MK Style Program for gt4??? Will There be one?

Discussion in 'Hybriding' started by SRT-4, Feb 24, 2005.

  1. crazyazn7412

    crazyazn7412

    Messages:
    300
    is anyone here actully know mk? just wondering
     
  2. NoQuarter

    NoQuarter Premium

    Messages:
    949
    Location:
    United States
    Only vicariously through the GTF, House of GT and GTX over the last 4 years.
     
  3. SRT-4

    SRT-4

    Messages:
    60
    Ugh, mybe it will never happen :(
     
  4. crazyazn7412

    crazyazn7412

    Messages:
    300
    if he wont do it we will.
     
  5. NoQuarter

    NoQuarter Premium

    Messages:
    949
    Location:
    United States
    At this point it doesn't sound as much like he won't do it as much as it sounds like it will be either very difficult or even impossible...
     
  6. cardude2004

    cardude2004

    Messages:
    3,001
    Did the developers code it the way it is codes so that making hybrids would be hard or impossible?
     
  7. 2o

    2o

    Messages:
    149
    Probably cardude.

    Well looks like I'll beat GT4 and trade her in pretty soon then. I growing tired of my ps2 and all its notorious problems. Gran Turismo & GTA series were the only reasons I've hung on to it this long so I'll keep it for those games and GT3edit but Sony isn't getting another dime out of me as far as new games go. Hello Doom3 & Chaos Theory.
     
  8. NoQuarter

    NoQuarter Premium

    Messages:
    949
    Location:
    United States

    mk is apparently working it right now, trying to find out exactly how PD had changed the parts coding. d0hc is also working on the save/test suggestions that mk posted in this thread at the GTX (be patient...the site was hacked yesterday, and has been up and down as Emion has been fixing it).

    It's not looking too hopeful at the moment, but if it can been done, mk will do it...
     
  9. cardude2004

    cardude2004

    Messages:
    3,001
    ^I am not in a rush, I was just wondering.
     
  10. German Muscle

    German Muscle

    Messages:
    583
    I spoke to MK and ill give you all a heads up when i hear back from him.
     
  11. German Muscle

    German Muscle

    Messages:
    583
    Well i heard back from him. It isnt looking good at all as I thought. He said that they encrypted the game and save file so for now its gameshark etc only. If he cant get into the game ill likely take mine back after i get 100%. GT4 didnt hold anyones attn near as long as GT3, plus you can hybrid in GT3.
     
  12. Tallman

    Tallman

    Messages:
    15
    Well if he wont be able to develop a program do you think we will still be able to hybrid just by using codes to switch or manipulate engines/turbos/NA tune, Boost HP/brake power/downforce etc etc??? Or is it once the parts are applied to that car they can not be changed or used on another car? (The parts and settings meant for one car cannot be used on any other car because of the coding)?
     
  13. megashawn

    megashawn

    Messages:
    42
    Ok, so I said I was gonna take a swing at figuring this out. I have not accomplished anything special yet, but I think I've atleast determined it will b e possible.

    I've spent about 4 hours yesterday creating, copying, and comparing gamesaves. I was trying to discover the location of the selected car. As best as I can tell, it appears to be the very fist 3 lines.

    Example. I started a brand new game, and saved it before doing anything. Copy the save and use Save Builder to extract the garage file. Using Ultra Edit, I opened the file and said "Oooh pretty numbers" and reloaded gt4.

    I purchased a 90 CRX from the used garage and also saved it, making it day 2, having a lil more then 5k credits.

    I loaded both garage files in Ultra Edit, and the only thing different about them is the top 4 lines.

    I could not find a single difference in the rest of the files. So it is my belief these top 4 lines of the garage file are something important.

    I have no idea what to do with the encryption, but comparing to saves from other games, it really doesn't look that odd. I'm no programmer, I know enough about hex to be able to convert values and such, but thats really about it. I'm gonna see if I can't pull in some more assistance on this, and I'll report anything interesting I find.

    A couple questions I've had while going through this testing;

    What purpose does the "BASCUS-97328GAMEDATA" serve?
    Why can't I combine the garage file from one save, and the Gamedata file from another and it work?


    And one other thing I noticed, I recently applied the "FUll garage code" to my save. It gives you one of each car on the game. The last car I was driving before using this code was the "Toyota 7" which has a huge amount of HP.

    When I applied the code, the car in the very first slot, seems like it was a Fiat, said it had over 1100 HP. I was frantic "Ahh, and 1100 hp Fiat WOOHOO" but as soon as I selected it, the power returned to normal.

    It makes me wonder though if you couldn't "swap parts" so to speak by using a high performance car and a code forcing a different car in its spot. The code would have to be more specific then the Full Garage code, but I thinkt here may be some potential here.

    One last questions; since when have Cheat device company's become so anal about sharing the code creating knowledge? I have a recent GS and a CB 9, and I cannot for the life of me figure out how to make my own code.
     
  14. crazyazn7412

    crazyazn7412

    Messages:
    300
    they suck like that. anyhow the file is still waaayyyy too encrypted, especially to go through 1.5 megs of code...god i miss my hybrids
     
  15. NoQuarter

    NoQuarter Premium

    Messages:
    949
    Location:
    United States
    Intellectual property?

    Engaging in business to make a profit?
     
  16. megashawn

    megashawn

    Messages:
    42
    but they do not make money off the codes themselves, only the devices that allow the use of the codes.

    I'm just saying, there was a point in time when one could take a GS code, tinker around with it a bit, and make it do something completly different. Those days are gone, and I'm curious as to why.

    I suppose making it hard or impossible to change a code could help you make more money, but personally, I'd give all my cheating business to the company that still allows you to modify codes.

    Heck, the old GS used to come with instructions on how to make your own codes. And it seems it would be even better for business if the communtiy of users, of say, a codebreaker, actually helped design codes. I mean, how many people on this forum would make codes if they could? If the people that are buying your product are making stuff to be used with that product, heck, they are paying you to make stuff for you.

    So I don't think I.P. or profits has anything to do with it.
     
  17. crazyazn7412

    crazyazn7412

    Messages:
    300
    ..its been a while. any word at all?
     
  18. megashawn

    megashawn

    Messages:
    42
    I've heard nothing else about it really. I pretty much give up, I'm no pro, but I can't get anything to work. If I change so much as a byte of data anywhere in the save, it becomes useless.

    Someone needs to get a job at PD and figure out what they did. Lil covert ops!!

    I for one am upset they put so much effort into stopping hybrids, yet, no 2 player drag and no online mode.

    Seems if they would have spent the anti-hybriding effort on those modes, or either, we'd have them.
     
  19. Tedehur

    Tedehur Staff Emeritus

    Messages:
    4,322
    Seems hard indeed since the file seems crypted.
    However, it seems that replay files leak information enough about their content to make some sort of GT4 replay manager.

    If we look at our replays in the X-port or SharkPort program (in the memory card tab), we can see that the files are named
    BASCUS-97328BXXXXY?Y for NTSC-US, or
    BESCES-51719BXXXXY?Y

    It seems from the replays posted in the WRS and other forums that the 4 red characters are linked to the track that was used :
    3MWi = Autumn Ring (3 replays checked)
    SMWi = Cathedral Rocks Trail I (1 replay checked)
    ZHSi = Citta di Aria reverse (1 replay checked)
    iMWi = Deep Forest (1)
    1tWI = El Capitan reverse (4)
    zMWi = Fuji Speedway 90's (6)
    UMWi = Tsukuba Circuit (1)

    i5C5 = B2 license (1)

    Could anyone check and confirm this ?
     
  20. Tedehur

    Tedehur Staff Emeritus

    Messages:
    4,322
    No good news from my tests tonight.
    I created a new gamesave with username 'A' and X-ported it to my PC.
    I created then another gamesave with the same username and X-ported it too.
    Both are empty gamesaves with the same username, which means they can only differ by their creation time.
    Yet, both hex files are about 99% different.
    From address 00000251 on, almost everything is different, except some bytes here and there and the scores of zeroes in the end.

    This means that the game save is crypted, and trying to copy/paste blocks from a save to another is pointless.
    The only way to break in is to find information on the encryption method, and the only information we have is that it's linked to the date of creation.

    However, if the date of creation is part of the encryption method, it has to be stored uncrypted to be used. (I mean, when you have a safe, you don't put its key inside : you have to keep it outside to be able to open the safe). And it has to be stored at a place where it's easy to find. I'm thinking at the 4 last bytes of the gamesaves, which look like a checksum but are not any common checksum. Perhaps a coded date ?

    Strange thing is this doesn't match what megashawn wrote earlier, that by purchasing a car only the four first lines of the file were changing.
    I'll purchase a car or run B1 license in both my empty gamesaves to see how it impacts the file.
    Perhaps only the creation date/time matters, and not the saving date/time ?

    Let's now hope that PD used a common encryption method that has documented fails and that can be decrypted within a reasonable time.
    Or else hybrid fans will have to dust off the old GT3 discs.

    @megashawn :
    I can see 2 reasons why you can't cut and paste blocks from one save to another one.
    1) there is a checksum somewhere in the file, and pasting new data makes the checksum mismatch the data.
    2) data you paste is crypted using a different method than data you're pasting in.
    In both cases it has no chance to work at all.
     
  21. NoQuarter

    NoQuarter Premium

    Messages:
    949
    Location:
    United States
    Good stuff, flat-out :tup:

    Unfortunately, this, along with mk's discussion at the GTX, does not bode well for the future of unrestricted hybridding in GT4.

    Shame on PD for going to such lengths to block this marvelous aspect of Gran Turismo (if, indeed, the object of such encryption was to prevent hybridding).
     
  22. MrGrumpy

    MrGrumpy

    Messages:
    21
    I'm also guessing they also use the name you enter when you start a new game to mix things up a bit.

    Also just a word of warning if someone manages to break the encryption this will actually violate the DMCA in the United States. An identical thing happened with Tecmo and the website Ninjahacker (encryption was broken on their file formats).

    So please be careful.

    EDIT:
    There possibly could be a way around it. What it would involve a single Action Replay(AR) code which patches in a jump over the encryption function and allows you to save/load the GT4 data in its native format, 3rd party garage editors wouldn't be breaking any encryption this way.

    The downside is that you would have to use the AR code everytime you wanted to use your unencrypted hybrid garage within GT4.

    Cheers
     
  23. Tedehur

    Tedehur Staff Emeritus

    Messages:
    4,322
    Anyway, if they encrypted it well, we won't be able to break in.
    The best solution to break an encryption method is to encrypt known data with the method and look at the encrypted result. By repeating this a certain number of times on slightly different data, you can figure out what's the method is doing.
    The problem here is that we don't know what the original look like.
    Creating an empty gamesave should result in a very small file, but it still gives a 1.5Mb file. What is it filled with ? We don't have a clue.
    I'll try a small modification (run one licence) on an empty save, and see what's the effect on the file.
    But I'm neither professional nor experimented : I just know how things are working on the theoretical point of view, and thus I can do simple tests.
    If these tests give no result, then I surrender :D
     
  24. MrGrumpy

    MrGrumpy

    Messages:
    21
    flat-out I understand what you mean but in the United States (and possible now Australia, not sure though?) that will still constitute "Reverse Engineering" under the DMCA (the law is a mess).

    Anyway I'm sure everyone knows that you entire car collection is held in the 1.22MB "garage" file and most probably only a pointer to the current car is stored in the games main save file (232KB). Then you hit the encryption... :lol:

    And... I'm suprised no-one has grabbed a MIPS disassembler, uncompressed "core.gt4" and stepped through it to see what it does with regards to it's saving of files. <- Thats a big DMCA no no! :lol:

    I really want to see this done as well (look at the increased longevity GT3 gained from MK's program), but there's this crazy law that hanging overhead that more and more companies are starting to enforce. I'm just trying to understand this from different points of view.

    Cheers
     
  25. RC45

    RC45 (Banned)

    Messages:
    1,629
    Location:
    United States
    All this means is that PD and Sony pretty much screwed the golden goose.

    The reason GT became such a great franchise and money maker is that an awesome community developed around the games - and hybrids/mods just enhanced this longevity.

    By going to such lengths to prevent the prolonged use of the game (many of us kept using GT3 long passed the sell-by date only because of mods/hybrids) PD and Sony pretty much alienated many the core fan base of the franchise.

    Their loss - not ours.
     
  26. Tedehur

    Tedehur Staff Emeritus

    Messages:
    4,322
    After some more hex editing, I reach the following, but reading now MrGrumpy's post it seems that I've been re-doing things already done.


    File signatures
    XPS files are signed by '0D 00 00 00' on first 4 bytes.
    Different blocks within the GT4 file seem to be signed by 'FA 00' on first 2 bytes.


    Content of a game save
    Block 1 :
    - 91 bytes from 00000000 to 0000005B
    - starts with XPS signature (0D 00 00 00)
    - contains X-port file information such as save name, date and hour of saving.

    Block 2 :
    - 250 bytes from 0000005C to 00000155
    - starts with FA 00 signature
    - contains PS2 file name (BESCES... or BASCUS...) and 2-byte blocks following the pattern 81 XX or 82 XX and ending with 81 6E or 8E 00

    Block 3 :
    - 249 bytes from 00000156 to 0000024F
    - starts with FA 00 signature
    - many zeroes and 3 times the word 'garage'

    Block 4 :
    - 64 bytes from 00000250 to 0000028F
    - no recognizable pattern

    Block 5 :
    - 1,280,000 bytes (1.22 Mb) from 00000290 to 00138A8F
    - no recognizable pattern
    - the 'FA 00' bytes appear several times, but it's hard to say if they are regular data or should be considered as new block signatures

    Block 6 :
    - 250 bytes from 00138A90 to 00138B89
    - identical to block 2 ?

    Block 7 :
    - 237,760 bytes (232 Kb) from 00138B90 to 00172C49
    - no recognizable pattern
    - the 'FA 00' bytes appear several times, but it's hard to say if they are regular data or should be considered as new block signatures

    Block 8 :
    - 10,046 bytes (9.8 Kb) from 00172C4A to 00175387
    - starts with FA 00 signature
    - seems to be made of several smaller blocks

    Block 9 :
    - 1,214 bytes (1.1 Kb) from 00175388 to 00175845
    - starts with FA 00 signature
    - seems to be made of several smaller blocks
    - filled with zeroes

    Block 10:
    - 4 bytes from 00175846 to 00175849
    - looks like a checksum


    Game save comparison
    File A : empty gamesave created on May 2nd
    File B : file A loaded and saved again on May 4th
    File C : file B loaded, entered licence B1 and left without racing to increase day count

    A / B
    Block 1 : only a difference on the date
    Block 2 : few differences, hard to identify
    Block 3 : few different bytes, some similar to other different bytes in block 2.
    Block 4 : all 64 bytes are different
    Block 5 : every byte from the 1.22 Mb block is identical
    Block 6 : few different bytes, similar to blocks 2 and 3
    Block 7 : almost every byte is different
    Block 8 : few different bytes, similar to blocks 2, 3 and 6
    Block 9 : few different bytes, similar to blocks 2, 3 and 6
    Block 10: all 4 bytes are different

    B / C
    Block 1 : only a difference on the hour
    Block 2 : few differences, hard to identify
    Block 3 : only bytes 000001B1 and 000001B2 are different ('01 01' for day 1, '36 06' for day 2)
    Block 4 : all 64 bytes are different
    Block 5 : every byte from the 1.22 Mb block is identical
    Block 6 : few different bytes, similar to blocks 2 and 3
    Block 7 : almost every byte is different
    Block 8 : all bytes are identical
    Block 9 : all bytes are identical
    Block 10: 3 of all 4 bytes are different


    From this, I would guess that :
    - blocks 1, 2 and 3 belong to the xps file, not to the game save
    - block 4 is a key to decrypt block 7
    - block 5 could be the garage, encrypted with a fixed encryption method
    - block 6 (?)
    - block 7 could be game data (diary, licenses, best times...) encrypted with a variable key
    - blocks 8 and 9 contain game icons (?)
    - block 10 is a checksum of a whole gamesave


    Next step will be to run B-1 licence and control what has changed.
     
  27. C53A 4G63T

    C53A 4G63T

    Messages:
    43
    I personally dont feel the DMCA thing is anything to worry about.

    The reason GT3 stayed intresting to me was because of hybriding. I also think that with the online mode removed from this version, they might not have as much of a problem with it than if there was online play. Now the issue is, will they use the same encryption format in the future versions that include online play. That is where things could get messy for the people working on crakcing the cypher. There is a thin line we stand upon, but if we tread lightly, i think we could hammer this one out without creating too much attention.
     
  28. cmetom

    cmetom

    Messages:
    100
    are we saying that this encryption is in the GT4 saves themselves, or the file formats you get when you copy them with an x-port or gameshark or whatever?
     
  29. Tedehur

    Tedehur Staff Emeritus

    Messages:
    4,322
    As far as I understood what I saw while hex-editing the files :
    1) the garage (1.22 Mb) is encrypted, and the encryption method of a given game is different from the method of another game (depends on the creation date/time).
    2) the game save (232 Kb) is encrypted and the encryption method changes everytime you save (depends on the last save date/time).
    3) both are also compressed since the resulting 1.5 Mb file cannot be compressed further by a zip program.

    The X-port doesn't encrypt/decrypt anything. It's merely a file transfer device.
    I think we can figure out what the game is saving on which part of the file, but I doubt we'll ever break the encryption and be able to write ourselves something relevant in the file.
    If bytes 00000250 to 0000028F are a compression table or an encryption public key, as I guess, it means the file is crypted with a 512 bits key. And ATM, breaking RSA-155 (which uses 512 bits keys) needs 35 years of computing time. :grumpy:
     
  30. tickaz

    tickaz

    Messages:
    90
    Location:
    Jamaica
    Flat out here something to try.
    create a game save.
    then change the time configeration for your PS2 console
    then create a simular
    and then compare the game data :indiff: