Dreamcast: The Quest for a Bootable Game CD-ROM
The Quest for a Bootable Game CD-ROM
Update 7/24/2000 1:48PM EST: A native German speaker, LaNcom, emailed me with the REAL German translations of what Utopia said. Thanks, LaNcom!
Update 7/22/2000 11:29AM: A few little link updates and such. We're no longer hosting the Utopia boot binary, but you can use these instructions if you want to extract it yourself. However, the Gameshark CDX binary is uploaded to the Tools section.
Update 7/22/2000 2:05AM: A person who doesn't wish to be identified submitted the answer to the difference in file size between Explorer and ISOBuster. An ISO9660 directory stores both big and little endian start sector/file sizes. Windows reads the little endian while the Dreamcast reads the big endian (even though the DC is little endian itself). Now, before you start yelling "Figures! Windows sux!!!" read on. On a normal CD the big and little endian sizes are the same, so Windows just reads one. To annoy hackers, Utopia and Datel hacked their ISO images to make them different so that Windows doesn't see the same thing as the DC. ISOBuster can read the files like the DC does because it just happens to use the big endian field rather than the little endian field. I knew I liked ISOBuster.
Update 7/21/2000 10:27PM: Just more confirmation of what we already know :). Rockman made a bootable CD-R (following Marcus' instructions) using a custom made IP.BIN and just UTOPIA1.TXT and it's a complete working version of the Utopia boot disc. The rotating moose and all. It also loads a ripped game perfectly. This should be the conclusive proof that the UTOPIA1.TXT contains all of the secrets to a bootable game.
-----------------------------------------------------
by dopefish on 7/21/00
Ever since I found Marcus' page on bootable CD-Rs, Rockman and I have tried to make a bootable DC game in hopes of not having to use Utopia's boot loader. Not only is it a pain to swap a CD every time you want to play a game, but if we can reproduce a CD that will trick the DC into thinking that it is a GD-ROM, then games that use WinCE or CD-DA might work. Even if they don't work, at least we wouldn't have to swap that darn CD :). Dozens of coasters later, we've been unsuccessful. We decided to post everything that we have discovered, including some new exiting stuff related to the Utopia boot disc and the Gameshark CD. Perhaps someone out there can take our discoveries one step further.
1. The Beginning
We followed the instructions at Marcus's bootable CD-R page and were both able to create bootable, yet blank, CDs. The "bouncing" Dreamcast logo comes up, then the SEGA copyright page, and then it goes to the DC menu because there is no data on the CD. We tried everything we could think of and could not get a bootable CD with a game to work. It always ended up screwing up the boot or, after the SEGA copyright, the DC would go to the CD player and try to play our game track :). We played with the IP.BIN and 1ST_READ.DAT but to no avail. We gave up. Later, we found we had good reason to give up. Fatboy from Kalisto made a post on the DCISOS message board:
- The reason this method is not working for so many others, including yourself, is because it is meant to load the 1ST_READ.BIN file (EXE) into Memory, and Execute it. Once the EXE is loaded into Memory using this boot method, the GD-ROM drive is disabled, and no more files can be read off it. You may get 1 or 2 screens using just the EXE in ChuChu or Crazy Taxi, but if the games can't read game data, of course they will crash. The GameShark CDX and Boot Loader do this, is using a trick called the 'Reset Trick' which restarts the GD-ROM.
Eureka! Now we know the trick to the boot disc! The only problem is: how do we do it? Rockman and I certainly have no idea. But we have made some significant progress and have actually been able to extract the Gameshark and Utopia 1ST_READ.BINs from the CDs.
2. The Utopia Boot Disc
Programs used: Nero 5.0.1.3, ISOBuster 0.99.5 Beta 2
OS: Windows 2000 Professional
CD-R: Plextor 12/10/32A CD-RW
If you look at the Utopia boot disc in explorer this is what you get:
If you open each text file, they include German messages (real translations courtesy of LaNcom, a native German speaker):
GURKSAFT.TXT: "Wo iss alles ? Wie geht alles ?"... Translation: "Where is everything? How does it all work?"
UTOPIA1.TXT: "Alle anderen: Maul halten, ab jetzt! Sofort!"... Translation: "Everybody else: Shut up now! Immediately!"
UTOPIA2.TXT: Same message as UTOPIA1.TXT
Now we finally have what those lines REALLY mean and they make a lot more sense now :). Utopia is a real bunch of kidders :).
Open up ISOBuster now and look at the Utopia boot disc:
Look at this now! Our innocent little UTOPIA1.TXT has blossomed into a 2MB file :). The other two text files still contain the same information as before, though. If you open this new UTOPIA1.TXT it is all binary stuff. The 2MB file size suggested that it was a 1ST_READ.BIN, but it was just a hunch of mine. Rockman figured out how to prove it.
Open up Nero, click on the "CD Recorder" menu and click on "View Track..." Once it loads the TOC of the Utopia boot disc, click on Track 2. And prepare to be amazed (well, maybe at least surprised? :P).
What you're looking at is none other than the IP.BIN used by Utopia. In the field for what file should be first loaded (usually 1ST_READ.BIN), Utopia changed it to UTOPIA1.TXT. I was right. We also learn that Wildlight coded it (or at least takes credit for it :P). If that IP.BIN is confusing to you, learn about them at Marcus' IP.BIN page.
Conclusion: UTOPIA1.TXT is the 1ST_READ.BIN used by Utopia. It also must contain in it somewhere the code that "resets" the GD-ROM as Fatboy mentioned. Now it is up to someone to isolate that part of the code, or figure out how to take this bin and make it work with any game/program you specify. We're no longer linking to the download of it, but by all means you can get it your self by following those instructions.
After making this exciting discovery, we bet we could find similar results with the Gameshark CD. We were right again.
2. The Gameshark CDX
Programs used: Nero 5.0.1.3, ISOBuster 0.99.5 Beta 2
OS: Windows 2000 Professional
CD-R: Plextor 12/10/32A CD-RW
Look at the CD contents in explorer:
That first file is unreadable due to it not having a file name. The rest are as follows:
CAST: "GameShark CDX For use in America only"
MESSAGE.TXT: "DREAMCAST CDX Copyright Datel Electronics"
WWWSHARK.TXT: "Thanks for buying the Gameshark CD"
Aww, it was nice of them to thank us. It's certainly better than Utopia's wacky German messages :). Anyway, now look at it in ISOBuster:
Again, another file has grown to around 2MB in size. WWWSHARK.TXT is not the same size as UTOPIA1.TXT so that puts to sleep the rumor that they ripped the Gameshark's boot file. Well, it does in part. Maybe they could have stolen part of the code -- who knows.
Viewing the second track in Nero reveals similar results to the Utopia boot disc:
The IP.BIN for this points right to WWWSHARK.TXT just as we suspected.
Conclusion: The Gameshark CDX functions the same way that the Utopia boot disc does. WWWSHARK.TXT must also contain the "soft reset" code. Download the track 2 files in our Tools section.
3. Final Conclusions
- Somehow the 1ST_READ.BIN file gets "disguised" if you view it in Windows. You need to use ISOBuster or a similar program that uses its own system calls to see the real file. -- This is now explained, see one of the top updates.
- The Gameshark and Utopia boot disc function the same way.
- The trick to a bootable game CD is a software reset to reenable the GD-ROM. That code is somewhere in the WWWSHARK.TXT and UTOPIA1.TXT files.
Now it is up to someone out there who knows what s/he's doing to take the next step. Rockman and I know a bootable game CD can be done, someone just has to figure out how. Download the files in the Files section or extract them yourself if you have the CDs and get to work! If you come up with something, drop CyRUS64, me, or Rockman a line or come visit us in #boob on efnet.
Thanks to Marcus for his fantastic site and to Rockman for his help.
-dopefish
Hexing the Utopia boot disc take two
by dopefish 7/24/00
After three people proved to me that the Sega Katana Dev kit + libraries have been leaked for a long time, I decided to redo this whole page. Also, AltRN8 reminded me that the UTOPIA1.TXT was still scrambled. Duh, I feel like an idiot. That's why on the old page everything was so fragmented. Descrambling the BIN makes it a lot more readable. When a 1ST_READ.BIN-type file is put on a CD/GD it is scrambled in order to be loaded properly by the DC. Here's how to descrable it:
- Get Marcus' 1ST_READ.BIN scrambler from his software page and compile it.
- Run it on the UTOPIA1.TXT. The usage is: scramble -d <file to unscramble> <new unscrambled file to create>
The -d flag is to "descramble." I bet you figured that out anyway :). If you have one that you want to scramble, just don't include the -d flag. I WILL NOT help you with compiling. It's an easy thing to do so don't even think about emailing me about it :P.
Since I'm too lazy to do another big table (I HATE making them), I just took a bunch of screenshots. Don't dispair modem users, they're teeny tiny GIFs that only add up to about 60K in total. All of these pictures were taken in Hackman 4.04. On with the images:
Here are the two new locations of the reset calls after being descramled.
One of the many areas where "Lib Handle" is mentioned. I don't want to show them all -- one sufices.
Different files mentioned here. Maybe this is the search order for what file to load first?
Sega's Shinobi Dev Library
Sega's Ninja Dev Library
Whew! That's the really long NEC copyright section.
Since I have seen proof that the Dev Kit/Libraries are leaked, then most likely Utopia did not copy any boot disc of Sega's. They coded their own, but used Sega development tools which would still make Sega mad.
The reset codes are of course still there. So if someone is good with asm, they should try to find the code for them. We have some SH4 docs in our Tools section and for others visit Jules' site.
One of the images I saw of the Dev Kit showed some of the demo programs. One (I forget it's name) was an NEC demo "showing a rotating PowerVR logo with spectacular highlights." Kinda sounds like Utopia's rotating moose, only instead with a PowerVR logo. Perhaps they might have used that code as a base to code the moose?
Email me with any thoughts about this new hex document.
-dopefish
source: http://www.boob.co.uk/