3.10 + 3.11 hybrid is stable, so update README and remove 3.10 and 3.11 standalones

PAYLOADS/PAYLOAD 3.10 modified for the hybrid/build.sh

@@ -1,19 +0,0 @@
-echo "Building payload"
-
-ee-gcc -Ttext=0x01FFF800 payload.c -o payload.elf -nostartfiles -nostdlib -ffreestanding -Os -Wl,-z,max-page-size=0x1 # 2048
-ee-objcopy -O binary payload.elf payload.bin -Wl,-z,max-page-size=0x1
-
-ENTRY=`ee-objdump -t payload.elf | grep " _start"`
-echo $ENTRY
-
-# Doesn't seem to work on MinGW toolchain, so set manually if you're using that:
-#ENTRY=0x`grep -o "^\S*" <<< $ENTRY`
-ENTRY=0x01fff9a8
-
-echo $ENTRY
-echo "Building crt0"
-
-ee-gcc -Ttext=0x01500014 -DENTRY=$ENTRY crt0.S -o fullpayload.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1
-ee-objcopy -O binary fullpayload.elf fullpayload.bin -Wl,-z,max-page-size=0x1
-
-echo "Done. Insert fullpayload.bin into VIDEO_TS.IFO at offset 0x2954"

PAYLOADS/PAYLOAD 3.10 modified for the hybrid/crt0.S

@@ -1,65 +0,0 @@
-# OK, so in the hybrid disc, 3.10 stage 2 is at 0x3000 as normal, but 3.11 stage 2 is modified to start at 0x38000
-# that's why we need to modify this file, just the LBA load on line 31 and the padding
-
-.set noreorder # If we're writing assembly, why would we want this?
-
-.section .text.startup
-
-.equ getBufferInternal, 0x2986a0
-.equ payload, (0x2000000 - 0x800) # End of RAM
-
-.global _start
-_start:
-	#la $a0, 0x7f
-	#la $v1, 0x01
-	#syscall 0x01 # ResetEE
-
-	#la $a0, relo
-	la $a0, load
-	la $a1, 0
-	la $a2, 0
-	la $a3, 0
-
-.global ExecPS2
-ExecPS2:
-	la $v1, 7
-	syscall 7 # ExecPS2
-
-load:
-	la $a0, 0
-	la $a1, 0 # 0 = VIDEO_TS.IFO, 1 = VTS_01_0.IFO
-	la $a2, 0x3800 / 0x800 # lba offset in file
-	la $a3, payload # Destination
-	la $t0, 0x800 / 0x800 # Count
-	la $t1, 0
-	la $v0, getBufferInternal
-	jalr $v0
-	nop
-
-#relo:
-	# Relocate payload to end of RAM
-#	la $a0, (0x2000000 - 1024)
-#	la $a1, payload
-#	la $a2, 2048
-#	la $v0, memcpy
-#	jalr $v0
-
-boot:
-	la $v1, 0x64; la $a0, 0; syscall 0x64 # FlushCache data writeback
-	la $v1, 0x64; la $a0, 2; syscall 0x64 # FlushCache instruction invalidate
-
-	# Point stack to end of scratchpad RAM
-	la $sp, 0x70004000
-
-	# Execute from relocated place
-	la $v0, ENTRY
-	j $v0
-	nop
-
-#.space (_start + 0x2fe2 - 0x2954) - .
-#fpIndex:
-#	.byte 0xfa
-#	.byte 0xdc
-
-#.space (_start + 0x3000 - 0x2954) - .
-#.incbin "payload.bin"

PAYLOADS/PAYLOAD 3.10 modified for the hybrid/payload.c

@@ -1,141 +0,0 @@
-#include <stddef.h>
-
-// Pick one
-#define LOAD_FROM_VTS_02_0_IFO
-//#define LOAD_FROM_SECTOR_RELATIVE_TO_VIDEO_TS_IFO (151 - 138 - 7)
-
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define pointToIFO ((void (*)(unsigned int index, unsigned int lba, unsigned int offset))0x258a28)
-#define getDiscData ((void (*)(unsigned int s, void *d))0x258b98)
-
-#define SifIopReset ((int (*)(char *, int))0x20e7d8)
-#define SifIopSync ((int (*)(void))0x20e958)
-#define SifInitRpc ((void (*)(int))0x208d80)
-#define SifExitRpc ((void (*)(void))0x208f20)
-
-#define getBufferInternal ((int (*)(void *filename, int type, int currentSector, void *dest, unsigned int sectorsRemaining, int curReadPos))0x2952f0)
-
-#define ELF_PT_LOAD 1
-
-typedef unsigned char u8;
-typedef unsigned short u16;
-typedef unsigned int u32;
-
-typedef struct {
-	u8 ident[16];
-	u16 type;
-	u16 machine;
-	u32 version;
-	u32 entry;
-	u32 phoff;
-	u32 shoff;
-	u32 flags;
-	u16 ehsize;
-	u16 phentsize;
-	u16 phnum;
-	u16 shentsize;
-	u16 shnum;
-	u16 shstrndx;
-} elf_header_t;
-
-typedef struct {
-	u32 type;
-	u32 offset;
-	void *vaddr;
-	u32 paddr;
-	u32 filesz;
-	u32 memsz;
-	u32 flags;
-	u32 align;
-} elf_pheader_t;
-
-__attribute__((noreturn)) void ExecPS2(void *entry, void *gp, int argc, char **argv) {
-	asm volatile("la $v1, 7; syscall 7");
-	//__builtin_unreachable();
-}
-
-void *memcpy_(void *dest, void *src, size_t n) { 
-   int i;
-   for(i = 0; i < n; i++) ((unsigned char *)dest)[i] = ((unsigned char *)src)[i];
-   return dest;
-}
-
-void *memset(void *dest, int c, size_t n) {
-	int i;
-	for(i = 0; i < n; i++) ((unsigned char *)dest)[i] = c;
-	return dest;
-}
-
-static void readData(void *dest, unsigned int offset, size_t n) {
-	unsigned char buffer[0x800];
-
-	unsigned int copied = 0;
-	#define remaining (n - copied)
-
-	if(offset % 0x800) {
-		getBufferInternal("", 1, offset / 0x800, buffer, 1, 0);
-		memcpy_(dest, buffer + offset % 0x800, min(0x800 - (offset % 0x800), n));
-		copied += min(0x800 - (offset % 0x800), n);
-	}
-
-	if(remaining >= 0x800) {
-		getBufferInternal("", 1, (offset + copied) / 0x800, dest + copied, remaining / 0x800, 0);
-		copied += (remaining / 0x800) * 0x800;
-	}
-	
-	if(remaining > 0) {
-		getBufferInternal("", 1, (offset + copied) / 0x800, buffer, 1, 0);
-		memcpy_(dest + copied, buffer, remaining);
-	}
-}
-
-__attribute__((noreturn)) void _start(void) {
-	//Exit(0);
-	//asm volatile("la $v1, 0x04; la $a0, 0; syscall 0x04");
-
-	int i;
-
-	#ifdef LOAD_FROM_VTS_02_0_IFO
-		// point to VTS_02_0.IFO
-		pointToIFO(2, 0, 0);
-		
-		// Force a read from VTS_02_0.IFO
-		char head[64];
-		getDiscData(64, &head);
-
-		#define RELATIVE_SECTOR 0
-	#else
-		#define RELATIVE_SECTOR LOAD_FROM_SECTOR_RELATIVE_TO_VIDEO_TS_IFO
-	#endif
-
-	// Based on https://github.com/AKuHAK/uLaunchELF/blob/master/loader/loader.c
-	elf_header_t eh;
-	readData(&eh, RELATIVE_SECTOR * 0x800, sizeof(elf_header_t));
-
-	elf_pheader_t eph[eh.phnum];
-	readData(&eph, RELATIVE_SECTOR * 0x800 + eh.phoff, sizeof(elf_pheader_t) * eh.phnum);
-	
-	for (i = 0; i < eh.phnum; i++) {
-		if (eph[i].type != ELF_PT_LOAD)
-			continue;
-
-		readData(eph[i].vaddr, RELATIVE_SECTOR * 0x800 + eph[i].offset, eph[i].filesz);
-		if(eph[i].memsz > eph[i].filesz) memset(eph[i].vaddr + eph[i].filesz, 0, eph[i].memsz - eph[i].filesz);
-	}
-
-	asm volatile("la $v1, 0x64; la $a0, 0; syscall 0x64"); // FlushCache data writeback
-	asm volatile("la $v1, 0x64; la $a0, 2; syscall 0x64"); // FlushCache instruction invalidate
-
-	//while(!SifIopReset("", 0));
-	//while(!SifIopSync());
-
-	//while(!SifIopReset("rom0:UDNL rom0:EELOADCNF", 0));
-	SifIopReset("rom0:UDNL rom0:EELOADCNF", 0);
-	while(!SifIopSync());
-
-	SifInitRpc(0);
-	SifExitRpc();
-
-	ExecPS2((void *)eh.entry, 0, 0, 0);
-}

PAYLOADS/PAYLOAD 3.10/build.sh

@@ -1,19 +0,0 @@
-echo "Building payload"
-
-ee-gcc -Ttext=0x01FFF800 payload.c -o payload.elf -nostartfiles -nostdlib -ffreestanding -Os -Wl,-z,max-page-size=0x1 # 2048
-ee-objcopy -O binary payload.elf payload.bin -Wl,-z,max-page-size=0x1
-
-ENTRY=`ee-objdump -t payload.elf | grep " _start"`
-echo $ENTRY
-
-# Doesn't seem to work on MinGW toolchain, so set manually if you're using that:
-ENTRY=0x`grep -o "^\S*" <<< $ENTRY`
-#ENTRY=0x01fff9a8
-
-echo $ENTRY
-echo "Building crt0"
-
-ee-gcc -Ttext=0x01500014 -DENTRY=$ENTRY crt0.S -o fullpayload.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1
-ee-objcopy -O binary fullpayload.elf fullpayload.bin -Wl,-z,max-page-size=0x1
-
-echo "Done. Insert fullpayload.bin into VIDEO_TS.IFO at offset 0x2bb4"

PAYLOADS/PAYLOAD 3.10/crt0.S

@@ -1,63 +0,0 @@
-.set noreorder # If we're writing assembly, why would we want this?
-
-.section .text.startup
-
-.equ memcpy, 0x225668
-.equ getBufferInternal, 0x2986a0
-.equ payload, (0x2000000 - 0x800) # End of RAM
-
-.global _start
-_start:
-	#la $a0, 0x7f
-	#la $v1, 0x01
-	#syscall 0x01 # ResetEE
-
-	#la $a0, relo
-	la $a0, load
-	la $a1, 0
-	la $a2, 0
-	la $a3, 0
-
-.global ExecPS2
-ExecPS2:
-	la $v1, 7
-	syscall 7 # ExecPS2
-
-load:
-	la $a0, 0
-	la $a1, 0 # 0 = VIDEO_TS.IFO, 1 = VTS_01_0.IFO
-	la $a2, 0x3000 / 0x800 # lba offset in file
-	la $a3, payload # Destination
-	la $t0, 0x800 / 0x800 # Count
-	la $t1, 0
-	la $v0, getBufferInternal
-	jalr $v0
-	nop
-
-#relo:
-	# Relocate payload to end of RAM
-#	la $a0, (0x2000000 - 1024)
-#	la $a1, payload
-#	la $a2, 2048
-#	la $v0, memcpy
-#	jalr $v0
-
-boot:
-	la $v1, 0x64; la $a0, 0; syscall 0x64 # FlushCache data writeback
-	la $v1, 0x64; la $a0, 2; syscall 0x64 # FlushCache instruction invalidate
-
-	# Point stack to end of scratchpad RAM
-	la $sp, 0x70004000
-
-	# Execute from relocated place
-	la $v0, ENTRY
-	j $v0
-	nop
-
-.space (_start + 0x2faa - 0x2bb4) - .
-fpIndex:
-	.byte 0x7e
-	.byte 0xe0
-
-.space (_start + 0x3000 - 0x2bb4) - .
-.incbin "payload.bin"

PAYLOADS/PAYLOAD 3.10/payload.c

@@ -1,152 +0,0 @@
-#include <stddef.h>
-
-// Pick one
-#define LOAD_FROM_VTS_02_0_IFO
-//#define LOAD_FROM_SECTOR_RELATIVE_TO_VIDEO_TS_IFO (151 - 138 - 7)
-
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define pointToIFO ((void (*)(unsigned int index, unsigned int lba, unsigned int offset))0x25c880)
-#define getDiscData ((void (*)(unsigned int s, void *d))0x25c9f0)
-#define getDiscBuffer ((void (*)(void))0x25c678)
-
-#define sceCdSync ((void (*)(int mode))0x2a69c8)
-
-typedef struct {
-	unsigned int lsn;
-	unsigned int size;
-	char name[16];
-	unsigned char date[8];
-} sceCdlFILE;
-#define sceCdSearchFile ((int (*)(sceCdlFILE *, char *, int))0x2a6488)
-
-#define SifIopReset ((int (*)(char *, int))0x84fe0)
-#define SifIopSync ((int (*)(void))0x85110)
-#define SifInitRpc ((void (*)(int))0x84180)
-#define SifExitRpc ((void (*)(void))0x84310)
-
-#define getBufferInternal ((int (*)(void *filename, int type, int currentSector, void *dest, unsigned int sectorsRemaining, int curReadPos))0x002986a0)
-
-#define ELF_PT_LOAD 1
-
-typedef unsigned char u8;
-typedef unsigned short u16;
-typedef unsigned int u32;
-
-typedef struct {
-	u8 ident[16];
-	u16 type;
-	u16 machine;
-	u32 version;
-	u32 entry;
-	u32 phoff;
-	u32 shoff;
-	u32 flags;
-	u16 ehsize;
-	u16 phentsize;
-	u16 phnum;
-	u16 shentsize;
-	u16 shnum;
-	u16 shstrndx;
-} elf_header_t;
-
-typedef struct {
-	u32 type;
-	u32 offset;
-	void *vaddr;
-	u32 paddr;
-	u32 filesz;
-	u32 memsz;
-	u32 flags;
-	u32 align;
-} elf_pheader_t;
-
-__attribute__((noreturn)) void ExecPS2(void *entry, void *gp, int argc, char **argv) {
-	asm volatile("la $v1, 7; syscall 7");
-	//__builtin_unreachable();
-}
-
-void *memcpy_(void *dest, void *src, size_t n) { 
-   int i;
-   for(i = 0; i < n; i++) ((unsigned char *)dest)[i] = ((unsigned char *)src)[i];
-   return dest;
-}
-
-void *memset(void *dest, int c, size_t n) {
-	int i;
-	for(i = 0; i < n; i++) ((unsigned char *)dest)[i] = c;
-	return dest;
-}
-
-static void readData(void *dest, unsigned int offset, size_t n) {
-	unsigned char buffer[0x800];
-
-	unsigned int copied = 0;
-	#define remaining (n - copied)
-
-	if(offset % 0x800) {
-		getBufferInternal("", 1, offset / 0x800, buffer, 1, 0);
-		memcpy_(dest, buffer + offset % 0x800, min(0x800 - (offset % 0x800), n));
-		copied += min(0x800 - (offset % 0x800), n);
-	}
-
-	if(remaining >= 0x800) {
-		getBufferInternal("", 1, (offset + copied) / 0x800, dest + copied, remaining / 0x800, 0);
-		copied += (remaining / 0x800) * 0x800;
-	}
-	
-	if(remaining > 0) {
-		getBufferInternal("", 1, (offset + copied) / 0x800, buffer, 1, 0);
-		memcpy_(dest + copied, buffer, remaining);
-	}
-}
-
-__attribute__((noreturn)) void _start(void) {
-	//Exit(0);
-	//asm volatile("la $v1, 0x04; la $a0, 0; syscall 0x04");
-
-	int i;
-
-	#ifdef LOAD_FROM_VTS_02_0_IFO
-		// point to VTS_02_0.IFO
-		pointToIFO(2, 0, 0);
-		
-		// Force a read from VTS_02_0.IFO
-		char head[64];
-		getDiscData(64, &head);
-
-		#define RELATIVE_SECTOR 0
-	#else
-		#define RELATIVE_SECTOR LOAD_FROM_SECTOR_RELATIVE_TO_VIDEO_TS_IFO
-	#endif
-
-	// Based on https://github.com/AKuHAK/uLaunchELF/blob/master/loader/loader.c
-	elf_header_t eh;
-	readData(&eh, RELATIVE_SECTOR * 0x800, sizeof(elf_header_t));
-
-	elf_pheader_t eph[eh.phnum];
-	readData(&eph, RELATIVE_SECTOR * 0x800 + eh.phoff, sizeof(elf_pheader_t) * eh.phnum);
-	
-	for (i = 0; i < eh.phnum; i++) {
-		if (eph[i].type != ELF_PT_LOAD)
-			continue;
-
-		readData(eph[i].vaddr, RELATIVE_SECTOR * 0x800 + eph[i].offset, eph[i].filesz);
-		if(eph[i].memsz > eph[i].filesz) memset(eph[i].vaddr + eph[i].filesz, 0, eph[i].memsz - eph[i].filesz);
-	}
-
-	asm volatile("la $v1, 0x64; la $a0, 0; syscall 0x64"); // FlushCache data writeback
-	asm volatile("la $v1, 0x64; la $a0, 2; syscall 0x64"); // FlushCache instruction invalidate
-
-	//while(!SifIopReset("", 0));
-	//while(!SifIopSync());
-
-	//while(!SifIopReset("rom0:UDNL rom0:EELOADCNF", 0));
-	SifIopReset("rom0:UDNL rom0:EELOADCNF", 0);
-	while(!SifIopSync());
-
-	SifInitRpc(0);
-	SifExitRpc();
-
-	ExecPS2((void *)eh.entry, 0, 0, 0);
-}

PAYLOADS/PAYLOAD 3.11/build.sh

@@ -1,19 +0,0 @@
-echo "Building payload"
-
-ee-gcc -Ttext=0x01FFF800 payload.c -o payload.elf -nostartfiles -nostdlib -ffreestanding -Os -Wl,-z,max-page-size=0x1 # 2048
-ee-objcopy -O binary payload.elf payload.bin -Wl,-z,max-page-size=0x1
-
-ENTRY=`ee-objdump -t payload.elf | grep " _start"`
-echo $ENTRY
-
-# Doesn't seem to work on MinGW toolchain, so set manually if you're using that:
-#ENTRY=0x`grep -o "^\S*" <<< $ENTRY`
-ENTRY=0x01fff9a8
-
-echo $ENTRY
-echo "Building crt0"
-
-ee-gcc -Ttext=0x01500014 -DENTRY=$ENTRY crt0.S -o fullpayload.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1
-ee-objcopy -O binary fullpayload.elf fullpayload.bin -Wl,-z,max-page-size=0x1
-
-echo "Done. Insert fullpayload.bin into VIDEO_TS.IFO at offset 0x2954"

PAYLOADS/PAYLOAD 3.11/crt0.S

@@ -1,62 +0,0 @@
-.set noreorder # If we're writing assembly, why would we want this?
-
-.section .text.startup
-
-.equ getBufferInternal, 0x2952f0
-.equ payload, (0x2000000 - 0x800) # End of RAM
-
-.global _start
-_start:
-	#la $a0, 0x7f
-	#la $v1, 0x01
-	#syscall 0x01 # ResetEE
-
-	#la $a0, relo
-	la $a0, load
-	la $a1, 0
-	la $a2, 0
-	la $a3, 0
-
-.global ExecPS2
-ExecPS2:
-	la $v1, 7
-	syscall 7 # ExecPS2
-
-load:
-	la $a0, 0
-	la $a1, 0 # 0 = VIDEO_TS.IFO, 1 = VTS_01_0.IFO
-	la $a2, 0x3000 / 0x800 # lba offset in file
-	la $a3, payload # Destination
-	la $t0, 0x800 / 0x800 # Count
-	la $t1, 0
-	la $v0, getBufferInternal
-	jalr $v0
-	nop
-
-#relo:
-	# Relocate payload to end of RAM
-#	la $a0, (0x2000000 - 1024)
-#	la $a1, payload
-#	la $a2, 2048
-#	la $v0, memcpy
-#	jalr $v0
-
-boot:
-	la $v1, 0x64; la $a0, 0; syscall 0x64 # FlushCache data writeback
-	la $v1, 0x64; la $a0, 2; syscall 0x64 # FlushCache instruction invalidate
-
-	# Point stack to end of scratchpad RAM
-	la $sp, 0x70004000
-
-	# Execute from relocated place
-	la $v0, ENTRY
-	j $v0
-	nop
-
-.space (_start + 0x2fe2 - 0x2954) - .
-fpIndex:
-	.byte 0xfa
-	.byte 0xdc
-
-.space (_start + 0x3000 - 0x2954) - .
-.incbin "payload.bin"

PAYLOADS/PAYLOAD 3.11/payload.c

@@ -1,141 +0,0 @@
-#include <stddef.h>
-
-// Pick one
-#define LOAD_FROM_VTS_02_0_IFO
-//#define LOAD_FROM_SECTOR_RELATIVE_TO_VIDEO_TS_IFO (151 - 138 - 7)
-
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define pointToIFO ((void (*)(unsigned int index, unsigned int lba, unsigned int offset))0x258a28)
-#define getDiscData ((void (*)(unsigned int s, void *d))0x258b98)
-
-#define SifIopReset ((int (*)(char *, int))0x20e7d8)
-#define SifIopSync ((int (*)(void))0x20e958)
-#define SifInitRpc ((void (*)(int))0x208d80)
-#define SifExitRpc ((void (*)(void))0x208f20)
-
-#define getBufferInternal ((int (*)(void *filename, int type, int currentSector, void *dest, unsigned int sectorsRemaining, int curReadPos))0x2952f0)
-
-#define ELF_PT_LOAD 1
-
-typedef unsigned char u8;
-typedef unsigned short u16;
-typedef unsigned int u32;
-
-typedef struct {
-	u8 ident[16];
-	u16 type;
-	u16 machine;
-	u32 version;
-	u32 entry;
-	u32 phoff;
-	u32 shoff;
-	u32 flags;
-	u16 ehsize;
-	u16 phentsize;
-	u16 phnum;
-	u16 shentsize;
-	u16 shnum;
-	u16 shstrndx;
-} elf_header_t;
-
-typedef struct {
-	u32 type;
-	u32 offset;
-	void *vaddr;
-	u32 paddr;
-	u32 filesz;
-	u32 memsz;
-	u32 flags;
-	u32 align;
-} elf_pheader_t;
-
-__attribute__((noreturn)) void ExecPS2(void *entry, void *gp, int argc, char **argv) {
-	asm volatile("la $v1, 7; syscall 7");
-	//__builtin_unreachable();
-}
-
-void *memcpy_(void *dest, void *src, size_t n) { 
-   int i;
-   for(i = 0; i < n; i++) ((unsigned char *)dest)[i] = ((unsigned char *)src)[i];
-   return dest;
-}
-
-void *memset(void *dest, int c, size_t n) {
-	int i;
-	for(i = 0; i < n; i++) ((unsigned char *)dest)[i] = c;
-	return dest;
-}
-
-static void readData(void *dest, unsigned int offset, size_t n) {
-	unsigned char buffer[0x800];
-
-	unsigned int copied = 0;
-	#define remaining (n - copied)
-
-	if(offset % 0x800) {
-		getBufferInternal("", 1, offset / 0x800, buffer, 1, 0);
-		memcpy_(dest, buffer + offset % 0x800, min(0x800 - (offset % 0x800), n));
-		copied += min(0x800 - (offset % 0x800), n);
-	}
-
-	if(remaining >= 0x800) {
-		getBufferInternal("", 1, (offset + copied) / 0x800, dest + copied, remaining / 0x800, 0);
-		copied += (remaining / 0x800) * 0x800;
-	}
-	
-	if(remaining > 0) {
-		getBufferInternal("", 1, (offset + copied) / 0x800, buffer, 1, 0);
-		memcpy_(dest + copied, buffer, remaining);
-	}
-}
-
-__attribute__((noreturn)) void _start(void) {
-	//Exit(0);
-	//asm volatile("la $v1, 0x04; la $a0, 0; syscall 0x04");
-
-	int i;
-
-	#ifdef LOAD_FROM_VTS_02_0_IFO
-		// point to VTS_02_0.IFO
-		pointToIFO(2, 0, 0);
-		
-		// Force a read from VTS_02_0.IFO
-		char head[64];
-		getDiscData(64, &head);
-
-		#define RELATIVE_SECTOR 0
-	#else
-		#define RELATIVE_SECTOR LOAD_FROM_SECTOR_RELATIVE_TO_VIDEO_TS_IFO
-	#endif
-
-	// Based on https://github.com/AKuHAK/uLaunchELF/blob/master/loader/loader.c
-	elf_header_t eh;
-	readData(&eh, RELATIVE_SECTOR * 0x800, sizeof(elf_header_t));
-
-	elf_pheader_t eph[eh.phnum];
-	readData(&eph, RELATIVE_SECTOR * 0x800 + eh.phoff, sizeof(elf_pheader_t) * eh.phnum);
-	
-	for (i = 0; i < eh.phnum; i++) {
-		if (eph[i].type != ELF_PT_LOAD)
-			continue;
-
-		readData(eph[i].vaddr, RELATIVE_SECTOR * 0x800 + eph[i].offset, eph[i].filesz);
-		if(eph[i].memsz > eph[i].filesz) memset(eph[i].vaddr + eph[i].filesz, 0, eph[i].memsz - eph[i].filesz);
-	}
-
-	asm volatile("la $v1, 0x64; la $a0, 0; syscall 0x64"); // FlushCache data writeback
-	asm volatile("la $v1, 0x64; la $a0, 2; syscall 0x64"); // FlushCache instruction invalidate
-
-	//while(!SifIopReset("", 0));
-	//while(!SifIopSync());
-
-	//while(!SifIopReset("rom0:UDNL rom0:EELOADCNF", 0));
-	SifIopReset("rom0:UDNL rom0:EELOADCNF", 0);
-	while(!SifIopSync());
-
-	SifInitRpc(0);
-	SifExitRpc();
-
-	ExecPS2((void *)eh.entry, 0, 0, 0);
-}

README.md

@@ -3,50 +3,88 @@ PlayStation 2 DVD Player Exploit. This allows you to burn your own PlayStation 2
 
 For technical details please refer to my [blog post](https://cturt.github.io/freedvdboot.html).
 
-## Basic setup
+## Easy setup for all PS2 Slim consoles / Bravia TV
-Using prebuilt ISOs in this repo ([PREBUILT ISOs](https://github.com/CTurt/FreeDVDBoot/tree/master/PREBUILT%20ISOs) folder).
+All you need is:
+
+- A compatible console (all PS2 Slim / Sony Bravia TV units are supported),
+- A DVD (not a CD), preferably a DVD-R as other types such as DVD+RW put more strain on the PS2 laser,
+- A computer with a built-in disc burner / external USB disc burner,
+
+### Step 1: Download the ISO
+Download [`PREBUILT ISOs/All PS2 Slims - English language.iso`](https://github.com/CTurt/FreeDVDBoot/raw/master/PREBUILT%20ISOs/all%20slims%20-%20English%20lang.iso)
+
+### Step 2: Burn the ISO
+Please check following to ensure a good burn which the PS2 will be able to read:
+
+- Clean off any dust from the disc,
+- Select lowest burning speed option,
+- Select finalise disc option,
+
+### Step 3: Set console language to English
+Your console must be in English language for the exploit to work (other languages cause memory contents to change).
+
+Boot without a disc inserted, press Circle to enter System Configuration and set your system language to English.
+
+### Step 4: Boot!
+Insert the disc into your console, and wait. It should boot into uLaunchELF within a few seconds.
+
+From uLaunchELF, you have the ability to run any homebrew you want over USB mass storage! Many people choose to run FreeMCBoot or Fortuna installer, so that they can boot off a memory card.
+
+## Troubleshooting - please read if the above didn't work
+| Problem                                                                            | Solution                                                                                                                                                                                                                                                                                         |
+|------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Disc doesn't spin on slim console                                                  | Press the lid down hard to ensure the sensors detect that the lid is closed. If still not working try placing some weight such as a book on the top of the console.                                                                                                                              |
+| PS2 detects the disc as "PlayStation 2 disc" instead of "DVD Video" in the browser | Your PS2 has a modchip which is incorrectly preventing the DVD player from launching. You do not need this exploit for a console with a modchip, but if you really want to try it some modchips offer the ability to temporarily disable themselves (by holding start when booting for example). |
+| PS2 displays "unable to read disc"                                                 | Please try playing a real DVD movie disc to verify that your console's DVD laser works; doing this can also recalibrate the laser which might solve the issue, as commented here.                                                                                                                |
+| PS2 freezes at black/red/green screen                                              | If your PS2 DVD laser is really worn out, or you are using something difficult to read like a dusty DVD+RW burned on high speed, it might take some time before uLaunchELF actually starts. Please try waiting 3 minutes or so, per [this comment](https://github.com/CTurt/FreeDVDBoot/issues/3#issuecomment-651337741)                                            |
+Other suggestions that worked for others:
+
+- Try unplugging your controller, and plugging it back in. Apparently [that solved the issue for this user](https://github.com/CTurt/FreeDVDBoot/issues/103).
+
+- Try removing all memory cards. Apparently [that solved the issue for this user](https://github.com/CTurt/FreeDVDBoot/issues/3#issuecomment-651970564).
+
+- Try burning with different software. Apparently [for this user](https://github.com/CTurt/FreeDVDBoot/issues/108) ImgBurn didn't work, but CDBurnerXP with 1x speed, compatibility settings, and finalize option worked.
+
+- Check that your console's language is set to English.
+
+## Phat consoles
+Phat consoles have many different firmware version revisions, which makes them harder to add support for. It also means you will need to identify your firmware version, and burn the matching ISO file.
+
+It's still early in terms of support for different versions, check back here later. Hopefully over time other developers from the scene will also contribute support for additional DVD Player versions.
 
 ### Step 1: Identify your DVD Player Version
-Boot your PlayStation 2 without any disc inserted, and press Triangle to identify which DVD Player version your console has. Still early in terms of support for different versions, check back here later for more support. Hopefully over time other developers from the scene will also contribute support for additional DVD Player versions.
+Boot your PlayStation 2 without any disc inserted, and press Triangle to identify which DVD Player version your console has.
 
 **Currently only support:**
 
-- 3.04 (tested only region M in emulator so far, but guess all regions EUMACDGJ will work - with English language set in settings) - please ping me and will update this page when confirmed working on hardware.
+- 3.04 (tested only region M in emulator so far, but guess most other regions EUMACDG, except for J will work - with English language set in settings),
-- 3.10 (all regions EUMACDGJ - with English language set in settings) - confirmed working on hardware by CTurt, and others. [Only seems to work with English language](https://www.youtube.com/watch?v=zelVQcD7HCY).
-- 3.11 (all regions EUMACDGJ) - confirmed working on hardware by [MrMario2011](https://twitter.com/MrMario2011/status/1277586569738813440), and others. ([Only seems to work with English language](https://twitter.com/kood_infothief/status/1277600247024238592)).
 
-UPDATE: Experimental hybrid ISO for both 3.10 and 3.11 support merged into one now available, burn `PREBUILT ISOs/hybrid 3.10 and 3.11.iso` and set language to English. Confirmed [working on 3.11](https://twitter.com/TheWizWiki/status/1277670129355161601).
+### Step 2: Download the ISO
+Download the ISO that corresponds to your firmware version.
 
 **Please don't bother trying on a non-supported firmware/language configuration, it won't work...**
 
-### Step 2: Burn
+For example, if your DVD Player version is 3.04M, you would want to burn `PREBUILT ISOs/3.04 only - M+maybe other regions except J - English language.iso`.
-Pre-built ISO files for supported DVD Players containing just uLaunchELF are provided in this repository for ease of use (which can be used to boot homebrew over a USB mass storage device). For example, if your DVD Player version is 3.10E, you would want to burn `PREBUILT ISOs/3.10 only - all regions - English lang.iso`.
 
-You should use DVD-R with low burning speed (others may work, but they put more strain on PS2 laser), and make sure to finalise the disc as burning option. Otherwise, you might run into issues reading the disc.
+### Step 3, 4, 5 - Burn the ISO, set console language to English, and boot!
-
+These steps are the same as described for slim above.
-## Troubleshooting - please read if the above didn't work
-Disc doesn't spin on slim console - press the lid down hard to ensure the sensors detect that the lid is closed.
-
-PS2 says "unable to read disc" - this doesn't seem to be a problem with the exploit, but just that your DVD laser might not work, or at least can't read the disc you burned. Please try a regular DVD video first, or DVD game to ensure one of those works. If that works, make sure you are finalising your disc when burning, use a low write speed, and I recommend using DVD-R instead of any other type of DVD as those put more strain on the laser.
-
-PS2 enters black screen - if your PS2 DVD laser is really worn out, or you are using something difficult to read like DVD+RW burned on high speed, it might take some time before uLaunchELF actually starts. Please try waiting 3 minutes or so, per [this comment](https://github.com/CTurt/FreeDVDBoot/issues/3#issuecomment-651337741).
-
-Also try cleaning the disc to remove dust, and try verifying the burn on PC.
-
-Try setting your console language to English, as that affects some versions of the exploit, and English language is the only one I tested.
 
 ## Custom disc setup
-If you intend to make your own image containing additional homebrew / modified initial loader, please read on. Step 1 is the same; identify your firmware version.
+If you intend to make your own image containing additional homebrew / modified initial loader, please read on.
 
-### Step 2: Copy your homebrew
+### Step 1: Copy your homebrew
-Once you've identified your console's DVD Player version, copy all of the homebrew you would like to include on the disc into that directory in the `Filesystem` (EG: `Filesystem/3.10EU/`).
+Once you've identified your console's DVD Player version, copy all of the homebrew you would like to include on the disc into that directory in the `Filesystems` (EG: `Filesystems/All PS2 slims (3.10 + 3.11) - English language/` is the one that supports all slim consoles).
 
-### Step 3: Make an image
+### Step 2: Make an image
-Once you've placed all the homebrew files you'd like into the directory, generate a UDF image of the directory. The easiest way is probably to install `genisoimage` (comes pre-installed on many Linux distributions like Ubuntu) or `mkisofs` and run the following (where `exploit.iso` is the output and `Filesystem/3.10` is the directory containing `VIDEO_TS` and any homebrew):
+Once you've placed all the homebrew files you'd like into the directory, generate a UDF (ISO9960/UDF hybrid also works) image of the directory (so `VIDEO_TS` is in the root).
 
-    genisoimage -udf -o exploit.iso Filesystems/3.10
+On Windows, you can use a GUI like ImgBurn to make an disc image. It will give a warning that `VIDEO_TS.BUP` is missing, but just click continue anyway (PS2 doesn't require this file).
 
-### Step 4: Test and burn
+On Linux the easiest way is probably to use `genisoimage` as it comes pre-installed on many Linux distributions like Ubuntu. Run the following on terminal (where `exploit.iso` is the output and `Filesystem/All PS2 slims (3.10 + 3.11) - English language` is the directory containing `VIDEO_TS` and any homebrew):
+
+    genisoimage -udf -o exploit.iso "Filesystems/All PS2 slims (3.10 + 3.11) - English language"
+
+### Step 3: Test and burn
 I would recommend you test in PCSX2 first, but since [PCSX2 doesn't support loading the DVD Player](https://github.com/PCSX2/pcsx2/issues/1981), you have to decrypt and repack it yourself, which is beyond the scope of this README. With that said, if you aren't touching anything in `VIDEO_TS`, there shouldn't really be any reason for the exploit to fail.
 
 ## OPTIONAL: Replace the initial program
@@ -72,10 +110,13 @@ You can run `readelf -l` to verify your executable satisfies this requirement. F
 	  Segment Sections...
 	   00     .text .ctors .dtors .rodata .data .jcr .sdata .sbss .bss
 
+## Loading backups
+It's possible to patch backup images of commercial games to make them bootable using this exploit. I didn't want to maintain this tool, so it's not included in this repository, but can be found by searching for something like FreeDVDBoot ESR auto patcher.
+
 ## DEVELOPMENT: Replacing the loader payload
 The default payload will boot `VIDEO_TS/VTS_02_0.IFO` as an ELF file, but tweaks might be desired to improve compatibility, or maybe changing the behaviour to boot `BOOT.ELF` instead for instance.
 
-If you wish to update the loader payload, run `build.sh` inside `PAYLOAD` directory, and copy the output `fullpayload.bin` to `VIDEO_TS/VIDEO_TS.IFO` at offset `0x2bb4` (for 3.10E).
+If you wish to update the loader payload, run `build.sh` inside `PAYLOAD` directory, and copy the output `.bin` files into `VIDEO_TS/VIDEO_TS.IFO` at the offsets displayed by the output of the command.
 
 ## PORTING:
 Please read my technical writeup, to understand how the exploit works. I've also provided some notes about porting in the `porting notes.txt` file.