Tonyhax International: Backup Loader For All Japanese, USA, and PAL PS1 Consoles/Early PS2 Consoles + GameShark Flasher

General homebrew games, programs and PlayStation PS-EXE's
alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 5th, 2022, 6:46 am

karehaani wrote: August 5th, 2022, 5:58 am I'm sorry for your inconvenience
thank you :praise
Okay, this loader is smaller (208 bytes) and tested to work. I removed everything I could think of while not breaking it. No color codes, no error safe guards. It literally just loads the tonyhax SPL.

If this is not small enough, let me know. I will have to then use an entirely different version of the loader with things stripped out exactly like this pull request: https://github.com/socram8888/tonyhax/pull/20

No inconvenience at all, good luck!
You do not have the required permissions to view the files attached to this post.

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 49
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 5th, 2022, 7:00 am

thank you
i will try this evening ;)

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 49
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 5th, 2022, 9:53 pm

alexfree wrote: August 5th, 2022, 6:46 am
karehaani wrote: August 5th, 2022, 5:58 am I'm sorry for your inconvenience
thank you :praise
Okay, this loader is smaller (208 bytes) and tested to work. I removed everything I could think of while not breaking it. No color codes, no error safe guards. It literally just loads the tonyhax SPL.

If this is not small enough, let me know. I will have to then use an entirely different version of the loader with things stripped out exactly like this pull request: https://github.com/socram8888/tonyhax/pull/20

No inconvenience at all, good luck!
https://mega.nz/file/XapxiJ7B#RTY1LPNUD ... m74w-wTReo
title Tekken3
Region japan & USA
DISCID SLPS-01300
DISCID SLUS-00402

Thanks to you, TONYHAX worked! :D

But there is one problem...
bu00:BESLEM-99999TONYHAX, name is loader size is over (180byte)only
?
Renamed to bu00:HAX and executed (just 180byte)



https://mega.nz/file/OSh0jaLb#OZbuqlD98 ... KB3-fqvmv0
title tekken2
Region japan & USA
DISCID SLPS-00300
DISCID SLUS-00213

Tekken 2 had no issues with loaders
The loader was also able to insert 208 bytes :D
TONYHAX booted fine

Tekken 2&3
lose in survivalmode
Exploit activation

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 5th, 2022, 11:19 pm

karehaani wrote: August 5th, 2022, 9:53 pm
alexfree wrote: August 5th, 2022, 6:46 am
karehaani wrote: August 5th, 2022, 5:58 am I'm sorry for your inconvenience
thank you :praise
Okay, this loader is smaller (208 bytes) and tested to work. I removed everything I could think of while not breaking it. No color codes, no error safe guards. It literally just loads the tonyhax SPL.

If this is not small enough, let me know. I will have to then use an entirely different version of the loader with things stripped out exactly like this pull request: https://github.com/socram8888/tonyhax/pull/20

No inconvenience at all, good luck!
https://mega.nz/file/XapxiJ7B#RTY1LPNUD ... m74w-wTReo
title Tekken3
Region japan & USA
DISCID SLPS-01300
DISCID SLUS-00402

Thanks to you, TONYHAX worked! :D

But there is one problem...
bu00:BESLEM-99999TONYHAX, name is loader size is over (180byte)only
?
Renamed to bu00:HAX and executed (just 180byte)



https://mega.nz/file/OSh0jaLb#OZbuqlD98 ... KB3-fqvmv0
title tekken2
Region japan & USA
DISCID SLPS-00300
DISCID SLUS-00213

Tekken 2 had no issues with loaders
The loader was also able to insert 208 bytes :D
TONYHAX booted fine

Tekken 2&3
lose in survivalmode
Exploit activation
Great! I think the best solution is to change the Tonyhax executable to HAX instead of BESLEM-99999TONYHAX as I do not see a downside to this. There is a way to make it a bit smaller without changing the name but it makes it unreliable from what I can see as we have to use older code with known issues.

The primary loader will be the 180 byte one for only the Tekken games. All the other games get the original loader with the colour codes and error safe guards but will be named HAX for consistency.

So v1.0.7:
Cool Boarders 4 Japan (still need a checksum script, working on it)
Tekken 2 Japan
Tekken 2 USA
Tekken 3 Japan
Tekken 3 USA
Possibly: Castlevania Chronicle Rev 1 (only rev 0 is supported by Tonyhax International v1.0.6 so far)

User avatar
MottZilla
Verified
Serious PSXDEV User
Serious PSXDEV User
Posts: 88
Joined: Jul 04, 2015
Location: North America

Post by MottZilla » August 6th, 2022, 7:25 am

In my opinion I would leave the TonyHaxSPL filename as it is but if the loader really needs it shortened for one of the Tekken games I'd put that in the documentation and have another file the user can use solely for that.

I can't think of other downsides right away other than changing the name would require every single save game entrypoint being updated to point to the new file. But there might be other good reasons not to rename the SPL.

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 49
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 6th, 2022, 8:31 am

https://mega.nz/file/yOpjxQbS#WAJtky9mK ... KnbGtIPfPs
title DOWNHILL SNOW
disc ID SLPS01391
Region japan
Activation procedure?
SCENARIO>CONTINUE>load>CONFIG>RANKING>Moguls>Press directional key right>TONYHAX!

normal loader (292byte) OK!
operation is normal :D

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 6th, 2022, 11:28 am

MottZilla wrote: August 6th, 2022, 7:25 am In my opinion I would leave the TonyHaxSPL filename as it is but if the loader really needs it shortened for one of the Tekken games I'd put that in the documentation and have another file the user can use solely for that.

I can't think of other downsides right away other than changing the name would require every single save game entrypoint being updated to point to the new file. But there might be other good reasons not to rename the SPL.
The template for each save game exploit does not contain the loader, the template is copied and then the entry.bin file is dynamically inserted at the right offset by the makefile, and any checksum changes are accounted for by the fix-checksum scripts or our successcu program. So really there is nothing more to change in the source. Change the entry.S source, the name of it in the makefiles and everything would be updated when building a new release.

User avatar
MottZilla
Verified
Serious PSXDEV User
Serious PSXDEV User
Posts: 88
Joined: Jul 04, 2015
Location: North America

Post by MottZilla » August 6th, 2022, 12:12 pm

I meant that it would require the user who may have older save game exploit files to have to update their files, as well as tools like MCTOOL requiring an update. Plus it would result in a break in compatibility with the original TonyHax exploits and loader. It may not be a big deal to some.

It is nice to save some bytes in the 1st level of the exploit since it opens up the possibility of exploiting more games that might have less memory to work with.

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 6th, 2022, 1:55 pm

karehaani wrote: August 6th, 2022, 8:31 am https://mega.nz/file/yOpjxQbS#WAJtky9mK ... KnbGtIPfPs
title DOWNHILL SNOW
disc ID SLPS01391
Region japan
Activation procedure?
SCENARIO>CONTINUE>load>CONFIG>RANKING>Moguls>Press directional key right>TONYHAX!

normal loader (292byte) OK!
operation is normal :D
I have successfully implemented Tekken 2 USA (rev 0) and Tekken 2 Japan (rev 1) save game exploit files from you into Tonyhax International. I am not sure at what offset in the Tekken3 mcs file to put the loader at because it is not in the file you sent. Please let me know where in the Tekken3 mcs file to put the loader (or upload a mcs file with the loader already in it).

I will work on adding your newest save game exploit for downhill snow while I wait for your answer. Thanks again for all of this work.

Also my friend is it required to have 20 loaders in the Tekken 2 memory card file? There should only be one right? Right now I am doing this to insert the loader because I don't know which one is relevant to the exploit:

dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=1152
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=1456
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=1760
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=2064
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=2368
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=2672
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=2976
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=3280
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=3888
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=4192
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=4496
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=4800
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=5408
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=5712
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=6016
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=6324
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=6624
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=6928
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=7232
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=7540

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 49
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 6th, 2022, 4:20 pm

alexfree wrote: August 6th, 2022, 1:55 pm
karehaani wrote: August 6th, 2022, 8:31 am https://mega.nz/file/yOpjxQbS#WAJtky9mK ... KnbGtIPfPs
title DOWNHILL SNOW
disc ID SLPS01391
Region japan
Activation procedure?
SCENARIO>CONTINUE>load>CONFIG>RANKING>Moguls>Press directional key right>TONYHAX!

normal loader (292byte) OK!
operation is normal :D
I have successfully implemented Tekken 2 USA (rev 0) and Tekken 2 Japan (rev 1) save game exploit files from you into Tonyhax International. I am not sure at what offset in the Tekken3 mcs file to put the loader at because it is not in the file you sent. Please let me know where in the Tekken3 mcs file to put the loader (or upload a mcs file with the loader already in it).

I will work on adding your newest save game exploit for downhill snow while I wait for your answer. Thanks again for all of this work.

Also my friend is it required to have 20 loaders in the Tekken 2 memory card file? There should only be one right? Right now I am doing this to insert the loader because I don't know which one is relevant to the exploit:

dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=1152
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=1456
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=1760
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=2064
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=2368
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=2672
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=2976
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=3280
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=3888
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=4192
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=4496
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=4800
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=5408
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=5712
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=6016
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=6324
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=6624
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=6928
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=7232
dd conv=notrunc if=entry-bb.bin of=tekken2-jp.mcs bs=1 seek=7540
https://mega.nz/file/KLJAAQ5R#M8zZGP8vG ... -MnJn-HifY

This is the data of tekken2 which corrected the mistake of the file...
JPN 800A2EA0
USA 800A3A14
Because it was manually written to the encrypted save data area
Loading loader from binary encrypted area :|

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 49
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 6th, 2022, 4:28 pm

tekken3
Because you are manually writing the loader to the compressed encrypted area
loader is already placed

JPN 80099324
USA 80097F4C
Both tekken2 and tekken3
Since we are placing the loader inside the encrypted binary
Invisible from Hexeditor :|

Lack of technology and
Sorry at the lack of explanation :crying

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 49
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 6th, 2022, 4:42 pm

tekken2 mcs
binary
1 512byte=title & save icon picture
2 512byte=exploit data& loader data (encryption)

tekken3 mcs
binary
1 512byte=title & save icon picture
2 512byte=exploit data& loader data (encryption)

tekken2
208 byte
The string will be destroyed if it exceeds 208 bytes

tekken3
180byte
When writing 180 bytes or more
string breaks


I haven't tried it because I don't have an operating environment
Maybe you can decrypt it with this script.


https://github.com/krystalgamer/tonyhax ... oder.py#L5

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 7th, 2022, 2:15 am

karehaani wrote: August 6th, 2022, 4:42 pm tekken2 mcs
binary
1 512byte=title & save icon picture
2 512byte=exploit data& loader data (encryption)

tekken3 mcs
binary
1 512byte=title & save icon picture
2 512byte=exploit data& loader data (encryption)

tekken2
208 byte
The string will be destroyed if it exceeds 208 bytes

tekken3
180byte
When writing 180 bytes or more
string breaks


I haven't tried it because I don't have an operating environment
Maybe you can decrypt it with this script.


https://github.com/krystalgamer/tonyhax ... oder.py#L5
Thanks I think I get it. I will try the script with this like in that fork, I just hope it works with USA and Japanese versions.

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 7th, 2022, 3:13 pm

karehaani wrote: August 6th, 2022, 4:42 pm tekken2 mcs
binary
1 512byte=title & save icon picture
2 512byte=exploit data& loader data (encryption)

tekken3 mcs
binary
1 512byte=title & save icon picture
2 512byte=exploit data& loader data (encryption)

tekken2
208 byte
The string will be destroyed if it exceeds 208 bytes

tekken3
180byte
When writing 180 bytes or more
string breaks


I haven't tried it because I don't have an operating environment
Maybe you can decrypt it with this script.


https://github.com/krystalgamer/tonyhax ... oder.py#L5
Thank you! Tekken 2 now is working correctly using those scripts for Japan and USA!

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 49
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 7th, 2022, 4:24 pm

thank you for your hard work :clap
thank you very much ;)

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 49
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 7th, 2022, 6:52 pm

https://mega.nz/file/jbZn3KoZ#tumZo2J5w ... cGnTMxpB_Q
title tekken2 & tekken3
Region PAL
DISC ID SCES-00255 tekken2
DISC ID SCES-01237 tekken3
TONYHAX starts when you lose in survival mode ;)

tekken_decoder.py can also be used in Tekken 3 :)

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 8th, 2022, 12:21 am

karehaani wrote: August 7th, 2022, 6:52 pm https://mega.nz/file/jbZn3KoZ#tumZo2J5w ... cGnTMxpB_Q
title tekken2 & tekken3
Region PAL
DISC ID SCES-00255 tekken2
DISC ID SCES-01237 tekken3
TONYHAX starts when you lose in survival mode ;)

tekken_decoder.py can also be used in Tekken 3 :)
Will add that to v1.0.7. Also for the older Japanese PS1 consoles v1.0.7 works way faster (~30 seconds to boot import/CD-R), I can't wait for you to see it yourself on your SCPH-3000!

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 49
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 8th, 2022, 5:48 am

thank you!
Thanks for the great update!

alexfree
Verified
Extreme PSXDEV User
Extreme PSXDEV User
Posts: 221
Joined: Oct 21, 2021
I am a: Programmer, Gamer
PlayStation Model: SCPH-1000
Location: USA
Contact:

Post by alexfree » August 8th, 2022, 2:29 pm

karehaani wrote: August 8th, 2022, 5:48 am thank you!
Thanks for the great update!
Tonyhax International v1.0.7 update: https://github.com/alex-free/tonyhax/re ... tional.zip

Changes:

The Tonyhax International loader memory card save file is now named HAX instead of BESLEM-99999TONYHAX to allow for more exploitable games. You will need to update both the save game exploit file for your game as well as the Tonyhax International loader file to use v1.0.7 if you are using a previou version of the save game exploit file for your game that is already on a memory card.

Removed the SetSessionSuperUltraCommandSmash and replaced it with MottZilla's new method of re-reading TOC data for VC0 A, VC0 B, and VC1 A CDROM Controller BIOS firmwares. This change reduces the time it takes to re-read the TOC data on the backup CD-R or import PS1 disc from 2-10 minutes on the SCPH-1000, SCPH-3000, and some SCPH-3500 japanese consoles to around 30 seconds with 100% reliability!

Added save game exploit support for Tekken 3 Japan/USA/PAL thanks to Patchouli (karehaani) and krystalgamer.

Added save game exploit support for Tekken 2 Japan (rev 1 only), USA (rev 0 only), and PAL thanks to Patchouli (karehaani) and krystalgamer.

Added save game exploit support for Downhill Snow Japan thanks to Patchouli (karehaani).

karehaani
Active PSXDEV User
Active PSXDEV User
Posts: 49
Joined: Jul 25, 2022
PlayStation Model: SCPH3000
Location: japan

Post by karehaani » August 8th, 2022, 3:44 pm

thanks for the great job!
Thank you for your update work ;)







https://mega.nz/file/HSREALoT#O022FJ5zt ... 2bmbOi92N8

ff9 JPN
SLOT00.mcd (0x00002120=4byte) $v0 jalr
0x000020F0-2110=save disc id check(numerical value)* If I change the value, the check fails
0x00002170-217C=(andi s3,t9,0x3333)=crash)
0x00002204=loader start
0x000033FC check sum (https://web.save-editor.com/tool/wse_ch ... x_ps1.html)
0x801F4A14 jalr v0 (801FC358)=4byte $v0 (SLOT00.mcd (0x00002120=4byte)
0x801FC23c loader start (0x00002204)

0x800FADD0-80198600=free address

tony hax stop
I can't understand more with my technology :|

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests