flyinghead / flycast

Flycast is a multiplatform Sega Dreamcast, Naomi, Naomi 2 and Atomiswave emulator
GNU General Public License v2.0
1.45k stars 174 forks source link

Feature Request: 11700/11702 LBA for .cdi selfboot games (useful for triggering anti-piracy stuff in some DC games) #1595

Closed Sukotto-1999 closed 1 month ago

Sukotto-1999 commented 2 months ago

Is your feature request related to a problem? Please describe. Unfortuanently, there's no footage of the real anti-piracy of Sonic Adventure 2 for Dreamcast capped on an emulator. To be clear, Sonic Adventure 2 runs a check to ensure the data track starts at LBA 45000.

I believe when i tried editing the .gdi text thing game won't work on DEmul unless i set the data offset to LBA 45000. I tried using the original .cdi dump of the game but the game unfortuanently works as normal.

Describe the solution you'd like The data track should start at 17000/17002 so it fails the check in some games developed by Sega.

Describe alternatives you've considered The only alternative to trigger is play a burned CD-R of the original scene dump.

Additional context This is the way i can capture footage of the anti-piracy of SA2 (aka Cannon's Core Floor Error) on an emulator, not on real hardware.

YouTube video of this glitch

flyinghead commented 2 months ago

45000 corresponds to the start of the high-density section of GD-ROMS (track #3 and up). There's no such requirement for CDI disks but Flycast doesn't change the start and end sectors of CDI tracks in any way, so the game/BIOS sees the same thing as original hardware reading the corresponding burnt CD-ROM. Note that I don't think this is an anti-piracy feature, but rather a bug in the original pirated CDI. Bugs are common in pirated CDIs but I don't know why this one doesn't happen on emulators.

MastaG commented 2 months ago

yes, afaik only Echelon was able to "fully" crack it, making it possible to finish the game 100%. But even they didn't manage to fully crack it at first. They've released a separate patch which fully fixes it. You can find it here: https://www.consolecopyworld.com/dc/dc_patches_s.shtml

The "Protection Fix" is the one from Echelon for their own release to make it so you can finish the game 100%.

There's also a LBA fix by some other user which changes the start of the data track from 11700 to 11702, because some CD burners had trouble with such a small lead-in.

If you first apply the Echelon protection fix, then make a copy of the .cdi image and apply the LBA fix, you can actually hex-compare the two 1ST_READ.BIN files and see what was changed to make the game boot from LBA 11702. If I remember correctly it's 11700 + 166 sectors which 11866 which becomes 5A2E in hex (byte swapped). The LBA patch changes one of this occurrence to 5C2E (11702 + 166) in hex (byte swapped).

You can manually change this to A600 (LBA 0 + 166) and make a data/data cdi with cdi4win.