Rock Band PS2 decrypted main.hdr

[duende]

Seeing as this is probably considered a copyrighted file I won't distribute it here, but let's just say that if you know what an old GH2 main.hdr file roughly looks like, then the decrypted Rock Band main.hdr is easy to locate in a PS2 RAM dump.

Unless someone takes a serious stab at finding the decryption/encryption keys, the above in combination with a patch to the game's executable that makes it skip the decryption, and thus accept an unencrypted main.hdr, is probably the easiest way to create custom versions and/or do a DVD5 relink.

[duende]

Seeing as this is probably considered a copyrighted file I won't distribute it here, but let's just say that if you know what an old GH2 main.hdr file roughly looks like, then the decrypted Rock Band main.hdr is easy to locate in a PS2 RAM dump.

Unless someone takes a serious stab at finding the decryption/encryption keys, the above in combination with a patch to the game's executable that makes it skip the decryption, and thus accept an unencrypted main.hdr, is probably the easiest way to create custom versions and/or do a DVD5 relink.

[GameZelda]

Thanks for this. I've located the file name table in the memory, and I've dumped it. I never worked with memory dumps, so I'm not sure how it works.

I have for sure section1 (the file name table) but the DWORD before it is 58000, that if a little bigger than the real size. The part after it doesn't seem anything logic like section2 or section3 too >_>
_________________

(Ok, I failed to do it in 24 hours... ).

GH:WT-PS2 Customization Progress
[100%] Make it work (w/songs loading) in a DVD5 (thanks psychospacefish!)
[100%] Modify audio (Finally done 25/11/2008)
[100%] Modify charts (Done 26/11/2008! Customs finally )

[GameZelda]

Thanks for this. I've located the file name table in the memory, and I've dumped it. I never worked with memory dumps, so I'm not sure how it works.

I have for sure section1 (the file name table) but the DWORD before it is 58000, that if a little bigger than the real size. The part after it doesn't seem anything logic like section2 or section3 too >_>
_________________

(Ok, I failed to do it in 24 hours... ).

GH:WT-PS2 Customization Progress
[100%] Make it work (w/songs loading) in a DVD5 (thanks psychospacefish!)
[100%] Modify audio (Finally done 25/11/2008)
[100%] Modify charts (Done 26/11/2008! Customs finally )

[GameZelda]

Well, I found one section3 (file table) entry, and I'm trying to see how it works

The method was just to find manually a VgS!, then load it in PCSX2 and find the offset of the file in memory.
_________________

(Ok, I failed to do it in 24 hours... ).

GH:WT-PS2 Customization Progress
[100%] Make it work (w/songs loading) in a DVD5 (thanks psychospacefish!)
[100%] Modify audio (Finally done 25/11/2008)
[100%] Modify charts (Done 26/11/2008! Customs finally )

[GameZelda]

Well, I found one section3 (file table) entry, and I'm trying to see how it works

The method was just to find manually a VgS!, then load it in PCSX2 and find the offset of the file in memory.
_________________

(Ok, I failed to do it in 24 hours... ).

GH:WT-PS2 Customization Progress
[100%] Make it work (w/songs loading) in a DVD5 (thanks psychospacefish!)
[100%] Modify audio (Finally done 25/11/2008)
[100%] Modify charts (Done 26/11/2008! Customs finally )

[cool--ethan]

so do or don't you have the Decryption key?
because i was working on decrypting the .hdr for the 360 version and i was using a method of using a password to find the Key, but just blindly thinking of passwords and checking if they worked or not.

so far after 5 or so passwords i got nothing.
_________________

My Customs
Goals:
[] FC Jordan not once but twice!!!
[x] come up with a realistic goal
[x] Beat Guitar Hero III before the official release on Sunday october 28th

[cool--ethan]

so do or don't you have the Decryption key?
because i was working on decrypting the .hdr for the 360 version and i was using a method of using a password to find the Key, but just blindly thinking of passwords and checking if they worked or not.

so far after 5 or so passwords i got nothing.
_________________

My Customs
Goals:
[] FC Jordan not once but twice!!!
[x] come up with a realistic goal
[x] Beat Guitar Hero III before the official release on Sunday october 28th

[duende]

I don't have the dumped file to hand now, but the data following the string table seemed like they could be offset/size pairs.
The format of the .hdr file has probably changed a bit since GH2, seeing as now 5 ARKs have to be indexed instead of 1, so I wouldn't put too much faith in that 58000 'size' value.

Where in memory did you find the offset for that VGS file? If it's far apart from the string table then it probably means that the decrypted main.hdr was already processed and loaded into separate buffers.

[duende]

I don't have the dumped file to hand now, but the data following the string table seemed like they could be offset/size pairs.
The format of the .hdr file has probably changed a bit since GH2, seeing as now 5 ARKs have to be indexed instead of 1, so I wouldn't put too much faith in that 58000 'size' value.

Where in memory did you find the offset for that VGS file? If it's far apart from the string table then it probably means that the decrypted main.hdr was already processed and loaded into separate buffers.

[GameZelda]

[GameZelda]

[GameZelda]

Well, I've finally associated section2 with section1, so I can now get the folder and the filename of any entry in the offset table

The blocks seem to be like this (Starting at the dword before the file names):

Offset: Contents
0 - DWORD: Size of the file name memory block (including itself)
4 - (size1 - 4): File name table
size1: Size of the string pointers table (in bytes, and seems to have 1 byte more than the real size.
(size1 + 4) - (size1 + size2): String pointers table

After that, there's one dword (probably num. of files) and the offset table starts

Getting section2 real pointers

The best way is to find the minimal value in the table (excluding the pointers to 0).
The minimal value will be by logic the pointer to the first string. So the real pointer will be (value - minimal value) after the start of the first string.

/me realizes that no one understands he

I will try to get section3 now to extract the contents. Anyway, this isn't too useful since we will not still be able to modify the HDR/ARK anyway, and the vgs's seem to be encrypted too
_________________

(Ok, I failed to do it in 24 hours... ).

GH:WT-PS2 Customization Progress
[100%] Make it work (w/songs loading) in a DVD5 (thanks psychospacefish!)
[100%] Modify audio (Finally done 25/11/2008)
[100%] Modify charts (Done 26/11/2008! Customs finally )

[GameZelda]

Well, I've finally associated section2 with section1, so I can now get the folder and the filename of any entry in the offset table

The blocks seem to be like this (Starting at the dword before the file names):

Offset: Contents
0 - DWORD: Size of the file name memory block (including itself)
4 - (size1 - 4): File name table
size1: Size of the string pointers table (in bytes, and seems to have 1 byte more than the real size.
(size1 + 4) - (size1 + size2): String pointers table

After that, there's one dword (probably num. of files) and the offset table starts

Getting section2 real pointers

The best way is to find the minimal value in the table (excluding the pointers to 0).
The minimal value will be by logic the pointer to the first string. So the real pointer will be (value - minimal value) after the start of the first string.

/me realizes that no one understands he

I will try to get section3 now to extract the contents. Anyway, this isn't too useful since we will not still be able to modify the HDR/ARK anyway, and the vgs's seem to be encrypted too
_________________

(Ok, I failed to do it in 24 hours... ).

GH:WT-PS2 Customization Progress
[100%] Make it work (w/songs loading) in a DVD5 (thanks psychospacefish!)
[100%] Modify audio (Finally done 25/11/2008)
[100%] Modify charts (Done 26/11/2008! Customs finally )

[GameZelda]

Well, good news

I've successfully made a tool, and now, I have a TXT file with all offsets, sizes, and filenames.

Some offsets are > than the size of the ARK, and sometimes the dword after the offset is 1.

I think that this could mean the layer (0 first layer, 1 2nd layer) and the offset could be "if offset > size 1st ark { offset -= size 1st ark }" then the offset is referred to the 2nd ark in the layer. But I haven't tested it yet.

EDIT: Nope, offset and size are 8 byte

The DTA/DTB files are duplicated. The DTB files seem encrypted, but the DTA files are unencrypted and decompiled, so you can look at them with any text editor!

In long_cheats.dta there's ONLY the unlock all cheat...
_________________

(Ok, I failed to do it in 24 hours... ).

GH:WT-PS2 Customization Progress
[100%] Make it work (w/songs loading) in a DVD5 (thanks psychospacefish!)
[100%] Modify audio (Finally done 25/11/2008)
[100%] Modify charts (Done 26/11/2008! Customs finally )

[GameZelda]

Well, good news

I've successfully made a tool, and now, I have a TXT file with all offsets, sizes, and filenames.

Some offsets are > than the size of the ARK, and sometimes the dword after the offset is 1.

I think that this could mean the layer (0 first layer, 1 2nd layer) and the offset could be "if offset > size 1st ark { offset -= size 1st ark }" then the offset is referred to the 2nd ark in the layer. But I haven't tested it yet.

EDIT: Nope, offset and size are 8 byte

The DTA/DTB files are duplicated. The DTB files seem encrypted, but the DTA files are unencrypted and decompiled, so you can look at them with any text editor!

In long_cheats.dta there's ONLY the unlock all cheat...
_________________

(Ok, I failed to do it in 24 hours... ).

GH:WT-PS2 Customization Progress
[100%] Make it work (w/songs loading) in a DVD5 (thanks psychospacefish!)
[100%] Modify audio (Finally done 25/11/2008)
[100%] Modify charts (Done 26/11/2008! Customs finally )

[duende]

I'm not sure what dump you're looking at exactly (i.e. when it was dumped during runtime), but mine has the same size as the encrypted main.hdr, and includes the string table (section 1) and offsets to the files (section 3).
I forgot what the HDR layout looks like, but I'm quite sure this dump is complete and can be used to index the ARKs if parsed correctly - which you seem to have figured out at least partially already.

Of course, as you pointed out, in itself this is of little use other than just extracting the contents of the ARKs, but armed with this knowledge it's easier to locate the decryption code and key.

[duende]

I'm not sure what dump you're looking at exactly (i.e. when it was dumped during runtime), but mine has the same size as the encrypted main.hdr, and includes the string table (section 1) and offsets to the files (section 3).
I forgot what the HDR layout looks like, but I'm quite sure this dump is complete and can be used to index the ARKs if parsed correctly - which you seem to have figured out at least partially already.

Of course, as you pointed out, in itself this is of little use other than just extracting the contents of the ARKs, but armed with this knowledge it's easier to locate the decryption code and key.

[GameZelda]

[GameZelda]

[duende]

The VGS files don't look encrypted to me (wouldn't really make sense either), but obviously they are different to GH2 ones, as more tracks have to be interleaved.

[duende]

The VGS files don't look encrypted to me (wouldn't really make sense either), but obviously they are different to GH2 ones, as more tracks have to be interleaved.

[GameZelda]

[GameZelda]

[stupidcarrots]

you guys look like you are getting pretty far with this, but did you think of taking your ps2, putting rockband in, and record all dataflow during a song? it would be a ton, but you would easily get the info you need to crack these things open. just a thought...

[stupidcarrots]

you guys look like you are getting pretty far with this, but did you think of taking your ps2, putting rockband in, and record all dataflow during a song? it would be a ton, but you would easily get the info you need to crack these things open. just a thought...

[Kells]

the ps2 version of rockband uses the same encryption algorythm that the xbox version of gh2 and rockband use .. which incidentally has been broken... source has even been released ;) ...

[Kells]

the ps2 version of rockband uses the same encryption algorythm that the xbox version of gh2 and rockband use .. which incidentally has been broken... source has even been released ;) ...