PlayStation Development Network

Well I thought I'd open a topic here to contain all relevant information in regards to the PlayStation copy protection which is the infamous wobble groove.

One theory I have is to get CD-R's manufactured with the wobble pressed in where the ATIP would normally be, but the rest of the disc is recordable. Problem is, now there is no timing data for the writer, so the disc will actually be invisible to the drive and un-recordable. However, if a custom bit of firmware was written to ignore such a thing and the wobble was somehow used as a timing key for the drive, then it might be possible. Almost like how 'Clone-CD' has a 'Hide ATIP' function. Issue is, 140.6 kHz is the frequency of a normal ATIP, but the PSX wobble is 22 kHz.

Another theory I have is that the PSX simply doesn't care WHAT the wobble consists of so long as it find the correct license string (seen below) somewhere in the ATIP (IE: it will attempt to just read it at some point and thus the HC05 acquires the magic key). This means that the both the ATIP data and wobble data can be present in the ATIP on a CD-R itself thus the disc is still recordable, or, the wobble can just be simply burnt to the lead-in section and the PSX will effectively 'lock-on' to it. The first idea can be done by putting a PSX disc under a SEM and checking where exactly the wobble is versus a CD-R. The disc can't just be placed under it directly though. The AL sputtered coating needs to be removed as a thin film, thus the polypropylene coating needs to be eaten off by acid. However, one idea is to glue on strips of tape and literally 'rip' the coating directly off of the disc and place those under the SEM to get a mapping of the disc itself. I found a company which will let me do such a task, but it costs several hundred dollars to 'rent' their machine. The second idea requires custom burner firmware to do such a task, but in order to even burn a wobble, you need to make the laser physically wobble as it's burning.

PSX Disc Coating:


Example CD-ROM: (if this were a wobble groove, the pits would be slanted)


Wobble Data: If you've ever listened very closely to a PSX disc booting, you can actually hear it reading the wobble. These audio clips might make you remember if you take a listen...

Audio Files:
http://www.psxdev.net/forum/download/fi ... ew&id=1159
http://www.psxdev.net/forum/download/fi ... ew&id=1160
http://www.psxdev.net/forum/download/fi ... ew&id=1161
http://www.psxdev.net/forum/download/fi ... ew&id=1162
http://www.psxdev.net/forum/download/fi ... ew&id=1163
http://www.psxdev.net/forum/download/fi ... ew&id=1164

---

impressive research Shadow!
I thought the beep was a motor/track sound
I think if you made the cdr's and we could be burnt to it, many here would buy them, I know I would get some for sure

So that's that "boot" sound!
I distinctively remember noticing it back as early as '98 and I would never have made the connection to the copy protection.
So yea, this is an audio signal almost. Hmmm.

Thanks Shadow

Seeing a PSX disc under microscope would be really interesting. Are you sure that one needs a Scanning Electron Microscope for that? A high-resolution Optical Microscope might work, too. As long as it can deal with the black surface of PSX discs, which aren't entirely black, in fact the PSX discs are transparent (you can use them as sunglasses and still see something when looking through them). I have absolutely no experience with microscopy, but I would imagine that a microscope with strong back-light could work, or an infra-red microscope (if any such thing exists), from what I've gathered shorter wave-length (like UV light) would be better for higher resolutions, but I don't know how that would work with the black disc surface.

The wobble audio/wav recordings are a bit confusing... I guess you don't mean that it's audible through sound output/speaker, but rather from the drive mechanics... the wobble causing the drive head to shake back'n'forth?

By the way, this is the subchannel Q readout while the PSX looks for the key:

nocash wrote:Seeing a PSX disc under microscope would be really interesting. Are you sure that one needs a Scanning Electron Microscope for that? A high-resolution Optical Microscope might work, too. As long as it can deal with the black surface of PSX discs, which aren't entirely black, in fact the PSX discs are transparent (you can use them as sunglasses and still see something when looking through them). I have absolutely no experience with microscopy, but I would imagine that a microscope with strong back-light could work, or an infra-red microscope (if any such thing exists), from what I've gathered shorter wave-length (like UV light) would be better for higher resolutions, but I don't know how that would work with the black disc surface.

The wobble audio/wav recordings are a bit confusing... I guess you don't mean that it's audible through sound output/speaker, but rather from the drive mechanics... the wobble causing the drive head to shake back'n'forth?

I'm fairly sure a regular microscope can't see the CD-ROM pits and lands. The first problem is that a scope that the public could have access to that can see 16,000 times would be extremely expensive. The second problem is the light. Getting a light strong enough to shine through the back of the disc and through the black (well, deep purple/blue because like you said, if you hold it up to the light it is transparent and some light does pass through, but only on platinum titles does it do this (images below)) poly-carbonate would be another challenge, yet alone to also pass through the aluminium coating too. Now while the image below is quite bright and you can see the SONY and Naughty Dog logo, under a regular microscope at 16,000 times, this would be extremely dim because of all the lenses it would need to reflect/refract through.

Best thing to do is grab some sticky tape, place it over the wobble and just rip it right off. Then, this can be placed in a SEM chamber and scanned. If the tape isn't strong enough, the surface can be lightly sanded with fine sandpaper, cleaned with alcohol and then a thin coating of epoxy can be layered on a section of the wobble and a piece of tape can then be meshed with it to create an even stronger bond that tape could do.

Platinum copy of Crash 3:


Viewing it under an 2000 lumin 6500k LED light (so bright it's almost like looking at the sun):


Yeah, those recordings are from the drive mechanics.

You might be interested in knowing that the Biohazard 15th anniversary box comes with pressed discs of Resident Evil 1-3 which don't feature the black coating. Not sure if it would help in their case.

Ken Kutaragi Patent

This is a very intresting topic
also note that an electron microscope might need some prepping, and you better get a large one or know infront where the intresting wobble is located before cutting

https://youtu.be/GuCdsyCWmt8?t=444 (at 7:24 minutes) one of my favorite youtubers shows how he "tried" reading a CD-rom under his selfmade electron microscope.

For what it's worth, the "Modern Vintage Gamer" posted a video about PS1 security onto YouTube earlier today, and he mentioned at the ~6:15 mark that there were certain CD writers that could actually write the wobble sectors once flashed with custom firmware - followed by a photograph of a Plextor 12/10/32S CD writer at the ~6:28 mark

His video is here: https://youtu.be/7HOBQ7HifLE?t=375

I also found some discussion about custom Plextor CD writers that could write any pit pattern in the 'Comments' section of a PS1 Hackaday article: https://hackaday.com/2018/11/05/how-the ... as-hacked/

'Hack a Day' took some of the information from this topic (including those audio recordings I posted). 'Modern Vintage Gamer' seems to have got the majority of his sources from 'Alien^PDX' (that's Alien of Paradox, a long time member of Paradox).

I genuinely believe it is not possible to burn a wobble groove which is why I came up with the theory in my prior remarks of this topic. Everything people post about being able to do so are uneducated and are just spreading false information on the Internet without any proper citation or point of reference. Just because someone says something doesn't mean it's true. So, until someone can explain how they managed to write to the ATIP (where the wobble would be on a pressed disc) on a CD-R and then get the drive burner to track and still burn a PlayStation game, then I will be interested. Until then, people need to stop spreading false information on the Internet like this because it's not professional and makes researching information a minefield.

https://club.myce.com/t/tracking-coil-m ... n/87361/73

The wobble...

First up, apologies posting to a very old thread. This seems like the place to post what I'm about to attempt - unless it has been done and there's a link I could read up on? Watching MVG's video last week sparked an interest in this that i've had for a while now. I wen't to an opshop and picked up a few CD players and burners to begin experimenting with.

I wanted to *see* this wobble, not only to see where it is on this particular disk I'm working with, but its amplitude compared to average wobble noise.

The correct term for this wobble is Tracking Error. The lasers primary purpose is to track the spiral data track, this is done (on my particular setup) by watching above and below the data track, if the laser wonders off, it'll pick this imbalance up and move the lens/sled to keep on track. The amount it moves is the result of a signal called Tracking Error (TE).

Attached is a signal recording of this TE signal as it reads the TOC of a PS1 disk - This is in an audio cd player so full TOC data isn't read but enough to visibly see the data.

It is also important to note that the TE during reading a track is around 100mv PP where the wobble data is 1.1v PP. This is the limit of the servo controller IC in this cd player I'm using so the wobble could be greater than that, it is just being clipped. The wobble is significant in size.

My thoughts are - If we are to produce a bootable CD, we need to inject this signal during burning. We need to know *how much* wobble we need to inject for the detector in the PS1 to demodulate it, if we can inject it at all.

I'll be perusing two more tests before making up my mind if a commercial burner ever did exist that could burn this track, or not. Those are, inject TE into the PS1 during playback of an audio CD. I'd like to know how much TE is required to get an output from the demodulator.

Second is to inject TE during burning an audio CD at 1x speed. This will need to be done at a hardware level. My thoughts are, if we can ever so slightly defocus the laser and move the lens during burning we can cause an amplified TE when we play back the track while keeping the data itself largely undamaged. Defocusing may not even be required. If I can add a 1khz tone to the TE signal, and recover it during playback, I have absolutely no doubt that a purpose built burner could do this too.

So! That's my idea. Happy to be told its stupid/crazy but I'd like to follow it to its end all the same.

I'm happy to hear your thoughts, opinions and ideas!

-Ben

Edit: File is too large to upload, I'll host it elsewhere and post the link if anyone is interested (and it doesn't breach the rules here)

My original experiment was that burning the wobble right after the ATIP on a CD-R might cause the PSX tracking servo to lock-on and track that injected 22KHz wobble. It's all just theory though and an experiment I was interested to try which is why I wanted to scan the physical wobble pits and lands under a SEM to see exactly what they look like, where on the disc they exactly are and how long the track is so we have some sort of reference to what we should be aiming for.

This 22khz modulation, do you have more info on it? The TE signal I'm monitoring doesn't modulate, it is simply serial data. There is no demodulation going on in this CD player I'm using either, it is just amplified E - F optical pickup data right before it is fed back into the lens servo circuit.

Unless the roll off frequency of the servo is below the 22khz so it's demodulating automatically... Which is possibly the case as an FFT of the sample shows a small peak at 22khz...

Here's a chirp in the TE signal that occurs only during the TOC read, and only on PS1 disks.

What you've read is probably demodulated already. In order to re-master the wobble on a CD-R, a burner needs to write it at a 22KHz frequency.

Here is the US patent nr. 6304971 called
DIGITAL COMPACT DISC PLAYER SECURITY SYSTEM REPRODUCING METHOD AND APPARATUS.
It has been patented by Ken Kutaragi (the Father of the PlayStation) and Tetsuya Hirano.
There is described the famous Sony wobble groove invention and how the disc security code is stored in the
CD TOC area (Q-Subchannel bits) and the method how it is read via Tracking Error signal of the laser pick-up unit in parallel with the useful data.

A crazy idea came to me last night, sorry if it has already been discussed and dismissed, but... would it be possible to recreate the wobble groove in a printed circular hologram, to be applied like an adhesive to the cd's TOC area?

redwine70 wrote: ↑October 21st, 2021, 9:46 am A crazy idea came to me last night, sorry if it has already been discussed and dismissed, but... would it be possible to recreate the wobble groove in a printed circular hologram, to be applied like an adhesive to the cd's TOC area?

That's a clever idea. I'm honestly not sure. The problem is the tracking after the wobble, and figuring out precisely where to adhere it would be very difficult.

Isn't the wobble groove's track fixed-size in every disc?

redwine70 wrote: ↑November 11th, 2021, 1:55 am Isn't the wobble groove's track fixed-size in every disc?

In theory yes, it should be. Each wobble should be the same length but contain a different territory string (IE: SCEE, SCEA or SCEI). I'm not sure if the Net Yaroze disks contain SCEW. They very well might do because their HC05 is designed to look for SCEW and the debugging stations have in their HC05 NULL for the check so no wobble will pass (IE: a CD-R).