Talk:PSP Emulation: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
m (Yay, so close to clean it up)
m (Restored the latest version of the "experimental patch" published originally by mysis at Special:Diff/20079/29772)
Line 242: Line 242:
  S7003 I could not connect.
  S7003 I could not connect.
  S7004 We were leaving from the room.
  S7004 We were leaving from the room.
== Emulator patches ==
This patches are intended to be applyed '''to the emulator'''
=== Experimental Patch ===
Original:<br>
<syntaxhighlight lang="asm">
00000000000285B0
00000000000285B0 empty_buffer:                          # CODE XREF: sceIoIoctlAsync+74�j
00000000000285B0                                        # sceIofileAsync+140�j ...
00000000000285B0                li        r31, 0       
00000000000285B4                clrldi    r27, r3, 32 
00000000000285B8                li        r29, 0       
00000000000285BC                cmpwi    cr4, r31, 0 
00000000000285C0
00000000000285C0 IoFileMgrForUser_822ADD32:              # CODE XREF: sceIoIoctlAsync+184�j
00000000000285C0                                        # sceIofileAsync+2D0�j
00000000000285C0                clrldi    r7, r23, 32  # out data ptr
00000000000285C4                extsw    r3, r24      # id
00000000000285C8                extsw    r4, r28      # cmd
00000000000285CC                mr        r6, r27      # in size
00000000000285D0                clrldi    r8, r25, 32  # out len
00000000000285D4                mr        r5, r29      # in data ptr
00000000000285D8                bl        _IoFileMgrForUser_822ADD32 # pspFileSystem.... ?
00000000000285DC                ld        r2, 0xC0+var_98(r1)
00000000000285E0                mr        r31, r3
00000000000285E4                beq      cr4, loc_285F4 # nop
00000000000285E8                mr        r3, r29
00000000000285EC                bl        _sys_libc_free
00000000000285F0                ld        r2, 0xC0+var_98(r1)
00000000000285F4
00000000000285F4 loc_285F4:                              # CODE XREF: sceIoIoctlAsync+B4�j
00000000000285F4                stw      r31, 8(r30)  # return value
</syntaxhighlight>
<br>
Modification:<br>
<syntaxhighlight lang="asm">
LOAD:00000000000285B0
LOAD:00000000000285B0 loc_285B0:                              # CODE XREF: sceIoIoctlAsync+74�j
LOAD:00000000000285B0                                        # sceIoIoctlAsync+140�j ...
LOAD:00000000000285B0                bl        _sys_libc_malloc
LOAD:00000000000285B4                clrldi    r26, r3, 32
LOAD:00000000000285B8                lis      r28, 0x101 # 0x1010005                          # Seek cmd id
LOAD:00000000000285BC                ori      r28, r28, 5 # 0x1010005
LOAD:00000000000285C0                b        loc_28724
LOAD:00000000000285C4 # ---------------------------------------------------------------------------
LOAD:00000000000285C4
LOAD:00000000000285C4 loc_285C4:                              # CODE XREF: sceIoIoctlAsync+184�j  #
LOAD:00000000000285C4                                        # sceIoIoctlAsync+2D0�j              # Both branches also modified, so we can use 5x4 bytes
LOAD:00000000000285C4                clrldi    r7, r23, 32
LOAD:00000000000285C8                extsw    r3, r24
LOAD:00000000000285CC                extsw    r4, r28
LOAD:00000000000285D0                mr        r6, r27
LOAD:00000000000285D4                clrldi    r8, r25, 32
LOAD:00000000000285D8                mr        r5, r29
LOAD:00000000000285DC                bl        _IoFileMgrForUser_822ADD32
LOAD:00000000000285E0                ld        r2, 0xC0+var_98(r1)
LOAD:00000000000285E4                mr        r31, r3
LOAD:00000000000285E8                mr        r3, r29
LOAD:00000000000285EC                bl        _sys_libc_free
LOAD:00000000000285F0                ld        r2, 0xC0+var_98(r1)
LOAD:00000000000285F4                stw      r31, 8(r30)
</syntaxhighlight>
Unsupported ID's will be replaced with empty buffers and simply sent through IoIoctl.<br>
PGD = ID 0x04100001<br>
This '''ugly and highly experimental poc code''' simply redirects unsupported cmd's to 0x01010005 (Seek Begin)<br>
prolly breaks other cmd's<br>
Supported cmd ID's:
0x1010005 (UMD file seek set)
0x1010009
0x101000A
(0x1020006)
(0x1020007)
0x1030008 (Read UMD file)
(0x1D20002)
0x1F100A6 (UMD file seek whence)
0x1F30003 (UMD disc read sectors operation)
Referenced as help:<br>
https://raw.githubusercontent.com/hrydgard/ppsspp/master/Core/HLE/sceIo.cpp
<br>
https://code.google.com/p/jpcsp/source/browse/trunk/src/jpcsp/HLE/modules150/IoFileMgrForUser.java<br>
<pre>
0x01020001 - Get UMD Primary Volume Descriptor
0x01020002 - Get UMD Path Table
0x01020003 - Get UMD sector size
0x01020004 - Get UMD file pointer
0x01010005 - Set UMD file seek
0x01020006 - Get UMD file start sector
0x01020007 - Get UMD file length in bytes
0x01030008 - Read UMD file
0x01D20001 - Get UMD device file current sector seek position
0x01F30003 - Read raw sectors from UMD device file
0x01F100A6 - Set UMD device file seek by sector
0x04100001 - Define decryption key (DRM by amctrl.prx)
0x04100002 - Set PGD offset
0x04100010 - Get PGD data size
</pre>

Revision as of 10:12, 6 September 2021

PSP Emulator Types and Revisions

PSP Emulators Types and Revisions
psp_emulator.elf (decrypted)
Firmware Bytes MD5 Rev
1.00 ~ 3.10 No
3.15 ? ? ?
? ? ? ?
? ? ? ?
3.66 419.120 DFED8FCDB36A4284A27369304D47674F ?
3.70 419.176 0F6F1D92D045A86565DF705276776A41 same
~ Any
3.74 DC8C67FEEB605D73D073BBCAD8F17E6A
4.00 419.416 7371A95BB0ACB1152EB13EA11C866F87 same
4.01 C17EE35A278E64227558FA9C39E805B5
4.10 419.472 DAA4E9816037E1EFFFF15B344B61BD1D same
4.11 2DF5AFE349E082A79AF4E50B8100F80A
4.15 ? ? ?
4.20 419.480 540422B0759D20738BF498337E33B7E2 same
~ Any
4.25 5D20DFAE9E0D704F6DD17D2A807A1D2C
? ? ? ?
? ? ? ?
? ? ? ?
4.78 419.520 EFEA0DFDDD6E7C479983B5E4E8B95295 same
~ Any
4.82 5CAC36C3F940749B4DD5E03DB02C732A

  ·  Decrypted (elf): changes every firmware version
  ·  Build label: no/unknown
  ·  Target Firmware: yes, repeated two times
  ·  Revision: unknown

psp_translator.elf (decrypted)
Firmware Bytes MD5 Rev
1.00 ~ 3.10 No
3.15 ? ? ?
? ? ? ?
? ? ? ?
3.66 283.128 0F52CE7666276B71FF5C560D7BD28014 ?
3.70 283.128 C35D80E8B1A4A61212EA773C061BF1DC same
~ Any
3.74 A42CD1453C52149297A975F2BA5B2D38
4.00 283.128 DF07955312D1C09DC2DC355EBA47F8AA same
4.01 A06E7BF7C1D062878593E1D4EA85B4C9
4.10 283.128 FB4801625CA15AC58DB28A4223EFD4A2 same
4.11 3154FF57D36E3D7C4F2C061393816482
4.15 ? ? ?
4.20 283.120 C125A486D3C48EA2C957EAFC0AB69B39 same
~ Any
4.23 S C469B41798157C53C3E7794E9BDF9D36
4.25 283.120 A675423F5C8B9FD02AA2150D46B953AE ?
? ? ? ?
? ? ? ?
? ? ? ?
4.78 283.120 A35809CE6C184F3E3B52C18E0AE19217 same
~ Any
4.82 58E104453AC60DE2B671E43F09D96E80

  ·  Decrypted (elf): changes every firmware version
  ·  Build label: no/unknown
  ·  Target Firmware: yes, repeated one time
  ·  Revision: unknown


Playstation Portable memory regions ?

PPSSPP
00010000 Scratchpad
04000000 VRAM
08800000 User memory
08804000 Default load address
88000000 Kernel memory
psp_emulator.self
B0000000 Default load address

Cryptobrainstorming

Supported Kirk Crypto ? (1,4,7,11,12,13,14,16,17,18,19)

emulator_api errors

Google translations from japanese error messages:

 0002 This world did not have a room that are playing the same game
 1005 Upon your use of this application, you'll need to agree to the Terms of Use
 2001 Network connection it has expired. It will return to the title screen
 2002 Network connection it has expired. It will return to the title screen
 2007 You can not connect to ad hoc. Please check the information page
 3001 You can not connect to the network. Please check the information page
 3003 There is no possible connection server
 4001 You can not connect to the network. Please check information page
 4001 You can not connect to the network. Please check information page
 4004 We will not exceed the number that can be created room
 4005 We have exceeded the maximum number of bookmarks. Please register again by removing unnecessary bookmark
 4006 The lobby is a registered
 4007 It will return to the title for a certain period of time operation is not performed
 5002 This room is taking entry limit
 5005 Because the connection type of network is different, you can not play in this room. Please check the manual
 5006 It is during the transmission of comments
 6001 You can not change the wallpaper for the free capacity of the HDD is insufficient. To make the change of wallpaper you need free space of more than 17MB.
 6002 The size of the image can not be specified in the wallpaper. Please check the information page
 6003 It does not support the file format of the image. Please check the information page
10001 Not available, because 20GB model (CECHB00) is not equipped with wireless LAN feature.
10002 PlayStation®3, please use it to connect to the broadband network in a wired.
10003 A system error has occurred.
10004 It is connected. Please be patient. Channel 1
10005 It is connected. Please be patient. Channel 6
10006 It is connected. Please be patient. Channel 11
10007 It is connected. Please be patient. Channel automatic
10008 Not available in the sub-account that is limiting the use of chat. administrator of n master account (such as parents) Please use after receiving the permission of chat use to.
10009 Upon your use of ad-hoc party, you should be asked to agree to the Terms of Service.
10010 You need to sign up to PlayStation®Network.
10011 I signed out from PlayStation®Network. You exit. / Please use it to enable the Internet connection.
10012 It is in a location other than the lobby.
30002 In order to start the ad-hoc party, System software update is required.
30003 Ad-hoc party is not installed. Please download the ad-hoc party (free of charge) from PlayStation®Store.
30004 Ad-hoc party has been updated. If you play the PSP® (PlayStation®Portable) Remaster is. Restart from the PSP® (PlayStation®Portable) Remaster icon.
30005 You can not connect to PlayStation®Network. Please check the configuration of the body.
30006 Are you sure that you want to move to the ad-hoc party? Please check the save data.
30007 We were leaving from the room.
30008 We left the room
30009 You can not connect to the network. Please confirm information page.
30010 Room of the password is incorrect.
30011 This room is taking entry limit.
30012 This room can not enter because of the packed.
30013 We were leaving from the room.
30014 Are you sure that you want to leave the room? Data when you leave the room not been saved will be lost.
30015 Are you sure that you want to leave the room?
30016 Are you sure that you want to move to end the game to the ad-hoc party? What you do not save will be lost.
30017 We did not put in a room.
30018 This PSP®Remaster title in eight room is not supported.
30019 You can not connect to PlayStation®Network. Please check the information page. 
30020 We were leaving from the room. Are you sure that you want to move to the ad-hoc party without saving the game?
30021 The selected lobby is packed.
H8001 I could not connect.
H8002 I could not connect.
H8003 I could not connect.
H8004 I could not connect.
H8005 I could not connect.
H8006 I could not connect.
S7001 I could not connect.
S7002 I could not connect.
S7003 I could not connect.
S7004 We were leaving from the room.

Emulator patches

This patches are intended to be applyed to the emulator

Experimental Patch

Original:

00000000000285B0
00000000000285B0 empty_buffer:                           # CODE XREF: sceIoIoctlAsync+74�j
00000000000285B0                                         # sceIofileAsync+140�j ...
00000000000285B0                 li        r31, 0        
00000000000285B4                 clrldi    r27, r3, 32   
00000000000285B8                 li        r29, 0        
00000000000285BC                 cmpwi     cr4, r31, 0   
00000000000285C0
00000000000285C0 IoFileMgrForUser_822ADD32:              # CODE XREF: sceIoIoctlAsync+184�j
00000000000285C0                                         # sceIofileAsync+2D0�j
00000000000285C0                 clrldi    r7, r23, 32   # out data ptr 
00000000000285C4                 extsw     r3, r24       # id
00000000000285C8                 extsw     r4, r28       # cmd
00000000000285CC                 mr        r6, r27       # in size
00000000000285D0                 clrldi    r8, r25, 32   # out len 
00000000000285D4                 mr        r5, r29       # in data ptr
00000000000285D8                 bl        _IoFileMgrForUser_822ADD32 # pspFileSystem.... ?
00000000000285DC                 ld        r2, 0xC0+var_98(r1)
00000000000285E0                 mr        r31, r3
00000000000285E4                 beq       cr4, loc_285F4 # nop
00000000000285E8                 mr        r3, r29
00000000000285EC                 bl        _sys_libc_free
00000000000285F0                 ld        r2, 0xC0+var_98(r1)
00000000000285F4
00000000000285F4 loc_285F4:                              # CODE XREF: sceIoIoctlAsync+B4�j
00000000000285F4                 stw       r31, 8(r30)   # return value


Modification:

LOAD:00000000000285B0
LOAD:00000000000285B0 loc_285B0:                              # CODE XREF: sceIoIoctlAsync+74�j
LOAD:00000000000285B0                                         # sceIoIoctlAsync+140�j ...
LOAD:00000000000285B0                 bl        _sys_libc_malloc
LOAD:00000000000285B4                 clrldi    r26, r3, 32
LOAD:00000000000285B8                 lis       r28, 0x101 # 0x1010005                           # Seek cmd id
LOAD:00000000000285BC                 ori       r28, r28, 5 # 0x1010005
LOAD:00000000000285C0                 b         loc_28724
LOAD:00000000000285C4 # ---------------------------------------------------------------------------
LOAD:00000000000285C4
LOAD:00000000000285C4 loc_285C4:                              # CODE XREF: sceIoIoctlAsync+184�j   #
LOAD:00000000000285C4                                         # sceIoIoctlAsync+2D0�j              # Both branches also modified, so we can use 5x4 bytes
LOAD:00000000000285C4                 clrldi    r7, r23, 32
LOAD:00000000000285C8                 extsw     r3, r24
LOAD:00000000000285CC                 extsw     r4, r28
LOAD:00000000000285D0                 mr        r6, r27
LOAD:00000000000285D4                 clrldi    r8, r25, 32
LOAD:00000000000285D8                 mr        r5, r29
LOAD:00000000000285DC                 bl        _IoFileMgrForUser_822ADD32
LOAD:00000000000285E0                 ld        r2, 0xC0+var_98(r1)
LOAD:00000000000285E4                 mr        r31, r3
LOAD:00000000000285E8                 mr        r3, r29
LOAD:00000000000285EC                 bl        _sys_libc_free
LOAD:00000000000285F0                 ld        r2, 0xC0+var_98(r1)
LOAD:00000000000285F4                 stw       r31, 8(r30)

Unsupported ID's will be replaced with empty buffers and simply sent through IoIoctl.
PGD = ID 0x04100001
This ugly and highly experimental poc code simply redirects unsupported cmd's to 0x01010005 (Seek Begin)
prolly breaks other cmd's

Supported cmd ID's:

0x1010005 (UMD file seek set)
0x1010009
0x101000A
(0x1020006)
(0x1020007)
0x1030008 (Read UMD file)
(0x1D20002)
0x1F100A6 (UMD file seek whence)
0x1F30003 (UMD disc read sectors operation)

Referenced as help:
https://raw.githubusercontent.com/hrydgard/ppsspp/master/Core/HLE/sceIo.cpp
https://code.google.com/p/jpcsp/source/browse/trunk/src/jpcsp/HLE/modules150/IoFileMgrForUser.java

0x01020001 - Get UMD Primary Volume Descriptor
0x01020002 - Get UMD Path Table
0x01020003 - Get UMD sector size
0x01020004 - Get UMD file pointer
0x01010005 - Set UMD file seek
0x01020006 - Get UMD file start sector
0x01020007 - Get UMD file length in bytes
0x01030008 - Read UMD file
0x01D20001 - Get UMD device file current sector seek position
0x01F30003 - Read raw sectors from UMD device file
0x01F100A6 - Set UMD device file seek by sector
0x04100001 - Define decryption key (DRM by amctrl.prx)
0x04100002 - Set PGD offset
0x04100010 - Get PGD data size