PS2 PSX DESR 5500 - Introduction and question.

[thewindwaker]

Hello everyone,

Earlier this month, I bought a PSX DESR 5500 for a very reasonable price. I immediately backed up the un-encrypted files from the HDD using HDD Raw Clone Tool and used PS2Ident to pull the HDD-ID, BOOT_ROM, NVM and specs. The hard drive unfortunately, like most PSX DESR's is now dead and the PSX starts up with an error message to contact support, so I was lucky to pull all the data before it died.

On the forum, I have read several posts about the PSX and its hard drive encryption, as well as possible research areas to explore to find a breakthrough that would enable it to be bypassed or tricked.

Two posts I found very interesting were:

Alternatives to cracking DESR / PSX DVR hard drive requirements? - by uyjulian & Psx desr 5000 hdd help - by Davewatts

My question was whether anyone had explored these options, and if not, I would be willing to explore them with my PSX DESR 5500 and help the community. I am skilled in soldering, repairing, and have some technical knowledge, which I hope can be of assistance.

I look forward to your replies.

 

[C21H30O2]

Sadly I don't think there have been any significant updates regarding cracking/hacking the PSX, though it may be worth mentioning this IDE emulator that's supposedly compatible with the PSX, made by some guy named "Felix."

https://3do.dev/products/copy-of-ide-emulator-batch2

I say supposed as I have yet to see any videos/pictures/evidence confirming it actually works on a PSX, but if it does that's definitely an (expensive) option.

2023 is the PSX's 20th anniversary so getting it fully hacked this year would be awesome.

 

[TnA]

It has been hacked...

 

[Berion]

But it is still unpublic, so for end user it is like not hacked at all if he cannot get it to work.

I immediately backed up the un-encrypted files from the HDD using HDD Raw Clone Tool

HDD is encrypted, we don't know how to decrypt. HDD Raw Copy Tool which You mentioned (Clone>>Copy? ;]) only making sector by sector image. You will not getting data from it if no one figure out how to decrypt it, or if You will not write it back to Sony HDD, or if You will not use it with IDE Emulator.

and used PS2Ident to pull the HDD-ID

Are You sure? AFAIK only tool for reading this key is HDD ID Dumper.

BOOT_ROM, NVM and specs.

You still missing xFrom dump (internal flash 8MiB memory). ;]

On the forum, I have read several posts about the PSX and its hard drive encryption, as well as possible research areas to explore to find a breakthrough that would enable it to be bypassed or tricked.

Could You make for me few MiB dump of this HDD/image (i.e by DMDE on Windows or dd on Linux) and send it to me with matching HDD ID? Maybe it is something easy but no one tried yet. ;P

 

[thewindwaker]

I was suggested using the PS2Ident to pull the HDD. I was able to get the following files: DESR-5500_BOOT_ROM, DESR-5500_NVM, DESR-5500_specs and nvm_5.14.0802763.

However, I am open to trying other programs there is a missing file from this.

If you could guide me through the process of making a MB HDD/image dump and I'll be happy help.

 

[C21H30O2]

It has been hacked...

Like Berion basically said, if something's not publicly available, it may as well not exist.

 

[TnA]

It IS available... It's not my fault when most people don't know about it.
It is available and was planned to be released as "FreePSXBoot" and in that week another tool "took" the name.

I have the tool and I don't give Jackshit, what you assume and beLIEve. It exists... That's a fact!

Berion actually CONFIRMED the existence, you got the argument in reverse.

 

[thewindwaker]

It IS available... It's not my fault when most people don't know about it.
It is available and was planned to be released as "FreePSXBoot" and in that week another tool "took" the name.

I have the tool and I don't give Jackshit, what you assume and beLIEve. It exists... That's a fact!

Berion actually CONFIRMED the existence, you got the argument in reverse.

Hi TnA, I was not aware that someone was working on a soluation to fix this PSX hard drive situation.

I was wondering, if the developer who wrote the tool created a GitHub or was the work done in private and tested with trusted developers?

Thank you for confirming this tool. Much appreciated.

 

[C21H30O2]

It IS available... It's not my fault when most people don't know about it.
It is available and was planned to be released as "FreePSXBoot" and in that week another tool "took" the name.

I have the tool and I don't give Jackshit, what you assume and beLIEve. It exists... That's a fact!

Berion actually CONFIRMED the existence, you got the argument in reverse.

I never denied it exists, I'm sure it does. I said it wasn't publicly available and therefore it was basically the same as it not existing.

If this tool is freely available somewhere please let me know because I don't know where to find it. Sorry if this is super obvious.

 

[TnA]

I said it wasn't publicly available and therefore it was basically the same as it not existing.

I understood very well what you WROTE and yet you are WRONG. It is NOT "basically the same as it not existing" and WHO SAID IT WASN'T PUBLIC? Oh! The dude whom you trusted - without even checking the claim he made - which shared misinformation as well!

"Thank you very much AGAIN! @Berion for your FALSE CLAIMS and MISINFORMATION."
...and now that "genius" memorized and regurgitated the claim without ASKING BEFORE or trying to verify ANYTHING...

The tool is not safe, hence not "widely published"!


@krHACKen might give an answer here.

 

[C21H30O2]

I understood very well what you WROTE and yet you are WRONG. It is NOT "basically the same as it not existing" and WHO SAID IT WASN'T PUBLIC? Oh! The dude whom you trusted - without even checking the claim he made - which shared misinformation as well!

"Thank you very much AGAIN! @Berion for your FALSE CLAIMS and MISINFORMATION."
...and now that "genius" memorized and regurgitated the claim without ASKING BEFORE or trying to verify ANYTHING...

The tool is not safe, hence not "widely published"!


@krHACKen might give an answer here.

Alright, thanks for clearing that up then.

 

[TnA]

It's NOT meant to be mean, but informal!

I didn't sleep this night and came across SO MANY misinformation spreaders these days...

 

[Berion]

"Thank you very much AGAIN! @Berion for your FALSE CLAIMS and MISINFORMATION."
...and now that "genius" memorized and regurgitated the claim without ASKING BEFORE or trying to verify ANYTHING...

I don't see anything false on my side. Especially: again. :P

Exploit is not public. I know that WIP version was published on Discord channel year ago. But look, from John Doe perspective, it not exist if he cannot use it nor download it. Facts are it exist, and it is also true that it is not published because not tested or covering all DESRs/all DVRP fw (such bricks are unrecoverable if I'm not mistaken) but for someone who don't have access to it, our facts are only opinion. Do You understand me? :P

 

[Berion]

I was suggested using the PS2Ident to pull the HDD. I was able to get the following files: DESR-5500_BOOT_ROM, DESR-5500_NVM, DESR-5500_specs and nvm_5.14.0802763.

So You don't have HDD ID? What You have mentioned above is copy of BOOT ROM and NVM. For dumping HDD ID You need HDD ID Dumper and... working HDD on working DESR (or PC but I don't remember how to talk with his fw to ask for this key).

If you could guide me through the process of making a MB HDD/image dump and I'll be happy help.

Does this HDD image You've made by HDD Raw Copy Tool as You stated in first post is compressed (*.imgc) or uncompressed (*.img)? If compressed, You need to decompress it first (IsoBuster can read it but dumping from sector range is exclusive for at least Home license). So if compressed and You don't want spend any money on any app, open it in HDDRCT and make image again but this time in *.img (compressed is useless for me as I will not be able to decompress such small data chunk). :P

Then use DMDE, choose option copy sectors, choose *.img file as source and output as file (extension name doesn't matter), select LBA range from starting 0 to ending on 16383.

 

[thewindwaker]

So You don't have HDD ID? What You have mentioned above is copy of BOOT ROM and NVM. For dumping HDD ID You need HDD ID Dumper and... working HDD on working DESR (or PC but I don't remember how to talk with his fw to ask for this key).

Can I use the PS2 ID Dumper that was devloped by -krHACKen on the PSX to get the HDD ID?

Does this HDD image You've made by HDD Raw Copy Tool as You stated in first post is compressed (*.imgc) or uncompressed (*.img)? If compressed, You need to decompress it first (IsoBuster can read it but dumping from sector range is exclusive for at least Home license). So if compressed and You don't want spend any money on any app, open it in HDDRCT and make image again but this time in *.img (compressed is useless for me as I will not be able to decompress such small data chunk). :P

Then use DMDE, choose option copy sectors, choose *.img file as source and output as file (extension name doesn't matter), select LBA range from starting 0 to ending on 16383.

I can confirm that the HDD image is compressed (*.imgc) however, I was able to uncompress it and convert it to (*.img). I will follow the steps you have provided and will get back to you with an update asap.

 

[thewindwaker]

So You don't have HDD ID? What You have mentioned above is copy of BOOT ROM and NVM. For dumping HDD ID You need HDD ID Dumper and... working HDD on working DESR (or PC but I don't remember how to talk with his fw to ask for this key).

Does this HDD image You've made by HDD Raw Copy Tool as You stated in first post is compressed (*.imgc) or uncompressed (*.img)? If compressed, You need to decompress it first (IsoBuster can read it but dumping from sector range is exclusive for at least Home license). So if compressed and You don't want spend any money on any app, open it in HDDRCT and make image again but this time in *.img (compressed is useless for me as I will not be able to decompress such small data chunk). :P

Then use DMDE, choose option copy sectors, choose *.img file as source and output as file (extension name doesn't matter), select LBA range from starting 0 to ending on 16383.

Update: I used PS2 ID Dumper you suggested. I was only able to get Console_ID, ILINK_ID and MC_NVRAM - Each file is around 1KB in size. ID Dumper was unable to get the HDD ID.

I do have a full 8MB NAND of the 5500 model PSX, which is the same as mine.

I found a program on GitHub called PFS_BatchKit_Manager, a batch script that allows you to easily manage your PS2/PSX hard drive. While it is not advised to format the PSX hard drive or use the Option Hack PS2 HDD, There are HDD Management options to create/delete/show partitions, backup or Inject PS2 MBR program, explore PS2 HDD (Mount PFS to Windows Explorer), NBS server and finally Format HDD to PS2 format.

This may not be relevant or helpful to the PSX Hard Drive issue but I thought I would point it out.

 

[Berion]

For dumping HDD ID, You need functional, original HDD.

https://www.psx-place.com/resources/id-dumper.455/

To dump your PS2HDD ID, you need three $ONY drivers (dev9.irx, atad.irx and hdd.irx), which are NOT INCLUDED in this package.

 

[thewindwaker]

For dumping HDD ID, You need functional, original HDD.

https://www.psx-place.com/resources/id-dumper.455/

You mention that the HDD needs to be functional and original. The drive is the original 160GB hard drive, when connected to the PSX, the drive does make noise and reads but an error message occurs. The drive is able to be detected when plugged into Windows under device management.

The drive however is not detected at all when using ulaucher and hangs.
Could it be possible that the drive or something on the drive has corrupted causing this issue or are these the signs on a failing hard drive on a PSX device?

Also, thank you for providing the information about what is required to get the HDDID, I really appreciate it.

I will post an update soon.

 

[Berion]

Drive don't need to be mechanically fine, but his controller must communicate with a console.

On PC, probably You can dump it on Linux via (download sg3-utils). Didn't tried because I don't have any original PS2 HDD. That magic is not mine, found on internet. ;p

sg_raw -o ${HOME}/hdd_id.bin -b -r 512 /dev/sdx 85 09 0d 00 ec 00 00 00 00 00 00 00 00 00 8e 00

meaning of parrams:

• "-o" output location
  
• "-b" binary form
• "-r" request data length
• This strange value at the end is probably undocumented atacmd send to drive, asking his fw for that data.

Replace sdx by valid one for You. lsblk will tell You which is ps2 hdd:

lsblk -p -o MODEL,SIZE,NAME

I found a program on GitHub called PFS_BatchKit_Manager, a batch script that allows you to easily manage your PS2/PSX hard drive.

It is not for DESRs. You will kill second APA index if overwrite data beyond sector range covered by first. Also You cannot mess with bootstrap on __mbr.

 

[TnA]

I don't see anything false on my side. Especially: again. :P

You continually share misinformation. Should I quote everything from the past 2 weeks?

Exploit is not public.

Wrong AGAIN! It is just not massively shared!

I know that WIP version was published on Discord channel year ago.

Oh, it WAS? Aha... and no, the time frame is wrong as well!

But look, from John Doe perspective, it not exist if he cannot use it nor download it.

I do... It DOES exist... It is accessible... You are spreading BS-Misinformation!

Facts are it exist, and it is also true that it is not published because not tested or covering all DESRs/all DVRP fw (such bricks are unrecoverable if I'm not mistaken) but for someone who don't have access to it, our facts are only opinion. Do You understand me? :P

FACT is, that it is available.
FACT is, that it has been published.
FACT is, that you are spreading MISINFORMATION!
FACT is, that I do NOT "stand under you", but contrary to you I DO comprehend the other/you.

NBS server

*NBD-Server

@Berion Bruh... Use the edit button 10 Minutes later... Gosh...