FreePSXBoot loading Unirom - arbitrary code execution on PSX using only a memory card
HTML-код
- Опубликовано: 8 апр 2021
- First demonstration of FreePSXBoot, a PSX loader which requires only a memory card. In this example, the memory card is loaded with Unirom.
The exploit is triggered by entering the memory card management. Then the screen flashes orange, indicating successful exploitation and loading of Unirom (which takes around 30 seconds).
FreePSXBoot: github.com/brad-lin/FreePSXBoot
Unirom: github.com/JonathanDotCel/uni... 
Наука
It's beautiful.
For years i asked people if a memory card exploit with no game was possible, and for years they said it was impossible.
You proved them wrong. You are a mad lad.
These type of questions depend on who you ask, what they know, how you ask and how many times. It sure is an awesome exploit :D
so many times i see people asking the same, or keep asking "exploit when?", its tiresome to some folks that might have looked for years already. a fresh set of eyes might help. Not saying we shouldnt ask ourselves if its possible tho, you can ask yourself to exploit and hack whatever. but I also hope people remind themselves not to overask great people.
Press X to orange rave!
on a more serious note excellent work!! Its awesome to see enthusiasm still for classic console modding/exploiting
Dude you are a GOD.
RESPECT
That's nice can't wait to see how far it goes nice work
Great job on this work! It's going to be a lot of fun seeing where this knowledge goes from here.
very impressive!
This will really open up the homebrew scene!
Thanks!
Hahahaha, good job mate. I had tried to do the exact same thing, but due to lack of motivation, I wasn't able to work on it enough. To be honest, this exploit is really smart and I don't know weather I would have been able to come up with it. You have my uttermost respect and, although I envy you cause you got there before me, I'm glad the PS1 finally has a complete software hack. Conrgatulations!
This is beautiful!
That's awesome, thanks for sharing this. :)
This is incredible, good job! What a glorious time for PS owners & fans!
Good job man, this is what we all were waiting on 😊
Based
I just saw Tonyhax is already compatible with this. What do you think could be possible on the PS1 in the future thanks to FreePSXBoot ? Great work btw !
This is awesome! I'm not sure how to ask this, but how did you get into learning this? Are there any resources you'd recommend to getting into console modification like this?
The PSX is very well documented: problemkaputt.de/psx-spx.htm
I started this project barely 3 weeks ago, shortly after seeing Modern Vintage Gamer's video: ruclips.net/video/8b5UX5xd-lE/видео.html
Before this I knew nothing about the console, but thanks to the amazing documentation effort of many people, it was very easy to get into it.
Hi!
Do you think that this exploit would make ODE like MODE/xStation easier to install?
Thanks!
AWESOME!
"Free X Boot" just became a Multi-Console Exploit-Series! (Thank you for choosing that name, hehe.)
Quake II and 3Xtreme both are working fine but NFL Xtreme hangs on the loading screen before the football game starts and my Nuclear Strike won't even start but I made that one at 1X as a test. That same Nuclear Strike doesn't open on POPS either for Ps2 but NFL Xtreme works I wonder what the deal is for that game
Pretty awesome! Would be great if someone could figure out how to incorporate this same exploit into a ps2 since it is ps1 backward compatible with the memory cards and games....unfortunately the memory card access menu screens are different on each console, so I am not sure how it would work, but im crossing my fingers for a break through on that sometime soon!
FreeMCBoot exists
Can any one explain to me what is going on here? I never had a PS1 and I don't think I quite understood the bigger picture here. Memory cards have only a few megabytes of space, so I know it's not about booting up games with them like one can do with a USB flash drive on a PS2, but what is it about then?
Before this exploit, the only ways to run arbitrary code on a PS1 were through a modchip, or with tonyhax, which requires an original game. This exploit allows anyone to run any code with only a memory card. This means you can get an unmodded PS1, and run anything you want on it. No hardware modification needed, no original game needed.
One of the instructions says: Unirom bootdisc can be used with the disc swap trick to install FreePSXBoot on a memory card.
The only images I saw were memory card images. Do you have CD images to swap with, or am I misunderstanding something here?
I;m not sure if this works with my specific models. I see them listed but my dates are different then the models listed on the GitHub. I have SCPH 7501 March 1999, SCPH 1001 March 1996 and SCPH 101 OCT 2000, which I see the models listed but the dates are different then mine. Would it still be the same bios version or is there something different. Like for example on the GitHub for the SCPH 7501 bios version is 4.1 (1997-12-16) whereas my 7501 is March 1999 so were some time later. Just wondering if that matters or not. Like if the bios changed or is it the same or is not compatible yet. If not then I'm thinking that all my models should be compatible, but the difference in dates are whats getting me. Thanks again for this. I'm loving this and Tonyhax and Mechapwn and all of it. 🤘🏾
The BIOS date is not indicated on the console. I can confirm your SCPH-7501 will work fine with version 4.1 (1997-12-16).
For the SCPH-101, it's either 4.4 or 4.5; if you can try both images then it's probably the fastest way.
For the American SCPH-1001, I realized it needs a new image done, the current one only works for European ones (update coming later today). If you can run Unirom 8.0.F from a CD (using the disc swap trick), go to status, it will tell you details about your BIOS.
@@_bradlin_ Thanks for the quick reply. Def going to look at everything when I get home. I'm all NSTC American consoles. Very exciting. Thanks again for letting me know whats up. 👍🏽
Interesting! Could you load an intermediate loader that is more efficient, for example loading a compressed executable?
Yes of course, the psxdev discord is already on it :)
hey since the original ps3's have got a memory card slot, and you can copy ps1/ps2 saves to your ps3 via a USB drive, AND The cryptographic signatures on those .PSV saves have been cracked now... couldnt you use a OFW PS3 to install tonyhax or maybe this? on a PS1 memory card? and being entirely "sony approved" :D
Just a couple days ago I was given 2 scph-7501's and have started ordering a setup to load Tony hax myself via dex drive. I'll let you know when the dex gets here and I can test for that bios if you want. Is there a discord server I can reach you at?
Try the psxdev discord server (google will give you the exact link).
It has already been confirmed working on more or less all the 7000+ BIOSes :)
@@_bradlin_ yeah I found a comment of yours mentioning the server so I joined to follow the progress, had seen the reports from 750x users. Good stuff. Shame I can't find my fatboy ps2 atm as I read that you need to write raw memcard data instead of saves.
Seems like a lot of work. I still have the back hack that lets you play any burned CD games you want. Had it since 2002 lol.
I did my own on board job for playing burnt discs. when I was 10 years old in 2003.
Hello Bradlin.
¿How much fast is read speed (in KB/s) from MC port with the original Sony Code? ¿And with the "fastload" from "NicolasNobble"?
Thanks.
Not sure how fast, but the maximum the port can do is something like 200 KB/sec. Not many cards support this speed though. The BIOS code can only read cards at around 5 or 6KB/sec.
How do you actually write the MCS to a memory card? Would it be possible to have these in raw memory card file format like TonyHax has?
I assume you mean the mcd files in the github repo? They are already raw data, just write them to the memory card.
@@_bradlin_ Yeah I meant MCD, dw I just found out you're supposed to use them with Memory Card Annihilator, thanks anyway
@@SIGSEGV1337
Yes, either a PS2 or a PC or an Arduino or whatever works with the right tools (hardware and software).
FreePSXBoot isn't supported on either of my two Sony Playstation 1 SCPH-5501 systems. Both are SCPH-5501 models with the 3.0 (03/11/96) BIOS and both systems have the PU-18 board, however, one is a -52, while the other is a -62. If I can be of any help with getting support added for these systems, please let me know.
As far as I know, the SCPH-5501 systems were only released with BIOS 3.0 (1996-11-18). Try this image, and if it doesn't work, try to run Unirom from a CD to see details about your BIOS, and report them on Github.
@@_bradlin_ This is the BIOS reported by Unirom. I will test the other image regardless, and report on Github if needed.
@@_bradlin_ Nope, no go. Will open an issue now.
What exactly is an "arbitrary code"? And what does the code do here when you run it?
How did you put the exploit code on the memory card in the first place?
It's all explained here: github.com/brad-lin/FreePSXBoot/blob/master/exploit/EXPLOIT.md
@@_bradlin_ is it possible for other slim models to have similar exploit in future?
is there a way that japanese consoles could have their drives unlocked?
No, the japanese consoles don't support the CD unlock commands. The disc swap trick works though, and is highly simplified by Unirom with the "Stop disc" option.
this but it loads tonyhax would be really cool
unirom is better than tonyhax
Dislike from Sony.