groanzone1
commented
2 years ago UPDATE: using Unirom 8.0.1 with freepsxboot 2.0 the games load just fine. It's odd that tonyhax isn't working then.
Closed groanzone1 closed 1 year ago
groanzone1
commented
2 years ago UPDATE: using Unirom 8.0.1 with freepsxboot 2.0 the games load just fine. It's odd that tonyhax isn't working then.
m4x10187
commented
1 year ago 16x speed isn't the best to burn PlayStation discs. I highly recommend that you burn the disc at the slowest speed if possible, because the PSX does not like reading discs that were written at faster speeds.
alex-free
commented
1 year ago 16x speed isn't the best to burn PlayStation discs. I highly recommend that you burn the disc at the slowest speed if possible, because the PSX does not like reading discs that were written at faster speeds.
Especially older PSX console models, they really, really hate 16x. My results where unreliable when buring at 16x. 10x is the highest I will go with PSX CD-Rs, and luckily that is the minimum supported burn speed for my burner.
It is unfortunate that newer CD burners can't burn lower then 16x though.
The brand of CD-R is really good for PSX though, that is exactly what I use and recommend (Verbatim DataLifePlus CD-Rs).
It would be worth burning at a slower speed and trying again I would think. I'm going to try to reproduce this on real hardware.
m4x10187
commented
1 year ago 16x speed isn't the best to burn PlayStation discs. I highly recommend that you burn the disc at the slowest speed if possible, because the PSX does not like reading discs that were written at faster speeds.
It sounds like the advice that you'd get from a YouTube tutorial, and that's because it is. I've seen many tutorials that recommend burning the CD at either max speed or 16x speed in "ImgBurn", as if that's ever going to work out and I've had zero success with it.
alex-free
commented
1 year ago This is reproducible. On my stock SCPH-1001 using Tonyhax v1.4.4 Boot CD via CD Player Swap Trick Rival Schools (SLUS-00681) boots into a black screen. I wonder what the GameShark is doing differently.
m4x10187
commented
1 year ago I'll see if its reproducable on one of my consoles, albeit I highly doubt it since NTSC games with AP doesn't activate on PAL consoles. It could, however, be possible to replace the BIOS chip with flash memory that has either an American or Japanese BIOS to attempt to trigger the AP - I don't know it's just an idea.
alex-free
commented
1 year ago I'll see if its reproducable on one of my consoles, albeit I highly doubt it since NTSC games with AP doesn't activate on PAL consoles.
That's not always the case. Also I don't think this is AP related because there is no anti-piracy screen that is triggered.
m4x10187
commented
1 year ago I'll see if its reproducable on one of my consoles, albeit I highly doubt it since NTSC games with AP doesn't activate on PAL consoles.
That's not always the case. Also I don't think this is AP related because there is no anti-piracy screen that is triggered.
Shiritsu Justice Gakuen 2 does have anti-modchip protection according to Redump.
alex-free
commented
1 year ago I'll see if its reproducable on one of my consoles, albeit I highly doubt it since NTSC games with AP doesn't activate on PAL consoles.
That's not always the case. Also I don't think this is AP related because there is no anti-piracy screen that is triggered.
Shiritsu Justice Gakuen 2 does have anti-modchip protection according to Redump.
As the game does not boot at all, it might not be related to that. It's possible that the anti-piracy code never even got a chance to run.
alex-free
commented
1 year ago Interesting, Rival Schools works in Tonyhax International v1.1.3 but not in Tonyhax v1.4.4 on the same console.
Edit: I feel like probably https://github.com/socram8888/tonyhax/commit/8d69e31127303164086f63831caa78038271427f fixed this? I need to compile the latest source of the original Tonyhax to find out. Tonyhax v1.4.4 precedes this commit, and Tonyhax International v1.1.3 has this change already implemented.
I had an issue with Pop'N Music 6 booting to a black screen before I implemented the changes in that commit in my fork, actually the same issue here.
m4x10187
commented
1 year ago Same happened with Shiritsu Justice Gakuen 2 as well as Rival Schools. Worked fine on Tonyhax Int. v1.1.3 but not on Tonyhax v1.4.4.
alex-free
commented
1 year ago Same happened with Shiritsu Justice Gakuen 2 as well as Rival Schools. Worked fine on Tonyhax Int. v1.1.3 but not on Tonyhax v1.4.4.
I compiled the latest source from github (as of 12/1/2022) of Tonyhax (v1.4.5b) and this is still an issue.
Hmm, the 'loader' diff from Tonyhax International comparing the original Tonyhax is here: https://github.com/alex-free/tonyhax/blob/master/docs/tonyhax-vs-tonyhax-international-diffs/tonyhax-international-v1.1.3.diff . Secondary.c starts at https://github.com/alex-free/tonyhax/blob/2a32eb55a3dfe74598b6c3d7feb25310382cc78e/docs/tonyhax-vs-tonyhax-international-diffs/tonyhax-international-v1.1.3.diff#L1782
socram8888
commented
1 year ago I cannot replicate this on an emulator, and I cannot test it in real hardware at the moment. Can some of you attempt to run it with patches disabled, please?
alex-free
commented
1 year ago I cannot replicate this on an emulator, and I cannot test it in real hardware at the moment. Can some of you attempt to run it with patches disabled, please?
BOOM, it works on real hardware! Attached is the latest Tonyhax v1.4.5b compiled directly from Github, with one small change: //patcher_apply(bootfile); (in the file secondary.c)
This makes a lot of sense. Tonyhax International uses a completely different anti-piracy bypass system, as well as the newer more compatible FreePSXBoot patches (from the FreePSXBoot builder itself: https://github.com/brad-lin/FreePSXBoot/commit/62287d1754efa5c1e131f9f36dbda6a89f39d4f3).
Now neither me or @M4x1mumReZ where using the FPSXBoot method, and I actually did try removing only the FreePSXBoot patch from Tonyhax and it didn't work. So this confirms the anti-piracy patch is interfering with these 2 games directly.
@M4x1mumReZ can you verify this Boot CD works as well?
Now the question is, to whitelist or to blacklist.
socram8888
commented
1 year ago I really rather figure out why is the check causing the problem rather than to blacklist or whitelist it - the antipiracy does very plenty checks to ensure it does not cause an illegal or unaligned read, so I'm really curious on what the issue could be here.
I guess I'll revisit that idea of getting an old non-slim PS1 to load executables straight into RAM using the serial port, which should make testing this much much easier.
m4x10187
commented
1 year ago @M4x1mumReZ can you verify this Boot CD works as well?
I'll do that right now and I'll let you know.
m4x10187
commented
1 year ago Okay, I can confirm that both work now. 👍🏻
socram8888
commented
1 year ago 
I've devised a way to load tonyhax with no memory card, only an Arduino. Furthermode, it's a full-fledged terminal so I can peek and poke arbitrary memory registers, which could be pretty useful for testing that theory about changing PS2-only video registers in PS1 mode:
I'll start now investigating these black screens of death.
m4x10187
commented
1 year ago
Now that is interesting. 😄
socram8888
commented
1 year ago 
Still working on this, but this new debugging feature is gonna make my life much, much more easy.
socram8888
commented
1 year ago Thanks to the contraception, I've managed to easily figure out the issue. From the interrupt log:
Configuration : EvCB 0x10 TCB 0x04
Int PC:801FC098 SP:801FFE70
Change effective memory : 2 MBytes
Int PC:BFC0D968 SP:801FFF90
Int PC:8005AD14 SP:801FFF90
Int PC:8005AD14 SP:801FFF90
Int PC:8005AD14 SP:801FFF90
Int PC:8005AD14 SP:801FFF90
Int PC:00006B88 SP:801FFF78
Int PC:8005AD14 SP:801FFFA8
Int PC:8005AD14 SP:801FFFA8
Int PC:8005AD14 SP:801FFF20
Int PC:8005AD14 SP:801FFFD8 <<< Crashes here if we read SP+0x28
Int PC:8005AD14 SP:801FFFB8
Int PC:8005AD14 SP:801FF7C8
Int PC:8005AD14 SP:801FF7C8SP+801FFFD8 is 80200000, which is just a mirror of the RAM and should not cause any harm. However, the game uses the SetMemSize function, which does cause the machine to lock up if accessing a mirror of the RAM.
Fixed in b70cbe6bc401311cc9f8f0722c2bba2021401509. Attached is a beta 1.4.5 which should work. tonyhax-v1.4.5b.zip
Closing, but feel free to reopen if needed.
alex-free
commented
1 year ago Thanks to the contraception, I've managed to easily figure out the issue. From the interrupt log:
Configuration : EvCB 0x10 TCB 0x04 Int PC:801FC098 SP:801FFE70 Change effective memory : 2 MBytes Int PC:BFC0D968 SP:801FFF90 Int PC:8005AD14 SP:801FFF90 Int PC:8005AD14 SP:801FFF90 Int PC:8005AD14 SP:801FFF90 Int PC:8005AD14 SP:801FFF90 Int PC:00006B88 SP:801FFF78 Int PC:8005AD14 SP:801FFFA8 Int PC:8005AD14 SP:801FFFA8 Int PC:8005AD14 SP:801FFF20 Int PC:8005AD14 SP:801FFFD8 <<< Crashes here if we read SP+0x28 Int PC:8005AD14 SP:801FFFB8 Int PC:8005AD14 SP:801FF7C8 Int PC:8005AD14 SP:801FF7C8SP+801FFFD8 is 80200000, which is just a mirror of the RAM and should not cause any harm. However, the game uses the SetMemSize function, which does cause the machine to lock up if accessing a mirror of the RAM.
Fixed in b70cbe6. Attached is a beta 1.4.5 which should work. tonyhax-v1.4.5b.zip
Closing, but feel free to reopen if needed.
Any way you could publish this tool of yours?
m4x10187
commented
1 year ago Thanks to the contraception, I've managed to easily figure out the issue. From the interrupt log:
Configuration : EvCB 0x10 TCB 0x04 Int PC:801FC098 SP:801FFE70 Change effective memory : 2 MBytes Int PC:BFC0D968 SP:801FFF90 Int PC:8005AD14 SP:801FFF90 Int PC:8005AD14 SP:801FFF90 Int PC:8005AD14 SP:801FFF90 Int PC:8005AD14 SP:801FFF90 Int PC:00006B88 SP:801FFF78 Int PC:8005AD14 SP:801FFFA8 Int PC:8005AD14 SP:801FFFA8 Int PC:8005AD14 SP:801FFF20 Int PC:8005AD14 SP:801FFFD8 <<< Crashes here if we read SP+0x28 Int PC:8005AD14 SP:801FFFB8 Int PC:8005AD14 SP:801FF7C8 Int PC:8005AD14 SP:801FF7C8SP+801FFFD8 is 80200000, which is just a mirror of the RAM and should not cause any harm. However, the game uses the SetMemSize function, which does cause the machine to lock up if accessing a mirror of the RAM. Fixed in b70cbe6. Attached is a beta 1.4.5 which should work. tonyhax-v1.4.5b.zip Closing, but feel free to reopen if needed.
Any way you could publish this tool of yours?
Believe it was this tool: https://github.com/socram8888/joymon
socram8888
commented
1 year ago That is correct. Tonyhax has also a new variable in variables.mk which you can use to enable it while running a commercial game. It replaces the std_out_putc so all printfs, even from the kernel or the game itself, are visible.
It is disabled by default since there's little reason for the average Joe to enable it, and could introduce some compatibility issues.
m4x10187
commented
1 year ago That is correct. Tonyhax has also a new variable in variables.mk which you can use to enable it while running a commercial game. It replaces the std_out_putc so all printfs, even from the kernel or the game itself, are visible.
It is disabled by default since there's little reason for the average Joe to enable it, and could introduce some compatibility issues.
This can be useful in many cases to debug and look for AP routines.
tonyhax version: 1.4.3 freepsxboot via memory card slot 2 Installation method: PS2 via Memory Card Annihilator 2.0 Entry point game: NA Console model: SCPH-5501 + SCPH-101 (PSone) Integrity check: yes BIOS version: 3.0 (SCPH-5501) & 4.5 (SCPH-101) Target game: Shiritsu Justice Gakuen - Nekketsu Seishun Nikki 2 (Japan) (SLPS-02120) ORIGINAL RETAIL Rival Schools (SLUS-00681) BURNED VERBATIM AZO CDR, 16x with IMGBURN
Bug explanation: On both my consoles, tonyhax recognizes and loads both games but I only get a black screen. Not capcom logo, no music. Note: I burned gameshark 4.0 to act as a boot disc and that succeeded on the SCPH-101, but gameshark doesn't load properly on my 5501. Would really prefer to play this on the 5501, without a gameshark.