JHDL expliot extended

Testing with JHDL exploit used in pseudosaturn for lauch backups, ive discovered that if you send the fake sector from a sega saturn boot disk while you got an original game in cd drive, cdblock disables security check till console power off.

The process is the same described by JHDL and same implemented in peseudosaturn, the only diference is you must inject sector 150 from a boot disk, and have a legitimate cd in drive.

This could be util to @cafe-alpha to increase games compatibility in pseudosaturn kai, or develoent purposes.

Edit 2021/09/18:

Ive created an test program, if anyone has curiosity, can burn in a CD, and launch with pseudosaturn, or if had some way to upload code to saturn (gamers cartridge, dev cart, commlink) can upload the bin to 0x06004000.

Using L an R selects the system disk to boot (KD00 doesnt work, just here for tests), with an original disc in drive, push A button, you will see "Start messing" message and later some debug numbers, if all goes well, you will see a lot of zeros and the last number is the authentication status, if 260, then all is OK,

Now you can push start to run the cd player, now you can put your backup in, and will be recognized as legitimate disc, while you dont shut down the console, it will not try to do the authentication check.

This is only for testing purposes, so im not responsable of any damage caused for using it, so use with caution.
 

Attachments

  • Test.zip
    152.2 KB · Views: 170
Last edited:
Do you have the source for this? Looking using an hex editor it seems you are only sending one sector (KD02).
I need to clean a little, but i got it.
KD02 and KD01 are the same, just change two strings in header, TP, ENTERPRISES, and the x in KD0x, if you look again at hex, you will see the two strings i use to modify the sector to turn in diferent KD disc. There is no need to get the same data two times in memory, just rewrite the diferent parts with correct data.
 
Back
Top