Tonyhax International: Backup Loader For All Japanese, USA, and PAL PS1 Consoles/Early PS2 Consoles + GameShark Flasher

General homebrew games, programs and PlayStation PS-EXE's
karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 37
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 11th, 2022, 10:35 pm

BFC08974 00001821 addu v1,0,0
BFC08978 8C4E0000 lw t6,$0(v0)
BFC0897C 00000000 nop stop
BFC08980 148E0006 bne a0,t6,$BFC0899C
BFC08984 00000000 nop
BFC08988 0FF02213 jal $BFC0884C
BFC0898C AFA3001C sw v1,$1C(sp)
BFC08990 8FA3001C lw v1,$1C(sp)
BFC08994 10000006 beq 0,0,$BFC089B0
BFC08998 00601021 addu v0,v1,0
BFC0899C 24630001 addiu v1,$1
BFC089A0 1465FFF5 bne v1,a1,$BFC08978
BFC089A4 24420004 addiu v0,$4
BFC089A8 1000FFF0 beq 0,0,$BFC0896C
BFC089AC 00000000 nop
BFC089B0 8FBF0014 lw ra,$14(sp)
BFC089B4 27BD0020 addiu sp,$20
BFC089B8 03E00008 jr ra
BFC089BC 00000000 nop
BFC089C0 27BDFFC0 subiu sp,$40
BFC089C4 AFB1001C sw s1,$1C(sp)
BFC089C8 00808821 addu s1,a0,0
BFC089CC 3C0FA001 lui t7,$A001
BFC089D0 AFB00018 sw s0,$18(sp)
BFC089D4 25EFBE48 subiu t7,$41B8
BFC089D8 AFBF0024 sw ra,$24(sp)
BFC089DC AFB20020 sw s2,$20(sp)
BFC089E0 02202021 addu a0,s1,0
BFC089E4 00002821 addu a1,0,0
BFC089E8 06210002 bgez s1,$BFC089F4
BFC089EC 02200821 addu at,s1,0
BFC089F0 2421000F addiu at,$F
BFC089F4 00011103 sra v0,at,$4
BFC089F8 000271C0 sll t6,v0,$7
BFC089FC 01CF8021 addu s0,t6,t7
BFC08A00 02003021 addu a2,s0,0
BFC08A04 0FF03680 jal $BFC0DA00
BFC08A08 AFA2002C sw v0,$2C(sp)
BFC08A0C 24120001 addiu s2,0,$1
BFC08A10 14520022 bne v0,s2,$BFC08A9C
BFC08A14 8FA9002C lw t1,$2C(sp)
BFC08A18 0FF02257 jal $BFC0895C
https://mega.nz/file/yXYgkarS#c5HuO2-KJ ... oByg3UjXF4
title Galaxian
Region japan
disc id SLPS-00270
no check sum
00.mcd (0x00002635-2639)=jr $v0 4byte (jal 0C0622F0)=0x80188BC0 = nop nop >0x80188BC8=loader start

option>missiondata>load>Press directional key right>bule screen stop)


for some reason it doesn't work.... :crying
blue screen....loop
If anyone knows how to get TONYHAX to work with this game, I would appreciate it if you could give me some advice... :|
Last edited by karehaani on August 11th, 2022, 10:57 pm, edited 6 times in total.

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 37
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 11th, 2022, 10:45 pm

https://mega.nz/file/feJRyQJa#FLuo3sd_x ... v_f01OzHZg
title Xevious
Region japan & USA
disc id SLPS-00750
disk id SLUS-00461
memorycard>record>Enter arrow key down>TONYHAX start :D

But there is one problem... :|
Save data area is encrypted(640byte)
Similar to tekken's cipher but I couldn't parse it
Placed the loader with manual rewriting at save timing by no$psx

alexfree
Serious PSXDEV User
Serious PSXDEV User
Posts: 85
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 13th, 2022, 2:50 am

karehaani wrote: August 11th, 2022, 10:35 pm
BFC08974 00001821 addu v1,0,0
BFC08978 8C4E0000 lw t6,$0(v0)
BFC0897C 00000000 nop stop
BFC08980 148E0006 bne a0,t6,$BFC0899C
BFC08984 00000000 nop
BFC08988 0FF02213 jal $BFC0884C
BFC0898C AFA3001C sw v1,$1C(sp)
BFC08990 8FA3001C lw v1,$1C(sp)
BFC08994 10000006 beq 0,0,$BFC089B0
BFC08998 00601021 addu v0,v1,0
BFC0899C 24630001 addiu v1,$1
BFC089A0 1465FFF5 bne v1,a1,$BFC08978
BFC089A4 24420004 addiu v0,$4
BFC089A8 1000FFF0 beq 0,0,$BFC0896C
BFC089AC 00000000 nop
BFC089B0 8FBF0014 lw ra,$14(sp)
BFC089B4 27BD0020 addiu sp,$20
BFC089B8 03E00008 jr ra
BFC089BC 00000000 nop
BFC089C0 27BDFFC0 subiu sp,$40
BFC089C4 AFB1001C sw s1,$1C(sp)
BFC089C8 00808821 addu s1,a0,0
BFC089CC 3C0FA001 lui t7,$A001
BFC089D0 AFB00018 sw s0,$18(sp)
BFC089D4 25EFBE48 subiu t7,$41B8
BFC089D8 AFBF0024 sw ra,$24(sp)
BFC089DC AFB20020 sw s2,$20(sp)
BFC089E0 02202021 addu a0,s1,0
BFC089E4 00002821 addu a1,0,0
BFC089E8 06210002 bgez s1,$BFC089F4
BFC089EC 02200821 addu at,s1,0
BFC089F0 2421000F addiu at,$F
BFC089F4 00011103 sra v0,at,$4
BFC089F8 000271C0 sll t6,v0,$7
BFC089FC 01CF8021 addu s0,t6,t7
BFC08A00 02003021 addu a2,s0,0
BFC08A04 0FF03680 jal $BFC0DA00
BFC08A08 AFA2002C sw v0,$2C(sp)
BFC08A0C 24120001 addiu s2,0,$1
BFC08A10 14520022 bne v0,s2,$BFC08A9C
BFC08A14 8FA9002C lw t1,$2C(sp)
BFC08A18 0FF02257 jal $BFC0895C
https://mega.nz/file/yXYgkarS#c5HuO2-KJ ... oByg3UjXF4
title Galaxian
Region japan
disc id SLPS-00270
no check sum
00.mcd (0x00002635-2639)=jr $v0 4byte (jal 0C0622F0)=0x80188BC0 = nop nop >0x80188BC8=loader start

option>missiondata>load>Press directional key right>bule screen stop)


for some reason it doesn't work.... :crying
blue screen....loop
If anyone knows how to get TONYHAX to work with this game, I would appreciate it if you could give me some advice... :|
I will try to look into this when I have time. Does this happen on a real console as well or in the duckstation emulator where it gets stuck?

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 37
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 13th, 2022, 4:11 am

alexfree wrote: August 13th, 2022, 2:50 am
karehaani wrote: August 11th, 2022, 10:35 pm
BFC08974 00001821 addu v1,0,0
BFC08978 8C4E0000 lw t6,$0(v0)
BFC0897C 00000000 nop stop
BFC08980 148E0006 bne a0,t6,$BFC0899C
BFC08984 00000000 nop
BFC08988 0FF02213 jal $BFC0884C
BFC0898C AFA3001C sw v1,$1C(sp)
BFC08990 8FA3001C lw v1,$1C(sp)
BFC08994 10000006 beq 0,0,$BFC089B0
BFC08998 00601021 addu v0,v1,0
BFC0899C 24630001 addiu v1,$1
BFC089A0 1465FFF5 bne v1,a1,$BFC08978
BFC089A4 24420004 addiu v0,$4
BFC089A8 1000FFF0 beq 0,0,$BFC0896C
BFC089AC 00000000 nop
BFC089B0 8FBF0014 lw ra,$14(sp)
BFC089B4 27BD0020 addiu sp,$20
BFC089B8 03E00008 jr ra
BFC089BC 00000000 nop
BFC089C0 27BDFFC0 subiu sp,$40
BFC089C4 AFB1001C sw s1,$1C(sp)
BFC089C8 00808821 addu s1,a0,0
BFC089CC 3C0FA001 lui t7,$A001
BFC089D0 AFB00018 sw s0,$18(sp)
BFC089D4 25EFBE48 subiu t7,$41B8
BFC089D8 AFBF0024 sw ra,$24(sp)
BFC089DC AFB20020 sw s2,$20(sp)
BFC089E0 02202021 addu a0,s1,0
BFC089E4 00002821 addu a1,0,0
BFC089E8 06210002 bgez s1,$BFC089F4
BFC089EC 02200821 addu at,s1,0
BFC089F0 2421000F addiu at,$F
BFC089F4 00011103 sra v0,at,$4
BFC089F8 000271C0 sll t6,v0,$7
BFC089FC 01CF8021 addu s0,t6,t7
BFC08A00 02003021 addu a2,s0,0
BFC08A04 0FF03680 jal $BFC0DA00
BFC08A08 AFA2002C sw v0,$2C(sp)
BFC08A0C 24120001 addiu s2,0,$1
BFC08A10 14520022 bne v0,s2,$BFC08A9C
BFC08A14 8FA9002C lw t1,$2C(sp)
BFC08A18 0FF02257 jal $BFC0895C
https://mega.nz/file/yXYgkarS#c5HuO2-KJ ... oByg3UjXF4
title Galaxian
Region japan
disc id SLPS-00270
no check sum
00.mcd (0x00002635-2639)=jr $v0 4byte (jal 0C0622F0)=0x80188BC0 = nop nop >0x80188BC8=loader start

option>missiondata>load>Press directional key right>bule screen stop)


for some reason it doesn't work.... :crying
blue screen....loop
If anyone knows how to get TONYHAX to work with this game, I would appreciate it if you could give me some advice... :|
I will try to look into this when I have time. Does this happen on a real console as well or in the duckstation emulator where it gets stuck?
Tonyhax stops working on both PlayStation 1 and no$psx... :praise

alexfree
Serious PSXDEV User
Serious PSXDEV User
Posts: 85
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 28th, 2022, 2:13 pm

Version 1.0.8 (8/26/2022)

https://github.com/alex-free/tonyhax/re ... tional.zip (latest release)
https://github.com/alex-free/tonyhax/ar ... 1.0.8i.zip (source)

Changes:

Fixed the anti anti-piracy functionallity regression for American/European consoles. You can now play backup or import PS1 games that have anti-piracy features (i.e. Dino Crisis or Spyro: Year Of The Dragon) without issue on all American console and European consoles.
Removed the PAL licensed ROM flasher CD image, as it is not actually not needed. Any console that supports cheat carts (SCPH-1000 up to SCPH-750X models) will boot a CD-R burned via the current tonyhax-rom-flasher.bin+tonyhax-rom-flasher.cue files just fine.
Updated documentation on burning PS1 backups. Added info on games containing anti-piracy and or libcrypt protection. Also added info on replacing and modifying PS1 CD drives and changing bias/gain/laser resistance values.
Cleaned up build proccess and source tree.

Possibly in the next update:
- Cool Boarders 4 Japan save game exploit
- Anti-Anti-Piracy for SCPH-3500-SCPH-39000 (only consoles that do not support anti-piracy games yet)
- GameShark code support

User avatar
Squaresoft74
Verified
/// PSXDEV | ELITE ///
/// PSXDEV | ELITE ///
Posts: 295
Joined: Jan 07, 2016
PlayStation Model: SCPH-7502
Location: France
Contact:

Post by Squaresoft74 » August 28th, 2022, 4:42 pm

Works as expected now, thanks for the update/fix ! :D

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 37
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 28th, 2022, 8:35 pm

:D thanks for the great update

laughms
What is PSXDEV?
What is PSXDEV?
Posts: 1
Joined: Aug 29, 2022

Post by laughms » August 29th, 2022, 7:44 pm

Hey, great to see that there is new stuff to TonyHax!

I have the SCPH-39004 (PAL) with original Matrix Infinity installed. Um Jammer Lammy (PAL) will trigger the anti mod screen and will not boot, I reported that last year on the github of TonyHax but I think the original creator is less active now.

I tested on Tony Hax 1.4.3 and also just now on international 1.0.8.

The anti anti works partially. Dino Crisis (NTSC-J) works, so something is going wrong with Um Jammer Lammy (PAL) specifically. This game does not have libcrypt, and triggers a Japanese anti mod screen as a PAL game.

I see that you also mentioned the SCPH-39000 anti anti, as a possible update. Looking forward to see this compatibility go up :)

User avatar
Squaresoft74
Verified
/// PSXDEV | ELITE ///
/// PSXDEV | ELITE ///
Posts: 295
Joined: Jan 07, 2016
PlayStation Model: SCPH-7502
Location: France
Contact:

Post by Squaresoft74 » August 30th, 2022, 3:36 am

laughms wrote: August 29th, 2022, 7:44 pm This game does not have libcrypt, and triggers a Japanese anti mod screen as a PAL game.
It's a known oddity of the PAL version.

alexfree
Serious PSXDEV User
Serious PSXDEV User
Posts: 85
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 30th, 2022, 12:22 pm

laughms wrote: August 29th, 2022, 7:44 pm Hey, great to see that there is new stuff to TonyHax!

I have the SCPH-39004 (PAL) with original Matrix Infinity installed. Um Jammer Lammy (PAL) will trigger the anti mod screen and will not boot, I reported that last year on the github of TonyHax but I think the original creator is less active now.

I tested on Tony Hax 1.4.3 and also just now on international 1.0.8.

The anti anti works partially. Dino Crisis (NTSC-J) works, so something is going wrong with Um Jammer Lammy (PAL) specifically. This game does not have libcrypt, and triggers a Japanese anti mod screen as a PAL game.

I see that you also mentioned the SCPH-39000 anti anti, as a possible update. Looking forward to see this compatibility go up :)
It does appear a few games do not work right with the anti-piracy method currently used.

Me and MottZilla are actually working on a entirely different anti-piracy bypass method for SCPH-3500 and newer Japanese consoles that will be in a future release. This method would also work with any other console or game as it is essentially auto applying cheat codes seemlessly behind the scenes to bypass anti-piracy when anti-piracy games are detected. This could be applied to this game you mention specifically when it is detected before being boot by tonyhax international.

User avatar
Squaresoft74
Verified
/// PSXDEV | ELITE ///
/// PSXDEV | ELITE ///
Posts: 295
Joined: Jan 07, 2016
PlayStation Model: SCPH-7502
Location: France
Contact:

Post by Squaresoft74 » August 30th, 2022, 1:24 pm

So you'll have an internal database with codes like these being loaded/applied ?
Will it be a fallback or completly replace the current workaround ?

alexfree
Serious PSXDEV User
Serious PSXDEV User
Posts: 85
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 31st, 2022, 2:26 pm

Squaresoft74 wrote: August 30th, 2022, 1:24 pm So you'll have an internal database with codes like these being loaded/applied ?
Will it be a fallback or completly replace the current workaround ?
Exactly like that yes with those codes. This would be only applied instead of tonyhax's original anti-anti-piracy patch when:
- A SCPH-3500 or newer Japanese PS1 or PS2 is detected
- A game doesn't work with the current anti-piracy patch on American/PAL consoles.

This would be seamlessly done while booting a game in tonyhax international. The loader would detect the game disc and apply a patch if needed for that game.

Interesting info, the SCPH-1000/3000 actually support anti-piracy even better then American/PAL consoles with the current tonyhax patch. This is because these consoles are so old that the anti-piracy can be completely defeated by simply updating the TOC data before booting without any patching required. The command that resets disk authentication in many anti-piracy games is not available on the CDROM Controller BIOS firmware in the SCHP 1000/SCPH 3000 and it simply doesn't do anything to stop the game from booting if the TOC data is all accurate. The only thing these old console can't do is libcrypt because it can't get the subchannel data because like the command that resets disk authentication the command to read subchannel data doesn't exist on the old CDROM Controller BIOS firmware. However that is to our detriment because it completely disallows booting any libcrypt game, burned correctly or a real import disc simply can't work due to hardware limitations. Libcrypt is only PAL games though so that doesn't matter that much.

User avatar
MottZilla
Verified
Serious PSXDEV User
Serious PSXDEV User
Posts: 81
Joined: Jul 04, 2015
Location: North America

Post by MottZilla » August 31st, 2022, 4:34 pm

Technically it could be possible to support LibCrypt games with additional patches. Maybe if there were PAL exclusive LibCrypt titles it might make sense.

alexfree
Serious PSXDEV User
Serious PSXDEV User
Posts: 85
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » September 1st, 2022, 7:23 am

MottZilla wrote: August 31st, 2022, 4:34 pm Technically it could be possible to support LibCrypt games with additional patches. Maybe if there were PAL exclusive LibCrypt titles it might make sense.
You get black and white video with multi-out and RCA when playing PAL games on the 1000/3000. I think S-video on the 1000 would work correctly but the 3000 probably can't work without hardware mods. This makes it make even less sense to support.

User avatar
MottZilla
Verified
Serious PSXDEV User
Serious PSXDEV User
Posts: 81
Joined: Jul 04, 2015
Location: North America

Post by MottZilla » September 1st, 2022, 2:25 pm

RGB video cables get around all that. Composite and S-Video use either the NTSC or PAL standard, but RGB is RGB either way. Then all that matters is that your display can sync to the refresh rate.

alexfree
Serious PSXDEV User
Serious PSXDEV User
Posts: 85
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » September 25th, 2022, 4:45 pm

Tonyhax International v1.1.0 Update Is Out: https://github.com/alex-free/tonyhax/re ... tional.zip

Changes:

Updated to FreePSXBoot v2.1 (my own fork for now so that it compiles on Fedora). This means among other things that those 'fake' 64KB chinese PS1 memory cards now work with the FreePSXBoot images.
Tonyhax International FreePSXBoot memory cards no longer need to be removed after booting the loader if they are in slot 2 of the console. I have completely removed Socram8888's old FreePSXBoot patch. The new 'memory card timeout to disable' patch from the FreePSXBoot builder is now used instead of the 'pretend memory card is corrupted' patch from the original Tonyhax. The new patch works with all games, some games did not like the old patch method used. The new patch also works correctly on every single PS1 BIOS version, including BIOS v1.0, v1.1, and v2.0. The old patch never worked on BIOS v1.0, 1.1, or 2.0.

Added tonyhax_scph-3000_v1.1_slot2.mcr, tonyhax_scph-3000_v1.1_slot1.mcr, tonyhax_scph-3000_v2.1_slot2.mcr, and tonyhax_scph-3000_v2.1_slot1.mcr FreePSXBoot memory card files (as there are actually 2 different BIOS versions found in SCPH-3000 consoles).

All FreePSXBoot images are now created with the -fastload option on to improve how fast Tonyhax International starts with the FreePSXBoot exploit. The -fastload option also provides that cool loading screen you can see in Unirom.
Japanese PlayStations with VC2 and VC3 CDROM drive controllers are now re-calibrated to improve CD tracking and read performance for these CDROM controllers. VC1 and VC0 do not have equivalent commands, hardware, or even a need for this really since Bias and Gain can only be set manually.
TOCPerfect changes have been merged from PS1 DemoSwap Patcher.

Removed documentation on PS1 CD drive repair as it is getting it's own webpage/document in the near future. Reduced the size of releases dramatically by using better compressed images in this document (thanks Berion of PSX-Place).

Added notes about video mode switching support on PS2s using PS1VModeNeg v1.0.1 (thanks Berion of PSX-Place)
Cleaned up source tree and we are back to a consistent coding style (Socram8888 would be proud).
Stock (non-modchipped) SCPH-1000 and early SCPH-3000 can now play any real import discs or backup CD-Rs of games containing anti-piracy detection (excluding PAL region games that also contain libcrypt protection) with 100% compatibility, even better then the anti-piracy bypass for American/European consoles actually.

alexfree
Serious PSXDEV User
Serious PSXDEV User
Posts: 85
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » October 4th, 2022, 5:29 pm

Squaresoft74 wrote: August 30th, 2022, 1:24 pm So you'll have an internal database with codes like these being loaded/applied ?
Will it be a fallback or completly replace the current workaround ?
GameShark code support has finally been implemented successfully for the next update of Tonyhax International.

This means that every single game that contains anti-piracy/libcrypt can now work without any patches needing to be applied to the CD image itself before burning it to a CD-R. A completely unmodified backup copy burned to a CD-R or a real imported PS1 disc from another region will both just work in the next update

Tonyhax International/OG Tonyhax both support bypassing anti-piracy on most games if you use a USA or PAL console. Some games however don't work.

The earliest Japanese consoles can bypass all anti-piracy measures except libcrypt due to the hardware itself being too old to be supported properly by the anti-piracy measures. In Tonyhax International these consoles already could bypass all anti-piracy measures except libcrypt if they were not chipped and completely stock.

Now none of that matters. Every single game can now just work on every single console thanks to MottZilla's cheat engine. Integrating that into Tonyhax International was... something. But now I just need to get all of the codes :)
You do not have the required permissions to view the files attached to this post.

alexfree
Serious PSXDEV User
Serious PSXDEV User
Posts: 85
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » October 6th, 2022, 8:10 am

As part of adding the new anti-piracy defeat to Tonyhax International, I have realized that the gameshark codes are not available for every version of each game containing anti-piracy, i.e. https://consolecopyworld.com/psx/psx_game_codes.shtml.

It seems most crackers only crack the 1st version of the game. For example there is the Dino Crsisis Rev 0 codes available but no one bothered to crack the Rev 1 version of the game (Greatest Hits version) which has some differences https://tcrf.net/Dino_Crisis_(PlayStati ... ifferences. Anyways I had to find my own code to defeat the anti-piracy measures in Dino Crisis NTSC-U Rev 1. Here it is if anyone wants to use it, AFAIK no one has ever made a bypass for Dino Crisis Rev 1.

D0148004 8658
80148004 8F20

alexfree
Serious PSXDEV User
Serious PSXDEV User
Posts: 85
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » October 6th, 2022, 11:01 am

Little preview of everything working :)
You do not have the required permissions to view the files attached to this post.

alexfree
Serious PSXDEV User
Serious PSXDEV User
Posts: 85
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » October 7th, 2022, 10:29 am

ON-CONSOLE LibCrypt2 Defeater is now implemented and working ;)
You do not have the required permissions to view the files attached to this post.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest