MK Style Program for gt4??? Will There be one?

  • Thread starter SRT-4
  • 78 comments
  • 7,430 views
um....no...if i'm not mistaken there are no save options in the config... it wouldnt be relevent to anything and even if it is different. every time you save the file the encryption method is different...you wouldnt be able to tell if changing the config did anything at all
 
tickaz
Flat out here something to try.
create a game save.
then change the time configeration for your PS2 console
then create a simular
and then compare the game data :indiff:
I didn't mention it but I did it :
saves created on 2005/05/02 and 2000/01/01 are 99% different too.
Even created with a 15 minutes time difference only they are different.

That's why I think that the creation date and time are part of the encryption key.
 
Someone said that the key wouldnt be in the safe or save as it were. But it has to be otherwise you couldnt play your save on another ps2. Its either on the gt4 disk or in the save, or parts of both.

If the garage data is allways the same even if you add cars to it then its probly on a seperate encryption rite? Does the data change from other peoples saves? From other game disks? other PS2s? mem cards? There may be a huge possibility of keys from part console/disk/time of creation. But it should be in the save.

I dunno.

Maby we should just threaten SCEA or whoever saying that if they dont make a patch cd or hybird program and distribute it FREE to everyone that wants one. we will never buy a slaystation game or console ever again! A formal petition. Collect signatures and stuff.

I still play GT3 just because I can hybird! If my cd gets toasted, I buy a new one. So far with GT4, if it got toasted, Oh well, it wasnt THAT good.
 
ÑЇŞΜ●
....
Maby we should just threaten SCEA or whoever saying that if they dont make a patch cd or hybird program and distribute it FREE to everyone that wants one. we will never buy a slaystation game or console ever again! A formal petition. Collect signatures and stuff.
bah, i dunno bout that 👎
 
I'm quite curious how the checksum works.
Would be nice to at least figure that out, so we can rename replay files.
Thats the main thing i'm looking for right now, you can't copy a file onto the memcard if it has the same name as an existing file. But if you hex edit a max file and change it from say, GhostReplay[5] to GhostReplay[99] it buggers the CRC.
Anyone figure out how to fix the checksum so hacked files can be loaded back onto the memcard?
 
crazyazn7412
question?!?! Who here is still actually trying? I have but to no avail
I got my PS2 started again - and actually thought about this yesterday...

I've also, some time ago, been hex editing a little in the savegame - But since it's coming through the X-Port - the saves are riddled with X-Port info in the beginning making it useless for running through John the Ripper... I need a way of getting the raw save off the Memorycard...
 
Save Slicer can do this.
It extracts from the .xps or .sps file the original files stored on the memcard.
Windows version attached.

I haven't taken a look at this recently, but there is a thread concerning this on GTX, in which MK's posting too.
As far as I remember :
- the file is compressed (try to zip it and you won't save much space)
- the 64 first bytes of the gamesave could be the compression/decompression table.
- 2 identical gamesaves (empty, same language, same driver's name) created on the same console are totally different, so the compression might also encrypt data using a table based on the date/time of creation
- in that case the date/time of creation has to be stored outside the main save file
 

Attachments

  • SaveSlicer.zip
    20.3 KB · Views: 20
flat-out
Save Slicer can do this.
It extracts from the .xps or .sps file the original files stored on the memcard.
Windows version attached.

I haven't taken a look at this recently, but there is a thread concerning this on GTX, in which MK's posting too.
As far as I remember :
- the file is compressed (try to zip it and you won't save much space)
- the 64 first bytes of the gamesave could be the compression/decompression table.
- 2 identical gamesaves (empty, same language, same driver's name) created on the same console are totally different, so the compression might also encrypt data using a table based on the date/time of creation
- in that case the date/time of creation has to be stored outside the main save file

I posted on gtx about this stuff. If you use saveslicer, you'll understand what I'm talking about...

-The gameinfo/gamedata section seems to be the only thing crypted. Duplicate saves, 100% different.
-The garages are the same, only the first few bytes change in that section. The garage section seems to only be a placeholder list for the cars (same order you'll see in the game garage).
-Now, the encryption could be 1 of 2 things... a timestamp, down to the second - so you get a different gamedata everytime ie: if you save @ 12:30:21 and then save again 10 seconds later, you'll end up with savegames identical EXCEPT FOR: the gamedata section and the first few bytes of the garage section.
-The other option, is that its a randomly generated "key" every savegame. The one thing I noticed - refering to the first few bytes of the garage section that changes. If I take the 2 savegames, identical - except they were saved 10 seconds apart - take swap the part of the garage section around to the other save (the first few bytes) - the savegames would not work. It would save "corrupt save" error or lock up. Now, interestingly enough - I pop the memcard in slot2, load it up via arcade mode (2player battle), I could use the first car (it runs like it does stock), any other car I try and use on that savegame - the game crys with this new error "please insert the correct memory card and try again".

-Basically, what I'm saying is that the key to hybriding (or atleast decrypting the gamedata section of the savegame) - is that first part of the garage section. Whatever it is, it is vital to the game playing off that card. Arcade mode works - kinda, shows the list in the garage, because that is NOT encrypted. However the reason the first car is usable (albeit in stock form, is unknowon - maybe its because it is the default, primary car?). But basically, from my own testing: That lil section of code is what decrypts the gt4 gamesave, lets gt4 know how to read the gamedata. Thats why it crys when u change it - because that is the key to another gamesave and it won't work with that one - defaulting to corrupt status untill you restore that section.

Hopefully this'll spark some creative discussion about this. Maybe an algorithm could be figured using that "key" in the begining of the garage section - and trying to figure the gamedata section.

-l8r
 
Death Scythe
I posted on gtx about this stuff. If you use saveslicer, you'll understand what I'm talking about...

-The gameinfo/gamedata section seems to be the only thing crypted. Duplicate saves, 100% different.
-The garages are the same, only the first few bytes change in that section. The garage section seems to only be a placeholder list for the cars (same order you'll see in the game garage).
-Now, the encryption could be 1 of 2 things... a timestamp, down to the second - so you get a different gamedata everytime ie: if you save @ 12:30:21 and then save again 10 seconds later, you'll end up with savegames identical EXCEPT FOR: the gamedata section and the first few bytes of the garage section.
-The other option, is that its a randomly generated "key" every savegame. The one thing I noticed - refering to the first few bytes of the garage section that changes. If I take the 2 savegames, identical - except they were saved 10 seconds apart - take swap the part of the garage section around to the other save (the first few bytes) - the savegames would not work. It would save "corrupt save" error or lock up. Now, interestingly enough - I pop the memcard in slot2, load it up via arcade mode (2player battle), I could use the first car (it runs like it does stock), any other car I try and use on that savegame - the game crys with this new error "please insert the correct memory card and try again".

-Basically, what I'm saying is that the key to hybriding (or atleast decrypting the gamedata section of the savegame) - is that first part of the garage section. Whatever it is, it is vital to the game playing off that card. Arcade mode works - kinda, shows the list in the garage, because that is NOT encrypted. However the reason the first car is usable (albeit in stock form, is unknowon - maybe its because it is the default, primary car?). But basically, from my own testing: That lil section of code is what decrypts the gt4 gamesave, lets gt4 know how to read the gamedata. Thats why it crys when u change it - because that is the key to another gamesave and it won't work with that one - defaulting to corrupt status untill you restore that section.

Hopefully this'll spark some creative discussion about this. Maybe an algorithm could be figured using that "key" in the begining of the garage section - and trying to figure the gamedata section.

-l8r

The "key" you mention is 64kb, and I too believe that it's an decryption/decompression table. But 64kb means 512 bits, which is a good enough encryption level to leave us no chance of cracking it. Unless it has known failures.
 
Back