PS2Emu :: Emulation Gaming & Development News

Using the PS1DRV exploit with nPort
by Jules
Last update : 17th of August 2003

Lets just go over how the exploits works. When an original PSOne CD-ROM is loaded on your PS2 via the PSOne driver (PS1DRV), it looks up the game in a file on your memory card and this file contains the exploit which can make you run own code. Marcus R. Brown has created the whole package for you, all you need to do is compile it (or download it precompiled) and then add your PSOne CD-ROM ID to file on the memory card, so you can take advantage of the exploit.

This guide uses nPort to transfer the exploited file to your memory, you can use either Pukklink or Naplink to load nPort from either native (with some sort of mod) or from PS2 Linux with reload1. You must have nPort installed and working in order to use this guide.

First of all you need to compile titleman (ps2-independence) with ps2lib, I will not get into how to compile it, but instead provide binaries of the file: Win32 Binary

As mentioned before Marcus R. Brown has been so kind to provide premade files to use with nPort, these files contain the exploit file as well ps2link (pukklink clone, loader for the Sony network adapter) which the exploit loads. If you want to use another ELF with the exploit, you have to replace the BOOT.ELF from ps2link with your file and remove all files related to ps2link aswell (IPCONFIG.DAT, PS2SMAP.IRX, PS2LINK.IRX, PS2IP.IRX), please note that not all PS2 ELFs which have IRX files included will load correctly, since there might not be memory card support included for IRX loading.
There are 3 different files, one for each region:

North America (NTSC-J)
Europe (PAL)
Japan/Asia

Now put the file which matches the region of your PS2 into the nPort saves sub-directory, in this directory you will also see a exectutable called npo-x.exe. This tool is an extractor and packer for nPort saves, since we are not sure that the PSOne CD-ROM we will be using is included with the exploit, we will extract the save and add it ourselves.
This we do it like this: npo-x x [npo_file]
For instance: npo-x x BEDATA-SYSTEM.npo.

This will now create a directory named the same as the .npo file with the files for the exploit. The file we are interested in is TITLE.DB (this is the exploit file), for this file we need titleman. But first we need to find out what the the ID is the of the PSOne CD-ROM we will be using is. To do this, put the PSOne CD-ROM into your computer and open SYSTEM.CNF.
This file's first line will be something like : BOOT=cdrom:\SCED_018.22;1 (this line is from an european demo disc). The part we are interested in is the bold part, the filename (or ID) of the start up exectuable.

Now we copy titleman to the directory with TITLE.DB created by npo-x.
Here we do this: titleman -a [ID/filename]
Which in my case is titleman -a SCED_018.22.

Now we have added our PSOne CD-ROM for the exploit. (In case you want to use ps2link, you might want to alter IPCONFIG.DAT aswell to fit your IP settings). You can of course add more PSOne ID's if you wish. What we need to do now is pack the .npo file again, in the nPort save directory.
We do npo-x a [save_dir] - [save_dir] is the name of the directory that npo-x x extracted to.
To follow the example from before, this will be npo-x a BEDATA-SYSTEM.

Now your npo file is updated and we need to get it onto the memory card. But first you need to index the file with the nPort indexer so nPort can find the save in the saves directory, simply just run it and it will tell "All done". Now start nPort and transfer the .npo file onto your memory card. If the file already exists you will have to delete it first.

Once you have the exploit on your memory card, all you need to do is put the memory card into your PS2 memory card slot and put int he PSOne CD-ROM from which you got the ID/filename into your PS2 drive and turn on your PS2, what you should see is a white screen flash for sec and then ps2link should start (unless you replaced the ELF with something else).