PS2 Julian's various PS2 projects (Worklog)

Looks like current Debian doesn't have support for the 586 used in the PCI-586VE-S PC board on the TOOL.

If I want to continue with the reimplementation of the TOOL software, I need to use Gentoo.

I'm curious about the interface between the MRP and PC board, because it doesn't seem to be documented anywhere.
 
32MB is enough for everyone? When I ported KiriKiri Z to the Nintendo Switch, the executable size ended up being 26.4MB.

I'm curious if I can trim it down further for the PS2.
 
KiriKiri Z for the PS2? Does it already work?

I am not entirely sure, but wasn't there a kind of 'road-block' at ~24MB?

Hm... Maybe externalize some files?
 
New PSU for the DTL-T10000H.
I4aNX1Z.jpg


No more whine while it's in standby :)
Somewhat quieter also.

I'm interested in upgrading the PCI SBC. Some places document the board as a PCI-586VE-S, but that is a typo. It is actually a PCI-586HVE-S.
 
WTF, it still has an AT-Connector (instead of the board-power-connector of ATX) on board?!

...and EDO-RAM, lol... (how big are they and can they be exchanged)? I suppose it doesn't really make a difference.
I should have kept some of the bigger EDO-RAM-Modules, haha... :D

I suppose exchanging the IDE-Cable for an 80-wire-version either doesn't change a thing, or doesn't even work, right?


It feels as if I am looking at a hardware from 95-97 (except for your new PSU)! :D
 
Yeah, the PCI SBC's manual is copyrighted from August 1999. It also probably keeps the AT connector to keep compatibility with old power supplies since these are used as industrial controllers.

The manual says up to 128MB of memory can be used. There's 64MB installed in it right now.

Changing the IDE cable would be pointless since the interface only supports EIDE/ATA-2, so speeds wouldn't be improved.

I'm not sure if the PCI-815VE is connected to the power supply with a cable, or if it just gets its power through the PCI slot.
Some newer SBCs use "12 pin ATX" connectors. I didn't find any Molex-to-12 pin connectors.

I'm thinking about upgrading the system to Red Hat Linux 6 and recompiling some packages like sshd. I already got an image of RHL6 from another person. I'm not sure about the status of MMX auto-vectorization by GCC.
 
TnA said:
It seems you have to "upgrade" your Profile-Picture as well. ;)
Click to expand...
Yeah, I might do that after hooking up a Gigabit Ethernet card and external HDD.

Hopefully, I can get Open PS2 Loader auto testing (for regressions) going.
First, I'll just be running each game for five minutes from the HDD while saving the serial output log. I may add video output recording later on.

I may add support for network and USB later on. I'd like to have a "USB switch" so that I can switch the drive between the PS2-side and the PC-side automatically.

It would also be nice to be able to automate inputs from DualShock2 (aka TAS), so it's possible to further test the game. PADEMU over MRP/dsnet or network?
 
Last edited:
Can't wait to see some more of it!
Everything which can be replaced or even 're-build' using newer equipment is welcome and interesting!

I hope you get the OPL-Auto-Testing working.

PADEMU through other inputs like via LAN sounds very interesting!
I only thought about a bit different structure and support for more (input-) devices (USB/BT-HID/Controller/Mouse/Keyboard, etc.).
 
Update: I got a IPC-PP827. It should be arriving in a few days. It has two onboard 1000Mbps ethernet, so I can connect one to the NA on the PS2 side and another one to the wall. It also has onboard USB 2.0 headers, so I don't have to connect a USB card to the PCI bus. It has also 64-bit compatibility, which means I can run the latest Linux versions after I finish my RE of dsnet and MRP driver.
I also got a SCPH-20400, which I will be disassembling and using the cable for connecting to an HDD.

RedHat Linux 5.2 can be found here: http://archive.download.redhat.com/pub/redhat/linux/5.2/en/os/i386/
RedHat Linux 6.2 can be found here: http://archive.download.redhat.com/pub/redhat/linux/6.2/en/os/i386/
 
That sounds like an interesting combination of an extention-card. :)

Thumps up for the work!
 
My IPC-PP827 board arrived. It seems the network ports and keyboard will power, but there is no display output or POST beep. Maybe I need to connect something to the power connector?

IPC-PP827 seems to be a rebranded version of PCI-827LF from Protech. In fact, it appears that all of the products on Ant Computer are rebranded Protech products.

Protech has a habit of removing manuals for older products, so I probably can't find the manual for the PCI-827LF (only the datasheet). However, the product catalog specifies the same P8/P9 to 10-Pin power (27-012-02501071) for multiple products, which contain the pinouts for the power connector:

https://www.protech.com.tw/Driver/BH-1105/BH-1105_M2.PDF (section 2-18)
https://www.protech.com.tw/Driver/PCI-531LF/PCI-531LF_M5.PDF (section 2-26)

Maybe I can stick two pins of the four pin power into pins 4 and 5 of the connector?

The manual of the PCI-586HVE-S seems to follow the same layout of the aforementioned manuals. Maybe Protech manufactured the PCI-586HVE-S too?

Also, my USB bracket arrived. The connector didn't fit since it was too small. However, I have the pinouts, so I can make my own cable later.

I was going to install a gigabit ethernet card, but I got a wrong PCI card (a SPIDF in/out card instead of a dual gigabit ethernet card), so the seller is sending me the right one.
 
I'll hold off on the PC card upgrade for now until I make the adapter for the power, serial, and USB connector.

For now, I'll see if I can get STABS debugging info read into Ghidra for dsnet reversing. Red Hat is still hosting the source rpms for the components used in Red Hat Linux 5.2 and 6.2, so I can just build the components while keeping the debugging info flags enabled.
 
This command will create a virtual machine with the correct networking device required for the e100 driver. The text display will be in the terminal, allowing usage in a remote situation (ssh). A telnet server is opened to allow the floppy disk or CD-ROM to be changed, or to shut down the system (since the old Linux kernel didn't support ACPI). Memory is set to 512MB since the kernel has issues booting from large amounts of memory.
Code: 
qemu-system-x86_64 -netdev user,id=mynet0 -device i82557a,netdev=mynet0 -m 512   -hda redhat5.qcow2 -cdrom redhat-5.2-i386.iso -monitor telnet::45454,server,nowait -curses  -boot c
This command will create a ISO with long filename support and POSIX attributes.
Code: 
mkisofs -o5.2.iso -rJ 5.2
 
Last edited:
The MRP driver appears to only support kernel versions 2.0.36 (included with Red Hat Linux 5.2) and 2.2.14-5.0 (included with Red Hat Linux 6.2).

The e1000 driver appears to only be in kernel 2.2.14-5.0. I guess in order to use my dual gigabit network card, I need to upgrade to Red Hat Linux 6.2. Thankfully, someone already sent me their RHL6.2 image, so I can just write that to the CF.
 
I've been messing with Ghidra and the EE plugin located here: https://github.com/beardypig/ghidra-emotionengine

First, I looked at the HDDOSD 110 and how it scrambles the first 512 bytes of the resources.

https://gist.github.com/uyjulian/7048f061148774bf807570143dee1703

Quite a bit more complicated than I expected (a simple XOR with buffer). 0x20ab98 is the function with the asset loading code, and the header decoding code can be found in multiple places due to loop unrolling (I'm looking at 0x20b564).

I haven't able to nicely isolate this code. It would be nice to descramble this data without needing PS2 hardware.
If you want to take a look yourself, there's a "decrypted HDD OSD" somewhere. Alternatively, e-mail me.

Second, I looked at the OSDSYS from 2.30 to see how it decompresses the assets.

https://gist.github.com/uyjulian/14388e84b008a6433aa805f5d0436c87

0x2067f0 is the function with the asset loading code. 0x200ed0 appears to be the decompression code with first param as destination and second param as source.

Ghidra names some things CONCATxx. Does that mean bitwise or and/or left shift? Not sure about this.

There is a structure (usually starts with a pointer to string containing a font asset name) located at 0x2ad24c for HDDOSD and 0x27b478 for ROM:
0. address to string containing asset name
1. null
2. null
3. type:
* 1: file
* 2: ROMIMG
* 3: ?
* 4: file in ROMIMG

---

There's a "Legacy Dashboard Theme" on PS4 which replicates the look of the PS2 menu. If it's possible to extract and decrypt the files, I am interested in them.
 
Okay, this helped me figure out about the CONCATxx function.

Help->Contents

Ghidra Functionality->Decompiler->Internal Decompiler functions
 
  • Like
Reactions: TnA
You must log in or register to reply here.

Similar threads

Back
Top