Feature request - DVD mode - Bruteforce the 0x3C SCSI command when /raw is used for unknown drives. #213
Comments
|
If someone find a new drive using the BruteForce3C.exe, I'll add it as whitelist. |
We're going through our collection of drives for another project so we'll be on the lookout. Do you have a list of models that currently support /raw? I saw your post here: http://forum.redump.org/post/59622/#p59622 But it only has E7 drives. Do you wanna compile a supported drive list with the supported output data somewhere? |
DiscImageCreator_test.zip |
Is your feature request related to a problem? Please describe.
Currently, DIC has a fixed list of drives that support various methods of reading 'raw' data from the drive through various methods. For instance, certain LG/Hitachi drives support the E7 memory dump command, but many drives can support reading raw data through the 0x3C command like Lite-Ons and LG/ASUS drives. However, DIC will only allow /raw to be used if the drive is hard-coded into DIC to function leaving a lot of potential drives out without support.
Describe the solution you'd like
I think DIC should attempt to brute force or automatically detect if a drive has support for reading with /raw by using brute-forcing methods to determine the right parameters that return data off the disc. Friidump includes an (unfortunately closed-sourced) called BruteForce3C which can brute force the 0x3C opcode by incrementing the command parameters until the drive returns data off the disc while the target drive has a DVD inserted. The program comes with a .cfg file that blacklists returns that are all 00s, as that would suggest that the drive has nothing on the cache/buffer. However, if the program returns a .bin containing non-zero data, it can potentially read raw data.
However, DIC could go one step further and implement this for drives that aren't hardcoded into the program. Here's how I imagine it can work:
1.) User uses /raw with their unsupported drive.
2.) If DIC determines that the drive is unsupported, try and see if the drive is an LG/Hitachi drive. see if E7 is present by using the opcode and return data where the first 4 bytes are 00 03 00 00. This would indicate PSN data for LBA 0, the first sector on the DVD.
3.) If E7 doesn't work, move on to brute forcing 0x3C. Alert the user that the drive is unsupported but that DIC will bruteforce for 0x3C. DIC will then increment the 2 parameters of 0x3C and return data from the drive as it reads LBA 0. If 0x3C returns 00, increment and move on to the next value. If it returns data, see if 00 03 00 00 are the first bytes present. If it is, that's the command for 0x3C to use for raw dumping. If you exhaust all values for 0x3C, the drive doesn't support reading with /raw, so stop DIC. DIC should let the user know what values it's trying or how long it will take to brute force.
4.) Next determine what data is being returned by the drive. This is a bit tricky as since drives can return different data, there are a few things you need to look for.
5.) Once everything has been determined, dump the rest of the disc to a .raw file using the discovered 0x3C opcode.
Make sure everything is recorded in a log file.
Describe alternatives you've considered
It would be nice to have DIC do this for the user, but I suppose you could always just include BruteForce3C with DIC and call it externally when /raw is used. I wish the source code were available, but I have a feeling this would be easy to implement in DIC anyway.
Additional context
Grab BruteForce3C here.
BruteForce3C.zip
For the record, here is what BruteForce3C does:
The text was updated successfully, but these errors were encountered: