Jump to content

Tech heads... Help!

Rate this topic


marcnet

Recommended Posts

Ok.. Ive been hacking away at the netmd dlls for a couple of days and ive made a few discoverys about how the shitty openmg program communicates with the netmdapi.dll . I did this by writing a fake netmdapi.dll which logs all calls and parameter values before calling the real netmdapi.dll (which I renamed)

Ive managed to write a program that does basic functions (disc renaming, track moving, track deleting, track playing etc) based on the logging information generated by my fake dll, but im stumped on two things before I can get ATRAC data from PC to MD.

1) How does openmg encode the ATRAC data? Which dll's etc are used?

2) The resultant ATRAC file on HD has an 8 byte key which is used for encryption / decryption. This key is then scambled before being sent to the MD. How is this key generated in the first place? And how is the key scrambled?

Any help would be appreciated. Especially from sony smile.gif

Once I figure this out I could write a PC->NetMD app that has the following advantages:

1) Dosnt crash as much

2) No random files left over.... Id clean up after myself

3) Possible SP encoding quality on PC

4) More audio format support (ogg for one)

5) Real-time analoge uploading (I know other apps support this.. but it would be nice for an all-in-one solution)

6) Id take other peoples ideas - and may actually implement them. smile.gif

Link to comment
Share on other sites

Hi,

thats fantastic if you really found a way to log the parameters!

It would also be great if you share your findings. I would like to do fancy things like SP transfer or unprotected checkout of mp3 or omg files for win nmd!

There are COM Spy utilitites which easily log the call sequence for example for omg checkout by SimpleBurner. I did this and tried to call these commands, but it simply failed. I don't know perhaps I need better initialization of the COM objects or special parameters...

So if we find the used parameters for this calls we could do our own checkout, without track-protection.

I remember a mail from someone who claimed to have found a way to create omg files by the API, he posted the command (but no info on inititialization or parameters) and dll he used. It was not netmd.dll. I just searched for this a longer time but did not find the mail :? Perhaps you should ask again for this in the mailing list.

Another info, this COM Spy utility lists all COM Objects known to windows. There really a lot (!) of COM objects from OpenMG. Alone the names are interesting and perhaps its easy to find the link between the COM object name and the dll which implements it. It must be stored in the registry.

cheers

Link to comment
Share on other sites

I love you guys.

Where did you guys learn to do this stuff, college? I'm going to be a first year at UVa next year, so are there any classes I can take to learn about the stuff you guys are doing? Know any good programming for dummies books or anything like that? I'd love to help you guys out if I knew how.

Link to comment
Share on other sites

I didnt use com spy, or any crappy c++ stuff. I used good fashioned c/asm techniques.

1) D/l a good disassembler - wdasm is good.

2) Look at the function names in the disassembler of the netmdapi.dll file.. they all start with a _ and end in @x - where x is the number of parameters the function takes multiplied by 4. All functions (I assumed) return a 32 bit unsigned integer.

3) In MSDEV (i use MSDEV 6.0 - im not sure if this works with other versions) create a win32 dll - empty project with a standard empty dll main.

5) Create a cpp file and basically create functions with the same names as those in the real netmdapi.dll file. Exclude the _ and the @x part - MSDEV will add these by itself. Make sure you extern "C" the function and make sure its exported.

example: there is a function called _NetMDAMSByTrack@4 in netmdapi.dll

you should declare the fake function in the fake dll as:

extern "C" DWORD EXP NetMDAMSByTrack(DWORD x,DWORD y)

the EXP is defined as __declspec(dllexport) - so the function is exported in the dll

6) Oh and you'll need to manually load the netmdusb.dll, netmd.dll and the real netmdapi.dll (rename this so you dont overwrite it with the fake netmdapi.dll) using LoadLibrary

7) and thats it. every function does a GetProcAddress to get the function addr in the real renamed netmdapi.dll and calls it and returns the result - while logging whats going on.

8) Dont do programming in uni/college - I did for 3 years and its crap - learn by experience. - this conversation is for another day.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...