Hacking Nintys new copyright protection (BCA)

[techboy]

GBATemp is not a warez site, so there's nothing to update or remove.
gbatemp is a scene release list site - when a release is nuked it is updated in the listing (with an XXXX prefix, instead of that lame numbering system).


QUOTEThe only thing we have here is the tools to make use of the warez others release.

tools and a scene release list that includes a releases status, as the first person said.

Ouch. I need to browse this site more. Never been anywhere on here beyond the Wii discussions forums. I've never even been to the homepage! Google introduced me a year ago. Thanks for pointing that out.

 

[damysteryman]

epic protection:

0000000000000000 0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000100000000 0000000000000000
juste one byte, like in CD in the 80'

\o/ Nintendo...

Seriously....

Yes, just one byte... none of the BCA data I've seen looks anywhere as simple as this. In my opinion, this looks a little too simple. Is there a chance that this particular BCA data which is floating around the internet maybe...

...some sort of generic BCA data that works on all BCA-protected games (so far only one is NSMBW though)?

OUTSIDE OF THE DISC! Or else nintendo can check if the data at that offset matches the BCA data, which it does not on retail discs.

I agree. But I'm not too fond of having to rely on an external storage device to hold it. If what I think (what I said above) happens to be true, that is, that BCA data is generic, then maybe that BCA data should be integrated into a cIOS's DIP module. As in, when disc asks for BCA data, the cIOS should just pass the included BCA data to the game, giving the game what it wants, stopping the game from "chucking a tantrum" and allow it to work.

QUOTE(ften @ Dec 3 2009, 05:59 PM)

I concur, the NTSC version worked without a BCA patch.

Yes, the PAL version was a bad dump. I dumped the PAL version myself only yesterday, and tested with cIOSCORP v3.5 & v3.6 and it works fine.

 

[Cyan]

If NeoGamma can deal with WIP files, Geckos with ?? cheat files and both already have a solution in place for NMSB, where are these files for Avatar then (both PAL and NTSC)?

Not in a hurry but just wondering :-)

what's a wip file?

It's external file with information to patch main.dol on the fly
.wip files include hex adress and new values.

It's the same as patching the main.dol manually and replace it in the iso, or use alt.dol booting.
just boot original iso and set the loader to read the .wip to auto-patch.

 

[kedest]

If NeoGamma can deal with WIP files, Geckos with ?? cheat files and both already have a solution in place for NMSB, where are these files for Avatar then (both PAL and NTSC)?

Not in a hurry but just wondering :-)

what's a wip file?

It's external file with information to patch main.dol on the fly
.wip files include hex adress and new values.

It's the same as patching the main.dol manually and replace it in the iso, or use alt.dol booting.
just boot original iso and set the loader to read the .wip to auto-patch.

Cool, thanks for explaining.
If a game would require such a file to work properly, would the release group include it in the release? Or would I have to get the file by other means?

 

[Cyan]

by other means, because patched .dol are note included in dumps releases, that's the same here with .wip files.

It's like a patch for anti piracy, or #002a fix, video mode patching etc.
NSMB patched dol wasn't in the dump release, it's other release/cracking group doing it.

The difference is providing the addresses and new value to modify into the dol on gbatemp isn't illegal, giving a patched .dol is.

 

[OzModChips]

The advantage to put this data inside the iso, is to run the game on older modchip without memory storage or external SD needed.

I don't think this would work
The modchip still needs to point the wii to this new location, instead of where it should be looking for. The only way to do this is with new modchips, or updates to current modchips


My understanding is that Flatmod checks for the BCA is a specific location inside the ISO.
The Drivekey team has decided agaisnt that

Here is a quote from the team

QUOTEAs far as I know, FlatMod's solution patches the actual game data. We decided against this because it's possible for such a patch to be detected by a new Wii firmware update. Our solution doesn't patch, it attached the BCA to the end of the .iso, in a place that DriveKey can read but the Wii cannot. In other words, it's impossible to detect.

The new drivekeys they are shipping has the BCA for NSMB hardcodded
But, new games will of course have new data, so the drivekey will need a JTAG upgrade.

the WODE developer is doing the same. They are making disc ripping software as well, so I guess they will try and make the Wii rip the BCA, and store it somewhere else. Would be nice if that ended up working...just put in original, dump to harddrive, and it works

 

[cwstjdenobs]

Is this the exact same BCA as was on Gamecube games and never used? Nintendos latest greatest copy protection is something that wasn't good enough for the GC?

 

[NoFate]

is there a new PAL version out???

 

[stev418]

Is this the exact same BCA as was on Gamecube games and never used? Nintendos latest greatest copy protection is something that wasn't good enough for the GC?

Sort of - BCA is the same used on gamecube games yes, but to say it was never used isnt really correct.

Nintendo have ALWAYS used BCA as a protection against piracy on both the gamecube and the wii. The thing is that up until NSMB the BCA has been getting checked via the WII/GC DRIVES firmware commands only. That of course is exactly what the purpose of all our 'drive chips' has been for, to inject code to circumvent this BCA check from the wii/gc drive.

What is different now starting with NSMB is the fact that the 'NEW' BCA checks are now getting carried out by code in the the GAME itself as well.

 

[Sefi]

At the moment is there any point in injecting the BCA into an iso? I tested a burned iso of NSMB with the BCA patched, and I see no difference from a burned iso of the BCA left untouched (all 0s) in either disc channel with wiikey installed, or neogamma. It still needs the neogamma wip patches and run in neogamma or else it will bring up the imfamous black screen. This is loading from a disc that I am testing though, does a changed BCA do anything for usb loaders?

 

[xdeadxpoolx]

At the moment is there any point in injecting the BCA into an iso? I tested a burned iso of NSMB with the BCA patched, and I see no difference from a burned iso of the BCA left untouched (all 0s) in either disc channel with wiikey installed, or neogamma. It still needs the neogamma wip patches and run in neogamma or else it will bring up the imfamous black screen. This is loading from a disc that I am testing though, does a changed BCA do anything for usb loaders?

I could be wrong here, anyone please correct me if I am. But the BCA check isn't what prevents the wii from booting the game through the disc channel. The BCA causes the random crash in the game. I dont know how you patched your ISO, but i don't believe there's any IOS or drivechip besides the flatmii that knows to actually look for the BCA inside the ISO

 

[Sefi]

I used BCAeditorNET20 to change the BCA of NSMB. It boots fine either from disc channel and neogamma, but both will crash about 5min into the game UNLESS I use neogamma with the wip patches. It is the same story for if I leave the BCA untouched. That is why I'm asking if the BCA being changed has any benefit at all right now.

 

[xdeadxpoolx]

The BCA cannot be "changed" only patched into the ISO. Its is not an original part of the game its self. Therefor unless there's some type of change in your IOS or Drivechip once the BCA is checkd and fails the game is black screened. Ya the info might be there but theres no way for the system to handle it.

Think of it as installing a new network card in your computer, and not being able to find drivers for it.

 

[Sefi]

So basically right at this moment, patching the bca of a game to the correct bca code does nothing? Is it possible that a future neogamma or modchip firmware update, with a bca patched game, would run the game without it crashing? (without needing neogamma wip files)

 

[xdeadxpoolx]

Drivechip yes (IF your chip has 1.flash memory and 2. the chip makers actually update it.) Neogamma, I don't think so. If you go to the first few pages of the thread you'll see that WiiPower is very much opposed to putting the BCA data into the ISO. If you really want to handle it this was you'll probably have to wait for a direct IOS resolution.

Edit: And yes, it does noting ATM.

 

[Dialexio]

At the moment is there any point in injecting the BCA into an iso? I tested a burned iso of NSMB with the BCA patched, and I see no difference from a burned iso of the BCA left untouched (all 0s) in either disc channel with wiikey installed, or neogamma. It still needs the neogamma wip patches and run in neogamma or else it will bring up the imfamous black screen. This is loading from a disc that I am testing though, does a changed BCA do anything for usb loaders?

Hardcoding the BCA data to 0x100 is uLoader-exclusive.

 

[thesund0g]

Is this the exact same BCA as was on Gamecube games and never used? Nintendos latest greatest copy protection is something that wasn't good enough for the GC?

Sort of - BCA is the same used on gamecube games yes, but to say it was never used isnt really correct.

Nintendo have ALWAYS used BCA as a protection against piracy on both the gamecube and the wii. The thing is that up until NSMB the BCA has been getting checked via the WII/GC DRIVES firmware commands only. That of course is exactly what the purpose of all our 'drive chips' has been for, to inject code to circumvent this BCA check from the wii/gc drive.

What is different now starting with NSMB is the fact that the 'NEW' BCA checks are now getting carried out by code in the the GAME itself as well.

Awesome, thanks for making that clear.

 

[cwstjdenobs]

Same here stev418, thanks for the explanation. I didn't know the drives checked it. Everything I read said it could be used but wasn't. Makes more sense now, but it's still surprising it's taken so long for them to do this.

 

[cleveland]

I'm surprised that no one has posted this in the 2 weeks since it came out, Wasabi has updated their firmware to support NSMB as of December 15 for beta, and December 22 for final release. I have a Wasabi Zero so I'm happy now. Out of curiosity, has any other modchip makers been able to do the same yet? I also have WiiKEY 1 and Wiid chips, I know the Wiid is dead as far as updates go, how about WiiKEY or any of the others? I'd love to be able to recommend good modchips to friends, in addition to Wasabi that is.

Cleveland (not brown)

 

[afnuke]

Theres no use......the new protection just forced people like me (drivekey user- non upgradeable) to go to softmod and usb loading. No more disc and mario works great on both my usb loaders, even off SD card.

In the end, Im glad they did it.........Im saving money on DVD's and theres no better customer support than the HBC community here!