NXFLASH Romfile.exe Reverse Engineering Success

Post a topic about yourself to let others know your skills, hobbies, etc.
Post Reply
alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

NXFLASH Romfile.exe Reverse Engineering Success

Post by alexfree » November 23rd, 2022, 8:55 am

Before I attempt to reverse how romfile.exe works to generate a romfile.dat file from a .rom file, I was wondering if it would be possible to get the source for it? Right now Tonyhax International uses wine (gross!) in the build process to generate a romfile.dat file for the NXFlash CD that allows for flashing the tonyhax international rom file to a Cheat cartridge. If I have the source I could just recompile it for Linux and remove wine entirely from the equation.
Last edited by alexfree on November 29th, 2022, 9:22 am, edited 3 times in total.

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » November 23rd, 2022, 2:30 pm

So from what I can tell:

0x2000 byte 'header' until the real .rom data.

Starting at offset 0x08 is a unique string of 3 bytes? depending on file (checksum? of what?)

Starting at offset 0x10 is the filename of the original .rom data (displayed in NXFlash).

Edit: Found http://www.psxdev.net/forum/viewtopic.php?t=1530 . Seems like this is relevant:

Code: Select all

int LoadROM (int nr)
{
  CdlFILE cdi;
  char result;
  u_long cs,i;

  CdIntToPos(pos + (romFileData[nr].offset/2048),&cdi.pos);
  CdControl(CdlSetloc,(u_char*)&cdi.pos,0);
  CdSync(0,&result);
  CdRead((romFileData[nr].length/2048)+1,(u_long*)DATA_BUFF,0);
  CdReadSync(0,&result);
  cs = 0;
  for (i=0;i<romFileData[nr].length;i++) cs += *(DATA_BUFF+i);
  if (cs!=romFileData[nr].checksum)
  {
    WaitScreen("Checksum error !");
    return 0;
  }
  return 1;
}

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » November 23rd, 2022, 3:57 pm

YES! I reversed it. I am going to update https://alex-free.github.io/psexe2rom to support directly outputting a romfile.dat file. I may also come back to XFLASH and work on an exact clone of romfile.exe but that is open source. Stay tuned.

User avatar
masterg0r0
Active PSXDEV User
Active PSXDEV User
Posts: 61
Joined: Jul 18, 2021
I am a: Modder and Hobbyist Developer
Motto: Everything is hackable 100%!
PlayStation Model: 1002+7502
Location: United Kingdom

Post by masterg0r0 » November 24th, 2022, 7:51 am

The unique string that you just mentioned, the ROM file program looks for the "Sony" string in the file to check whether it is a cartridge ROM prior to compiling the DAT archive.

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » November 24th, 2022, 10:11 am

masterg0r0 wrote: November 24th, 2022, 7:51 am The unique string that you just mentioned, the ROM file program looks for the "Sony" string in the file to check whether it is a cartridge ROM prior to compiling the DAT archive.
Your thinking of the wrong string. That is relevant to the actual romfile.exe program but it's not even really necessary for the PSX anyways (n00brom does not use it), kind of an artificial requirement/sanity check by the original romfile.exe.

PSEXE2ROM already handles outputting .ROM files fine, which is related to the string you mention. Romfile.dat is like an archive that can (but does not have to) contain multiple .rom files.

There is a checksum, it's a 32-bit addr type was quite easy to reverse since the XFLASH code is available which has to do the same calculation. It's actually 4 bytes but one of them is sometimes 00 hence why I thought it was 3 bytes long at first. The new psexe2rom source will make sense of this when I release it later.

User avatar
masterg0r0
Active PSXDEV User
Active PSXDEV User
Posts: 61
Joined: Jul 18, 2021
I am a: Modder and Hobbyist Developer
Motto: Everything is hackable 100%!
PlayStation Model: 1002+7502
Location: United Kingdom

Post by masterg0r0 » November 24th, 2022, 10:37 am

Okay. I get what you mean.

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » November 24th, 2022, 5:08 pm

Alright, I have completely reverse engineered how romfile.exe works. PSEXE2ROM v1.0.1 is now available and capable of making byte-identical romfile.dat files. This completely removes the need for wine to be involved in the build process of Tonyhax International, which was super gross and left alone for too long.

https://alex-free.github.io/psexe2rom

Source code is on github, this is an open source replacement for romfile.exe that works on both Linux and Windows for many work flows :)

It doesn't make sense to support multiple .rom files in PSEXE2ROM so I did not implement that functionality. It would make more sense to write a romfile.exe clone that just works exactly how the original did (but is open source and can be compiled on Linux and other operating systems to work natively).

Post Reply

Who is online

Users browsing this forum: No registered users and 8 guests