PSX Dongle Protection

Dongle protection has been applied to many ‘press’ PlayStation releases lately. Here is just another quick lesson to keep you informed.

The ‘dongles’ are usual memory cards. No special hardware is attached, thus you have two choices:

1) Raw copy the dongle to any memory card. This is a simple exercise if you ever worked with the Sony libraries. We in Paradox will be releasing a raw copy program in the future PLUS a CD image / AR exe that will let you create the raw copy that you desire – just for fun.

2) Patch the program that checks for the desired memory card data. This is easier (if you know how to use a debugger properly) , and much more suitable for the ‘normal’ consumer, meaning the program will run easily without dongle.

The ‘protection’ scheme is stored in the first memory card block. The usual size of a memory card is 16 blocks, but normal consumers will only be able to use 15 blocks. This is caused by the fact that the memory card is mounted as a device….meaning the first block keeps the file alloc table for the files that are stored on the memory card.

This is the easy explanation why a dongle cannot be copied in the memory card manager – you would copy all the block information but not all the information stored in the file alloc table. Usually it’s something like game name © by the releasing game company, and the program just reads the memcard info raw and checks if that slogan is present. So all you do is trace the program for either the first memcard access (breakpoint) or you just tracewalk it to get to the specific routine. Parameters are usually given in a register (v0, t0 etc.), so it’s easy enough to patch that single instruction instead of really understanding how it works at all – always remember, the result is the aim, no matter how you really achieved it (noone will care afterwards anyhow).

So feel free to give yourself a go – if you are into r3k asm atleast a bit, you will get set sooner than you think.

Have phun,

Freefall/PDX