750x for 12F629 & 12F683

i though you havent freemcbooted your ps2

 

i used to use fmcb but now i use hdd-osd. just want to install it the proper way with no hdd image

 

in order to have ps2 true hdd supprt install only freehdboot is not enough you need a clone hdd image to achive browser 2 then install freehdboot

 

im meant browser 2.0 not fhdb. i dont need fhdb

 

ahh ok

 

nvermind.

 

I'm so glad the forum is back...

 

Me too. Thankfully I had saved the x750 firmware u made and flashed it to chip while site was down. Quick question, why did u add a 1uf cap to the design on pin 6?

I've flashed your final firmware to a 12f629, does this continue to send SCEx string continuously or does it have an auto shutdown?

 

I kept the basics of the original design which had the cap on the SCEX line. The last version keeps sending the string but it is about 90% less times per minute than the original laser banger everybody was using back in the days. I was able to boot every single mod protected US game without the termination message. I left the games running for about half hour each and no message. Check out page 6 for the details.

 

I looked at that SCEX data connection with the scope.
It is apparently the exact same low level tracking error signal as in PSX boards PU-22 and up.
So yea, I hooked up my Arduino modchip with WFCK simulation and it accepts the unlock symbols first try.

So now I guess I'll be looking for those SUBQ / SCLK connection points. They've got to be in there somewhere.
When I find them, I can make a proper stealth modchip for PS2

Edit:
By the way, it's funny that the 750x PIC code works with just the data connection.
It should only be able to pull the signal low for logical one's, but for zero's, it's missing the WFCK connection.
Well, unless someone modified the actual injection code?

 

Good and not so good news!
The subchannel bus still exists, at least on early PS2 consoles (didn't check the slims yet but it's probably there as well).
Early PS2 units have SCLK on pin 35 and SUBQ on pin 33 (now called SQSO) on IC 604 "Mechacon".

For the not so good news:
First, both connections are hard to solder to. SCLK can be taken off a resistor package but SUBQ is only available directly on the tiny IC pin.
Second, the console doesn't start with valid subchannel data.
Instead, it appears to use an even more encrypted version of what we have on later PSX consoles.

All I can do with that is know that a CD is inserted. It could be a music CD, PS2 game CD, or PSX game.
If a DVD is inserted, I never get any subchannel data at all, which is great.
Anyway, I hooked up an Arduino and slightly modified my PsNee and now it starts games in PSX mode.

Once the PS1 driver is active, I get regular subchannel readouts. So my antimod routine will work and not fail on modchip protected games

 

so it might be possible with your modified code to boot ps2 cd based (blue bottom) backups from osdsys?

 

I do nothing to pass PS2 license checks. This is for PSX games only.
Maybe there's some way to escape the PSX emulator with a still unlocked disk though.

 

a good thing will be also a region check bypasser in the chip. the psxone modchips do that thing, a check in the chip program asm maybe help. i have games with libcrypt copy protections and my backups have the the correct subchannels. sometimes they work some times not. (they play in everyboot on my psx) if the libcrypted games starts to play they will play ok until the next reboot. at the next reboot is 50-50. i also start the games with the psxlauncherelf (with modchip switch to off ofcource) its simply needs an original disk, after the scex signal is sent to the console it stops the disk. and i swap with the backup but again the libcrypt protected games maybe will play maybe not. so the modchip has nothing to do with corect subchannel reads. maybe the clone cd backups are absolete for ps2 or the ps2 has a bug on subq readings. those issues hapen both on my 50004 console (phat) and my 770004 (slim)note that libcrypt is in europe. in japan and usa they use the antimod protection even an original disk will not boot without stealth modchip or not a modchip at all ofcource. the antimod games simply checks if the scex signal is sended without the console request it and if it found that the signal is sended without request it ends with the famous redscreen. its also worth to mention that libcrypt is activated in any console no matter the region including psp and all emulators exept popstarter because its programed to recognise the game and patch it on the fly, while in the antimod games the protection is not triggered on pal consoles. @psydefx you can play ps2 cd based backups with the psx only modchips but not directly you need to freemcboot your console enter in the ulaunch open your modchip and insert the ps2 cd backup go to cdvd folder and select your disk elf its the one like this sles_400.00 and your ps2 cd backup will work.

 

Bypassing the region check would be big on my wish list as well. Unfortunately, it's not so simple.
We knew what the crackers did on the PSOne to switch a PAL console into the NTSC boot menu.
They timed accesses to the BIOS chip and drag a data line low in just the right moment, causing some comparison in the BIOS code to branch to the NTSC path, instead of PAL.
Replicating the same thing on PS2 is difficult, simply because the hardware is different.
I'd also assume this kind of hack now doesn't work anymore.

Basically we would need to know exactly what these modern modchips do, then replicate that.

Regarding Libcrypt, my code does nothing about that. You either need the original disk or patch the copy.
My code is just about preventing antimod protection to kick in. And it does that deterministically, always.

 

sure i do undreastand that byppsing the region checks between the psxone and ps2 is way different. but if it can be done with a simple pic it will be great bus as you say its complicated. its also nice to hear that you have made a true stealth antimod chip for psx games only. btw my findings inticates that antimod protection is triggered on ntsc psx. i have several ntsc antimod games that used to play on my old pal psx with old crow chip (4 wires thats not a stealth chip)

 

Antimod is pretty well understood. There are lots of parameters, like which version of a game will trigger a check on which console region, etc.
It's best to just always "do the right thing" and emulate what a real disk would present.

 

oh forgot to ask this new program will require more than 4 legs of the pic right?

 

It runs on Atmel AVR and specifically I favor Arduino. Cost of a board is comparable to a PIC but it easier to use and more versatile.
http://www.psxdev.net/forum/viewtopic.php?f=47&t=1262&start=220#p12848

 

Hello everybody! Nice to see the thread going LOL

I don't know if this might help or add anything important since this was my first attempt at learning .asm and even porting the code but this is what I ended up doing:

The last versions that I made were a hybrid between old crow's original way of sending the string in raw manner and the timing in which it is sent. That is how I got it to pass all the mod checks in all ntsc usa protected games that I was able to test...
Old Crow's Notes caught my eye:

Code:

"This wobble groove is analogous to a frequency standard in that it is a fixed signal with no modulated content. Now, the region coding designers had a clever idea: why not encode a small portion of the wobble groove such that the tracking signals could temporarily be used to recover an embedded data block. This is exactly how a PSX game disc is made, and why it cannot be copied: the wobble groove is not a user-definable part of the ISO-9660 mode 2 (XA) format. Therefore, when a copy of an original game disc is made, the writing drive uses a standard "in-spec" wobble groove signal."

Code:

;===============================================================================
;                         RAW DATA BLOCK SENDING "SCEA"  
;                     0x09,0xa9,0x3d,0x2b,0xa5,0xF4 "SCEA"
;                     0x09,0xa9,0x3d,0x2b,0xa5,0x74 "SCEE"
;                     0x09,0xa9,0x3d,0x2b,0xa5,0xB4 "SCEI"
;                      0xB4 = I     0x74 = E     0xF4 = A
;                              REPLACE ACCORDINGLY
;===============================================================================
lines   addwf   PCL,F   ;Get index into table                
   dt      0xff,0x41,0x3d,0x2b,0xa6,0x20,0x26,0xa4,0xf4,0xae,0x96,0xd0
   dt      0x09,0xa9,0x3d,0x2b,0xa5,0xf4,0x3a,0x87,0x2c,0xae,0x97,0xd0
   dt      0x09,0xa9,0x3d,0x2b,0xa5,0xf4,0x26,0xa4,0xf4,0xae,0x95,0xd0
   dt      0x09,0xa9,0x3d,0x2b,0xa5,0xf4,0x2f,0xa5,0x98,0xf8,0x15,0xd0
   dt      0x0a,0xe9,0xb8,0x27,0xa5,0xd8,0x26,0xa4,0xf4,0xae,0x96,0xd0
   dt      0x00,0x09,0x3d,0x2b,0xa5,0xf4,0x2f,0xa4,0x30,0xcd,0x95,0xd0
   dt      0x00,0x09,0x3d,0x2b,0xa7,0x6c,0x26,0xa4,0xf4,0xae,0x96,0xd0
   dt      0x00,0x09,0x3d,0x2b,0xa5,0xf4,0x35,0xe6,0xe4,0xae,0x97,0xd0
   dt      0x0e,0xc9,0xc2,0x2b,0xa5,0xf4,0x26,0xa4,0xf4,0xae,0x95,0xd0
   dt      0x00,0x09,0x3d,0x2b,0xa5,0xf4,0x2e,0xa7,0xa8,0xbe,0x95,0xd0
   dt      0x00,0x09,0x8d,0x2b,0xa5,0x00,0x26,0xa4,0xf4,0xae,0x96,0xd0
   dt      0x00,0x09,0x3d,0x2b,0xa5,0xf4,0x20,0x46,0x5c,0xae,0x97,0xd0
   dt      0x0f,0x41,0x3d,0x2b,0xa6,0x20,0x26,0xa4,0xf4,0xae,0x96,0xd0
;===============================================================================

Then I sent old crow's raw code (had to play with it and modified it just a tiny bit) twice per second (18 times in 9 secs) to get to the PS Logo every time...

Then I did the following to catch the multiple string checks some games have (like Coolboarders 2001, Spyro YOTD and other USA games) and also be 90% more gentle on the lens by sending it at a more calm pace (from twice a second to 1 every six seconds like Old Crow did) the led came in handy for this LOL...
CLOCK OUT DATAGRAMS 2 THROUGH 13 ON rb.1 EVERY 6 SECONDS

Terminated message would appear if I only sent straight SCEx,SCEx,SCEx....
On the other hand sending the raw code with random data along with it did the trick every time, I guess because the code seems "embedded" and read with expected errors and not shellacked down the laser's throat LOL.. Old Crow:

Code:

In retrospect, it was understood these character strings came from the wobble groove as previosuly described, and as such there had to be a fault tolerance built into the way the machine checked discs. Mechanical differences between machines, coupled with the fact that reading from an optical disc that could be scratched, dirty, or otherwise imperfect was demanding.

Basically I ended up doing a hybrid between original 750x and Old Crow with the option to turn the chip off by keeping reset pressed and boot originals without removing the usb modchip if the jumper between VDD and GP3/!MCLR is used. Keeping in mind I could only test NTSC US games.

Keep having fun guys!!! If any of what I said above does not make sense then that would make perfect sense because I had never programmed in .asm before LOL...