FreePSXBoot 2.1

FreePSXBoot es un exploit que permite cargar código arbitrario en PSX (Playstation 1) usando solo la tarjeta de memoria, sin necesidad de juego alguno.

En otras palabras, es un softmod que requiere de una tarjeta de memoria, así como de una forma para escribir datos en raw en ella.

Cómo utilizar FreePSXBoot

Para utilizar FreePSXBoot necesitamos una forma de copiar imágenes completas de tarjetas de memoria (no archivos individuales) a una tarjeta de memoria. Algunas posibilidades son:

• Una PS2 y la aplicación Memory Card Annihilator v2 (usa la opción "Restore MC image")
• Memcarduino. Requiere soldar cables a la tarjeta de memoria.
• Usar Memcard Pro, que nos permite crear una tarjeta de memoria virtual en una tarjeta SD. Simplemente coloca la imagen la imagen de la tarjeta que que quieres usar en Memory Card 1, Channel 1.
• Usar Unirom y NOTPSXserial con un cable serie/USB, utilizando el comando: nops /fast /mcup 0 FILE.mcd COMPORT donde FILE es el archivo mcd correspondiente a nuestro modelo, y COMPORT corresponde al puerto serie de nuestro ordenador.
• MemcardRex con DexDrive, Memcarduino, o PS1CardLink. Asegúrate de que sea la última versión, que es la que permite escribir datos en raw e la tarjeta de memoria (necesario para FreePSXBoot)
• PSXGameEdit con DexDrive (no está garantizado que funcione)

WARNING

By flashing FreePSXBoot to your Memory Card, you need to be aware of the following:

• The .mcd image files replace the whole contents of your card, meaning that your Memory Card will be ENTIRELY WIPED after flashing a .mcd image, so creating a backup of your saves is compulsory.
• Because the exploit has corrupt Memory Card filesystem on purpose for it to run, your card will become unusable for normal operations. That is, you won't be able to use this card for saving and loading game saves and it will cause crashes on your PS1 or your PS2 console (if you have any).
• Once installed, it may become difficult to uninstall, as the normal software to re-format a memory card won't work, due to the exploit itself. You could end up with no means to recover the memory card; if for example your installation method was Memory Card Annihilator v2, then it will also crash. Memcarduino, Unirom, or using the Memcard Pro would currently be safe bets.

Usage

• Copy the full memory card image corresponding to your model/BIOS to a memory card.
• Insert it in slot 1.
• If you have a SCPH-1001 or SCPH-1002 with BIOS version 2.0: insert another memory card in slot 2 (its content doesn't matter).
• Power up your PlayStation with the lid open, and go to the memory card manager.
• After a few seconds, the screen will be filled with cyan. Wait ~30 seconds for the Unirom welcome screen to appear.
• If the cyan screen doesn't appear, you have either used a wrong memory card image, or the memory card image was not written properly (the mcd file must be written as raw data to the memory card), or something else went wrong. If you are 100% certain that the memory card image was written properly, and that you are using the correct image, please open an issue.
• Once Unirom is loaded, you can insert a CD, close the lid, and press R1 to load the game. Note: Japanese PlayStation cannot have their CD drive unlocked by Unirom, and thus cannot load backups.
• Don't forget to remove your memory card, as its exploit will trigger into games as well. This isn't an issue when using the Memcard Pro, as it will automatically change the virtual card to the game you're booting.

Restoring the memory card

• Use MemcardRex.
• Some games that have a save file manager (shows the contents of the memory card before saving) built into them, like OddWorld: Abe's Oddysee and Cool Boarders 4 (suffers from a caveat that keeps the game from loading the memory card with certain exploit versions) for example, can be used to overwrite FreePSXBoot when saving progress.
• Memory Card Annihilator v2 may be able to format a card, but it has to be inserted at the last moment. This method is not guaranteed to work.
• In general, tools and games crash when attempting to format a memory card loaded with FreePSXBoot, but may be able to format it by first inserting a normal memory card, and switching it with the FreePSXBoot memory card just before the format operation starts.
• We plan to bundle a complete version of Unirom in the memory card images in the future, with the ability to format memory cards.

Supported models

• All models are supported and tested on emulator or real hardware, except the debug models (DTL-H) and Net Yaroze (they may work, but are not tested).
• As of version 20210419, the exploit is 100% reliable on all supported models. Nevertheless, some exploit images were only tested on emulators and may not work on real hardware; feedback is welcome.

Note for BIOS 2.0 (SCPH-1001 or SCPH-1002): the memory card containing FreePSXBoot must be inserted in slot 1, and another memory card must be present in slot 2. The memory card in slot 2 can have any content.

See the folder builder for a tool that can be used to generate your own payloads and memory cards.

Memory card images are raw data: your memory card must have the exact same content as the files. Use Memcarduino or something similar; don't use a memory card file manager, as it will try to correct the data we're altering.

If the exploit is successful, you will see the screen flashing orange. Otherwise, power cycle your PSX and try again after a minute or so. It may take a few tries.

The exploit works in emulators as well, and works all the time due to the memory being always initialized to 0. Tested with no$psx, pcsx-redux, and DuckStation.

by brad-lin.