Beforehand, I have to say that Waninkoko explained me all of this. I know publishing this here is betraying him, but without publishing it i'm betraying myself for having the way for the scene to advance and not using it.
The exploit is all about the Nintendo's idiotness. If you look at the DVD commands taken from the Revolution SDK there's 8E DVDLowEnableDVDVideo, that they forgot to remove. If you can modify IOS to use this funcion instead, this activates a special mode from the DVD to enable DVD-R reading (in this case, its purpose was enabling VIDEO DVD's)
If you modify IOS to enable this (you need to do it in a special way), you could enable reading of DVD-R's from homebrew and the DVD drive would read it.
About backup loading.. you have to work that out a bit first.
To read data once DVD-Video mode is activated, another special funcition is used, that is, a backup would use the normal function, not the dvd-video one, so you would have to hack a little more for the backups to load.
DVD_LowEnableVideo was programmed for a DVD player that they didn't create, but they left it there. The thing is, activating DVD Video mode is not simple as it checks for the UID of the process that wants to activate it, it can only be activated if the UID is 0, depending if the mode is activated or not, a variable is set to 1 or 0.
Using another reading function which is very similar to DVD_LowUnencryptedRead you could read discs in dvd-video mode and read sectors in a normal way. The problem is that DVD games use DVD_LowRead; to read data from the game partition we need it to use the special reading function, ¿how? Hacking IOS (creating a backup-only IOS), patching-on-the-fly (difficult).
That's all. I'm Dj-Celta with my new user.
Message for Waninkoko: I'm sorry, I couldn't keep it to myself and I can't understand not publishing the bug. Nintendo knows about this.
Message for the rest: Don't ask me, I don't know anything else.
Edit: Waninkoko just replied there..
QUOTE*Waninkoko looks for his AK47..