Hacking Help with researching Eboot modification (Valkyrie Profile)

[AbT19]

I came across an interesting thing from a user at another forum, where there originally was an attempt to patch the problematic eboots to work on PS Vita's PS1 emulator. I first thought it was bs given how much of an issue the black screen is on Adrenaline with certain PS1 games. So the dude sent me the file and lo and behold. It actually works. For the modified Valkyrie Profile eboot, I was able to bypass the black screen and progress much further. People who have this pbp have reported that they were able to complete the game (did not test Seraphic Gate).

The only issue is that this game was partly translated in another language, and if there was a way for me to undo the translation, and learn about the possible fixes used that allowed for the black screen to be mitigated. So far, I've only been able to unpack the pbp, but I don't really have a good grasp of which unpacked files to target, and I'd appreciate any help (with proper credit if this actually succeeds of course).

The filesize is roughly 600mb which leads me to think compression is one potential option, but I've not yet been able to get any compressed variants to work. I would love to learn the ins and outs of eboot modification, as I think this could lead to a breakthrough in the ability to play problematic PS1 eboots on PS Vita without issue, as well as potentially fix playable eboots to be near perfect.

Thanks.

 

[FAST6191]

So two things there.
1) You want to learn to bypass emulator limitations

2) You want to find out what might have been done here and reduce the partial translation to that.

1) might be jumping in at the deep end but it is not too unreasonable.
Most times a modern emulator does not work is the emulator fails to emulate some kind of hardware, or hardware addon, the base game uses and requires. If there is an official version of the emulator with extra options (maybe another game that was officially released that used it) then that is where most look. Other than memory cards and controllers in the second slot (or multitap) you are spared this compared to a lot of other systems when it comes to the PS1 (no real memory addons, cartridges doing fun things or the like).
Older emulators and still on some occasions for modern stuff, especially for embedded systems like the Vita that don't have the benefit of all the power, then it usually comes down to some kind of inaccuracy in the emulation that the game needed, and this inaccuracy can be some undocumented functionality of the hardware or quirk of the hardware.
The rest then tend to be anti piracy, which might also crop up in 2) as some things don't make much distinction between pirated game and ROM hack.
If you have some kind of debugging option then that is nice, however you can step through the game around the time it crashes and see if you can guess what is causing it (presumably something only active at that point that was not around before).

2) I would probably approach as a translation hacker. If you can figure out which aspects are the translation the rest are probably to do with whatever fixes apply here. Fortunately you can compare things to see what was changed, and then presumably change some things to see what happens there or consider it from a translation perspective (something like a relative search http://www.romhacking.net/utilities/513/ maybe) and if it is then obviously text related.

 

[AbT19]

2) I would probably approach as a translation hacker. If you can figure out which aspects are the translation the rest are probably to do with whatever fixes apply here. Fortunately you can compare things to see what was changed, and then presumably change some things to see what happens there or consider it from a translation perspective (something like a relative search --) and if it is then obviously text related.

Thank you for your response.

I was thinking along the same lines regarding option 2, but the problem is I think this was a small scale project, with no real indication as to which team/translation team tackled this project. And how far they actually managed. Especially given the relationship to PSP/Vita hacking. The other thing is that the ROM file itself is only partially translated. The group that tackled this project never had the opportunity to translate all of the text. The voice acting was also left intact.

As for option 1, the only thing I could find in my research is that Valkyrie Profile is an infamously difficult game to work within emulator confines as a bin/cue PS1 file, because of the obfuscated encryption and compression methods. This makes sense when you consider how many people don't try to romhack the game because of this.

Which is particularly why I wanted to reverse engineer this pbp file, since someone managed to bypass the black screen problem that some PS1 games face in Adrenaline. I will say, from my initial testing on emulators, VP is EXTREMELY sensitive to any kind of desync or microfreezes. On PCSX-REarmed, there are some stutters that won't reach unplayable levels, but is annoying enough to warrant doing something about it. Whereas, on the Vita's native emulator, these problems are minimized.

If I can find a way to reverse-engineer, this could lead to a huge stepping stone towards finally making problematic ROMs, playable on PS Vita.

 

[FAST6191]

Doubtful much will happen for the general case but having a non working but notable game is worth it in and of itself.

You don't need particularly potent tools
Explode the stock ROM and the hack you have into their component files. The stock ROM/ISO is likely in one of the many iso formats used during the PS1 era so maybe one of the all in one iso handling programs (free versions will usually extract well enough).
Run a basic hash program (even a SFV viewer will likely do) and compare those results.
Chances are the binary that runs on the CPU will be housing the changes that make it work with sub par emulators, if you are lucky the translation will have left it alone (games don't have to have text in the binaries, indeed it is arguably bad form to do so, but they are often seen to) and you can copy it across. If not then you get to compare the binaries (hopefully there are some tools to handle any compression or encryption on the binaries themselves, I did not see any on romhacking.net other than the Chinese translation http://www.romhacking.net/translations/3837/ and a tool to make sure you are using the right version) and see what was changed. Text is usually pretty evidently text when compared to code (most code changes will be small for this sort of thing, text being rather larger, though if the text handler was also changed to allow for different characters or something then that changes things, even if you probably still have only a few possibilities such that you can brute force it).

 

[Motoyokun]

Can you compare the DATA.PSP that was shipped with that eboot versus one you have with (presumably) PSX2PSP?

 

[wad11656]

Hey dude, this is a miracle! Way to find that thread and take the initiative to get a hold of a working Eboot. I think it'd be awesome to find someone who could de-translate back to English. I messaged you

 

[AbT19]

Hey dude, this is a miracle! Way to find that thread and take the initiative to get a hold of a working Eboot. I think it'd be awesome to find someone who could de-translate back to English. I messaged you

Gimme a moment, I will most definitely reply

 

[mbsull]

I would love to help. Do you have a link to the other thread?