HD Homebrew Project Developement (Old Thread)

[TiduS`]

No problem my friend, if you need any more advice or if I can work with you on this project, send me a PM.

[TiduS`]

One thing I did notice when I was testing the code myself. I was able to load all of the other modules pad,sio,cd,atad including a fresh copy of the hijacker module, however the ee crashes on padPortOpen. I'm not sure of the cause of it right now, but ill check it out. Incase you guys are wondering what my implementation of the thread idea I posted earlier was, I've included a doctored edition of the demolish.c file. check it out.

[TheCrowX]

Hi to all I was wondering how is the project is going it s been about 10 days since we didn t hear something new u can tell us if there are improvements
many people wish to see this project advancements
Thanx

[romz]

I can't report much progress with the project right now, it's just going on. But anybody who wanted to see reconstructed code for "CDVDMAN" module can download it now via HTTP from http://www.cdvdmania.com.ru/. Some code for "CDVDFSV" module can be found there also. That code is useful only for programmers and people familiar with reverse engineering.

[_zaphod_]

I think I speak for all the scene when I say that someone more capable than I should take this code as a base, and write a simple elf.

1) dvd9Installer.elf:this will install dvd9 games into hdloader, and make the patch on the fly. In theory this should be a simple task. SInce hddemolisher can locate the layer break, it should have enough info to apply the patch. Yes it will probably take 45 mins to install a dual layer game.

And while we are at it, we can also make

2) hdfixinstaller.elf:this will install a game and apply the selected patches to the game upon installatiion. CUrrently there are soem string replacements, and a stack relocation patch. also (or instead) make hdpatcher.elf which works on installed games.
3) errorinstaller.elf : this will install games that give fatal error when you try to install in hdloader. There are a few of them, you know. Quite a useful app for our LEGITIMATE OWNERS. (warezers don't need it)
4) backupinstaller.elf (or should we call it warezinstaller.elf?): this is a cogswap loader that will install the swapped game after properly refreshing it's TOC without reloading protection info. I know the eqilvalent was doable on the ps1, it shoudl be possible on the ps2.

[romz]

Here is a little piece of my work. It's a content of a header file I created for "CDVDMAN " module emulator. There are more than fifty functions I am going to emulate in order to make an "CDVDMAN" emulator fully compatible with modules from the games. During my last research I found couple of little-known functions "supported" by HD loader - they are entries CDVDMAN's entries 79, 80 and 82. It's not like they are available in regular IOP image, I wonder why HD loader do not ignore them like all other such functions.

Code:

/* CDVDMAN emulator

   File: cdvdapi.h
   Description: CDVDMAN API header
 */

#ifndef _CDVDAPI_H_
#define _CDVDAPI_H_

#define SCECdPSCD                   0x10
#define SCECdPS2DVD                 0x14

/* Structures */
typedef
struct _sceCdlLOCCD {
       unsigned char minute;
       unsigned char second;
       unsigned char sector;
       unsigned char track;
} sceCdlLOCCD;

typedef 
struct _sceCdlFILE {
       unsigned int  lsn;
       unsigned int  size;
       char          name[16];
       unsigned char date[8];
       unsigned int  flag;
} sceCdlFILE;


typedef
struct _sceCdRMode {
       unsigned char trycount;
       unsigned char spindlctrl;
       unsigned char datapattern;
       unsigned char pad;
} sceCdRMode;


typedef
struct _sceCdCLOCK {
       unsigned char stat;
       unsigned char second;
       unsigned char minute;
       unsigned char hour;
       unsigned char pad;
       unsigned char day;
       unsigned char month;
       unsigned char year;
} sceCdCLOCK;


/* Prototypes */
int    emuCdInit(int init_mode);
int    emuCdStandby();
int    emuCdRead(u_int lsn, u_int sectors, void *buf, sceCdRMode *mode);
int    emuCdSeek(u_int lsn);
int    emuCdGetError();
int    emuCdGetToc(u_char *toc);
int    emuCdSearchFile(sceCdlFILE *fp,const char *name);
int    emuCdSync(int mode);
int    emuCdGetDiskType();
int    emuCdDiskReady(int mode);
int    emuCdTrayReq(int param, u_int *traychk);
int    emuCdStop();
int    emuCdPosToInt(sceCdlLOCCD *p);
sceCdlLOCCD *emuCdIntToPos(int i, sceCdlLOCCD *p);
int    emuCdCheckCmd();
int    _emuCdRI(char *arg1, char *arg2);
int    emuCdReadClock(sceCdCLOCK *rtc);
int    emuCdStatus();
int    emuCdApplySCmd(int cmd, void *wbuf, int wbsize, void *rbuf);
int   *emuCdCallback(void (*func)(int));
int    emuCdPause();
int    emuCdBreak();
int    _emuCdMV(u_int *mv, u_int *p); /* This one is not for export in standart versions */
u_int  emuCdGetReadPos();
int    emuCdNop();
void  *_emuGetFsvRbuf();
int    _emuCdstm0Cb(void (*p)(int));
int    _emuCdstm1Cb(void (*p)(int));
int    _emuCdSC(int code, int *param);
int    _emuCdRC(sceCdCLOCK *rtc);
int    emuCdApplyNCmd(int ncmd, void *nbuf, int nbsize);
int    emuCdStInit(u_int bufmax, u_int bankmax, u_int iop_bufaddr);
int    emuCdStRead(u_int size, u_int *buf, u_int mode, u_int *err);
int    emuCdStSeek(u_int lsn);
int    emuCdStStart(u_int lsn, sceCdRMode *mode);
int    emuCdStStat();
int    emuCdStStop();
int    emuCdRead0(u_int lsn, u_int sectors, void *buf, sceCdRMode *mode, int arg5, void *cb);
int    _emuCdRV(u_int lsn, u_int sectors, void *buf, sceCdRMode *mode, int arg5, void *cb);
int    _emuCdRM(int *m, u_int *p);
int    emuCdReadChain(u_int *read_tag, sceCdRMode *mode);
int    emuCdStPause();
int    emuCdStResume();
int    emuCdSpinCtrlIOP(int speed); /* This one is not for export in standart versions */
int    emuCdPowerOff(int *stat);
int    emuCdMmode(int media);
int    emuCdStSeekF(u_int lsn);
int    emuCdPOffCallback(void (*func)(void *), void *addr);
int    _emuCdSetTimeout(int param, int timeout);
int    emuCdReadDvdDualInfo(int *on_dual, u_int *layer1_start);
int    emuCdLayerSearchFile(sceCdlFILE *fp,const char *name, int layer);
int    emuCdApplySCmd2(int scmd, void *wbuf, int wbsize, void *rbuf);
int    _emuCdRE(u_int lsn, u_int sectors, void *buf, sceCdRMode *mode);

#endif

[crazyc]

During my last research I found couple of little-known functions "supported" by HD loader - they are entries CDVDMAN's entries 79, 80 and 82.

79 seems to be an hdloader id function. It returns 0xdead in the address pointed to by a0. 80 and 82 just return 1.

[romz]

79 seems to be an hdloader id function. It returns 0xdead in the address pointed to by a0. 80 and 82 just return 1.

Entry point 79 is not just a hdloader id function, however it can be used for such purposes. That function is supposed to be sceCdReadDiskID - it's kinda like a "call 35", which reads some key from disc. HD loader just returns value "1" for 80 and 82 but they are supposed to read some unique data like console ID or iLink ID by sending s-command. I can't realize the meaning of that functions in HD loader. Is it DNAS related stuff?

[crazyc]

Is it DNAS related stuff?

Seems probable. They are the only functions in DNAS cdvdman and not in regular.

[romz]

Sometime ago reverse engineering of both "dev9" and "atad" modules was completed. It wasn't a hard since they are close enough to open source modules "ps2dev" and "ps2atad". At this moment I write my own versions of "dev9.irx" and "atad.irx" in order to create open source replacements for commercial modules. The purpose of this process is to make bug-free code for use in C/DVD emulator.
So if somebody wants to help there are two objectives now:
1) I don't really know how to enable lba48 - I checked "ps2atad" source and noticed they write different values to some registers. According the drafts from www.t13.org it looks like lba48 support however I'm not sure it's enough. I'd like someone to check the "atad" pseudo-code at http://cdvdmania.com.ru/downloads.html and explain how to enable lba48 support here.
2) I don't know how to handle SCE's "security" interface. Homebrew "ps2atad" uses standard ATA security for these specific functions. I think there is no need to implement ATA security support in Demolisher, however Demolisher should handle original SCE's hard drives so at least it must have ability to unlock password-protected native hard drives. The real question here is how to emulate SCE's security on standard non-protected drives.