PS1 Loader

[ADW]

Quote:

Originally Posted by kevstah2004

What version of Action Replay do you use I have a Action Replay CDX the one with the codes stored on a special black memory card which refuses to even load on my v7 it doesn't even get to the PS1 logo screen with the "this is not endorsed by Sony" tag.

I use the Action Replay 2 v2 Disc 2 (see attachment). It boots every time on my v5/6 but since it loads the cheat codes off the disc itself I have to wait for that to finish before I can swap in a backup and boot it.

[ZanQuance]

Hi guys, some simple clarification for you all, those Playstation.exe files are the exact same as the SLUS_xxx.xxx files, their simply renamed. There is nothing special about them aside from the name

It doesn't matter where the PSX code resides, memcard/cd/Usb flash drives ect... the PS2 does not know how to run the code until PS1DRV has finished loading all the needed PSX modules into the IOP.

The only way PS1 code can be ran is:
(1)Patch PS1DRV on the fly and all the CD-Check calls it makes via various Bios modules, thus allowing any backup swap-tricked into the drive to run.
(2)Reverse Engineer PS1DRV and create a legit open source PS1DRV loader.
(3)Reverse Engineer PS1DRV and extract all needed PSX routines and load them manually.

or (4) simply give up on any Software loading PSX games and simply do the Swap-Trick.

But if your up for a nice project and refuse to simply yield to the PS1DRV blockade, then pick one of those options and Good Luck!

[ADW]

Thanks for the info ZanQuance.

(1) sounds feasible; isn't that similar to how ESR works for patched backups?

Is there any available information on how PS1DRV works?

[kevstah2004]

OSDSYS reads the first line of SYSTEM.CNF if it reads BOOT it passes to PS1DRV an then PS1DRV uses SECRMAN to check the disc for validation an then reads SYSTEM.CNF again for the executable file to boot. I think OSDSYS passes to PS2LOGO for PS2 discs when it reads BOOT2. I thought LOGO was for PS1 discs but I can't find any entries for it unless it's in SECRMAN. Also does anybody know how to read the source of dvdelf_decr.bin isn't it just a decrypted ELF with a legit magicgate header? is it already packed? I think OSDSND, SECRMAN, PS2LOGO & LOGO are IRX files.

[dlanor]

Although it doesn't in any way use, or directly relate to, the PS1DRV by Sony discussed here, I think most of you should still be interested in an emulator developed by ffgriever (though still unreleased). Here is a link to the post where he finally went public with some info on that project.

Best regards: dlanor

[ZanQuance]

I believe that TBIN is responsible for most the PSX routines and for the PSX Logo tho I may be wrong, I never did get far into reversing that Module, but it does have quite a bit of routines for running PSX stuff inside it.

[kevstah2004]

Thanks! for the heads up
TBIN

TCB EVENT STACK BOOT %s %08x
BOOT = %s
argument = %s
0123456789abcdef (null) 0123456789ABCDEF 0123456789abcde

SYSTEM.CNF;1 PSX.EXE;1

Clear 0x10000 to 0x%x
LOGO LOGO

MEMORY CARD creat
bu00:s002 write
bu00:s002 fd=%d
write=%x
bu00: bu00:s002 read=%x
error(%d,%d)
test 6 button P

I found this in SBIN
PS-X Control PAD Driver Ver 3.0 @€p€%s
TYPE : Dual cross key -> not supported!
TYPE : 6 free button or flying-V form
TYPE : Unknown (%d) -> not supported!

http://assemblergames.com/forums/forumdisplay.php?f=36
http://lorezan.free.fr/ps2/PS2%20Tool%20guide.ppt
http://lorezan.free.fr/ps2/PS2%20Tool%20guide.pdf

[TnA]

@dlanor: Thx, but I hope this thread remains open and interested people don't stop to work.

It can evolve some n00bs knowledge and even do the same with more tech-familiar people, which may collect more in-deep technical knowledge.

I like the emu-idea&project (because it is also still that far and seems to have a good concept), but in case it is different to the method the people here try and other methods will ever give us the choice, if the other way does give us some limitations.

More kinda "Hacking", than "Emulating" and "writing/coding" by themselve (but look at FMCB. Think it could be a beginning and maybe also able to be integrated in OSDHACK.ELF. <-- 1 of my first ideas the Browser2.0-Hack, but maybe to hard. But if we can "initialize" the PS2 to PS1-HD-Mode with an ELF, instead of an own emulator. <-- I want to know, how the f*#k Sony does it. It may gives more games compatibility, but it also may force to few devices [i.e. internal HD]).


Both have there pro and contras.

[kevstah2004]

I was wondering what these where used for?

ICOBCDDA - Compact Disc Digital Audio?
ICOBDISC - ?
ICOBDVDD - DVD-V?

ICOBPS1D - ?
ICOBPS1M - ?

ICOBPS2D - ?
ICOBPS2M - ?

HDDOSD.ELF - Is this for official HDD's only or is it related to ps2 linux in anyway?

[TnA]

HDDOSD.ELF --> Afaik, it is the HD-Upgrade-Feature (Free HDBoot *dreaming* ), maybe I'm wrong sorry.

[lee4]

Quote:

Originally Posted by kevstah2004

I was wondering what these where used for?

ICOBCDDA - Compact Disc Digital Audio?
ICOBDISC - ?
ICOBDVDD - DVD-V?

ICOBPS1D - ?
ICOBPS1M - ?

ICOBPS2D - ?
ICOBPS2M - ?

I'm assuming they are use for PS2 Broswer's ICONs

ICOBCDDA - Audio CD icon
ICOBDISC - DVD ROM Disc ?
ICOBDVDD - Video DVD icon

ICOBPS1D - PS1 Disc icon
ICOBPS1M - PS1 memory card icon

ICOBPS2D - PS2 Disc icon
ICOBPS2M - PS2 memory card icon

[kevstah2004]

Action Replay 2 V2 - Bonus PS1 Disc
Action Replay V4
Codebreaker V4
GameShark V5
Xploder CD9000 V4 Pro Media Edition

Can someone confirm if all these discs boot backups then and if there the final releases.

[Codeman]

Hi, im still a noob in these subjects but I would like to ask a few questions

Before FMCB there were ps1disc based explits, which involved some hacked ps1drv and title.db files right?
Anyone ever found a way of booting a PS1 import game (original, not backup) with these exploits and hacked ps1drv? Should be simpler then backups I guess...

And just out of curiosity, how about booting/running the PS1 bios on a PS2? xD

[TnA]

Quote:

Originally Posted by Codeman

Before FMCB there were ps1disc based explits,

Yes.

Quote:

which involved some hacked ps1drv

No, it uses a flaw, afair in some settings for games (gfx/video-settings).

Quote:

and title.db files right?

Yes, this is the file, which can define some settings for the PSX-Mode and PS1-Games.

Some others could explain it exactly.

Quote:

Anyone ever found a way of booting a PS1 import game (original, not backup) with these exploits and hacked ps1drv? Should be simpler then backups I guess...

And just out of curiosity, how about booting/running the PS1 bios on a PS2? xD

Time-Swap?
Breaker PRO-Disc?
...or some things...
:google: ?

[Rotosound_rb666]

Quote:

Originally Posted by JNABK

Mine is later than yours it seems, using newer files mixed with older ones like in yours, but it doesnt show any version numbers and the label is dark green.

Look st the data side of the disc, there is always a ring just inside the data area where, if you look really close under a good light, you should be able to read some numbers, that should contain the version number. Thats left over from the factory template, so they have a way of visually reading both the teplates, and possibly unlabeled discs at the factory. Every gameshark/action replay disc I have ever seen does have the exact version written there.

[Codeman]

Quote:

Originally Posted by Codeman

Anyone ever found a way of booting a PS1 import game (original, not backup) with these exploits and hacked ps1drv? Should be simpler then backups I guess...

bolded since it seems you missed the whole point
I found lots of noob faqs about the titledb exploits but not much technical information

What are the exact settings/flags that can be defined in the tjtledb?
"officially" the titledb was meant to get the right video/gfx/etc settings for each game you added to it from what I understood, so if I added an import game to the titledb and let it continue the normal ps1 boot procedure could it possibly load the import gane bypassing the region lock?

[dlanor]

Quote:

Originally Posted by Codeman

bolded since it seems you missed the whole point
I found lots of noob faqs about the titledb exploits but not much technical information

What are the exact settings/flags that can be defined in the tjtledb?

I'm not really sure about that, but I suspect it was just the two settings you can choose in the PS2 launch menu. (In its submenu entry "Version"/"Playstation Driver"/"Options")

Quote:

"officially" the titledb was meant to get the right video/gfx/etc settings for each game you added to it from what I understood, so if I added an import game to the titledb and let it continue the normal ps1 boot procedure could it possibly load the import gane bypassing the region lock?

No, it should not.

The 'normal' (as intended by Sony) use of a TITLE.DB file will obviously not circumvent any region locks or other usage restrictions that Sony want to have enforced.

The homebrew use of TITLE.DB files does implement a way to launch programs in ways Sony does not approve of, but this is done by exploiting an unintentional weakness in the Sony code that interprets TITLE.DB files. File entries of unexpected size and content can make that code crash, in a 'controlled' manner depending on the structure of those entries. And with properly designed entries this leads the PS2 CPU to start executing code from the TITLE.DB file, thus allowing that code to be used for booting homebrew elf files.

AFAIK there is no way to exploit that weakness of the TITLE.DB interpreter for use with PS1 games, as the console is still in PS2 mode when that code 'crashes'.

And even if it did work for such purposes, it would only do so on the old fat PS2 consoles, as Sony has debugged that code for all slim PStwo models.

Best regards: dlanor

[Codeman]

Uhm interesting... is there a possibility this region check is made while still in the PS2 side?? Because when the PS1 import is inserted the PS2 browser just recognizes it as a bad disc before ever starting the PS1 mode

One thing I still havent quite understood, does the original titledb exploit involve any hack/mod of the ps1drv at all?
I remember seeing some threads discussions about hacked ps1drv and I assumed these were part of the original exploit.

[TnA]

Quote:

Originally Posted by Codeman

One thing I still havent quite understood, does the original titledb exploit involve any hack/mod of the ps1drv at all?

No,... It is a BIOS-file, which couldn't be replaced, so it is also not hacked.