mem card hacking... crc protection field?

[thereal_zap]

first, i'm glad that there is actually a forum on this topic.

i've been hacking game saves for years on other consoles, and only recently did i finally get a mem card hardware to back up my ps2 games. the first game save i tried to hack was my ffx and ffx-2 games. i've already finished both of them some time ago, but thought it'd be fun to get the items/accessories in abundance. i got some item and other codes from the normal places and started looking around the gamesave file until i found where these were stored. i, then, simply changed the item codes to have something different, and changed money values, etc. the problem is that when you try to load the gamesave with the game it says that the save is corrupted. this leads me to believe that there may be some sort of checksum field or something to try and protect the save.

does anyone know about this, if this is truly the case? or is there some other known thing about ps2 saves that i may simply not be aware of.

tia

[dciaravi]

I'd like to know more about, specifically, FFX saves as well. I'd like to change some character names in my save back to their originals, I just have no idea how to go about it. I've FTP'd my gamesave from the MC to my PC. I figured a hex editor would work, but I can't find anything in the main save to work with. Anyone with knowledge on PS2 saves, please help!

[Lunovus]

Most PS2 game saves have checksums.

Not necessarily to protect from cheating, but for checking if a save game is not corrupt (due to failures on the MC).

Best way i figured out find the checksum location is create two saves that are very similiar and only a bit different.
Then check what has changed, that is the easiest way to see were a specific value is stored, and where the checksum is.

Most often these checksums are just "added up" so if you change a value from 1 -> 2 change the checksum from checksum -> checksum +1, and often you will already succeed.

But i think i read somewhere that the checksum/save from FFX is a bit more complex.

In japan they have magazines that list the location of specific values and the location of checksum and there algorithmns for specific game saves.

See also the "Checksum Repair" Tool here:
http://www.ps2savetools.com/download...download&cid=1

But i guess it won´t help much without the infos from those magazines.

HTH

Lunovus

[thereal_zap]

thanks for replying

and, yeah, i did do 2 separate saves where i did nothing but let one minute pass on the clock and then save again. then compare. and there was quite a few changed values . but hopefully this link will have some info.

appreciate the fact that you verified the presence of checksums!

[Spudz777]

I just recently started looking into mapping the saves from Disgaea, and I've gotten to the point where the easiest way to find out what something does is to change it, load the file, and see what happened in the game. Of course, with checksums...

Anyway, I've located the checksum, but can't seem to crack the algorithm for computing it. It doesn't seem to be any of the simplest methods (addition, subtraction, XOR, etc.), and I'm currently running some code to test out CRC-32 algorithms...

I can play with a FFX file and see what I can do, but no promises. Anyone happen to know a way to find out what algorithms are being used??

[nicko]

how did u hack the mem card

[dciaravi]

You can hack into the memcard by running ExecFTPS, a homebrew program available if you do a little searching. The question we have, I believe, is once you get into the card and find your gamesaves and edit their data, without having the card read the new, edited gamesave as corrupt.

Zap and I also have additional questions, because hacking these FFX and FFX-2 saves are not easy. I'm trying to change character names, and when I try to edit them (using WinHex), the character names don't show up anywhere. The same is true with zap's item increases. If anyone could help us out in this regard, we'd really appreciate it. These are pretty complex saves.

[Spudz777]

One thing I've found in many games (Disgaea for ps2 and Monster Rancher for psx, for example) is that text strings are often represented as 2-bytes per letter. In Disgaea, 'A' is represented as "82 30" in hex code (2 bytes) and 'a' is "82 81". In most programming, a 256 character alphabet is adopted, but when you want to include three Japanese alphabets, plus English, plus a lot of special characters, you need more than 256 letters. Try looking for a hex string such as "82 42 82 89 82 84 82 95 82 93" which would represent "Tidus".

Unfortunately, I don't remember what the text "indicator" (like the 82 above) was when I hacked FFTactics, but I bet it's the same in FFX and FFX-2. When I get home Saturday I'll poke around in a FFX save and let you know if I find anything.

[dciaravi]

Thanks for the tip Spudz. I'll give your idea a shot and let you know how things go. Keep posting if you've got any other bright ideas, and definitely if you find what the exact indicator is. I'll use wildcards for now, though.

[Spudz777]

Reading another thread in this forum led me to the conclusion that I had the location of the checksum wrong when dealing with Disgaea saves. I think it was Gothi who pointed out that x-port saves have a checksum added to the actual game save. Using PS2SaveBuilder, I extracted the actual data from a *.max save I had converted to *.xps, and found out that the place I thought was the checksum was probably the checksum added by the x-port format. Unfortunately, all this was done in Atlanta on my wife's laptop, where I didn't have access to most of my saves (or more importantly, my PS2).
I still haven't had a chance to look at a FFX save, but I'll try to do that tonight and get back to you tomorrow.