAL PURPSOSES ONLY!
It is intended to give guidance on fixing back up games (games you have bought originally) to load on your PlayStation 2 games console.
I 'Mookie' take no responsibility for any damage caused to your PlayStation 2 hardware or software and if you apply the information contained in this tutorial, you do this at your own risk and you should also be aware of your Countries laws with regards to modification of copyright material before proceeding.
EA FIXING, WHAT'S IT ALL ABOUT?
I think any PS2 owner who has been trying to get backup games to boot is now probably aware of what the EA boot method is, and the problem caused by such games. For instance on my PS2 using NEO 2 I have to keep my finger down on the POWER button in order for the DATEL AR2 disc to eject leaving me with 4 seconds to make a switch. Something I didn't have a problem with until one of my friends came round, did not swap in time and I ended up with my PS2 CD tray closed but with CD hanging out! Not a good situation to be in, believe me!
People using the NEO KEY in order to get games to boot also have a problem with EA games as these can not boot any EA boot method games at all.
Well, this is no longer true! For some time now crackers have been looking at the EA boot method games in order to identify why these particular games don't boot like the normal method and then also trying to fix these games to boot using the standard swap method.
NEO Technologies have already cracked the problem at a chip level which should be implemented in the next NEO chip V3 but for all existing users of NEO 2 or NEO KEY are only option reasonable option is to fix the games at the software level.
At this moment in time, All Rights Reversed (m0z & dAZZOR) have been building and testing the EA Universal Patcher. They have already released 3 sets of PAL patches as well as patches for USA games.
PLEASE NOTE
IF YOU DO USE ONE OF THE ARR PATCHES MAKE SURE YOU SET THE READ OPTIONS IN CDR WIN, SO THAT THE RAW OPTION IS NOT TICKED! OTHERWISE YOUR BIN FILE WILL BE OF A DIFFERENT SIZE AND WILL NOT PATCH CORRECTLY! (This is one of the mistakes some of the people who contacted me made which caused me to start trying to crack the EA fix myself! From a positive point of view, I'd did learn a thing or two which means anyone reading this benefits too!)
I'VE TRIED THE AVAILABLE PATCHES AND THEY STILL DIDN'T WORK, NOW WHAT?
Since I released some info on the 'Z' Forum (www.ps2ownz.com) and in my F1 Championship Season 2000 nfo, I have received a lot of E-mail from Italian users not being able to patch their copies of FIFA 2001. Their problem seems to be due to a different BIN file size to the one the patches are made for.
You now have two choices available to you in order to fix such problems:
- You can wait for ARR to finish off testing the Universal EA Patcher at which point you will be able to download and hopefully fix your games.
- You can be a bit brave and attempt to fix your BIN file using a good HEX editor and following my HEX string search and change instructions.
- CHOICE 1 - I'M A COWARD I THINK I BETTER WAIT FOR THE UNIVERSAL PATCHER!
OK, sit and wait for the following site to host the official release of the Universal Patcher:
- CHOICE 2 - I'M FEELING BRAVE, I'VE WASTED 100 CDRSs ALREADY, ANOTHER WON'T HURT!
My favourite choice, you only live once so you may as well have a go at fixing the BIN file yourself.
Tools Required:
- A working copy of CDR WIN (GoldenHawk) - a registered copy also, if you use cracks/ pirate keys you may find you just burn out coasters!
- A good HEX EDITOR (I'm using WinHEX 9.26 but be warned, an evaluation copy will not let you modify any large BIN files, so make sure you get a registered one or use another HEX editor I'm sure there's plenty of good ones out there).
- A working EA PS2 game (your game must not be already fixed else you will not find the HEX strings recommended - games which this tutorial can help you fix are F1 Racing Championship Season 2000 (pal), FIFA 2001 (pal), SSX (pal/ u.s.)
LET's BEGIN!
This example is for F1 Championship Season 2000 but can be applied all mentioned in the table below just alter the HEX string to search for and make the appropriate modification.
- Load up your copy of CDR Win
- Insert your EA game into your CD Reader (CD ROM)
- Select 'Extract Disc/ Tacks/ Sectors'
- Use the following settings :
Extract Mode - 'Disc Image / Cuesheet
CD Reader - the CD Drive your EA game is in (either CD ROM or CD Writer)
Image Filename - use a suitable file name 'F1.bin'
Reading Options - RAW Ticked (although unticked is fine)
Error Recovery - Abort
Jitter Correction - Auto
Subcode Analysis - Auto
Data Speed - MAX
Read Retry Count - 0
Audio Speed - MAX
Subcode Threshold - 300 - Select 'START'
- The 'Copy Progress' screen will now appear. When the 'Operation Successfully Completed' message appears select 'close' and shut down CDR WIN.
- Now load up your HEX Editor
- Open the BIN file you created in CDR WIN 'F1.bin'
- Select 'Find HEX Values'
- Enter the following HEX string '0200 8280 0600 4350 3B00 043C'
- Once it has found the HEX string you want to guide your cursor the value underlined above '4350' and we now change that value to '4354'
- Save the changes you have just made and close down your HEX editor
- Reload CDR Win, select 'Record Disc', Load Cuesheet 'F1.bin', select your burning speed and then START RECORDING
- Once finished recording, power up your PS2 and try booting your EA back up the way you would with any normal back up game. You should find the game boots and plays fine.
CONGRATULATIONS! YOU'VE JUST FIXED YOUR FIRST EA GAME!
Now look at the table below pick a game and follow the steps again just changing the HEX string that you search for and replace accordingly.
EA FIX MODIFICATION TABLE
===================================================================================================
| GAME NAME | ORIGINAL HEX | FIXED HEX |
===================================|===============================|===============================
| FIFA 2001 (PAL) | 1200 0324 0600 4350 0100 1324 | 1200 0324 0600 4354 0100 1324|
| F1 CHAMPIONSHIP SEASON 2000 (PAL)| 0200 8280 0600 4350 3B00 043C | 0200 8280 0600 4354 3B00 043C|
| SSX (PAL) | 1200 0324 0600 4350 0100 1224 | 1200 0324 0600 4354 0100 1224|
| SSX (US) | 1200 0324 0600 4350 0100 1224 | 1200 0324 0600 4354 0100 1224|
===================================================================================================
So far I have reports from people who have used the above table in order to fix the FIFA 2001 (Italian) game and from what I've seen between the U.S. and PAL version of SSX the HEX strings to look for are the same.
You may be able to apply the above technique to one other EA Sports game which is NHL 2001. I have not had the pleasure of ownig a copy of this game and therefore could not test it.
Just for the record, RAPTORS patch of SSX (PAL) does 36 more HEX modifications than mine and at present I am not 100% sure if all those changes are required but as he has been using the official Universal Patcher (BETA) I presume there may be something in it.
WARNING!
Do not try to fix Knockout Kings 2001 as you will find the 0200 0324 0600 4350 3400 028E Hex string but changing the usual 4350 to 4354 results in the game booting fine but you not be able to play the game, it gets caught in a loop going from menu to fight, end of fight back to menu again. If you don't mind wasting a CDR try it, you'll see what I mean.
CREDITS
First of all I would like to thank TZoneman (ADRenalin UK) and the person who originally posted on www.digital-forums.com with some information regarding the HEX string 0600 4350 and the change to 4354. I tried to trace who you were but as DF has been down to 1st July it has not been possible. Who ever you are, you are a STAR my friend and you should get some recognition, so get in touch with us.
I would also like to thank - Z - of www.ps2ownz.com this guys site is all about the sharing of information and I'm glad he was willing to listen to some of the information I had gathered, plus the ton of e-mail I've started receiving regards fixing all sorts of EA games NOT!
Credits must also go to the All Rights Reversed team and Raptor of Digital Forums (DF). These guys have worked hard on beating the EA booting problem. As I came to realise, some games such as Ready 2 Rumble Round 2 are not easy to fix unlike the examples I have shown. To fix the newer EA type of games you need to know your PS2 assembler language and obviously have the hardware to be able to trace through the code on PC. This is something I do not have and so I am now limited in what I can do from here in order to help with EA fixing. I am looking forward to the release of the Univeral Patcher, can I have a signed copy please m0z and dAZZOR?! LOL
ADDITIONAL INFORMATION
Where do we go from here?
Well, I know my limitations and at this point I bow out of the game. However, I will put some pointers in here so that if there are any budding PS2 programmers out there interested in carrying the work I've started and releasing the information to the public via www.ps2ownz.com they can do.
How did I go about finding the right piece of simple HEX to change?
Originally TZoneman informed me that he had seen a posting in DF informing people about the HEX string 0600 4350. Unfortunately, he couldn't remember which game that HEX string was for and he told me he had fixed F1 Championship Season 2000 but couldn't remember which HEX string he had modified! Helpful as ever. He was going to build a ppf to be released from his fixed version but the next thing I know he's gone down the pub so I did a bit of delving.
TZoneman actually started searching the full BIN file finding over 20 occurences of 0600 4350 when trying to fix his F1 Racing Championship and wasted 12 coasters till he got lucky! I didn't fancy my chances with that so I started looking at the SLUS (USA games) / SLES (PAL games which is a file contained on the main directory of every Compact Disc PS2 game, e.g. SLES_500.17 You can extract this file to your hard drive using a utility called ISOBUSTER. Once there if you load it into a HEX editor you can then start searching for occurences of the HEX string 0600 4350.
By looking around several of these SLUS / SLES files I started to notice a pattern with the HEX String 1200 0324 0600 4350 0100 1224. As I have no debugger I couldn't look into the instructions as such, so it was a case of modifying and then see what happens.
I did my first modification to SSX (PAL) and it worked fine, so I tried the US version and then moved onto FIFA and finally F1 Championship Season 2000 which was using a different bit of HEX but with similar HEX string 0600 4350. All games worked first burn no COASTERS! Result or so I thought!
I originally thought that all these EA games were the same at that each one would have some check put in the SLUS / SLES file but that is not so.
Take a look at MADDEN NFL there is no trace of the usual HEX string which we have been seeing. This now means that the developers are using a different method to limit the game to booting via the EA boot method. I believe the file we should now be interested in is '*.IMG' file on the PS2 main directory.
It is at this point that I can no longer really contribute to the EA fixing because there are no more simple occurences of the HEX string we've been searching for. It now comes down to skilled people to disassembler the PS2 code and see what is going on, which is where team behind the Universal Patcher come in.
If you do a little lame trick (I used to use it back in the old Atari ST days to see if someone had ripped off one of my own cracked game files) you can compare your original BIN file with a fixed patched version.
Compare RAPTORS SSX fix and you will notice 37 changes in HEX as opposed to my one change. Now this for one proves I did not just do a simple HEX compare and then copy his routines and pass them as my own. It also shows there is a now a different approach to fixing games. Not all crackers crack the same protection the same way. I believe this was proven with Tyranids Vampire Chronicles RGB Fix on DreamCast. He compared his version to another group and they had done a lot more changes as they had gone about it a different way which took more changes but still ended up with the same result.
If you continue to do HEX compares with other releases such as:
NBA LIVE 2001, NBA STREET, TIGER WOODS 2001 and READY 2 RUMBLE 2: ROUND 2 you will notice HEX changes from as little as 37 up to at least 53. That's a lot of changes. You may want to record the changes and try to work out what is going on but you will need to look at the code and not just HEX in order to fix it!
I personally feel it would be waste of time detailing the HEX changes for the above named games. If you wish to catalogue them for your own use then I wish you luck but at this time I would say to anyone who wants to fix the newer games, rely on the ARR team as the games will change and the Universal Patcher will need to be upgraded as and when, but hopefully we'll all enjoy the benefits of using such a program. I think the Universal Patcher will be here to stay!
========
Apologies for any spelling mistakes, at this time in the morning when you your eyes are stinging you really can't be bothered to go back and change things!
As we used to say in the good old days.... time to wrap!
Mookie of ADRenalin UK
-------04.43am--------