PS2 Softmod Guide

For the latest version of this guide, check out this thread.

Last updated: September 21st, 2006 (changelog)

This guide was originally written by admiraldennis of the Something Awful forums. I had no part in writing this, other than re-hosting images and files for mirroring here. Neither him nor I am responsible if you fuck up your PS2. Note: Some programs may have been updated since the screenshots have been taken, but things are still should mostly the same.


Contrary to popular belief, "softmodding" is not just for XBox! Assuming you have a v1 - v10 PS2 (everything except slimline and possibly the rare v11), it’s quite possible and not too difficult to softmod a PS2.

Geeky Note: I am using the word ’softmod’ because it is common terminology. In reality, we aren’t ‘modding’ anything, save the contents of a memory card. What we’re actually doing is exploiting a bug in the PS2’s PSX compatibility driver. By creating an incorrect entry in the file TITLE.DB (which the PS2 uses to store compatibility information for certain PS1 games), we can cause a buffer overflow and run an unencrypted program stored on a memory card. Naturally, we will run a ‘launcher’ program which can then be used to run whatever software we wish on the PS2. This bug was fixed in v12 (possibly v11).

What do I need?

For the exploit:

  • ‘Fat’ PS2, any version except v11 (which might work?).
  • A PSX ‘trigger disc’. This disc will be used to trigger the exploit.
  • Memory card with preferably 1MB+ available (~200kb min for exploit, ~900kb min for exploit+HD).
  • A way to get files onto a PS2 memory card. Easiest way by far is through Action Replay MAX or Codebreaker. Make sure your version of either supports USB drives. (8.0+ for CB and 3.30+ for AR are CONFIRMED. Make sure to check the box for this feature, old versions of each are still sold). I bought ARMAX for $30 and it came with a free 16MB memory card which was perfect for the exploit and homebrew software!)
  • A USB flash drive for ARMAX or Codebreaker (possible without one with ARMAX, but much easier with).
  • Some free software tools (we’ll get to these later!) — Windows only.

…with a hard drive:

  • A compatible 3.5? IDE harddrive (most are). Maxtor drives fit the best in the bay, as the ‘official’ PS2 HD was a Maxtor. Western Digital drives are the most problematic as many of them don’t physically fit. I have a 200GB Maxtor Diamondmax10 which works wonderfully. (Maxtor good, WD bad? PS2 land is BACKWARDSLAND!) Compatibility database.
  • The PS2 network adapter (the hard drive plugs into this). Note that you do NOT need the Network Adapter setup discs for this.
  • Patched hdloader (we’ll get to this later!)

What can I do with a exploited PS2?

  • Run homebrew PS2 software. Essentially this is comprised of a couple emulators, a couple media players, and a couple useful utilities.
  • Store and play games off of an installed hard drive with hdloader! This greatly reduces loading times, adds convenience, and saves your games and laser.
  • Play imports from the hard drive.

What can’t I do with a exploited PS2?

  • Play ‘backup’ CD/DVD-Rs of PS2 games. (a hard drive is a better backup solution anyhow!)
  • PSX games can not be run from the hard drive. They still work fine from discs.

Will I get banned from online games? Can Sony tell?

  • No. However, certain games may not work online from the hard drive due to DNAS (more on that later). Your discs, however, will still work fine online.

I’m ready. Let’s do this.

OK. First we’ll go through just the exploit, then the hard drive. Be sure to go through the checklist above for the required materials.

Here’s the PC software you need. All of it is free or public domain and I’ve mirrored them because the original sites are often dead or nonexistent.

IDGET
Titleman Frontend
PS2 Save Builder

You’re also going to need a launcher program that your PS2 will load from the exploit. My favorite is LaunchELF. Here’s the latest unofficial build: uLaunchELF v3.72. The two files in the zip, BOOT.ELF and BOOTc.ELF are identical except BOOTc.ELF is compressed. Loading time is actually quicker on the compressed version (less memory card reading), so most people will want to use BOOTc.ELF. Rename or delete the uncompressed BOOT.ELF and rename the compressed BOOTc.ELF to BOOT.ELF (this is important).

Get your PSX ‘trigger disc’ and put it in your PC. The vast majority of games will work for this, but a couple won’t (namely Quake II and Duke Nukem’ games). I use THPS 3 for PSX since I also have the PS2 version :). Open up IDGET, select the drive, and GET the ID of the PSX disc.

Open Titleman Frontend. Click ‘Create TITLE.DB’ (file is created in same dir as app). Put in the disc ID and click ‘Add Exec’. Click ‘List current contents of TITLE.DB’ and confirm your entry. Pay special attention to the initial four letters, sometimes TMFE messes these up. If all is well, exit the program.

Ok now if you aren’t using ARMAX or CB, skip PS2 Save Builder and the ARMAX steps. The goal is to get TITLE.DB and BOOT.ELF onto your Memory Card in the BADATA-SYSTEM directory (same directory as Your System Configuration). If you know another way to do this (DexDrive, etc.) then go ahead. Otherwise…

Open PS2 Save Builder. File > New to create a new save. Under ‘Root/ID’ put ‘BADATA-SYSTEM’ (US/NTSC) or ‘BEDATA-SYSTEM’ (EUR/PAL). Please note that is a - and not a _. Drag TITLE.DB from the Titleman Frontend folder into the list. Drag BOOT.ELF (compressed or not, it has to be named BOOT.ELF exactly) into the list as well. Goto File > Save As… If you’re using AR MAX, choose AR MAX v3 (*.max). If you’re using Codebreaker, choose Code Breaker Saves (*.cbs). Name the file exploit.max or exploit.cbs.

Plug in your USB flash drive and copy the exploit .max or .cbs file to it (root level).

Now it’s PS2 time. I have ARMAX so that’s what I’ll be using for the tutorial. Codebreaker people should be able to figure it out, as CB is supposed to be pretty similar.

Put your USB flash drive in either USB slot, and your ARMAX disc in your PS2. Load up ARMAX. Go to ‘Max Memory’, hit X, and wait for it to load the memory manager (which takes far too long). Press X on ‘My Devices’. Choose memory card 1. Find and select ‘Your System Configuration’, then choose delete to delete it. We do this because our exploit files are going into the same folder as the system configuration (BADATA-SYSTEM) and certain versions of ARMAX will display an error (File already exists) if you don’t do this first. All the system configuration file contains is a couple settings (screen size, language, etc), so don’t worry about deleting it. These will be reset to default after doing this.

Press triangle to go back. Now Choose the USB drive as the primary device. Wait for it to search the drive. Check ‘NEW_FILE’ (this is our exploit.max) and go down to ‘Uncrush to MC1'. Confirm and wait a couple seconds for it to extract.

(people not using ARMax should start reading again now)

When it finishes, shut off your PS2 (you can remove the USB drive). Turn it on and insert your PSX trigger disc.

If everything worked, you should see a flash of white followed by this screen:

Congratulations! You have successfully exploited your PS2!

You can now load up LaunchELF by simply having that memory card in either slot and the trigger disc in the drive. From here we can run homebrew PS2 software (directly from a USB drive, even) and set up some other stuff.

Note that the exploit is stored under the ‘Your System Configuration’ file in your memory card. Deleting this will delete the exploit. You can safely configure your PS2 without worries, however. You also might see one or two small ‘corrupted data’ files appear in your memory card. Don’t let this alarm you and don’t delete them. They are configuration files for programs like LaunchELF. They’re not actually corrupt.

How to configure LaunchELF

LaunchELF is a ‘loader’ program and a PS2 file browser. It can be used to load other ELFs (PS2 executables) and copy/move/delete files. It’s pretty easy to use and has an all-text interface, so pictures aren’t necessary.

LaunchELF defaults to Japanese/Metal Gear Solid style keys (O is Confirm, X is Cancel), though you can change this in options. Press select to enter configuration, where you can assign different keys to different ELFs. ‘Default’ will be launched after a specified number of seconds (’Timeout’). I set my default to HDLoader with a timeout of 3. It’s also useful to assign the ‘built in functions’ (under MISC when assigning). These include FileBrowser (browse PS2 file system) and PS2Browser (launch the PS2 Browser).



So what’s the deal with these HDLoader and HDAdvance discs people are selling? Shouldn’t I get one of these instead?

NO! If you’re buying a copy of HDLoader nowadays you aren’t buying it from the original creator (who has long since stopped selling HDLoader). The people you buy it from are most likely ripping you off by selling someone elses product. In addition, the standard HDLoader is pretty outdated nowadays. it doesn’t support drives over 127GB and it has many more compatibility issues than the latest patched HDLoader. Why pay money to a bunch of people selling someone else’s now-outdated product?HDAdvance is even worse. Do you really want to give your money to a bunch of crooks? HDAdvance is literally a hex edit of the HDLoader binary. The HDAdvance ‘team’ took HDLoader, applied some community-created patches they didn’t even create, modified the splash screen and menu bitmap, and are selling it for $20-$30 or whatever. Not to mention it’s not up to date. If you buy HDAdvance you are literally supporting asshole plagiarist criminals.

How do I set up a hard drive with HDLoader?

First, the physical hard drive installation. This is easy.

The hard drive goes in the ‘expansion bay’ and connects directly to the network adapter.

Remove your PS2’s expansion bay cover if it still has one. Set your drive’s jumpers to ‘cable select’, attach it to the network adapter, and insert it into your PS2. Remember to attach the drive to the network adapter before you put it in the PS2. Tighten the screws on the network adapter. Sony recommends you use a nickel, but I use a screwdriver nowadays. If you decide to use a screwdriver, make sure not to tighten it too much. It’s very easy to break the plastic. Make it firm but not tight.

The physical installation is complete, now it’s time for HDLoader.

Here is a copy I have fully patched for exploit use and packed myself: hdloader v0.8b. Here is a thread on patching/packing your own, if you really want to.

This HDLoader was patched on 07.30.05 via hdlpatch 0.7c with /N - No disc seek while loading (stops freezing at splash screen on V9). /C - Compatibility options update (press SELECT to access). /S - Stop cdvd-drive motor after loading (use ONLY with disc based booting). /L - LBA 48bit patch (allows full use of HDDs up to 2 terabytes). /IS - Custom splash screen. (I put a nice modified splash screen that denotes the patches applied) and packed with ps2-packer 0.4.

Unzip the file and copy ‘HDL_0.8b.elf’ (610KB) to your USB flash drive. Plug the drive into your PS2, and turn your PS2 on with your trigger disc.

If you followed my tutorial thus far, you should be booted into LaunchELF and you are able to access LaunchELF’s built-in file browser. In the file browser, go to mass:/ to access the USB drive. Find HDL_0.8b.elf (HDL_0.8b.elf in the photos below), select it, press R1, and select copy.

Press triangle to navigate back to the root path in the file browser. Select your memory card (mc0 for slot 1, mc1 for slot 2), select BADATA-SYSTEM (we might as well put it in with the exploit files), press R1, and go to paste. After a few seconds, HDL_0.8b.elf should be copied onto the memory card. Now, you probably want to set up HDLoader to load automatically after a few seconds (or at least map it to a key). Press Select to exit the file browser and then enter CONFIG from the LaunchELF menu. Select either DEFAULT (for timeout loading) or a key to map HDLoader to. Navigate to your HDL_0.8b.elf file (mc/BADATA-SYSTEM/HDL_0.8b.elf), and select it. For DEFAULT, choose a TIMEOUT value.

Go back to the LaunchELF menu, select HDL_0.8b and hit OK to load HDLoader!

You should see the HDLoader splash screen followed shortly by this screen:

(if you see this instead, HDLoader can not see your hard drive. Check your connections, jumper settings, and model. If you see a black screen, something’s wrong with your copy of HDLoader or the way you are launching it. Note that HDLoader does NOT like being the BOOT.ELF file on many PS2 versions, which is why we do it through LaunchELF)

Press ‘continue’ to format your drive. You should see this screen (I used an extra 60GB Seagate Barracuda for demonstration purposes):

You’re done with setting up your hard drive with HDLoader! You may now install games directly via your PS2 and play them from your hard drive. Note that dual layered games and games in .iso format can not be installed within HDLoader. PSX games may not be used with HDLoader at all.

List of DVD9 games (must be installed via PC):

8.05GB USA Xenosaga 7.93GB USA God of War 7.74GB USA Champions of Norrath 7.55GB USA The Guy Game 6.47GB USA Madden 2005 Collectors Edition 5.99GB USA Metal Gear Solid 2: Substance 4.95GB USA Gran Turismo 4

What about compatibility modes?

Certain games require certain compatibility modes to be set in order to work correctly with HDLoader. An up-to-date list of game compatibility and modes can be found here. To access the compatibility mode settings for games, highlight them and press Select (note that the terms ‘Mode 1', ‘Mode 2', and ‘Mode 3' refer to the first three compatibility modes, respectfully).

How do I install games via PC directly?

This is the best way to install games (either from optical media or from an ISO) in my opinion. You will need the freeware WinHIIP.

First step is to connect your PS2’s hard drive to your PC. You can do this directly to the IDE bus or with some kind of case (FireWire or USB2, generally).

(My hard drive connected to the FireWire case I recieved that day. Before that, I hooked it up to the IDE cables still visible below it. No, this is not my primary workstation, it’s a cheapo Dell Pentium III I got for free. :) )

Note that the hard drive will not show up in Windows Explorer, as it is not in a Windows-readable format.

If you already have the ISO of the game you want to install, skip this next section.

While WinHIIP can install games directly from media, I usually don’t do this. WinHIIP doesn’t support dual layer DVDs for one, and PS2 hard drives are easily corrupted by failed installations. Creating an ISO doesn’t take too long as it is. The choice is up to you, though.

To make an iso of a DVD, you will need a program like the free DVD Decrypter.

Launch DVD Decrypter, go to the ‘Mode’ menu, and select ISO>Read.

Mash the big DVD>HD button and to create an ISO of the DVD.

To make an ISO of a CD, you simply need an ISO creation utlitity. I use the shareware IsoBuster, but there are some decent free tools out there like LC ISO Creator.

You can install multiple ISOs at once with WinHIIP, so repeat these steps for all the games you wish to install.

Once you have the ISO(s) of your game, launch WinHIIP. Go to ‘Select Drive’ and select your PS2 hard drive.

Go to ‘Add Image(s)’ and select the ISO(s) of the games you wish to add, filling out their names appropriately (don’t touch the other options).

Be sure to double-check the CD/DVD selection, as sometimes it defaults incorrectly (thanks, BillyBoBob). I’m not sure what exactly this setting does, and I’ve never had any problems with the wrong setting selected, but better safe than sorry.

When everything’s set to go, hit Start and watch your games install very quickly (I generally get 14-16MB/sec)!

Links:

http://list.ps2hd.com/ - Up to date game compatibility list.
http://ps2drives.x-pec.com/ - Hard drive compatibility list.
http://ps2-scene.org/ - Great resources and forums.