PS3 Adding Cheat ELF to PSX image

haxxxen

haxxxen

Developer
just like with PS2 Codebreaker and iso's, I've found a convenient way of doing the same for PSX images. even without breaking libcrypt protection!

this way you won't have to switch CD's for cheat app and it gets loaded with game.

Rebuild PSX image with standalone cheat ELF

Notes:
Using my registry hacks, you can easily rip and rebuild PSX iso's with right click command,
pointing on content folder.

The Cheat ELF is the German Equalizer PSX.EXE, with patched CD check.

I won't go into detail about ripping itself, but beware of media files. They have to be ripped
differently sometimes.

This will break Cobra's video mode patch, cause of the way region detection is coded

You will need:
- Isobuster (essential tool to rip game files)
- CDMage (beware, does not correctly rip .STR/.XA media files just like Isobuster)
- Hexeditor
- text editor (notepad++)
- ripped iso (cue+bin)

1. IMPORTANT: Extract archive to C:\psximager_2.0

2. Import my registry hacks, to make things easier ;)

3. Rename .cue + .bin to sth simple, e.g. for Vagrant Story vs.cue+vs.bin. Edit .cue with
new name. So for Vagrant Story it should look like this:
Code: 
FILE "vs.bin" BINARY
  TRACK 01 MODE2/2352
    INDEX 01 00:00:00

4. Put .cue+.bin into "C:\psximager_2.0" and create in there new directory with .cue/.bin name.
So for Vagrant Story create a folder called "vs"

5. Just Right-Click on vs folder and choose "PSX ISO Rip". A window will open and close after some time.

6. Rename ripped SYSTEM.CNF of game, to SYSCON.CNF and add my PSX.EXE

7. Open generated .cat file with text editor. IMPORTANT: Search for any special Character in line 7 under "volume_id" and remove/rename it. Then search for SYSTEM.CNF (probably on of the very first LBA entries) and rename it to "SYSCON.CNF". Now go to very last line before the last "}" and insert here the new PSX.EXE, adding +X to LBA (where X is the LBA size of the last file), so for Vagrant Story it looks like this:
Code: 
file PSX.EXE @319001

Save the file.

8. Right-Click on vs folder again and choose this time "PSX ISO Rebuild" and wait till popup closes. If it closes too fast, there is sth wrong and you have to do it manually on cmdline, to check where it goes wrong.

example .cat + jpatch for German Vagrant Story included
https://www.dropbox.com/s/d1fnoj6355tapth/psximager_2.0.zip?dl=0

git link to psximager:
https://github.com/cebix/psximager

sth different @devs:
I have noticed, that the way Cobra is loading and passing arguments to ps1_netemu is wrong and only irismanager does it right. you can even make a classic loader with irismanager with small changes to code passing a path as 6th argument to netemu. will look further into this...

you can also run fake signed edat classics (no npdrm encryption) on DEX. still haven't tried on CEX, so maybe decrypted edat is possible as well

examples:

this is how Cobra passes arguments to netemu taken from debug log:
Code: 
PS1 emulator Build Date 12/06/30/01:41 -sgpu-sli4 [titledb:r8465]
argc=7
argv[0]=/dev_flash/ps1emu/ps1_netemu.self
argv[1]=Vagrant Story 1.VM1
argv[2]=
argv[3]=0082
argv[4]=1200
argv[5]=2
argv[6]=1

this is how irismanager passes its arguments:
Code: 
PS1 emulator Build Date 12/06/30/01:41 -sgpu-sli4 [titledb:r8465]
argc=9
argv[0]=/dev_flash/ps1emu/ps1_netemu.self
argv[1]=PSX2.VM1
argv[2]=PSX1.VM1
argv[3]=0082
argv[4]=1600
argv[5]=
argv[6]=1
argv[7]=2
argv[8]=1

and this is how classics are loaded with correct arguments:
Code: 
PS1 emulator Build Date 12/06/30/01:41 -sgpu-sli4 [titledb:r8465]
argc=9
argv[0]=/dev_flash/ps1emu/ps1_netemu.self
argv[1]=PSX2.VM1
argv[2]=PSX1.VM1
argv[3]=0082
argv[4]=1600
argv[5]=/dev_hdd0/game/NPEF00083
argv[6]=1
argv[7]=2
argv[8]=1

some addition
to get easily LBA file size, you have to calculate it and divide the real filesize with 2048.

so using Vagrant Story German here for example the file "SLES_027.56" has a size of 339968 bytes. now divide this with 2048 and you will get 166. this is the LBA size of the file in a CDROM image. if you look at image with Isobuster, you will notice, this file starts at LBA 24 and the next file "DBGFONT.TIM" starts at LBA 190.
190-24=166
 
Last edited:
- Isobuster (essential tool to rip game files)
- CDMage (to correctly rip .STR/.XA media files
Click to expand...

You can read files in 2352 blocks also in IsoBuster. You can extract whole disc in that way too. ;) So CDMage I believe can be totally replaced by IB until user don't want replacing files in disc image.
 
Berion said:
You can read files in 2352 blocks also in IsoBuster. You can extract whole disc in that way too. ;) So CDMage I believe can be totally replaced by IB until user don't want replacing files in disc image.
Click to expand...
I know about Isobuster's raw functions, but it somehow does not rip media files correctly. Talking about Vagrant Story, where I had problems until I've ripped them 2336 bytes per block. Probably Square did some dirty tricks on this game. Btw, there is another PSX CD tool, called "cdprog". With this you can even add files without rebuilding image
 
dunno which tool it was, but it was said that the files ripped ripped with Isobuster or CDMage are not valid media files and have some kind of wave Header. I also have read several times, these XA or STR files have to be ripped 2336bytes per sector Mode2 Form2
 
I am messing around with ps1netemu at the moment, cause I want to get official disc switch and edat support for iso (using cheat CD and subchannel data).

so it seems, the official disc switch is useless as is, cause you can only switch discs when resetting the game, making cheat CD's invalid. probably the same goes for ps2_netemu

and about the wrong arguments, I should have looked at devwiki beforehand, cause the info is out there. the system itself is responsible for the different argument passing, cause of ps1_emu, which is the only one that supports physical discs. so maybe we can fool/patch the disc check, so the correct params could be passed to netemu, what could lead to edat support in the end

hm, now I think of it, probably it isn't worth looking into the disc switch, cause otherwise than resetting the game, the system/netemu would not detect different disc. though, there should be disabled function to switch disc without resetting, cause there are string references to it
 
Last edited:
just adding another great tool for rebuilding PSX images is "mkpsxiso"
https://github.com/Lameguy64/mkpsxiso

this can rebuild 1:1 where psximager fails. mostly when media files in folders are cluttered to the end of LBA table (guess some stupid copy protection for the last instance, cause even official tools won't accept such images and can only be directly burned)

edit
if interested, I have added easy right click registry hack for mkpsxiso as well now. the archive has to be extracted to
"C:\mkpsxiso-2.03-win64"
you can rip with right click pointing on .bin file and the files will be extracted to "ext" folder next to image file.

instead of a .cat file, you will get a .xml which has to be modified, but the same procedure applies for this xml, except, you don't have to calculate LBA sizes yourself

just for laughs and giggles, running win3.1 in dosbox, you can run official cdgen (Psy-Q SDK) and build PSX images on PS3, lol
 

Attachments

Last edited:
haxxxen said:
so it seems, the official disc switch is useless as is, cause you can only switch discs when resetting the game, making cheat CD's invalid. probably the same goes for ps2_netemu
Click to expand...
Well i know a lot of games require resetting the game when disc switching but im pretty sure some don't, there was a few games on the ps1 that had no save prompt at disc swap so it had to be switched in real time and some of these games are official ps1 classics so there must be a way to switch without reset, a few good examples would be Metal gear Solid (EU,USA,JAP) and Chrono Cross (USA,JAP) and im sure there are more out there, i wonder how they handle the disc swap in real time differently to other games ?
For the ps2_netemu im only aware of Grandia III being multidisc and a official classic and yeah that does reset when disc swapping :(
 
btw, using no$psx bios works for PS3 to some extent. on some games you may have to hold SELECT for bootmenu to come up. though, using this method for including cheat exe does not work with this bios unfortunately. also the full bios does not accept such images, but only with full bios the sound for Xploder9000 exe works, unfortunately :(

I hate compromises
 
VGMToolbox can extract files from PSX games in 2352 format.
vgmt.png


And speaking of disc swapping, you can use IRISMAN. As long as the game is running from USB simply un-plug and then re-plug it back in the PS3 to swap discs.
 
Last edited:
arcadekidflo said:
Is it possible to do some input swapping to correct the " tank controls " in games like Resident Evil , Tomb Raider etc.. ?
Click to expand...
possible, but there is no generic workaround, since the controls can be distributed to different files. Vagrant Story for example has a patch for ego camera, where the file "BATTLE.PRG" (kind of stripped mips elf) is patched, so the controls are not included in main exe. if interested, I have ported the patch found on romhacking.net to German version, since it only applies to USA build
 
for a quick search and replace in Vagrant Story iso...
Swap ego camera controls:

1. search for:
Code: 
4330080002240700
replace with:
Code: 
4330040002240700
2. search for:
Code: 
4224040002248500
replace with:
Code: 
4224080002248500
3. search for:
Code: 
428C080003240C00
replace with:
Code: 
428C040003240C00
4. search for:
Code: 
4430040002241300
replace with:
Code: 
4430080002241300
5. search for:
Code: 
BFAF001042300D00
replace with:
Code: 
BFAF004042300D00
6. search for:
Code: 
428C0000000000404230
replace with:
Code: 
428C0000000000104230
7. search for:
Code: 
03008390040082900000000080FF
replace with:
Code: 
0400849003008390231004008000
 
You must log in or register to reply here.

Similar threads

Back
Top