• Hey, Guest!

    XenForo 2.2 is coming soon, it's bringing many new features such as a PWA app for OG etc. It also comes with the drawback of more costs to update themes/some addons. It'll also remove access to some older browsers which'll suck but these shouldn't be used as their security sucks.

    With the costs already looming we decided to improve OG's look with a new fancy theme that gives OG a more gamer feel. This has cost us only slightly more than it would have cost to renew the current theme and runs alot nicer.

    You can beta test it here: Linky. (Please note only dark is live, light will come once issues are ironed out.)

    If the current theme breaks on update we will end of life it, but we'll make something looking similar based on the default free theme so don't fret!

Dreamcast Wince+CDDA Fix

Pitito

AG Refugee
Refugee
Registered
Joined
Jun 19, 2019
Messages
117
Reaction score
116
AG User Name
pitito
AG Join Date
03/08/2015
We have found how to make tracks work in Wince, only for those games that give problems in their reproduction of tracks (at the moment only Nightmare Creatures 2 has been tested in Dmul and GDEMU and the tracks are played correctly)

In ip.bin hacked with binhack, go to this offset
Captura de pantalla (10).png


Substitute those 2 values for 0900 and save.

Mount your iso and the tracks will play correctly

Tested games
Nightmare Creatures 2 (Demul and Gdemu and CD) Working
Bust and Move 4 Working
Midway Greatest Arcade Hits 2 Working
Worms Armagedón Working
Spirits of Speed 1937 Working (Although the gdi does not load tracks in the race, but it does in menus)
Rainbow Six US NTSC Working (If you substitute in the Pal version 0winceos by the one of the Us ntsc version, cdda will also work in the Pal version)
 
Last edited:

megavolt85

DreamShell Developer
Refugee
Registered
Joined
Jun 17, 2019
Messages
104
Reaction score
175
AG User Name
megavolt85
AG Join Date
01.09.2015
8C0010F0 is not IP.BIN, is pointer to GD_syscall's
 

Pitito

AG Refugee
Refugee
Registered
Joined
Jun 19, 2019
Messages
117
Reaction score
116
AG User Name
pitito
AG Join Date
03/08/2015
Yes, I know that the ip.bin's RAM starts at 8C008000, but from 8C000000 to the position where the ip.bin starts, there is track access data like lba and others.
So it seems strange to me that this pointer is found 23 times, like 23 tracks that the game has.
 

Pitito

AG Refugee
Refugee
Registered
Joined
Jun 19, 2019
Messages
117
Reaction score
116
AG User Name
pitito
AG Join Date
03/08/2015
Bincon is a program used to hack wince and ip.bin binaries, this has been used for a lifetime :)
 

truemaster

AG Refugee
Refugee
Registered
Joined
May 31, 2019
Messages
199
Reaction score
155
if this works on read dc too it will be a big discovery. i can test some games for you
 
Last edited:

fafadou

Registered
Registered
Joined
Aug 16, 2019
Messages
159
Reaction score
99
AG User Name
fafadou
Yes if you Can rebuild of hack the gdi is a huge thing you just find :)
 

FamilyGuy

2049 Donator
2020 Donator
2019 Donator
Refugee
Registered
Joined
May 31, 2019
Messages
267
Reaction score
271
AG User Name
-=FamilyGuy=-
AG Join Date
March 3, 2007
I'm not sure I'm following your steps completely...

You need to run binhack on the ip.bin to have a working selfboot don't you?

I know that the original binhack doesn't actually touch WinCE binaries, but the bootsector has to be injected with at least the mil-cd bootstrap and size of the bootbin, no?
 
Last edited:

Pitito

AG Refugee
Refugee
Registered
Joined
Jun 19, 2019
Messages
117
Reaction score
116
AG User Name
pitito
AG Join Date
03/08/2015
Binhack I have not used it, since 0winceos is not controlled by lba
Only by placing the lba + 150 in the TOC the game works smoothly

If you use binhack, it also deletes necessary data in ip.bin in addition to deleting the logo

I encourage you to try it, and you will see that it works, if you want I can send you a private iso created with this method.

I do not know if I can post isos here, if a mod give me permission I will post it :)

I have tried two games, one is the Nightmare Ceatures and it boots perfectly, in addition to its tracks working perfectly.

I have also tested with the Sega Rally 2, this boots perfectly, but still does not work the tracks.
This type of games in which the tracks do not work at all, must also have some protection by lba or something else of the style
As I explain in the main post, these games have a BGM menu that is linked to the tracks

@FamilyGuy
I have not tested it in console, but in dmul emulator with bios 1.01d it works.
So I don't think there are any problems on the console
 
Last edited:

truemaster

AG Refugee
Refugee
Registered
Joined
May 31, 2019
Messages
199
Reaction score
155
according to el bucanero dc rip database sega rally 2 needs dahack. so there must be lba protected files exept 0WINSEOS
 

FamilyGuy

2049 Donator
2020 Donator
2019 Donator
Refugee
Registered
Joined
May 31, 2019
Messages
267
Reaction score
271
AG User Name
-=FamilyGuy=-
AG Join Date
March 3, 2007
according to el bucanero dc rip database sega rally 2 needs dahack. so there must be lba protected files exept 0WINSEOS
Dahack is for fixing some audio track issues.

I'm still skeptical a backup would run without the mil-cd bootstrap...
 

truemaster

AG Refugee
Refugee
Registered
Joined
May 31, 2019
Messages
199
Reaction score
155
i had created before some years ago a pal cdi of quake3 arena a cdda game using the information from el bucanero. exept its 1stbin it nedded dahack to other files to even boot. and a utility caled cdda i think for cdda audio (from what i remember its been a long)
 

FamilyGuy

2049 Donator
2020 Donator
2019 Donator
Refugee
Registered
Joined
May 31, 2019
Messages
267
Reaction score
271
AG User Name
-=FamilyGuy=-
AG Join Date
March 3, 2007
i had created before some years ago a pal cdi of quake3 arena a cdda game using the information from el bucanero. exept its 1stbin it nedded dahack to other files to even boot. and a utility caled cdda i think for cdda audio (from what i remember its been a long)
If I'm not mistaken, dahack is basically just replacing 45166 references to LBA+166 and 45150 to 0+150, it's hack1 for LBA and hack2 for 0. It can be required for a backup with digital audio (hence DAhack) to boot at all.

CDDA hack is a completely different beast, I think it removes the requirement for the three audio padding tracks, among other things. I'm not sure how it actually works.

See my attempt at documenting those hacks here.
 
Last edited:

Pitito

AG Refugee
Refugee
Registered
Joined
Jun 19, 2019
Messages
117
Reaction score
116
AG User Name
pitito
AG Join Date
03/08/2015
@FamilyGuy As soon as I get home I pass you the Nightmare Creatures 2 made with this method.
 

darcagn

AG Refugee
Refugee
Registered
Joined
May 30, 2019
Messages
128
Reaction score
160
AG User Name
darcagn
AG Join Date
May 12, 2007
Dahack is for fixing some audio track issues.

I'm still skeptical a backup would run without the mil-cd bootstrap...
"MIL-CD bootstrap" is just performing scramble in memory (so the bin doesn't need to be scrambled on the disc) and GD-ROM unlock. Scrambling the binary beforehand solves the scramble in memory part. I don't know how it'd get around the GD-ROM unlock part, though, unless WinCE itself does this or something...
 

FamilyGuy

2049 Donator
2020 Donator
2019 Donator
Refugee
Registered
Joined
May 31, 2019
Messages
267
Reaction score
271
AG User Name
-=FamilyGuy=-
AG Join Date
March 3, 2007
"MIL-CD bootstrap" is just performing scramble in memory (so the bin doesn't need to be scrambled on the disc) and GD-ROM unlock. Scrambling the binary beforehand solves the scramble in memory part. I don't know how it'd get around the GD-ROM unlock part, though, unless WinCE itself does this or something...
Yeah, I figured that's why he was scrambling the binary, because the equivalent operation isn't in a vanilla bootsector. But I can't see how it could unlock the drive... Unless there's an even worse security flaw than we though, specifically for WinCE games?

Probably it's just the emulator being less strict than real hardware on that front.

For what it's worth, binhack32/64 will not touch a WinCE binary but it will still generate a bootsector with scrambling, GD-ROM unlock bootstraps, and IIRC correct WinCE flag.
 

darcagn

AG Refugee
Refugee
Registered
Joined
May 30, 2019
Messages
128
Reaction score
160
AG User Name
darcagn
AG Join Date
May 12, 2007
Oh, I didn't catch the part about running this on Demul.

Yeah, I agree that I really doubt this will work on a real console. It's just likely that Demul doesn't emulate the GD-ROM lock.
 

Pitito

AG Refugee
Refugee
Registered
Joined
Jun 19, 2019
Messages
117
Reaction score
116
AG User Name
pitito
AG Join Date
03/08/2015
@FamilyGuy I'm already uploading the iso. I will send you a private soon.

It may not work on real console, but it is a start, and ip.bin could be hacked keeping all the original information.
In this way, Wince + CDDA could be executed correctly, except in cases such as Sega Rally 2 that need something else to hack.
 

FamilyGuy

2049 Donator
2020 Donator
2019 Donator
Refugee
Registered
Joined
May 31, 2019
Messages
267
Reaction score
271
AG User Name
-=FamilyGuy=-
AG Join Date
March 3, 2007
I'm already uploading the iso. I will send you a private soon.
Sorry I really have no time to test this. Keep me updated though.
 

Pitito

AG Refugee
Refugee
Registered
Joined
Jun 19, 2019
Messages
117
Reaction score
116
AG User Name
pitito
AG Join Date
03/08/2015
OK Do not worry
If there is someone interested in testing it, send me a private :)
 
Top