Making a NGC Mastercode without GCNcrypt and a BBA

[kevstah2004]

Is it possible to make a NGC Mastercode without GCNcrypt and a BBA isn't there a simplier way like on the ps2 where can extract the main .ELF executable off the disc and read it's ASM via ps2dis is there a way to find a hook address without GCNrd? couldn't the hook address be found by extracting the main .DOL out of an .GCM image using GC-Tool and reading it's ASM code?

[HyperIris]

You can extract main dol by using GC-Tool, and open it in IDA-pro with my dol plugin (http://hitmen.c02.at/html/tools_ida.html), so you can get the ppc disasm.
or, if you like, try dolphin running in debug mode.

[kevstah2004]

Thanks what should I be looking for in the asm an entrypoint? I can't run dolphin my gpu isn't powerful enough.

[HyperIris]

look dol loader plugin source, you can find the dol file header define, and entrypoint is there.

[kevstah2004]

Sorry i'm a newb to this I don't understand, I opened the dol with IDA Pro what do I do next?
How would I replicate the C41BA3B0 0000FF00 mastercode from re0 ntsc? would that be
.text1:801BA3B0 if so how would I get to that address on my own what processes do I have go through to get to it?
http://img401.imageshack.us/img401/280/re0dsc1.jpg
and how do I stop it switching the text disassembly view with the graph disassembly view once the autoanalysis has finished