The Hottest DCEmu Posters
:: Emulation Gaming & Development News
Using the PS1DRV exploit with nPort
Last update : 17th of August 2003
Lets just go over how the exploits works. When an original
PSOne CD-ROM is loaded on your PS2 via the PSOne driver (PS1DRV),
it looks up the game in a file on your memory card and this
file contains the exploit which can make you run own code.
Marcus R. Brown has created the whole package for you, all
you need to do is compile it (or download it precompiled)
and then add your PSOne CD-ROM ID to file on the memory card,
so you can take advantage of the exploit.
This guide uses nPort to transfer the exploited file to your
memory, you can use either Pukklink or Naplink to load nPort
from either native (with some sort of mod) or from PS2 Linux
with reload1. You must have nPort installed and working in
order to use this guide.
First of all you need to compile titleman (ps2-independence)
with ps2lib, I will not get into how to compile it, but instead
provide binaries of the file: Win32 Binary
As mentioned before Marcus R. Brown has been so kind to provide
premade files to use with nPort, these files contain the exploit
file as well ps2link (pukklink clone, loader for the Sony
network adapter) which the exploit loads. If you want to use
another ELF with the exploit, you have to replace the BOOT.ELF
from ps2link with your file and remove all files related to
ps2link aswell (IPCONFIG.DAT, PS2SMAP.IRX, PS2LINK.IRX, PS2IP.IRX),
please note that not all PS2 ELFs which have IRX files included
will load correctly, since there might not be memory card
support included for IRX loading.
There are 3 different files, one for each region:
North America (NTSC-J)
Now put the file which matches the region of your PS2 into
the nPort saves sub-directory, in this directory you will
also see a exectutable called npo-x.exe. This tool is an extractor
and packer for nPort saves, since we are not sure that the
PSOne CD-ROM we will be using is included with the exploit,
we will extract the save and add it ourselves.
This we do it like this: npo-x x [npo_file]
For instance: npo-x x BEDATA-SYSTEM.npo.
This will now create a directory named the same as the .npo
file with the files for the exploit. The file we are interested
in is TITLE.DB (this is the exploit file), for this file we
need titleman. But first we need to find out what the the
ID is the of the PSOne CD-ROM we will be using is. To do this,
put the PSOne CD-ROM into your computer and open SYSTEM.CNF.
This file's first line will be something like : BOOT=cdrom:\SCED_018.22;1
(this line is from an european demo disc). The part we are
interested in is the bold part, the filename (or ID) of the
start up exectuable.
Now we copy titleman to the directory with TITLE.DB created
Here we do this: titleman -a [ID/filename]
Which in my case is titleman -a SCED_018.22.
Now we have added our PSOne CD-ROM for the exploit. (In case
you want to use ps2link, you might want to alter IPCONFIG.DAT
aswell to fit your IP settings). You can of course add more
PSOne ID's if you wish. What we need to do now is pack the
.npo file again, in the nPort save directory.
We do npo-x a [save_dir] - [save_dir] is the name of the directory
that npo-x x extracted to.
To follow the example from before, this will be npo-x a BEDATA-SYSTEM.
Now your npo file is updated and we need to get it onto the
memory card. But first you need to index the file with the
nPort indexer so nPort can find the save in the saves directory,
simply just run it and it will tell "All done".
Now start nPort and transfer the .npo file onto your memory
card. If the file already exists you will have to delete it
Once you have the exploit on your memory card, all you need
to do is put the memory card into your PS2 memory card slot
and put int he PSOne CD-ROM from which you got the ID/filename
into your PS2 drive and turn on your PS2, what you should
see is a white screen flash for sec and then ps2link should
start (unless you replaced the ELF with something else).