pso plus port issue

i dont exactly understand this sum check error.

I think what is more likely going on is what I was talking about before or in a different thread, there is a new encription. could even be that the reply is a different size than PSO version 1.
if you could edit the port PSOLoad uses, which i think someone told us how to do. Then edit the values for "handshake" or login, and there might be 2 corrisponding values... it should work. You should be able to know the values from the legitmate login capture.

I'm glad someone is still working on this.

Just a thought, but i think the best way to test this would be to "reverse engineer the reverse engineering". make a little program that can handshake PSOload and PSUL. If you can make a program like that, you should know what values you need. And, I think you should be able to find those values in the original PSOLoad with an editor and change them. It would also be a good exercise in how the hell the program works.

I realize this is much more simple in text, but I think it makes sense.

 

I have the packet capture from ethereal if you would like to look at it.

 

yes plz. private message me or if u can copy and paste here

 

The info is pretty terse so I'll paste the section with the suspect packets... I hope this isn't too long.

I'm using US gc rev 3 with a crossover and pso 1&2 plus.
I'm also using psul.exe v1.1 with the hex modification.
Saving to memory card works fine.

No. Time Source Destination Protocol Info
1 0.000000 64.95.121.95 Broadcast ARP Who has 64.95.121.96? Tell 64.95.121.95

Frame 1 (60 bytes on wire, 60 bytes captured)
Arrival Time: Nov 20, 2004 21:14:17.910920000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II, Src: 00:09:bf:01:6b:23, Dst: ff:ff:ff:ff:ff:ff
Destination: ff:ff:ff:ff:ff:ff (Broadcast)
Source: 00:09:bf:01:6b:23 (64.95.121.95)
Type: ARP (0x0806)
Trailer: C12C59C650141000253D0000722FD3D6...
Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender MAC address: 00:09:bf:01:6b:23 (64.95.121.95)
Sender IP address: 64.95.121.95 (64.95.121.95)
Target MAC address: 00:00:00:00:00:00 (00:00:00_00:00:00)
Target IP address: 64.95.121.96 (64.95.121.96)

No. Time Source Destination Protocol Info
2 0.000022 64.95.121.96 64.95.121.95 ARP 64.95.121.96 is at 00:0e:0c:50:36:fa

Frame 2 (42 bytes on wire, 42 bytes captured)
Arrival Time: Nov 20, 2004 21:14:17.910942000
Time delta from previous packet: 0.000022000 seconds
Time since reference or first frame: 0.000022000 seconds
Frame Number: 2
Packet Length: 42 bytes
Capture Length: 42 bytes
Ethernet II, Src: 00:0e:0c:50:36:fa, Dst: 00:09:bf:01:6b:23
Destination: 00:09:bf:01:6b:23 (64.95.121.95)
Source: 00:0e:0c:50:36:fa (64.95.121.96)
Type: ARP (0x0806)
Address Resolution Protocol (reply)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: reply (0x0002)
Sender MAC address: 00:0e:0c:50:36:fa (64.95.121.96)
Sender IP address: 64.95.121.96 (64.95.121.96)
Target MAC address: 00:09:bf:01:6b:23 (64.95.121.95)
Target IP address: 64.95.121.95 (64.95.121.95)

No. Time Source Destination Protocol Info
3 0.000466 64.95.121.95 64.95.121.96 DNS Standard query A game04.st-pso.games.sega.net

Frame 3 (88 bytes on wire, 88 bytes captured)
Arrival Time: Nov 20, 2004 21:14:17.911386000
Time delta from previous packet: 0.000444000 seconds
Time since reference or first frame: 0.000466000 seconds
Frame Number: 3
Packet Length: 88 bytes
Capture Length: 88 bytes
Ethernet II, Src: 00:09:bf:01:6b:23, Dst: 00:0e:0c:50:36:fa
Destination: 00:0e:0c:50:36:fa (64.95.121.96)
Source: 00:09:bf:01:6b:23 (64.95.121.95)
Type: IP (0x0800)
Internet Protocol, Src Addr: 64.95.121.95 (64.95.121.95), Dst Addr: 64.95.121.96 (64.95.121.96)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 74
Identification: 0x0002 (2)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 120
Protocol: UDP (0x11)
Header checksum: 0xcf23 (correct)
Source: 64.95.121.95 (64.95.121.95)
Destination: 64.95.121.96 (64.95.121.96)
User Datagram Protocol, Src Port: 1362 (1362), Dst Port: domain (53)
Source port: 1362 (1362)
Destination port: domain (53)
Length: 54
Checksum: 0xf68f (correct)
Domain Name System (query)
Transaction ID: 0x0000
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
game04.st-pso.games.sega.net: type A, class inet
Name: game04.st-pso.games.sega.net
Type: Host address
Class: inet

No. Time Source Destination Protocol Info
4 0.000590 64.95.121.96 64.95.121.95 DNS Standard query response A 64.95.121.96

Frame 4 (128 bytes on wire, 128 bytes captured)
Arrival Time: Nov 20, 2004 21:14:17.911510000
Time delta from previous packet: 0.000124000 seconds
Time since reference or first frame: 0.000590000 seconds
Frame Number: 4
Packet Length: 128 bytes
Capture Length: 128 bytes
Ethernet II, Src: 00:0e:0c:50:36:fa, Dst: 00:09:bf:01:6b:23
Destination: 00:09:bf:01:6b:23 (64.95.121.95)
Source: 00:0e:0c:50:36:fa (64.95.121.96)
Type: IP (0x0800)
Internet Protocol, Src Addr: 64.95.121.96 (64.95.121.96), Dst Addr: 64.95.121.95 (64.95.121.95)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 114
Identification: 0x19b8 (6584)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xad45 (correct)
Source: 64.95.121.96 (64.95.121.96)
Destination: 64.95.121.95 (64.95.121.95)
User Datagram Protocol, Src Port: domain (53), Dst Port: 1362 (1362)
Source port: domain (53)
Destination port: 1362 (1362)
Length: 94
Checksum: 0x3b0a (correct)
Domain Name System (response)
Transaction ID: 0x0000
Flags: 0x8580 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 1
Additional RRs: 0
Queries
game04.st-pso.games.sega.net: type A, class inet
Name: game04.st-pso.games.sega.net
Type: Host address
Class: inet
Answers
game04.st-pso.games.sega.net: type A, class inet, addr 64.95.121.96
Name: game04.st-pso.games.sega.net
Type: Host address
Class: inet
Time to live: 2 days
Data length: 4
Addr: 64.95.121.96
Authoritative nameservers
game04.st-pso.games.sega.net: type NS, class inet, ns <Unknown extended label>
Name: game04.st-pso.games.sega.net
Type: Authoritative name server
Class: inet
Time to live: 2 days
Data length: 12
Name server: <Unknown extended label>

No. Time Source Destination Protocol Info
5 0.063714 64.95.121.95 64.95.121.96 TCP 1325 > 9103 [SYN] Seq=0 Ack=0 Win=4096 Len=0 MSS=1460

Frame 5 (62 bytes on wire, 62 bytes captured)
Arrival Time: Nov 20, 2004 21:14:17.974634000
Time delta from previous packet: 0.063124000 seconds
Time since reference or first frame: 0.063714000 seconds
Frame Number: 5
Packet Length: 62 bytes
Capture Length: 62 bytes
Ethernet II, Src: 00:09:bf:01:6b:23, Dst: 00:0e:0c:50:36:fa
Destination: 00:0e:0c:50:36:fa (64.95.121.96)
Source: 00:09:bf:01:6b:23 (64.95.121.95)
Type: IP (0x0800)
Internet Protocol, Src Addr: 64.95.121.95 (64.95.121.95), Dst Addr: 64.95.121.96 (64.95.121.96)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x0003 (3)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 120
Protocol: TCP (0x06)
Header checksum: 0xcf47 (correct)
Source: 64.95.121.95 (64.95.121.95)
Destination: 64.95.121.96 (64.95.121.96)
Transmission Control Protocol, Src Port: 1325 (1325), Dst Port: 9103 (9103), Seq: 0, Ack: 0, Len: 0
Source port: 1325 (1325)
Destination port: 9103 (9103)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 4096
Checksum: 0x9a3e (correct)
Options: (8 bytes)
Maximum segment size: 1460 bytes
SACK permitted
NOP
NOP

No. Time Source Destination Protocol Info
6 0.063813 64.95.121.96 64.95.121.95 TCP 9103 > 1325 [SYN, ACK] Seq=0 Ack=1 Win=17520 Len=0 MSS=1460

Frame 6 (62 bytes on wire, 62 bytes captured)
Arrival Time: Nov 20, 2004 21:14:17.974733000
Time delta from previous packet: 0.000099000 seconds
Time since reference or first frame: 0.063813000 seconds
Frame Number: 6
Packet Length: 62 bytes
Capture Length: 62 bytes
Ethernet II, Src: 00:0e:0c:50:36:fa, Dst: 00:09:bf:01:6b:23
Destination: 00:09:bf:01:6b:23 (64.95.121.95)
Source: 00:0e:0c:50:36:fa (64.95.121.96)
Type: IP (0x0800)
Internet Protocol, Src Addr: 64.95.121.96 (64.95.121.96), Dst Addr: 64.95.121.95 (64.95.121.95)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x19b9 (6585)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6d91 (correct)
Source: 64.95.121.96 (64.95.121.96)
Destination: 64.95.121.95 (64.95.121.95)
Transmission Control Protocol, Src Port: 9103 (9103), Dst Port: 1325 (1325), Seq: 0, Ack: 1, Len: 0
Source port: 9103 (9103)
Destination port: 1325 (1325)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 28 bytes
Flags: 0x0012 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 17520
Checksum: 0x9ce5 (correct)
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
SEQ/ACK analysis
This is an ACK to the segment in frame: 5
The RTT to ACK the segment was: 0.000099000 seconds

No. Time Source Destination Protocol Info
7 0.064428 64.95.121.95 64.95.121.96 TCP 1325 > 9103 [ACK] Seq=1 Ack=1 Win=4096 Len=0

Frame 7 (60 bytes on wire, 60 bytes captured)
Arrival Time: Nov 20, 2004 21:14:17.975348000
Time delta from previous packet: 0.000615000 seconds
Time since reference or first frame: 0.064428000 seconds
Frame Number: 7
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II, Src: 00:09:bf:01:6b:23, Dst: 00:0e:0c:50:36:fa
Destination: 00:0e:0c:50:36:fa (64.95.121.96)
Source: 00:09:bf:01:6b:23 (64.95.121.95)
Type: IP (0x0800)
Trailer: 020405B40402
Internet Protocol, Src Addr: 64.95.121.95 (64.95.121.95), Dst Addr: 64.95.121.96 (64.95.121.96)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x0004 (4)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 120
Protocol: TCP (0x06)
Header checksum: 0xcf4e (correct)
Source: 64.95.121.95 (64.95.121.95)
Destination: 64.95.121.96 (64.95.121.96)
Transmission Control Protocol, Src Port: 1325 (1325), Dst Port: 9103 (9103), Seq: 1, Ack: 1, Len: 0
Source port: 1325 (1325)
Destination port: 9103 (9103)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 4096
Checksum: 0xfe19 (correct)
SEQ/ACK analysis
This is an ACK to the segment in frame: 6
The RTT to ACK the segment was: 0.000615000 seconds

No. Time Source Destination Protocol Info
8 0.066426 64.95.121.96 64.95.121.95 TCP 9103 > 1325 [PSH, ACK] Seq=1 Ack=1 Win=17520 [CHECKSUM INCORRECT] Len=76

Frame 8 (130 bytes on wire, 130 bytes captured)
Arrival Time: Nov 20, 2004 21:14:17.977346000
Time delta from previous packet: 0.001998000 seconds
Time since reference or first frame: 0.066426000 seconds
Frame Number: 8
Packet Length: 130 bytes
Capture Length: 130 bytes
Ethernet II, Src: 00:0e:0c:50:36:fa, Dst: 00:09:bf:01:6b:23
Destination: 00:09:bf:01:6b:23 (64.95.121.95)
Source: 00:0e:0c:50:36:fa (64.95.121.96)
Type: IP (0x0800)
Internet Protocol, Src Addr: 64.95.121.96 (64.95.121.96), Dst Addr: 64.95.121.95 (64.95.121.95)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 116
Identification: 0x19ba (6586)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6d4c (correct)
Source: 64.95.121.96 (64.95.121.96)
Destination: 64.95.121.95 (64.95.121.95)
Transmission Control Protocol, Src Port: 9103 (9103), Dst Port: 1325 (1325), Seq: 1, Ack: 1, Len: 76
Source port: 9103 (9103)
Destination port: 1325 (1325)
Sequence number: 1 (relative sequence number)
Next sequence number: 77 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17520
Checksum: 0x73e4 (incorrect, should be 0x2652)
Data (76 bytes)

0000 9b 00 4c 00 44 72 65 61 6d 43 61 73 74 20 50 6f ..L.DreamCast Po
0010 72 74 20 4d 61 70 2e 20 43 6f 70 79 72 69 67 68 rt Map. Copyrigh
0020 74 20 53 45 47 41 20 45 6e 74 65 72 70 72 69 73 t SEGA Enterpris
0030 65 73 2e 20 31 39 39 39 00 00 00 00 00 00 00 00 es. 1999........
0040 00 00 00 00 43 5a 4e 5f 32 30 30 33 ....CZN_2003

No. Time Source Destination Protocol Info
9 0.067109 64.95.121.95 64.95.121.96 TCP 1325 > 9103 [ACK] Seq=1 Ack=77 Win=4020 Len=0

Frame 9 (60 bytes on wire, 60 bytes captured)
Arrival Time: Nov 20, 2004 21:14:17.978029000
Time delta from previous packet: 0.000683000 seconds
Time since reference or first frame: 0.067109000 seconds
Frame Number: 9
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II, Src: 00:09:bf:01:6b:23, Dst: 00:0e:0c:50:36:fa
Destination: 00:0e:0c:50:36:fa (64.95.121.96)
Source: 00:09:bf:01:6b:23 (64.95.121.95)
Type: IP (0x0800)
Trailer: 020405B40402
Internet Protocol, Src Addr: 64.95.121.95 (64.95.121.95), Dst Addr: 64.95.121.96 (64.95.121.96)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x0005 (5)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 120
Protocol: TCP (0x06)
Header checksum: 0xcf4d (correct)
Source: 64.95.121.95 (64.95.121.95)
Destination: 64.95.121.96 (64.95.121.96)
Transmission Control Protocol, Src Port: 1325 (1325), Dst Port: 9103 (9103), Seq: 1, Ack: 77, Len: 0
Source port: 1325 (1325)
Destination port: 9103 (9103)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 77 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 4020
Checksum: 0xfe19 (correct)
SEQ/ACK analysis
This is an ACK to the segment in frame: 8
The RTT to ACK the segment was: 0.000683000 seconds

No. Time Source Destination Protocol Info
10 0.131328 64.95.121.95 64.95.121.96 TCP 1325 > 9103 [PSH, ACK] Seq=1 Ack=77 Win=4096 Len=224

Frame 10 (278 bytes on wire, 278 bytes captured)
Arrival Time: Nov 20, 2004 21:14:18.042248000
Time delta from previous packet: 0.064219000 seconds
Time since reference or first frame: 0.131328000 seconds
Frame Number: 10
Packet Length: 278 bytes
Capture Length: 278 bytes
Ethernet II, Src: 00:09:bf:01:6b:23, Dst: 00:0e:0c:50:36:fa
Destination: 00:0e:0c:50:36:fa (64.95.121.96)
Source: 00:09:bf:01:6b:23 (64.95.121.95)
Type: IP (0x0800)
Internet Protocol, Src Addr: 64.95.121.95 (64.95.121.95), Dst Addr: 64.95.121.96 (64.95.121.96)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 264
Identification: 0x0006 (6)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 120
Protocol: TCP (0x06)
Header checksum: 0xce6c (correct)
Source: 64.95.121.95 (64.95.121.95)
Destination: 64.95.121.96 (64.95.121.96)
Transmission Control Protocol, Src Port: 1325 (1325), Dst Port: 9103 (9103), Seq: 1, Ack: 77, Len: 224
Source port: 1325 (1325)
Destination port: 9103 (9103)
Sequence number: 1 (relative sequence number)
Next sequence number: 225 (relative sequence number)
Acknowledgement number: 77 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 4096
Checksum: 0x4f5a (correct)
Data (224 bytes)

0000 72 2f d3 d6 69 fc fa 90 a5 79 78 10 b6 ad db b8 r/..i....yx.....
0010 04 29 e6 56 5f 27 a1 77 e5 fb 61 df 96 7d e3 2c .).V_'.w..a..}.,
0020 5a fa 9d 35 21 57 1c b0 b9 3c 2f 39 c3 95 4f 27 Z..5!W...</9..O'
0030 e0 24 da ab ac 19 e8 e4 31 d6 0e c9 a5 1d 9c 08 .$......1.......
0040 04 33 c0 a0 7a 4e 08 74 46 72 80 40 a6 1f 5c 92 .3..zN.tFr.@..\.
0050 c5 59 40 7a 27 8c 75 f3 ea 0c a3 64 54 7d 35 96 .Y@z'.u....dT}5.
0060 a9 b3 2f 5d 18 26 6e 70 1e ad 6e 40 d4 0a fd 04 ../].&np..n@....
0070 c6 e7 28 e5 52 88 46 95 a2 17 b8 5b 37 c2 24 df ..(.R.F....[7.$.
0080 1f 92 c3 ae 31 91 ff 20 06 d1 d9 18 3f c8 a7 0a ....1.. ....?...
0090 89 73 83 c2 d7 d5 e6 80 51 84 54 8b ef 9e 1f fe .s......Q.T.....
00a0 36 09 31 54 25 3e 89 80 73 09 a9 8c f6 77 ab 03 6.1T%>..s....w..
00b0 b4 d2 e8 58 f0 71 a2 bb ca 9c be a3 ab 0e d1 72 ...X.q.........r
00c0 fa 74 1a 69 a9 13 10 7e da e4 84 7a 3e b7 81 62 .t.i...~...z>..b
00d0 87 f6 60 7d ed 85 a0 b9 af 2f 65 52 60 20 9a 7a ..`}...../eR` .z

No. Time Source Destination Protocol Info
11 0.131448 64.95.121.96 64.95.121.95 TCP 9103 > 1325 [PSH, ACK] Seq=77 Ack=225 Win=17296 [CHECKSUM INCORRECT] Len=16

Frame 11 (70 bytes on wire, 70 bytes captured)
Arrival Time: Nov 20, 2004 21:14:18.042368000
Time delta from previous packet: 0.000120000 seconds
Time since reference or first frame: 0.131448000 seconds
Frame Number: 11
Packet Length: 70 bytes
Capture Length: 70 bytes
Ethernet II, Src: 00:0e:0c:50:36:fa, Dst: 00:09:bf:01:6b:23
Destination: 00:09:bf:01:6b:23 (64.95.121.95)
Source: 00:0e:0c:50:36:fa (64.95.121.96)
Type: IP (0x0800)
Internet Protocol, Src Addr: 64.95.121.96 (64.95.121.96), Dst Addr: 64.95.121.95 (64.95.121.95)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 56
Identification: 0x19bb (6587)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6d87 (correct)
Source: 64.95.121.96 (64.95.121.96)
Destination: 64.95.121.95 (64.95.121.95)
Transmission Control Protocol, Src Port: 9103 (9103), Dst Port: 1325 (1325), Seq: 77, Ack: 225, Len: 16
Source port: 9103 (9103)
Destination port: 1325 (1325)
Sequence number: 77 (relative sequence number)
Next sequence number: 93 (relative sequence number)
Acknowledgement number: 225 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17296
Checksum: 0x73a8 (incorrect, should be 0xbaef)
SEQ/ACK analysis
This is an ACK to the segment in frame: 10
The RTT to ACK the segment was: 0.000120000 seconds
Data (16 bytes)

0000 bb ed 29 cb e4 51 f1 2a b8 a3 6f d2 2d 2f fd 7a ..)..Q.*..o.-/.z

No. Time Source Destination Protocol Info
12 0.132040 64.95.121.95 64.95.121.96 TCP 1325 > 9103 [ACK] Seq=225 Ack=93 Win=4096 Len=0

Frame 12 (60 bytes on wire, 60 bytes captured)
Arrival Time: Nov 20, 2004 21:14:18.042960000
Time delta from previous packet: 0.000592000 seconds
Time since reference or first frame: 0.132040000 seconds
Frame Number: 12
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II, Src: 00:09:bf:01:6b:23, Dst: 00:0e:0c:50:36:fa
Destination: 00:0e:0c:50:36:fa (64.95.121.96)
Source: 00:09:bf:01:6b:23 (64.95.121.95)
Type: IP (0x0800)
Trailer: 722FD3D669FC
Internet Protocol, Src Addr: 64.95.121.95 (64.95.121.95), Dst Addr: 64.95.121.96 (64.95.121.96)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x0007 (7)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 120
Protocol: TCP (0x06)
Header checksum: 0xcf4b (correct)
Source: 64.95.121.95 (64.95.121.95)
Destination: 64.95.121.96 (64.95.121.96)
Transmission Control Protocol, Src Port: 1325 (1325), Dst Port: 9103 (9103), Seq: 225, Ack: 93, Len: 0
Source port: 1325 (1325)
Destination port: 9103 (9103)
Sequence number: 225 (relative sequence number)
Acknowledgement number: 93 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 4096
Checksum: 0xfcdd (correct)
SEQ/ACK analysis
This is an ACK to the segment in frame: 11
The RTT to ACK the segment was: 0.000592000 seconds

No. Time Source Destination Protocol Info
13 0.197971 64.95.121.95 64.95.121.96 TCP 1325 > 9103 [RST, ACK] Seq=225 Ack=93 Win=4096 Len=0

Frame 13 (60 bytes on wire, 60 bytes captured)
Arrival Time: Nov 20, 2004 21:14:18.108891000
Time delta from previous packet: 0.065931000 seconds
Time since reference or first frame: 0.197971000 seconds
Frame Number: 13
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II, Src: 00:09:bf:01:6b:23, Dst: 00:0e:0c:50:36:fa
Destination: 00:0e:0c:50:36:fa (64.95.121.96)
Source: 00:09:bf:01:6b:23 (64.95.121.95)
Type: IP (0x0800)
Trailer: 722FD3D669FC
Internet Protocol, Src Addr: 64.95.121.95 (64.95.121.95), Dst Addr: 64.95.121.96 (64.95.121.96)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x0008 (8)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 120
Protocol: TCP (0x06)
Header checksum: 0xcf4a (correct)
Source: 64.95.121.95 (64.95.121.95)
Destination: 64.95.121.96 (64.95.121.96)
Transmission Control Protocol, Src Port: 1325 (1325), Dst Port: 9103 (9103), Seq: 225, Ack: 93, Len: 0
Source port: 1325 (1325)
Destination port: 9103 (9103)
Sequence number: 225 (relative sequence number)
Acknowledgement number: 93 (relative ack number)
Header length: 20 bytes
Flags: 0x0014 (RST, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 4096
Checksum: 0xfcd9 (correct)
SEQ/ACK analysis

 

Just to clear things up, which IP is the GC and which is your PC?

It still looks like to me they changed the encryption method. I am also curious if the dreamcast blah blah blah ..2003 shouldnt be 2004 since PSO+ came out then. This is a real long shot.

 

Thanks, I will do some reading.
By the way doood81 when you got these results would type of setup are you using. Are you using the PSUL internal DNS server or have you disabled it. What ports do you currently have open on your router.

 

My setup is as follows:

desktop XP psul.exe v1.1
command line was: psul.exe testdemo4.dol
(internal dns for psul enabled)
(no ports blocked on workstation)

gamecube US rev3, PSO I&II + bought about a week ago.
the id on the disc is: DL-DOL-GPOE-USA-01 model No. Dol-006(USA)

I'm using a crossover cable between the gc and my desktop. My desktop has XP SP2 firewall turned off.

It does appear that the encryption in the headers has changed seeing as the checksums come back invalid. Just my guess...

Honestly I can't see why this should be that difficult to work around, seeing as the first editions of PSO were cracked. I would hope that the original people who had cracked the original PSO would shed some light on this or even just fix it. It seems that since they put the work into the first editions and now have a working crack and don't feel PSO+ is of importance since they already have a working version. what a bummer. maybe they just need some $$ incentive ;-) or something. I honestly can say I'm not experienced enough to go much further with this. Reading layer 1 and 2 tcp/ip information is not one of my expertise...yet.

 

For you information (From pso v2.0):

Specific Notes for PSO Episode 3 and PSO Episodes I and II Plus
---------------------------------------------------------------

These are the newest Japanese PSO versions currently released and
have not yet been released in the U.S. or Europe. Sega\Nintendo has
updated their network code so that it can only connect to WAN IP's,
rather than LAN IP's as well. That means that in order to use them
with PSOload V2.0, you must either use an Action Replay code to
patch the code in PSO which checks the server IP, or you must
use a router to connect to the PC's WAN IP instead of LAN IP.
To accomplish the second option, you must set up your own DNS server
to point to the WAN IP of your PC rather than the official
Sega server IP or your PC's LAN IP. Instructions for setting up
a DNS server are in the old readme file which is attached to the end
of this one. If using a cross-over cable rather than a router, it
should be possible to change your PC's LAN IP so that it looks
like a WAN IP and tricks PSO into connecting to it anyway. In any
case, using these two new versions for code uploading may possibly
be a bit tedious to set up, but should work just as well as all of
the other versions when configured properly.

 

I think that those notes only apply to the japanese version that came out over the summer becuase I tried setting up my own DNS server with bind. I had the GC connect to my PC through a Linux box that was running bind and acting as a router. This still did not work.

 

Morfiuso:

I've you look at the packet capture you'll see both ip's are internet addressable. In fact the ip my host which is running the psul (dns enabled) is an internet address as well. Setting up a DNS server and using a router has the same affect as to what I am doing with the crossover cable. I believe the problem is in the packet headers when they get returned to the gc, not because of the ip adress that is on them, because I know and can see it is not a LAN ip, but something to do with authenticating a packet from the sega.net server and checksuming the packet or header itself.


Oh btw, pso+ has been out here in the US for a while now. months??

 

Its pretty strange, i have pso1&2plus jap both i cant get it to work! i get error 100 in PSO. But i cant read jap i use the freeloader so it was a nightmare to setup the network stuff, but it should be right!

PSUL 1.1
Served DNS query from 192.168.1.32...
Connected (JAP 1.1)...
Sending file...Error > Communication error 4...


PSO2.0
192.168.1.100 connected Error
Call to recv(sClient, szInBuffer, sizeof(szInBuffer), 0); failed with: 10054

anyone knows about this error?!
its crap that i cant read the text, would like to see the data when PSO connects to a real server...
Guess we will have to wait for the hardware modchip VC?! should be possible to stream games over that with the right software

 

PSO I&II+ (JAP)
DL-DOL-GPOJ-JPN-03
MODEL NO. DOL-006 JPN

anyone have succes with this?!

 

I guess I didnt really make myself clear. To get the new encryption, all you need to do is packet capture a real connection session. Not it connecting to PSOLoader. Be warned though. If you get the loader to work, dont give it out to the public. They will be able to find out who cracked their nut because it will be your personal info that is coded to the program. It would be nice if you did let us know if it did or didnt work.

Yeah, lots of people have said,"well it should work if you do this." If it was that easy, it would be done by now and everyone would be doing it. I am starting to think that some of this stuff is just misinformation.

 

9103 is the EP3 port also.

 

Anyone still working on this? I'm a newbie who has found this all very interesting though I only understand probably less than half of this. I'd really be interested in knowing any progress anyone has made.

 

costis, the writter of PSOLoad, has said it is impossible to make PSO+ work. I'm not sure if I buy it, I think he may just want to move on. Maybe he had pressure from other sources too, i dont know.

He said not only are there several changes that make the original PSOLoad incompatable, but that the exploit is gone too. If this were true, I think there would be more online games currently. secondly, if they just simply removed the exploit, why put in extra unnessissary changes to make it incompatable. Only a handful of people understand the hack though, and they all are probably unwilling to make a new one.

The other problem is, there is a mod chip now. This is even better than using PSO. There are other methods out too now. all involve hardware.

 

Yeah, I saw what Costis had said shortly after finding this thread and continuing my search. Too bad he won't release the source. Anyone know much about reverse-engineering GC code? Ha ha. After reading Costis' post I went ahead and orderd a bloody SD card adapter, but I'm still sad I couldn't get the PSO exploit working. Just when I was starting to have fun, too...