Exploit not working on certain SCPH-5501 models

[fyatwyrio]

Hello, I have a SCPH-5501 PU-18\1-664-537-62\September 1997 model Playstation and have verified the Bios is 3.0 , checksum 8d8cb7e4, and a date of 11/18/96. I've written the freepsxboot-unirom-fastload-20210419-bios-3.0.mcd image to a first party memory card using PSXGameEdit 1.6 and a DexDrive. This method has been confirmed to be working in issue #22 . Selecting Memory Card from the Playstation menu makes the screen flash from orange to a pale light blue very quickly and then it locks there. I've left the Playstation in that state for hours. Tonyhax also does not work using the Castrol Superbike save game exploit. It will load the save game successfully but starting a race to initialize the payload locks up the Playstation. I've read a few posts about some 5501's just not working with the exploit. Let me know if there is some information I can provide about my Playstation which may help get it working.

Thanks.

[hurda]

A new image got uploaded specifically for your BIOS-date: https://github.com/brad-lin/FreePSXBoot/blob/master/images/freepsxboot-unirom-fastload-20210421-bios-3.0-19961118.mcd

[brad-lin]

If you get to the pale blue screen, it means the exploit triggered. From there, it's very unlikely to crash, so maybe your memory card was not properly written?

Can you try again with the 20210421 images? If it still fails, please dump your memory card and compare it to the memory card image.

[fyatwyrio]

So progress..maybe. Firstly Tonyhax does actually work. I had just tried it for testing and missed that the loader save also needed to be imported and not just the game save exploit. It also works across the various memory cards I have.

The new 1996118 image still doesn't work but there is some interesting behavior. I have 4 completely different 3rd party mem cards (Interact, Joytech, generic, and a 2x Performance with a button to switch between the banks) and a Sony card. PSXGameEdit has 2 different read and write methods, quick and full. Using either on any of the 3rd party cards results in the Playstation reading them as empty. When using the full write method on the Sony card the screen scales way up where the "Memory Card" graphic takes up the full bottom of the screen and locks there. Using the quick write method actually shows the light blue screen with vertical yellow columns filling in from left to right making the screen greenish. It get's to the end but then just locks on the greenish screen. I also tried the quick write method with the previous 3.0 image and it just locks on the main playstation screen.

Regarding the memory card dump I tested PSXGameEdit's export functionality. First I loaded the image to the apps buffer and then exported what it had loaded. This does not actually write anything to a card. There were no differences between the images so the app is not making any changes when it loads to it's buffer. I then wrote the image to the Sony memory card using the full method, read it back using the full method, and exported it. The images were different unfortunately. I also did the same using the quick write method and while they were also different it was much less different. Using the full write the differences stopped at position 0171FF and the quick image differences stopped at just 1FFF. So it does look like the app makes changes when actually writing to a device but maybe the quick write only changes the initial header and writes whatever data is left and the full will try to 'fix' things.

I don't know why it worked for @hurda or why all my 3rd party cards are read as empty.

[hurda]

Haven't said it worked for me, was just linking the new image for you. Do you have any other way of writing the memorycard-images? Changing that first block can't be helping with launching the exploit.

[fyatwyrio]

Haven't said it worked for me, was just linking the new image for you. Do you have any other way of writing the memorycard-images? Changing that first block can't be helping with launching the exploit.

Sorry, I tagged the wrong person. I meant @mgarcia-org said it worked with PSXGameEdit.

Good news though. I wrote my own writer for the DexDrive with the help of @ShendoXT memcardrex code and @fbriere protocol.txt information. It just writes the raw data as is without trying to change header/slot data, Now the freepsxboot-unirom-fastload-20210421-bios-3.0-19961118.mcd image works fine on the Sony memory card and all the 3rd Party cards. Not sure why the 3rd party cards behaved differently with the memory managers but at least it's not anything wrong with FreePSXBoot or my playstation.

[brad-lin]

Thanks for the feedback, and great news.

Memcardrex being open source, it should be relatively easy to add a "write raw card data without any checks" option to it.

[fyatwyrio]

Issue was caused by memory managers for the dexdrive changing the image and not freepsxboot. Writing the raw image was successful.