The above video goes away if you are a member and logged in, so log in now!
PS2 saves cracking –
I'm new to this forum, so hi everyone.
Sometime ago I used to crack PC games saves. When I got my hand on a cheating device (ARMax EVO) which allow copying PS2 saves to MC, I see it as a chance to crack PS2 games saves in the same old way.
However, it seems all the games I tried have protection on their save files. By making minor changes and comparing the corresponding save files (copied to MC by ARMax EVO and extracted using PS2 save builder 0.8x), it seems that Xenosaga Episode 1, the game I'm working on, is protected by checksum. The problem is I'm clueless on what checksum method is used, what data area is protected, etc. I'm still inexperienced in this, so I would be appreciated if anyone can provide me some information on:
1. Has anyone successfully cracked PS2 games saves? If yes, what exact steps did you used? Is that game protected and how did you overcome it? (Actually I have seen a GT3 and GT4 save cracking programs written by mk, since I don't own the game I couldn't test it)
2. Can I used PS2 save builder to extract and add save data normally, or do I have to use special method to keep the files' date, name, etc? I managed to get the PS2 machine to accept the modified files as normal data, but the game itself always report them as broken files.
3. How many PS2 save files protection method are there and is there any documents detailed in this? If yes, could you post or send them to me?
Any idea or help is welcomed.
I've downloaded Ntsc games saves and coverted them to Pal games saves just by changing the folders name. NTSC games save folders are slightly different in name to PAL games saves. About cracking them, what advantage would you want to get from doing this.
Sorry, I was ill in the last few days, so I couldn't answer immediately. I haven't used FTP tools to transfer saves to MC, thus I don't know much about that. Surely your experience'll be a good guide to other on save converting.
For cheating games, there are 3 methods: the first is to interfere directly to the PS2 memory, this is the way cheating devices like GameShark or Action Replay use. This one is truely the best and the most common method, the only drawback is that you'll have to depend on the cheat provider, sometimes they'll provide you the desired effects, sometimes they are all useless. If you want to make the cheat yourself, it'll be a lot of work but if you are a pro, this is the way.
The second method is to interfere indirectly to the game saves. Since I have started this, I have been asking around but it seems not many people do this. By cheating this way you can do whatever you want, you won't have to wait for someone to release cheats which may do nothing for you. The disadvantage is that you'll only be able to modify figures on the saves, anything involved to in-game action (in-battle cheats, buy-sell item to have max money, etc) is not feasible. This method have the least requirement (no DVD, no MIPS knowledge, etc needed, only some understanding of hex if you use hex editor) if the save files is not protected, so anyone can do it.
The third method is to modify the original game disc. This is nearly as modifying games saves, but you do it on the game disc by making a copy on HDD, extract and modify, then burn or send the modified one to HDD. Doing well this way may give you goddly status even at the beginning of the game or turn the game into something out of imagination. But to success you'll have to be ultimately good at game cracking. I haven't seen anyone do this, even to good old PSX games, partly because it's hard and partly because it's somewhat illegal.
So about why I seek to crack game saves, it's because it's the easiest way without having to depend on the cheat devices. But I still lack of many things, so I hope you all will help me on this.
Last edited by Storm Raider; 05-29-2005 at 11:18 PM.
In the PS2 Save Tools site there is Checksum Repair program for .psu files, maybe it can help you with the checksum problem.
Success editing Gradius V save file
Success editing Gradius V save file –
I started playing Gradius V recently, and I was annoyed by the fact that in order to get free play mode, I'd have to log 17 hours of gameplay. I could have just downloaded a game save, but given that there are relatively few options and settings in this game, I thought that I'd give hex editing the save file a whirl.
It was easy enough for me to find the bytes that stored game time played, as well as most of the other options in the game. Finding the format of the data took a little more effort. If you want the details, reply to the thread.
After failed trials and further analysis, I found a footer at the end of the save file data, containing an 8-bit checksum.
The complete file size is 1688 bytes, doubly redundant, ie. the first 844 bytes are duplicated. Of these 844 bytes, the 8-bit checksum is contained in the last 4 bytes. So the checksum is calculated from the first 840 bytes. In these last 4 bytes, the checksum value is the first byte followed by zero bits, eg. E8 00 00 00.
What follows is the sturcture of the 1688 byte file:
840 bytes - containing options/data
4 bytes - footer with 8-bit checksum first followed by 3 zero bytes
840 bytes - same data as first 840 bytes
4 bytes - same footer as above
I don't know if such a structure applies for all PS2 games, but try to make use of my findings to further analyze your save file to see if you can find the checksum.
Hmm, that seems odd to me, it doesn't seem like the checksum would be 6 bytes, which would mean a 48-bit checksum. The standards are usually 8, 16,32, or 64 bits.
Originally Posted by Storm Raider by PM
Also, in my opinion it is unlikely for the checksum to be at the beginning of the file, it would seem more logical that while creating a save file that the data would first be written then a checksum calculated and appended to the file. If you have ever programmed with file streams, you should know what I'm talking about.
My thoughts are that the first 6 bytes might most logically correspond to your location in the xenosaga world or other environmental variables. It seems logical to me that if I were programming a game and using a save file that the first bits that I read from the file tell me where to load the game. I don't have this game, so I cannot help you any further in that respect.
My other theory would be, if it is anything like what I remember from playing FF VII many moons ago, it might be some data that you see when choosing which save file you want to load, ie. time played, gil, and xp, etc.
The checksum that I used is the standard checksum, simply the sum of all bytes in a block of data calculated on an 8-bit accumulator.
I used WinHex to calculate my checksums. I have not messed with Hex Workshop so I can't speak from experience, but are you sure that you are just calculating the checksum over the block of data excluding the block you expect the checksum to be and not the whole file?
It seems that you have overcomed this problem, could you tell me what have you done? BTW, I'm using Hex Workshop, this program has a very good checksum function, stil not being able to find the desired information though, but I suggest that you could make use of it for you save cracking.
In WinHex, I highlight the block of data, minus the checksum and duplicated data and use the Calculate Hash item from the Tools menu.
WinHex's Data Interpreter was also most useful when trying to figure out what the values of certain blocks were.
I initially thought this as well when I was first editing the save and had load failures/corrupted saves. I don't think that this should be a problem. I am pretty sure that PS2 Save Builder can correctly implement the PS2 file system when you inject your edited file.
Moreover, I suspect that my method of copying and extracting save files is too complicated that it might cause problems, but I don't have the equipments to try FTPing the saves directly to PC yet. So I would be happy to hear what you did to move the save files to your PC.
In any case, I use a much simpler method than both FTP and save transfer devices to get the files to my PC. I use LaunchELF in conjunction with a USB memory stick, which allows me to browse the memory card take the file that I want and copy it to the USB key.
After editing just place the edited file back on the USB key, run LaunchELF again overwrite the file on my memory card and test it out.
Please try to keep any relevant/informative discussion in the threads. This way we can all share our thoughts and you may get input from others as well.
Look forward to hearing from you soon
Well, AFAIK the checksum can be either at the beginning or at the end of the files, or if the data is dynamic as in your case it could be at the end of the data. By using minor changes it can be concluded that the 6 bytes at the beginning of the save file of Xenosaga Episode 1 is the checksum. I guess the reason why it's 6 bytes is because the checksum method empoyed is not a standard one, or maybe it isn't checksum but another protection skill. I still couldn't check this, but it will be too much of SquareEnix to use such a method, though.
I haven't tried WinHex yet, but it sounds a good deal. On the contrary, using LaunchELF is not possible for me as I have never been able to get exploits to work in my MC. I don't have Devolution mode on the mod chip and my PS1 discs are all NTSC (SLPS) which doesn't seem to work with the exploit files provided. At the moment I managed to make the PS2 to recognize the customized files as normal saves, but the game itself won't, and I'm stuck there.
By the way, how many games of which you have successfully modify the save files? I don't have Gradius V, so I couldn't test if the transfering method I'm using is OK or not. Maybe we can help each other easier by using the similar game.
i've edited save files before, and it isn't easy. from the top of my head, i remember successfully editing saves from phantom brave, ys3, and digimon world 4. each game had a different protection. ys3's save seemingly had none other than possibly file copy protection. for phantom brave, i was able to edit byte values within 255 range and the game still loaded. going beyond that like short and long values seems to affect the checksum. digimon world 4, on the other hand, was a bit simple to get around the checksum provided that u don't add or subtract from what seems to be a total, which the checksum is based on. so, i was able to add a value to certain data as long as i subtract that value from a different data to maintain that total.
Square/Enix games often don't use 'standard' checksums and the method used often changes between games. For example you could try XORing the bytes if you don't get a match using any of the standard Checksums.
That said, make sure you know that you're creating a checksum on the right data, for all we know Square could only include every second byte in the checksum hash, anything is possable and this is why I don't touch Square/Enix saves
I remeber seeing a method done on the xbox (the theory is the same) where they disabled the checksum routine on the load (thus not caring about checking the validity of the gamesave) they even left the checksum writing routine intact so the save would be transferable.