CDB11 calculation

[ReX]

Someone can help me to understand MMC commands and particularly the CDB11, 12th byte (control). How to calculate control byte please?


Thx

[carranzafp]

What exactly do you want achieve?

[ReX]

I'm developping a Delphi project. the goal of the software is to automate the calculation of SS address, the reading of the SS on an original DVD, the dump and the modification of an ISO image.

For the reading of the SS on an original DVD, I need to know MMC commands.

Of the beginning I thought that it twelfth byte (CONTROL) was a CRC calculation, but now I have the impression that while leaving this byte to 0x00h it works without problem.

I read "Working Draft" MMC-5 and it's not clear for me concerning 12th byte.


If someone want to join this project he's welcome :-)

[ReX]

I give an example:

MMC command to read SS (thanks Arakon):

AD | 00 | FF 02 FD FF | FE | 00 | 08 00 | 00 | C0

MMC-5 document says:

AD = opcode to READ DISC STRUCTURE
00 = Media Type: DVD
FF 02 FD FF = Address (however SS address is PSN 0xFD021E ??)
FE = Layer Number (Layer 0xFE ??)
00 = Format (OK)
08 00 = Allocation Length (OK)
00 = AGID (OK)
C0 = Control (??)


You see? it's not clear for me ...

[MacDennis]

The control byte is nothing special. It's not a checksum and it's not calculated. Just set it to 0xC0 when needed.

[ReX]

The control byte is nothing special. It's not a checksum and it's not calculated. Just set it to 0xC0 when needed.

Ok, thx MacDennis and what about:
  FF 02 FD FF = Address (however SS address is PSN 0xFD021E ??)
  FE = Layer Number (Layer 0xFE ??)

[ReX]

This CDB command given by Commodore4eva, who is this guy?

Where did he find these informations?


...

[Interloper]

This CDB command given by Commodore4eva, who is this guy?

Where did he find these informations?


...

Hes my hero
perhaps dude working for samsung ?

[MacDennis]

The control byte is nothing special. It's not a checksum and it's not calculated. Just set it to 0xC0 when needed.

Ok, thx MacDennis and what about:
  FF 02 FD FF = Address (however SS address is PSN 0xFD021E ??)
  FE = Layer Number (Layer 0xFE ??)

What about it? Leave it as it is. Those values are only checked and aren't actually used. Just use the default CDB command to read the SS.

[MacDennis]

Hes my hero
perhaps dude working for samsung ?

Never heard about reverse engineering? This is xboxHACKER right? Learn some assembly and you can discover the exact same debug commands ..

[ReX]

The control byte is nothing special. It's not a checksum and it's not calculated. Just set it to 0xC0 when needed.

Ok, thx MacDennis and what about:
  FF 02 FD FF = Address (however SS address is PSN 0xFD021E ??)
  FE = Layer Number (Layer 0xFE ??)

What about it? Leave it as it is. Those values are only checked and aren't actually used. Just use the default CDB command to read the SS.

Ok, therefore isn't interesting to try to understand?

Hes my hero
perhaps dude working for samsung ?

Commodore4eva is'nt a hero. I find his behavior very strange. If I were paranoid I would say that its intrigues are calculated
To follow...

[MacDennis]

Ok, therefore isn't interesting to try to understand?

Correct, it's a non-standard CDB command. Not much to understand about it.

[uberfry]

Commodore4eva is'nt a hero. I find his behavior very strange. If I were paranoid I would say that its intrigues are calculated
To follow...

I just hope he's not in trouble...

[Interloper]

Hes my hero
perhaps dude working for samsung ?

Never heard about reverse engineering? This is xboxHACKER right? Learn some assembly and you can discover the exact same debug commands ..

Reverse Engi- WhA?? goodness

[Interloper]

Rex, if i want, i'll choose oscar the garbage man grouch to be my hero. MINE I SAY

[carranzafp]

I dont want to interrupt you research, but my tool already do all the thing you want to achieve... (including dumping the Security Sector from original game inserted) using cdb comands.

http://www.xboxhacker.net/index.php?option=com_smf&Itemid=33&topic=744.0

Of course you can work on any application you want but would be better develop new features

by the way, I used windows api DeviceIoControl to send commands to the drive.  I didn't try to decrypt the command to read the SS, I just send it like commodore4eva says: AD 00 FF 02 FD FF FE 00 08 00 00 C0  does not make much sense (appears to be an Read dvd structure command) but could have been any command that he wanted to patch on the firmware.

[ReX]

I dont want to interrupt you research, but my tool already do all the thing you want to achieve... (including dumping the Security Sector from original game inserted) using cdb comands.

http://www.xboxhacker.net/index.php?option=com_smf&Itemid=33&topic=744.0

Of course you can work on any application you want but would be better develop new features

by the way, I used windows api DeviceIoControl to send commands to the drive.  I didn't try to decrypt the command to read the SS, I just send it like commodore4eva says: AD 00 FF 02 FD FF FE 00 08 00 00 C0  does not make much sense (appears to be an Read dvd structure command) but could have been any command that he wanted to patch on the firmware.

Thanks a lot carranzafp, your app is exactly what I started to develop. I can stop it now... But i'me very interested by your source (look your PM), and if you want to share it then you will be MY hero 

Rex, if i want, i'll choose oscar the garbage man grouch to be my hero. MINE I SAY

Of course Interloper, I did not want to criticize you, just to deliver my opinion (Commodore4eva could be a member of the SONY team or another competitor, why not?  )