tonyhax - PS1 softmod backup loader thing using THPS2/3

Start a log and update it occasionally with your projects progress
User avatar
Shadow
Verified
Admin / PSXDEV
Admin / PSXDEV
Posts: 2558
Joined: Dec 31, 2012
PlayStation Model: H2000/5502
Discord: Shadow^PSXDEV

Post by Shadow » March 24th, 2021, 9:59 pm

Depends on the programmer if they decided to add a checksum routine for the Memory Card data. As far as I know, it was not required to pass Sony's qualification.
Development Console: SCPH-5502 with 8MB RAM, MM3 Modchip, PAL 60 Colour Modification (for NTSC), PSIO Switch Board, DB-9 breakout headers for both RGB and Serial output and an Xplorer with CAETLA 0.34.

PlayStation Development PC: Windows 98 SE, Pentium 3 at 400MHz, 128MB SDRAM, DTL-H2000, DTL-H2010, DTL-H201A, DTL-S2020 (with 4GB SCSI-2 HDD), 21" Sony G420, CD-R burner, 3.25" and 5.25" Floppy Diskette Drives, ZIP 100 Diskette Drive and an IBM Model M keyboard.

ponlork
Curious PSXDEV User
Curious PSXDEV User
Posts: 26
Joined: Mar 16, 2020

Post by ponlork » March 25th, 2021, 5:23 am

i came across this video of someone testing Yugioh Forbidden Memories with tonyhax v1.2.1 and it got the Anti Piracy message. maybe there's a way around this?

User avatar
brill
Verified
Active PSXDEV User
Active PSXDEV User
Posts: 46
Joined: Apr 30, 2013
PlayStation Model: SCPH-7502
Location: Ukraine, Odessa
Contact:

Post by brill » March 25th, 2021, 11:07 am

ponlork wrote: March 25th, 2021, 5:23 am i came across this video of someone testing Yugioh Forbidden Memories with tonyhax v1.2.1 and it got the Anti Piracy message. maybe there's a way around this?
If you check this image, you can see that it has protection (Anti-Modchip Field)

There are two ways to skip this screen protection:
- Enter cheat codes (say via XPLODER CD 9000)
D016843C-A31B
8016843C-A130
D01688C6-1040
801688C6-1000

- Patch image before recording on the disk.
Last edited by brill on March 27th, 2021, 12:23 am, edited 1 time in total.
Dev console: SCPH-7502 + Xplorer with CAETLA 0.37
Dev PC: Windows 98 SE, Celeron at 633MHz, 128MB RAM, 20GB HDD

yaroze
Curious PSXDEV User
Curious PSXDEV User
Posts: 21
Joined: Jun 07, 2016

Post by yaroze » March 25th, 2021, 12:53 pm

ponlork wrote: March 25th, 2021, 5:23 am i came across this video of someone testing Yugioh Forbidden Memories with tonyhax v1.2.1 and it got the Anti Piracy message. maybe there's a way around this?
Interesting… I might be wrong, but I remember reading years ago that the anti-modchip code supposedly works by asking the CD drive to read the wobble code whilst the laser is positioned over one of the regular data sectors (i.e. at a position where the wobble check should fail), and – if the wobble check succeeds – then the game determines that the PS1 must have a modchip installed (the later ‘stealth’ modchips attempted to circumvent this issue by switching themselves off after a few seconds).

Perhaps the ‘drive unlock’ code in the tonyhax exploit causes the wobble check to always succeed (even during the anti-modchip check), which is why this error message is being displayed? I’m not sure.

I’m also not sure what effect (if any) the tonyhax ‘drive unlock’ code would have on unpatched CD-R copies of games such as MediEvil (and Spyro 2/3 ?), which supposedly performed in-game wobble or sector checks of some description in order to detect copied discs? I’m not entirely sure how this protection worked, or varied from the anti-modchip detection code.

Also: I’m not sure if any games ever compared the region code in the BIOS to the region code on the disc (not the wobble code, but the licence string / boot filename), but – if so – then I’m assuming that such a game would be impossible to boot on an unmodified foreign machine without patching. I think that the white mini-PSone performed a similar region check upon booting (which later modchips bypassed), but I’m not sure whether any software did so during the game itself in order to defeat the older grey PS1 machines.

By the way: I have done some more investigation, and I think that Dead or Alive, WWF SmackDown!, and WWF SmackDown! 2: Know Your Role all potentially contain checksum values, as they all refuse to load memory card save files where the strings have been changed by even a single byte.

I have performed a quick check, and I believe that the checksum offset locations for WWF SmackDown! 2: Know Your Role may be at 0x1A84 and 0x42FC (relative to the “SC” string at the beginning of the save file), as these bytes also changed when I adjusted one of the custom wrestler text slogans in the game. The locations may vary for different regions of the game.

EDIT/UPDATE: The checksum value for WWF SmackDown! (1) may be at location 0x10B7 as this value also changed whenever the in-game options were changed, and the checksum values for Dead or Alive might be at locations 0x27E, 0x27F, 0x492, 0x4FE, and 0x4FF

FURTHER EDIT/UPDATE: It seems that the custom wrestler names actually appear twice in the WWF SmackDown! save file; as long as the two match, then it's possible to modify the name strings without having to adjust any checksum values. If the names don't match, then the game displays an error and refuses to load the save file.
Last edited by yaroze on March 28th, 2021, 3:07 am, edited 5 times in total.

samspin
Curious PSXDEV User
Curious PSXDEV User
Posts: 13
Joined: Oct 14, 2014
I am a: Tinkerer, gamer, solderer
PlayStation Model: DTL-H1202

Post by samspin » March 25th, 2021, 11:41 pm

yaroze wrote: March 25th, 2021, 12:53 pm Interesting… I might be wrong, but I remember reading years ago that the anti-modchip code supposedly works by asking the CD drive to read the wobble code whilst the laser is positioned over one of the regular data sectors (i.e. at a position where the wobble check should fail), and – if the wobble check succeeds – then the game determines that the PS1 must have a modchip installed (the later ‘stealth’ modchips attempted to circumvent this issue by switching themselves after a few seconds).

Perhaps the ‘drive unlock’ code in the tonyhax exploit causes the wobble check to always succeed (even during the anti-modchip check), which is why this error message is being displayed? I’m not sure.
I have a feeling the antimod code is also checking the licence state first with the GetID command. When using the "secret unlock" it only unlocks read/n read/s capability of unlicensed discs, but GetID still identifies such a disc as unlicensed.
https://problemkaputt.de/psx-spx.htm#cd ... ckcommands
Either that, or the test command 19h,04h "Read SCEx string (and force motor on)" fails, perhaps it does fail if the internal licence counter is "unlicensed" in the first place, and the antimod code does not expect this command to fail and triggers the block screen anyway by default.
https://problemkaputt.de/psx-spx.htm#cd ... hipsetscex
Either way, I don't think there's a way around this other than patching the antimod code in the game itself (as mentioned above).

User avatar
socram
Curious PSXDEV User
Curious PSXDEV User
Posts: 11
Joined: Mar 01, 2021
I am a: Programmer
PlayStation Model: SCPH-102
Location: Valencia, Spain
Contact:

Post by socram » March 26th, 2021, 8:43 am

Shadow wrote: March 22nd, 2021, 11:28 pm By the way, in your file https://github.com/socram8888/tonyhax/b ... er/cdrom.c, you shouldn't delay the system by a simple for loop. Instead, use the VBLANK interrupt. NOTE: 30 may not be enough, so change the value as needed.
I pretty much can't at the moment. In order to keep the code as small as possible I am not using the official libraries and afaik VSync isn't present as a BIOS call. Correct me if I'm wrong, please.
ponlork wrote: March 25th, 2021, 5:23 am i came across this video of someone testing Yugioh Forbidden Memories with tonyhax v1.2.1 and it got the Anti Piracy message. maybe there's a way around this?
Yes, that is correct. v1.2.2 will have automatic patching of certain games with antimodchip - YuGiOh Forbidden Memories is one of them: https://github.com/socram8888/tonyhax/b ... her.c#L172

User avatar
Squaresoft74
Verified
/// PSXDEV | ELITE ///
/// PSXDEV | ELITE ///
Posts: 271
Joined: Jan 07, 2016
PlayStation Model: SCPH-7502
Location: France
Contact:

Post by Squaresoft74 » March 26th, 2021, 11:11 am

You may want to check the following titles where the AP triggers aswell when using the Nocash unlock :

Biohazard 3 - Last Escape (Japan) [Internal Serial: SLPS-02300]
Dino Crisis (Japan) [Internal Serial: SLPS-02180]
Seiken Densetsu - Legend of Mana (Japan, Asia) [Internal Serial: SLPS-02170]

yaroze
Curious PSXDEV User
Curious PSXDEV User
Posts: 21
Joined: Jun 07, 2016

Post by yaroze » March 26th, 2021, 11:26 am

socram wrote: March 26th, 2021, 8:43 am Yes, that is correct. v1.2.2 will have automatic patching of certain games with antimodchip - YuGiOh Forbidden Memories is one of them: https://github.com/socram8888/tonyhax/b ... her.c#L172
It'd be really cool if the tonyhax launcher also allowed users to switch the display mode between NTSC and PAL. I used to have an old boot disc that was able to do this automatically, which was useful for getting the slow PAL games to run at the full-speed 60 Hz.

The only problems that I can recall were: (A) it didn't work on Tekken 1* (but it worked on almost every other game, including Tekken 2), (B) for games that utilised an artificial border (such as the cut-scenes in Resident Evil 2), the borders wouldn't quite be centred correctly, and (C) for PAL-optimised games, the display might be stretched off-screen** and/or run too quickly; I don't think that there were many of these games, though, as most of the PS1 games were developed in NTSC regions and were never PAL-optimised.

(*I'm not sure why it didn't work for Tekken 1, but perhaps it was due to the Galaga mini-game before the main game launched?)

(**I heard a rumour years ago that the mini-PSone was originally supposed to allow PAL users to run games at 60Hz - similar to the Dreamcast at the time - but the feature was dropped. If true, then perhaps this was the reason why)

I remember that attempting to change the TV display mode on PS2 games (such as Final Fantasy X) could cause problems with audio and video synchronisation, but it seemed to work OK on the PS1 (although it could confuse some emulators).

I think the boot disc also allowed users to enter their own Action Replay codes, too.
Squaresoft74 wrote: March 26th, 2021, 11:11 am You may want to check the following titles where the AP triggers aswell when using the Nocash unlock :

Biohazard 3 - Last Escape (Japan) [Internal Serial: SLPS-02300]
Dino Crisis (Japan) [Internal Serial: SLPS-02180]
Seiken Densetsu - Legend of Mana (Japan, Asia) [Internal Serial: SLPS-02170]
Biohazard 3 / Resident Evil 3 is an interesting case, as it also contains LibCrypt copy protection. It wasn't really 'copy protection', though - it just contained some intentional errors in the subchannel data. This wouldn't cause a problem for software that dumped the subchannel data to a SUB file (such as CloneCD), but it would cause problems for software such as CDRWIN that only dumped BIN/CUE files and automatically generated the subchannel data instead.

User avatar
socram
Curious PSXDEV User
Curious PSXDEV User
Posts: 11
Joined: Mar 01, 2021
I am a: Programmer
PlayStation Model: SCPH-102
Location: Valencia, Spain
Contact:

Post by socram » March 27th, 2021, 7:11 am

Do any of you know if there is any way of triggering the AP on no$psx? Because so far I'm only adding support for games people can try on real hardware and report back.

User avatar
Squaresoft74
Verified
/// PSXDEV | ELITE ///
/// PSXDEV | ELITE ///
Posts: 271
Joined: Jan 07, 2016
PlayStation Model: SCPH-7502
Location: France
Contact:

Post by Squaresoft74 » March 27th, 2021, 8:39 am

Sorry, i have no idea how to trigger the AP on no$psx.
I have it to trigger using real hardware, my original discs and either NO$CASH Kernel Clone, Unirom or n00bROM which all make use of Nocash Unlock.

On the other hand, it does trigger using pSX 1.13 if you can make something out of its debugger.

User avatar
Shendo
Verified
C Programming Expert
C Programming Expert
Posts: 240
Joined: Mar 21, 2012
I am a: Programmer
Motto: Never settle
PlayStation Model: SCPH-9002
Location: Croatia, EU

Post by Shendo » April 1st, 2021, 3:35 pm

socram wrote: March 26th, 2021, 8:43 am I pretty much can't at the moment. In order to keep the code as small as possible I am not using the official libraries and afaik VSync isn't present as a BIOS call. Correct me if I'm wrong, please.
No need to use BIOS calls. Interrupt register is memory mapped,
you can read and acknowledge it by reading and writing to memory locations.

More info on Nocash psx page.
My PS1 consoles: 2 x SCPH-1002, SCPH-5552, SCPH-7002, 4x SCPH-9002, 2 x SCPH-102.
Dev console: SCPH-9002, MM3 - 7 wire modchip, PAL color mod, CH340 serial cable addon.

User avatar
ShadowGeist
Interested PSXDEV User
Interested PSXDEV User
Posts: 7
Joined: Mar 20, 2021
I am a: nobody

Post by ShadowGeist » April 14th, 2021, 6:05 pm

I assume that the information listed on TonyHax Compatibility is a misprint.

"Every NTSC-U PlayStation 1 console except the very early SCPH-1000."
"NTSC-U PlayStation 1 SCPH-1000 consoles (BIOS predates the introduction of the CD unlock command)."

SCPH-1000 = NTSC-J

I believe it's actually referring to NTSC-U SCPH-1001 [Initial batch].

PAL SCPH-1002 [Initial batch] would then also be incompatible.

Swap Trick FAQ

yaroze
Curious PSXDEV User
Curious PSXDEV User
Posts: 21
Joined: Jun 07, 2016

Post by yaroze » April 19th, 2021, 10:38 am

@socram Just a quick question: you state on your GitHub page that the tonyhax exploit won't work on Japanese PS1 consoles; however - am I correct in understanding that the buffer overflow exploit itself will still work on Japanese PS1 consoles, and that it is only the disc drive unlock codes that won't work?

If so, then I believe that the tonyhax exploit can still be made work on these machines as long as the disc drive lid button remains closed whilst the disc is swapped (similar to the old swap tricks used in the 1990s). The only drawbacks are that it won't work for multi-disc games (unless further disc swapping is used when the discs are swapped again) and that CD-DA audio tracks may not play correctly, but this may not be a huge problem as most PS1 games were on a single disc and used XA audio, anyway.

I don't have a real PS1 machine to test tonyhax on, but does it stop the disc motor when the exploit is loaded? If so, then it should theoretically be able to work on Japanese machines without too much trouble; the only change required is that tonyhax would also need to allow users to launch games by pressing 'Start' on the controller instead of opening and closing the lid.

P.S. You've also mentioned on GitHub that the latest version of tonyhax now sets the TV mode to NTSC or PAL depending upon the region; my understanding was that PS1 executables automatically set the display mode when they launch, but perhaps I am wrong (I had previously suggested allowing users to manually change the display mode from within tonyhax, so that any badly converted PAL games could be sped back up to the original NTSC 60Hz speed and screen size).

User avatar
socram
Curious PSXDEV User
Curious PSXDEV User
Posts: 11
Joined: Mar 01, 2021
I am a: Programmer
PlayStation Model: SCPH-102
Location: Valencia, Spain
Contact:

Post by socram » April 20th, 2021, 7:42 pm

ShadowGeist wrote: April 14th, 2021, 6:05 pm I assume that the information listed on TonyHax Compatibility is a misprint.
Yeah it was. I had read that vC0 disc controllers were not compatible and somehow misunderstood the documentation, thinking that SCPH-1000 were NTSC-U and ran on that version. I think all NTSC-U consoles should be compatible.
yaroze wrote: April 19th, 2021, 10:38 am @socram Just a quick question: you state on your GitHub page that the tonyhax exploit won't work on Japanese PS1 consoles; however - am I correct in understanding that the buffer overflow exploit itself will still work on Japanese PS1 consoles, and that it is only the disc drive unlock codes that won't work?
It's just the disc drive unlock that doesn't work. Swapping wouldn't work atm either given I don't initialize the controllers and there's be no way other than opening the lid to tell the console the disc has been swapped.
yaroze wrote: April 19th, 2021, 10:38 am P.S. You've also mentioned on GitHub that the latest version of tonyhax now sets the TV mode to NTSC or PAL depending upon the region; my understanding was that PS1 executables automatically set the display mode when they launch, but perhaps I am wrong (I had previously suggested allowing users to manually change the display mode from within tonyhax, so that any badly converted PAL games could be sped back up to the original NTSC 60Hz speed and screen size).
I had received some reports of NTSC games that didn't properly reinitialize the video, though I am now unsure if it was an issue related to being ran on a PS2 or it was really the game's fault.

locarno
Curious PSXDEV User
Curious PSXDEV User
Posts: 14
Joined: Oct 05, 2014

Post by locarno » January 15th, 2022, 11:38 pm

Why this trick won't work on Japanese PSX NTSC-J?

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests