Hacking PDSaga

antime

Extra Hard Mid Boss
As you probably all know, Panzer Dragoon Saga refuses to run when you have an Action Replay in the cartridge port. In itself this is not a major problem, as you can patch the region or solder region switches into your Saturn. Nevertheless, it is quite annoying having to rip out your cartridge whenever you want to play the game. With that in mind, I set out to investigate whether it was possible to disable that protection. The answer so far is "almost".

I started by investigating the initial program (run when the SEGA logo is on screen), and quickly discovered that the IP contains the strings "ACTION REPLAY" and "X-TERMINATOR". However, disassembling the IP and searching the ISO indicated that the actual check for the cartridge was performed elsewhere, and that was more work than I was prepared to put into a "proper" crack at the moment. Next, I decided to try changing the text strings, replacing them by "A"s. (Ideally a string that is very improbable to appear should be chosen, so no zeroes or $ff)

This gave me a CD that did indeed boot with the Action Replay inserted, but ironically booting without the cartridge gave me the "Game disc unsuitable for this system"-message, even though I didn't touch anything else. Apparently the game checks the integrity of the IP, which might be worth looking into.

So anyway, if you want a PDS that boots with an AR inserted, grab a binary editor and replace the text strings with something else. The strings are located in sector 153, or at offset 0x1bc4 if you use a hex editor. I haven't actually playtested the game yet to see if there are checks at other points in the game, but it boots and let me load a saved game. I also haven't checked the other discs on account of me not having them, but I imagine the protection is identical.

Hope this is of some use to someone!

(edit: I should also mention that I used a mode1/2048 version of the game. I had trouble getting the bin/cue version from lockecole2's FTP to work, but that may just have been me not using CDMage's repair functions correctly.)
 
Hi antime! I didn't know someone else was into this, so I didn't bother to post it...

I've done some hacking on my copy of Panzer Dragoon Saga, and also made a "proper" crack of it. The IP.BIN's of all four discs are identical, except for the disc number of course.

To make your copy work with all cartridges, simply put the bytes 00 09 at offset 0xeb0 in your IP.BIN, and you're set! That is, as long as there was 40 0b in there before! However, this doesn't fix anyting concerning region codes or the like, so my version is still not "multi-region" compatible. Maybe I'll do this one day.

If you want me to send my IP.BIN's along, simply post your mail address. Oh wait, you are that guy with the copperbar sample, right? Good work!
 
Right, I found the code you were talking about. I don't know why I didn't find that code, but I guess I didn't follow the pointers through enough levels of indirection. But thanks for the info!
 
If you want me to send my IP.BIN's along, simply post your mail address.

I would be more than thankful for the IP.BIN file, if you could mail it to me of course.

My mail is:

tommylindell@spray.se

If i get the file I will raise a statue and an altar in my appartment to your honour and praise it 5 times a day.
sarcasm.gif
 
I've made a patch for PDS disc 1 (mode1/2048 ISO) that removes country protection and cheat cart protection.
 
Have you changed the counrty codes to JTUBKAEL (all countries)?

That's a feature I've always thought would be a useful feature to add to Satconv but I wouldn't know where to start. ???
 
The problem is that you can't just toss in JTUBKAEL and have it work, at least not as I recall. You need to have the corresponding text strings for every region (For JAPAN, For TAIWAN and PHILIPPINES, For UNITED STATES and CANADA, etc.). The problem with this is that it would introduce a problem that is essentially the same as what scdconv has to deal with - some games put code in the area where these text strings would go, so you'd have to code up some serious relocation magic to get something with reliability equal to what satconv has right now.
 
In that case I guess JUE would cover it for most of the people who come to SX anyway.

Is that possible?
 
JTUE should be all that's needed. Saturn technical bulletin #31 says some of the codes were removed, as follows:

K -> T

B -> U

A -> E

L -> E,

which is fortunate, because four region codes is all you have space for with the method I used. The patch uses the JTUE area codes.
 
That's very interesting. It makes sense to have dropped some of the codes.

Have you looked to see if the four codes would fit in any other games? It would be really useful if almost all games (not PAL optimized ones) could be made 'universal'.
 
As you saw in the other thread on this subject, most games should be possible to convert. The requirements are that they use SYS_INIT.O from SEGA and that there's about 140 bytes free later on in the IP.

Note that the bulletin describing these changes is dated May 6, 1996 so I don't know for certain if these changes mean that the removed areas were killed off, or that SEGA never launched the machine there (with the original country settings). If there are any people from the old KBAL areas here with "native" Saturns, please tell me if you need the old codes to boot games!
 
So.. does this mean that we can now use game cheats in the game... not that the game is hard or anything... I beat it within a day or two... with everything.. so I know it's not hard... but would be fun to play around with some cheat codes sometime...
 
Yeah, it should be possible as long as someone makes some codes. I'll have to download the other PDS discs sometime and see if the same patch can be applied as-is.
 
Here's another alternative for those who don't feel like wasting 4 cdr's.

Just add a new game in your AR select cheat menu, and enter these codes:

Master Code:

F6000914 C305

B6002800 0000

(this one seems to work the best, though i'm sure there's a better solution)

Boot Cheat Code:

06002EB0 0009

I did about a 5-10 minute test, and it worked fine as far as I could tell. It won't work under commlink communication mode though. I have a feeling there's more to be done before that works(like figuring out a proper master code). Anyways, enjoy.

Cyber Warrior X
 
has anyone been able to get commslink to work under 2k? software that came with mine only works under 98 an i dont use that on here so i dont use my gameshark/ar
 
Yeah, you just have to have a program called "loaddrv.exe", the driver "totalio.sys", and load the driver before you start the AR software.

Cyber Warrior X
 
I've just been trying Cyber Warrior X's AR Bootcode, and it did get by the cartridge check. So now I've seen the intro to the game, but that's it. After the intro has been played or if I interrupt it by pressing start I will come directly to the CD Player where it first does a check of the CD and then the usual "Cartridge unsuitible for this system".

What I really hope for is that my CDR is busted and that's what's causing this. ???

I've got the ARPlus, but I don't really think that matters since I do get by the cartridge check as the game boots... Strange anyhow. Not to mention that it really sucks!
sad.gif
 
The code seemed to work OK here with my original CD1.

I noticed yesterday that I had made a slight boo-boo in my patch. If you patched an U or T original, the first country code would read something like "For JAPAN. CANADA.". I don't know if this would cause the game not to boot or if it's a purely cosmetic flaw. I fixed the patch, and can confirm that it works with all four discs.
 
Back
Top