-
Notifications
You must be signed in to change notification settings - Fork 2
/
UberChipV1.5_Debug_Version
277 lines (255 loc) · 14.5 KB
/
UberChipV1.5_Debug_Version
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
// \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ //
// //
// A STUPID DUMBED DOWN VERSION OF A PSX MODCHIP BY A TOTAL AMATEUR WITH A FEW DAYS OF ARDUINO TINKERING EXPERIENCE //
// I dub Thee: Teh UbeR ChiP V1.00 //
// VAJSKIDS JULY 2021 //
// SOURCES OF INFORMATION: //
// https://github.com/vxbinaca/modavr/blob/master/modavr.asm //
// http://www.oldcrows.net/mcc1.html //
// https://github.com/Gadorach/PSX-MultiMode3-PIC12F683/blob/master/MPLAB%20X/MM3-12F683.X/main.c //
// And an older version of PSNEE source code before it also covered OneChip/ psone , the latest one has IMO being over optimised //
// and is harder to understand. //
//tools used: //
//$17 ebay logic analyser (watched data line on an old crow + data lines on my arduino + data line on console with genuine disc - 11 injections) //
//Logic 2 (software) //
//PU18 SCPH5502 with a drive from another playstation and an extension ribbon cable //
// Arduino Nano (clone with old bootloader) //
// An old modchip pulled out of one of many systems I've flipped //
// //
// Most of the time was spent trying to understand "what to inject" as outlined below.... otherwise this would have being working within a couple of hours //
// This is a great example for a learner / by a learner //
// This is currently set up to watch on the serial monitor with a ~3.5v "power sensor" wire as oppose being hardwired into the console //
// which would be a very easy change. //
// // // //
// https://imgur.com/eLf89y5 //
// IT BOOTS UM JAMMER LAMMY [NTSC], the only game I know that can detect a modchip!! //
// //
//V1.5: Some minor timing and magic key injection tweaks, added multidisc support. Extra lid sensor wire in defines. //
// Audio CD Fix + Jumps straight into CD player if an audio disc is inserted, this was just a delay at boot before injections as an audio //
// CD is detected within the first 4 or 5 seconds and launches the player. Injecting the String / 'magic key' after this time //
// doesn't affect boot time of a game disc what so ever. Releasing Gate/ Data pins breaks the program, possibly because of the register states used but //
// releasing them isn't required - just can't keep pumping the 'magic key' down the DATA line or it's picked up by anti-stealth. //
// ...Will likely move onto a PSOne version after this. Proper Install diagrams will be coming! //
// You won't be able to break this using the console normally, but if you really, really try you could probably flag an anti-mod //
// //
// //
// \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ \m/ //
//Define the used pins
#define DRIVE_LID_SENS 8
#define GATE 2
#define DATA 12
#define P_SENS 4
#define mchipregister PIND //register for monitoring high/low states (read only)
#define mchipregwrite PORTD //register to write pin states to in setup
#define DRIVE_LID_SENS_REG PINB //the register with the DATA line and our drive lid sensor line
int bitdelay (3974); //delay between bits sent to drive controller (MS)
int stringdelay (67); //delay between string injections
const int System_Off = (0B00000011); //RX & TX are always high
const int System_On = (0B00001011); //
const int Lid_Open = (0B000001); //so we don't have to refer to the states in bits further on
const int Lid_Closed = (0B000000);
char Dots[1] = ".";
char equalsign[] = "==============================";
int injectcounter = 0; //variable for injection loop storage
char notice[] = "Playstation Console isn't Powered-On or the powers on and the Drive Lid is Open";
char blank[] = " "; //just to fix an annoying debugging bug
unsigned int DiscSwap = 0;
/* 00110101 00111101 01011101 01011101 (remove start bit "1" and two stop bits "0, 0" between each byte)
10111010 10111010 10111100 10101100 (Reverse it)
01000101 01000101 01000011 01010011 (Invert it, correct here sending LSB first/ Little Endian)
01010011 01000011 01000101 01000101 (Big Endian, MSB first, we have "SCEE") */
/*PORTD maps to Arduino digital pins 0 to 7
DDRD - The Port D Data Direction Register - read/write
PORTD - The Port D Data Register - read/write
PIND - The Port D Input Pins Register - read only
PORTB maps to Arduino digital pins 8 to 13 The two high bits (6 & 7) map to the crystal pins and are not usable
DDRB - The Port B Data Direction Register - read/write
PORTB - The Port B Data Register - read/write
PINB - The Port B Input Pins Register - read only */
void setup() {
Serial.begin(57600); //serial monitor for debugging
//Set up the used pins
pinMode (GATE, OUTPUT);
pinMode (DATA, OUTPUT);
pinMode (P_SENS, INPUT);
pinMode (DRIVE_LID_SENS, INPUT);
//setup default register state (psx off)
digitalWrite (mchipregwrite, 0B00001011);
//otherwise LED pin 13 will go high when flashing and break code
//and sets true states of other unused pins in this register
digitalWrite (DRIVE_LID_SENS_REG, 0B000000);
}
void NewDisc() {
do
{
delay (1500);
Serial.println (" ...Awaiting disc swap and drive lid closure " );
}
while (DRIVE_LID_SENS_REG == Lid_Open);
inject();
}
void DriveLidStatus() { //a conditional loop for the status of the drive lid sensor pin using the state of it's entire register
//for multi-disc games
if (DRIVE_LID_SENS_REG == Lid_Closed) { //state of this register after initial injection routine with lid closed
injectcounter = 0; //This reset is in case of multidisc/ multiple injection routines
Serial.println (" Injection cycles complete ");
Serial.println (" ...Gate will remain closed "); //print more debug stuff
Serial.println (equalsign);
delay (850);
Serial.println (" Stealth chip enabled, monitoring disc drive lid status ");
}
else if (DRIVE_LID_SENS_REG == Lid_Open) { //monitor register state with this pin for sensing purposes, data idles low after injection, only need to look for a change in one bit (lid sens pin)
Serial.println (" Drive Lid is Open!" ); //print this to serial monitor while drive lid is open and wait for it to close again
delay (850);
DiscSwap = (DiscSwap + 1); // **debug purposes**
Serial.println ("Disc swapped "); // ** **
Serial.print (DiscSwap);
Serial.print ( " time/s!" );
delay (500);
NewDisc();
}
DriveLidStatus(); //forms a conditional if loop
}
void PowerUpDelay() { //A power up delay with serial monitor stuff, self explanatory
Serial.println (" PSX Console Powered-On & Drive lid is closed ...Data Gate Closed, Preparing to Inject! ");
delay (500);
Serial.println (Dots);
delay (500);
Serial.println (Dots);
delay (500);
Serial.println (Dots);
delay (500);
Serial.println (Dots);
delay (250);
Serial.println (Dots);
delay (250);
Serial.println (Dots);
delay (250);
Serial.println (Dots);
delay (250);
Serial.println (Dots);
delay (150);
Serial.println (Dots);
delay (150);
Serial.println (" STARTING INJECTION CYCLES ");
Serial.println (equalsign);
delay (4000); //Audio-CD Fix boot delay, detects audio disc within this time frame
// but squirting the region string in after this point is ok for a game disc
// doesn't affect game boot time
inject(); //ready to inject
}
void inject() {
if (injectcounter == 100) //The amount of times you want to inject the string
//This is long enough to load games that take a while to start (i.e Dino Crisis, RE3) but stops
//string injection (goes stealth) soon enough for anti-mod game (i.e Umjammer Lammy) to not flag the chip
//likely safe to increase to another 10 to 30 injections??
{
DriveLidStatus(); // call drive lid status routine
}
else
{
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay); //delay between single bit injections
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 1);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delayMicroseconds (bitdelay);
digitalWrite (DATA, 0);
delay (stringdelay); //delay between string injects
injectcounter = (injectcounter + 1);
Serial.println (" SCEE String Injected "); //delays between injects as well as serial monitor stuff
inject();
}
}
void loop() {
delay(1800);
if (DRIVE_LID_SENS_REG == Lid_Open || mchipregister == System_Off) //if power off or lid closed
{
Serial.println (notice); //keep printing this to serial monitor
Serial.print (blank); //otherwise it prints a dot along with 'notice' 9 times after jumping to powerupdelay, instead of just the 9 new line dots (?!?!)
}
else
{
PowerUpDelay(); // else jump to here
}
}