Editing Talk:PS1 Emulation

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 178: Line 178:
</pre>
</pre>


==== Allow non encrypted ISO.BIN.EDAT and skip signature check (RPCS3 only) ====
==== Allow non encrypted ISO.BIN.EDAT ====
For easier config testing. Patch allow to use unencrypted ISO.BIN.EDAT so we don't need to mess with klic. Also ECDSA signature at the end of file is no longer required. So we can ftp configs as is, for faster testing. Warning! This patch break official ps1_classics.  
For easier config testing. Patch allow to use unencrypted ISO.BIN.EDAT so we don't need to mess with klic. ECDSA signature at the end of file is still required! But this can be easily generated with sign3.py from pop-fe.
<br><br>
<br><br>
ps1_netemu.elf 4.86-4.90 offset in raw hex (for Hxd, etc.)
ps1_netemu.elf 4.86-4.90 offset in raw hex (for Hxd, etc.)
  0xDDD6C replace 48 07 14 21 to 38 60 00 00
  0xDDD6C replace 48 07 14 21 to 38 60 00 00
0xE13C4 replace 60 00 00 00 to 38 60 00 00


==== GTE Automatic Widescreen Hack ====
== Commands Info ==
Automatic widescreen without per game patches. Work only for 3D elements (like 95% of available widescreen patches).<br>
Tested on both RPCS3 and real PS3 (CFW only, but can be added to hen).<br>
ps1_netemu.elf 4.86 - 4.91 offsets in raw hex (for Hxd, etc.)
0x2BDA4 original code:
    7C 69 1B 78 3C 60 80 54 2F 89 00 00 60 63 00 10
    40 9E 00 14 3C 60 80 54 60 63 00 02 7C 63 07 B4
    4E 80 00 20 A0 09 00 02 2F 80 00 00 41 9E FF F0
    C0 02 A3 D8 FF 81 00 00 41 9D FF DC C0 02 A3 DC
    38 60 00 00 FF 81 00 00 41 9C FF CC D0 29 00 6C
    4B FF FF CC
replace to:
    78 C0 F8 42 78 C6 F0 82 7C C6 02 14 7D 08 32 14
    48 0C 47 7E 78 E9 F8 42 78 E7 F0 82 7C E9 3A 14
    7C C6 3A 14 48 0C 65 66 79 00 F8 42 79 08 F0 82
    7D 08 02 14 7C C6 42 14 48 0C 69 0A 79 00 F8 42
    79 08 F0 82 7D 08 02 14 7C C6 42 14 48 0C 6C 6A
    60 00 00 00
0xB4778  original code: 7D 08 32 14 replace to: 48 03 BD A6
0xB6560  original code: 7C C6 3A 14 replace to: 48 03 BD BA
0xB6904  original code: 7C C6 42 14 replace to: 48 03 BD CE
0xB6C64  original code: 7C C6 42 14 replace to: 48 03 BD E2
 
== Ps1_netemu Commands Info ==


=== External Configs ===
=== External Configs ===


Loading external commands is be possible in ps1_netemu. From this we can also figure out that sony call those configs "ad hoc params" which can be little bit misleading. Emulator expect them inside ISO.BIN.EDAT file. Offset depend if "optional header" exist or not. Values are little endian.
Loading external commands is be possible in ps1_netemu. From this we can also figure out that sony call those configs "ad hoc params" which can be little bit misleading. Emulator expect them inside ISO.BIN.EDAT file. Offset depend if "optional header" exist or not. Values are little endian.
The offsets below are the offsets from the start of the PSISOIMG section. This data starts at absolute file offset 0x424 for single disk games that do not use a PSTITLEIMG section. For games that do have a PSTITLEIMG section, the absolute offset will be shifted by 0x400 bytes, i.e. to offset 0x824 and similar.
* Offset 0x424 or 0x824 in DAT file = Config revision in bcd format, that need to be higher than DB from emu (11624 for 4.86). Safe to use 0x200000.
* Offset 0x424 Config revision in bcd format, that need to be higher than DB from emu (11624 for 4.86). Safe to use 0x200000.
* Offset 0x42C or 0x82C first config command
* Offset 0x42C first config command
* Offset 0x430 or 0x830 param for first command
* Offset 0x430 param for first command
* This repeats 8 times as only 8 commands is supported.  
* This repeats 8 times as only 8 commands is supported.  
* Command 2 is unsupported.
* Command 2 is unsupported.
Line 241: Line 215:
         if ( cfg_command - 1 <= 0x3B )      // max cfg nr 0x3C
         if ( cfg_command - 1 <= 0x3B )      // max cfg nr 0x3C
         {
         {
           v245 = cfg_command >> 28;        // Most likely check for wrong endianess. Configs are LE and are byte reversed before we end up here.  
           v245 = cfg_command >> 28;        // Weird. Maybe leftover from 0xX0000000 commands or something.
           if ( low_rev || v245 || cfg_command == 2 )// cfg 2 unsupported (replaced in later PSIMG rev with subchannel data), or old config rev, or v245.
           if ( low_rev || v245 || cfg_command == 2 )// cfg 2 unsupported (replaced in later PSIMG rev with subchannel data), or old config rev, or v245.
           {
           {
Line 267: Line 241:
**0 = ? (used by SCPS-18011 Um Jammer Lammy, and SLPS-01818 Langrisser IV & V Final Edition [Disc1of2])
**0 = ? (used by SCPS-18011 Um Jammer Lammy, and SLPS-01818 Langrisser IV & V Final Edition [Disc1of2])
In Um Jammer Lammy is used together with command 0x13, so it was a bit doubtful if it was a mistake. But Langrisser IV & V Final Edition [Disc1of2] uses it too and is the only command used by this disc, so it "should" do something. Um Jammer Lammy in netemu 3.40 was fixed only with command 0x0/0x0 (id/data)
In Um Jammer Lammy is used together with command 0x13, so it was a bit doubtful if it was a mistake. But Langrisser IV & V Final Edition [Disc1of2] uses it too and is the only command used by this disc, so it "should" do something. Um Jammer Lammy in netemu 3.40 was fixed only with command 0x0/0x0 (id/data)
*Um Jammer Lammy (SCPS-18011) uses somewhat new external config revision (11580) in official classic's external config, but only uses command 0x13. Keep in mind the game was released Febuary 27, 2008, so package was possibly updated with new config at some point, and then in internal table, so maybe it once had a different config command in config table and 0x00 nullified it. Langrisser IV (SLPS-01818) has old config revision (5713) and uses command 0x03 set to 0x3E8, so just default. Maybe internal config for Langrisser IV is empty config just to also nullify external config? --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 03:32, 1 September 2023 (CEST)


=== Command 0x01 (netemu 3.40 up to 4.88) ===
=== Command 0x01 (netemu 3.40 up to 4.88) ===
Line 636: Line 609:
Value is integer that is later converted to double float using fcfid, and truncated to single precision by frsp.<br>
Value is integer that is later converted to double float using fcfid, and truncated to single precision by frsp.<br>
I'm not familiar with CELL floating point unit quirks, but value could be just single precision float from the start, why complicate that so much?<br>
I'm not familiar with CELL floating point unit quirks, but value could be just single precision float from the start, why complicate that so much?<br>
*Possible disc read speed delay or adjustment. Larger value results in slower loading times. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 03:21, 1 September 2023 (CEST)
_xcdrom_thread related.
'''Custom Usage:'''
*Param 0x384 (900d) fixes Vampire Hunter D (SLUS-01138) hanging issues.
*Param 0x1F4 (500d) fixes Medievil 2 audio and hanging issues.


=== Command 0x04 (netemu 3.40 up to 4.88) ===
=== Command 0x04 (netemu 3.40 up to 4.88) ===
*Valid values found: 0x4, 0x7, 0x14 (20d), 0x46 (70d), 0x64 (100d), 0xC8 (200d), 0xFFFFFF38 (-200d)
*Valid values found: 0x4, 0x7, 0x14 (20d), 0x46 (70d), 0x64 (100d), 0xC8 (200d), 0xFFFFFF38 (????????)
*Default value: 0
*Default value: 0
*_xcdrom_thread related.
*_xcdrom_thread related.
Possible seek delay/adjustment.<br>
'''Custom Usage:'''
*Param 0x64 and above fixes Transformers: Beast Wars Transmetals (SLUS-01160). 0x14 also gets past initial main menu screen, but hangs when loading into a stage. Param 0xC8 is probably safest.


=== Command 0x05 (netemu 3.40 up to 4.88) ===
=== Command 0x05 (netemu 3.40 up to 4.88) ===
Line 657: Line 624:
*Default value: 0
*Default value: 0
*_xcdrom_thread related.
*_xcdrom_thread related.
'''Custom Usage:'''
*Param 0x01 fixes Shrek Treasure Hunt (SLUS-01463) minigame loading screen hangs.
*Param 0x01 fixes Fear Effect (SLUS-00920) hang when pressing START at menu screen.


=== Command 0x07 (netemu 4.83 up to 4.88) ===
=== Command 0x07 (netemu 4.83 up to 4.88) ===
*Default value: 0
*Default value: 0
*_xcdrom_thread related.
*_xcdrom_thread related.
'''Custom Usage:'''
*Param 0x01 fixes Fear Effect (SLUS-00920) other issues in main menu, such as graphical corruption in options screens, and returning to options screen after viewing credits.


=== Command 0x08 (netemu 3.40 up to 4.88) ===
=== Command 0x08 (netemu 3.40 up to 4.88) ===
Line 697: Line 659:
=== Command 0x12 (netemu 4.83 up to 4.88) ===
=== Command 0x12 (netemu 4.83 up to 4.88) ===
*Or command 0x10 (netemu 3.40)
*Or command 0x10 (netemu 3.40)
Command value are flags/settings to alter cdrom behavior.
*0x800 = Different code path for MotorOn/Pause/SetSession cdrom commands. // Need more work, flag affect more than that.


=== Command 0x13 (netemu 4.83 up to 4.88) ===
=== Command 0x13 (netemu 4.83 up to 4.88) ===
*Default value: 0
*Default value: 0
*MDEC related?
*MDEC related?
'''Custom Usage:'''
*Param 0x01 fixes Roland Garros French Open 2001 (SLES-03449) hang when loading into a match.
*Param 0x01 fixes Fear Effect (SLUS-00920) hang when pressing START at menu screen (sometimes).


=== Command 0x14 (netemu 4.83 up to 4.88) ===
=== Command 0x14 (netemu 4.83 up to 4.88) ===
Line 715: Line 672:
=== Command 0x16 (netemu 4.83 up to 4.88) ===
=== Command 0x16 (netemu 4.83 up to 4.88) ===
*Default value: 0
*Default value: 0
*DMA timing related.
'''Custom Usage:'''
*Param 0x32 is enough to fix International Superstar Soccer (SLES-02550) black screen after PlayStation logo.
*Param 0x08 is enough to fix Vampire Hunter D’s main menu flashing.


=== Command 0x17 (netemu 4.83 up to 4.88) ===
=== Command 0x17 (netemu 4.83 up to 4.88) ===
Line 731: Line 684:


When value is not zero is returned by emulator when game try to read cop0r3 (BPC) register. When value is 0 (default), emulator return real BPC content.  
When value is not zero is returned by emulator when game try to read cop0r3 (BPC) register. When value is 0 (default), emulator return real BPC content.  
This command can be successfully used for 90% of libcrypt games. More importantly address where magic word is stored is known, so payloads like cobra should be able to just write value there on emulator init. List of magic words is already known, and can be included in cobra source, or as external txt for game managers like webman.
Runtime which read it can be patched directly (example from ps1_netemu 4.86):
<pre>
seg003:00106570 read_cop0r3___BPC:
seg003:00106570                li        r3, 0x17      # jumptable 0000000000106538 case 0
seg003:00106574                bl        ReadInternalConfigValue  <---------- can be replaced with li r3, magic_word
seg003:00106578                nop
seg003:0010657C                cmpdi    r3, 0
seg003:00106580                beq      def_106538    # jumptable 0000000000106538 default case, cases 1,2,4,6-8
seg003:00106584                mr        r29, r3
</pre>


* It seems there is a problem with LC games using the third scheme mentioned [https://problemkaputt.de/psx-spx.htm#cdromprotectionlibcrypt here]. After reading the data contents of subchannel Q, the CRC-16 value is not read at all, but calculated on its own by the driver instead. It does break LC games using this particular scheme (web-found confirmed issues with Ape Escape and Final Fantasy VIII). All three games that are meant to work with this command does use these LC sectors. I think this command was meant to resolve this issue, just a guess.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 20:06, 12 June 2022 (UTC)
* It seems there is a problem with LC games using the third scheme mentioned [https://problemkaputt.de/psx-spx.htm#cdromprotectionlibcrypt here]. After reading the data contents of subchannel Q, the CRC-16 value is not read at all, but calculated on its own by the driver instead. It does break LC games using this particular scheme (web-found confirmed issues with Ape Escape and Final Fantasy VIII). All three games that are meant to work with this command does use these LC sectors. I think this command was meant to resolve this issue, just a guess.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 20:06, 12 June 2022 (UTC)


=== Command 0x18 (netemu 4.83 up to 4.88) ===
=== Command 0x18 (netemu 4.83 up to 4.88) ===
Substrat cycles from mdec_block_copy_out_callback delta. When mdec is decoding blocks, copy out happen on every completed 6th block. This is hardcoded to take 0xB00 (2816) cycles in ps1_netemu. By using this config we can make this value less than default, which in turn "overclock" mdec decoding as every 6xblock will be decoded faster. Duckstation by default use value 0xA80 (2688 (448 x 6 blocks)). So to make config that will replicate this behavior we need set config value to 0x80 (0xB00 - 0x80 = 0xA80).
*Default value: 0
*Default value: 0
*Valid values range: 0x000 - 0xB00
*Higher values are ignored and 0 is set (just like when you use 0xB00 value), making MDEC instant.


=== Command 0x19 (netemu 4.83 up to 4.88) ===
=== Command 0x19 (netemu 4.83 up to 4.88) ===
Line 757: Line 719:
*Or command 0x18 (netemu 3.40)
*Or command 0x18 (netemu 3.40)
*Or command 0x1A (netemu 3.55 ?)
*Or command 0x1A (netemu 3.55 ?)
*Or command 0x02 (netemu 1.70) - possibly different command
*Or command 0x02 (netemu 1.70)
 
Destruction Derby (SCUS-94302) was fixed in netemu 1.70 by using 0x02/0x02 (id/data), and in netemu 4.88 with 0x38/0x02 (id/data). Netemu 1.70 command 0x02 was remapped to netemu 4.88 command 0x1C but are 2 different commands. What happened is sony decided to change the old command by the new command 0x32 (didnt existed in netemu 1.70) at some intermediate revision. The interesting detail of this story is this change in the destruction derby config seems to indicate netemu 4.88 command ids 0x1C and 0x38 with data value 0x2 can be used to solve the same problem. Netemu 4.88 command 0x38 reloads the game with ps1_newemu.self 4.88 that contains another config with the command 0x3/0x2 (id/data)<br>
Param flags:
Old command 0x02 is related to new 0x1C. But it seems that sony decided to split/extend that little bit. Instead of 0x02 there is now 0x1C, 0x1D, 0x1E, so config is now more flexible. All that is "JOY" PSX HW IO related, but "JOY" handle also memory card, so this is no 100% clear which one it helps without more reversing. --kozarovv.
*1 = unk.
*2 = Set Vibration to Off (menu to set it to On is still accessible, but command seems to also skip initializing of vibration internal struct/settings).
 
=== Command 0x1D (netemu 4.83 up to 4.88) ===
*Default value: 0
*Correct values 0 / 1 / 2
Config seems to setup default gamepads layout for multitap.
*0 = <0, 2, 4, 6, 1, 3, 5, 7>
*1 = <0, 2, 3, 4, 1, 5, 6, 7>
*2 = <0, 1, 2, 3, 4, 5, 6, 7>
 
Sync order of controllers is always the same regardless of parameter set (1/1-A, 2/2-A, 1-B, 2-B, 1-C, 2-C, 1-D). Therefore, change is only reflected internally in emulated game. For example, Crash Bash needs parameter 2 for controllers to be set properly in game, but order in which controllers physically connect is not changed.


=== Command 0x1E (netemu 4.83 up to 4.88) ===
=== Command 0x1E (netemu 4.83 up to 4.88) ===
*Default value: 0x7D0
*Default value: 0x7D0
*xPadThread related.
*xPadThread related.
=== Command 0x20 (netemu 4.83 up to 4.88) ===
GPU multi command (bifield)
*Default value: 0
*0x08 = Always set Vertical Interlace bit in GPUSTAT to 0 on GP1 (08h) command.
*0x40 = Is not exactly known what happen under the hood, but this command allow to play 50Hz titles in 60Hz with correct speed.


=== Command 0x21 (netemu 4.83 up to 4.88) ===
=== Command 0x21 (netemu 4.83 up to 4.88) ===
Line 790: Line 734:
*Default value: 0x3E8
*Default value: 0x3E8
*PS1 GPU related.
*PS1 GPU related.
Seems to fix slowdown in Rapid Racer (SCPS-10060) with value 0x320.


=== Command 0x23 (netemu 4.83 up to 4.88) ===
=== Command 0x23 (netemu 4.83 up to 4.88) ===
Line 819: Line 762:
*Default value: 0
*Default value: 0
*PS1 GPU related.
*PS1 GPU related.
=== Command 0x31 (netemu 4.83 up to 4.88) ===
GPU multi command (bitfield)
*0x02 = Enable Vertical Interlace bit in GP1 (08h) command in SPE writes (in renderer only). Emulator by default use hack where VI bit is ALWAYS disabled in spe.
Note from nocash docs about Vertical Interlace: ''"'''Interlace must be enabled to see all lines in 480-lines mode''' (interlace is causing ugly flickering, so a non-interlaced low resolution image is typically having better quality than a high resolution interlaced image, a pretty bad example are the intro screens shown by the BIOS).''"<br>
This suggest that games which eventually need 0x31, 0x02 will be ones that send GP1 commands with active bit 2(Vertical Resolution 1=480) and 5(Vertical Interlace) at the same time. Otherwise image will be cropped, or badly interlaced. FF8 use this on "Published by..." screen, you can notice weird interlacing when subtitles fade-in without command.


=== Command 0x32 (netemu 4.83 up to 4.88) ===
=== Command 0x32 (netemu 4.83 up to 4.88) ===
Line 852: Line 789:
*Or command 0x2C in ps1_netemu.self 3.40
*Or command 0x2C in ps1_netemu.self 3.40
*Or command 0x2E in ps1_netemu.self 3.55 ?
*Or command 0x2E in ps1_netemu.self 3.55 ?
*Or command 0x15 in ps1_emu.self 4.88 ?
*Valid values found:
*Valid values found:
**0/1/2/3
**1 = relaunch the game with ps1_emu.self
 
**2 = relaunch the game with ps1_newemu.self
if (cfg == 0)
**3 = relaunch the game with ps1_netemu.self (value 3 found inside ps1_emu.self)
    stay_netemu
If the value is different than 0 relaunch the game with a different emu.
if (boot_not_from_disc_drive)
    if (cfg & 2)
        boot_newemu
if (boot_from_disc_drive)
    if (cfg & 1)
        boot_ps1emu
    else
        stay_netemu
// Boot is considered to be from disc if argv with game path is empty. Which make 0x38 with param 0x01 inaccessible, because there is no way to start disc game with netemu in official way (excluding games that ps1_emu launch with 0x15 cmd to ps1_netemu).
 
=== Command 0x3B (netemu 4.83 up to 4.88) ===
PS1 SPU DMA related config. Seems to change some cycles calculation.
*Default value: 0
*Valid values: 0/1
 
== Ps1_emu Commands Info ==
 
=== Command 0x15 (ps1emu 4.83 up to 4.88) ===
*Valid values found:
**3 (launch game using ps1_netemu)
**Different values are ignored


== Ps1_newemu Commands Info ==
This command doesn't seem to work with the current Cobra version with the latest WebMAN MOD, as well as with IRISMAN's payload. Gaia Seed: Project Seed Trap (SLPS-00624) and Um Jammer Lammy (SCUS-94448) boot in netemu instead of newemu while the PS one Classics versions boot into newemu. Is there any known reason this happens? --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 18:59, 29 May 2022 (UTC)


=== Command 0x18 (ps1newemu 4.83 up to 4.88) ===
=== Orphan commands info ===
Supposed to launch game using different emulator, but all paths do nothing.
* 0xE param is divider for 0x204CC00 (psx cpu speed), result is stored on fixed address and used by many functions. <!-- we need to move this note to the new page sections and delete this one originally named "Known ps1emu.self commands" -->
*Valid values found:
**3 (Do nothing, but with print! [https://imgflip.com/i/7x4j2p 1])
**Different values do nothing


== Known bugs ==
== Known bugs ==
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/ps3/Talk:PS1_Emulation"