FreePSXBoot - arbitrary code execution with ONLY a memory card (no game needed)

Start a work log and update it occasionally with your projects progress
ps80
Curious PSXDEV User
Curious PSXDEV User
Posts: 13
Joined: Sep 06, 2019

Post by ps80 » May 9th, 2021, 9:02 am

Is it possible to build a memory card image with the exploit and my own game (ps1 exe), if it's small enough to fit on a memory card and have it load when you select the memory card? I can see there is a builder on the GitHub page but I don't understand how to use it. Where is the builder program? Or do you have to compile it?

eroxm
What is PSXDEV?
What is PSXDEV?
Posts: 2
Joined: Feb 24, 2018

Post by eroxm » May 19th, 2021, 11:29 pm

I have a japanese PSone Slim (SCPH-100). The exploit is working fine and Unirom is loading, but I can't load backups because it says the Mechacon can't be unlocked. I think this is because of the extra security added to the japanese BIOS. Is there a way to do this like installing a modchip? If I'm getting it right a modchip can make it load backups, but no foreign region games, so by loading Unirom with this exploit, it should be able to override the region check, right?

[EDIT]
I want to answer the question to myself and all others that are interested. My curiosity was bigger than my patience to wait for an answer, so I soldered in a PsNee modchip and it's working as I assumed. Non-japanese games won't boot when inserted at powering on the console, but with the help of this exploit and Unirom I can boot every region just fine. So no more need for Boot-CDs and the like to boot foreign games on japanese consoles.

User avatar
Shadow
Verified
Admin / PSXDEV
Admin / PSXDEV
Posts: 2670
Joined: Dec 31, 2012
PlayStation Model: H2000/5502
Discord: Shadow^PSXDEV

Post by Shadow » May 26th, 2021, 11:43 am

The unlock does not work on Japanese CD-ROM controllers.
Development Console: SCPH-5502 with 8MB RAM, MM3 Modchip, PAL 60 Colour Modification (for NTSC), PSIO Switch Board, DB-9 breakout headers for both RGB and Serial output and an Xplorer with CAETLA 0.34.

PlayStation Development PC: Windows 98 SE, Pentium 3 at 400MHz, 128MB SDRAM, DTL-H2000, DTL-H2010, DTL-H201A, DTL-S2020 (with 4GB SCSI-2 HDD), 21" Sony G420, CD-R burner, 3.25" and 5.25" Floppy Diskette Drives, ZIP 100 Diskette Drive and an IBM Model M keyboard.

User avatar
Xrider
Verified
Curious PSXDEV User
Curious PSXDEV User
Posts: 31
Joined: Jan 04, 2019
I am a: Hardware Dev
PlayStation Model: SCPH-5502
Contact:

Post by Xrider » June 17th, 2021, 5:48 am

Great job, thank for that!

Bradlin
Interested PSXDEV User
Interested PSXDEV User
Posts: 7
Joined: Mar 23, 2021

Post by Bradlin » July 4th, 2021, 6:51 pm

It is now possible to run FreePSXBoot on a memory card on slot 2, and to keep the memory card plugged in while playing a game (the kernel is patched by FreePSXBoot to disable the memory card on slot 2, so games will only see a memory card connected in slot 1).

I am (as always :) ) looking for feedback on the slot 2 exploit. It has been tested on a few models and works fine on these, but it may not be the case on all models.

You can download the slot 2 images on github directly from the home page of the repository (there is no tagged release yet, waiting for more feedback). Slot 1 images are still provided for users of the Memcard Pro, or in case of incompatibility.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests