Using the memory card on an incorrect BIOS destroys the payload

socram8888 commented 3 years ago

I was trying to load tonyhax using the exploit on an emulator, but had the wrong BIOS accidentally loaded. This resulted in the exploit failing to load (which is totally benign), but also I ended up with the frame 0x3F overwritten as part of the write check, which destroyed the payload.

I see two ways of working around this issue:

Modify the script to load from 0x40 onwards only, which means the payload would be limited to 122880 bytes. Easiest solution to implement, and the one that implies simpler logic.
Modify the builder script to skip sector 0x3F, and loading script to do the same. We'd have 128768 bytes in total, but would complicate the loading and building procedure.

EDIT: This seems to also happen if using the correct BIOS: imagen

tonyhax-scph9002.mcd.zip

nicolasnoble commented 3 years ago

Right, we might want to skip 0x3f and go at 0x40. In fact, on some memory cards, 0x3f doesn't actually exist, like on the mcpro.

nicolasnoble commented 3 years ago

So #6 moved the binary around frame 0x40, which I believe solves this one here?

socram8888 commented 3 years ago

I'm getting an even worse crash now. I don't even get to the start address of tonyhax (at 0x801FA100). I'm gonna investigate what the problem could be.

tonyhax-exe.zip

brad-lin / FreePSXBoot

Using the memory card on an incorrect BIOS destroys the payload #5