Tonyhax is a new softmod backup loader for the PlayStation 1


Those wanting to take their original PlayStation to the next level usually needed to open up the system and install a modchip; that's been common knowledge since even the '90s. However, a user named Socram, previously known for creating amiitool, has released an exploit that makes modding your PS1 easier than ever before. Called "tonyhax", because it utilizes Tony Hawk's Pro Skater 2 or 3, it loads specific data off of the PS1's memory card that "unlocks" the system's disc drive, which then lets you run other region games or even backups.

tonyhax is a save game exploit that uses a specially crafted save game for the Tony Hawk's Pro Skater 2 and 3, in both PAL and NTSC-U versions, to load a custom backup loader that uses no$psx' secret CD unlock commands to enable loading backups on a totally unmodded and stock PS1.

After "extensive testing", Socram has decided to release their exploit to the public, source code and all. The full project is available on GitHub, while a writeup and documentation as to how tonyhax works is available on their website. The creator says that the exploit is possible because in either Tony Hawk's Pro Skater 2 or Tony Hawk's Pro Skater 3 (NTSC or PAL), the game doesn't check if a skater profile name has been edited or messed with in any way. Should you edit the skater name in a dramatic way, it overwrites the memory of the system, which in turn allows custom code to be run.

This first stage payload is about 144 bytes, and its sole purpose is to load the secondary program loader (or SPL for short) from an additional save file in the memory card using the PS1 BIOS calls. Once loaded, it jumps straight to it.

As the console is left in an inconsistent state, the SPL first reinitializes the system kernel (RAM, devices…), by using the very same calls the ROM executes during the booting of the console.

After that, the GPU is reset. Once the GPU is ready again, the sets up the video to a resolution of 320x240, unpacks the 1bpp font from the BIOS ROM into VRAM, and draws the basic border and program name to know everything is working fine until this point.

With a fully working screen, it then proceeds to unlocks the CD drive to accept discs missing the SCEx signature, leveraging the CD BIOS unlock commands found by Martin Korth. These unlock commands are a sort of backdoor, and the drive, probably in order to keep them secret, returns an error instead of a success message. The SPL is coded to expect a particular error to be returned, and will actually abort if the drive returns that it succeeded or if it returns another unexpected error code.

After unlocking it, it waits for the lid to be opened and closed, allowing the user to insert a new CD.

After that, the CD filesystem is reinitialized. It proceeds to read the SYSTEM.CNF configuration file, reinitializes the kernel with the parameters the game needs, and finally loads and runs the game’s main executable.

You'll need a PS1 memory card with tonyhax on it, to which Socram recommends using a PS2 and Free MCBoot to copy it. After loading the profile in-game, the exploit will boot up, and your CD drive will then accept games, even if they're burned CD-R backups, or games from other regions. Tonyhax works on all PAL PlayStation consoles, NetYaroze, and all NTSC-U systems except the original SCPH-1000.

:arrow: Source
:download: Download Link
 

Stwert

Well-Known Member
Member
Joined
Jan 6, 2015
Messages
927
Trophies
1
Age
47
Location
Scotland
XP
1,898
Country
United Kingdom
2 of my PS1’s are chipped anyway, but as I have THPS3, I’ll download this and add it to my (ridiculous amount of TB’s of firmware/software/hacks/backups, magazines, manuals) collection anyway.... Just in case something even more interesting comes of it :D
 
  • Like
Reactions: Alexander1970

ClancyDaEnlightened

GBAtemp Official Psychonaut
Banned
Joined
Jan 29, 2008
Messages
1,875
Trophies
1
Location
somewhere within 4 dimensional space-time
XP
2,622
Country
United States
Cool, I guess is too slow to connect a hard disk and load games from it?

Actually is better to fo stuff like that on a PS2, all PS1 games work on it and avoiding using discs means the DVD laser doesn't ruin the CDs. And yes that was a problem back then.

What do you have to do to connect a Hard disc to a PS2 slim, use the Internet adapter?


Does nobody use opl and usb loading on ps2???
https://github.com/ps2homebrew/Open-PS2-Loader
 
Last edited by ClancyDaEnlightened,
  • Like
Reactions: Alexander1970

shinwg

Well-Known Member
Member
Joined
Jul 1, 2016
Messages
415
Trophies
0
Age
40
XP
531
Country
United States
Sadly I don’t have my ps1 anymore. I sold it 13 years ago with over 200 games or more. I was an idiot, I sold all my old console very cheap
 
  • Like
Reactions: HaloEffect17

tech3475

Well-Known Member
Member
Joined
Jun 12, 2009
Messages
2,938
Trophies
1
XP
4,090
Country
Sadly I don’t have my ps1 anymore. I sold it 13 years ago with over 200 games or more. I was an idiot, I sold all my old console very cheap

At least you got money, my parents threw out my NES games when the console started blinking.

Worst part is that it was my Dad who bought my current NES years later.
 

ClancyDaEnlightened

GBAtemp Official Psychonaut
Banned
Joined
Jan 29, 2008
Messages
1,875
Trophies
1
Location
somewhere within 4 dimensional space-time
XP
2,622
Country
United States
At least you got money, my parents threw out my NES games when the console started blinking.

Worst part is that it was my Dad who bought my current NES years later.

You sure he didn't buy it for him, not you? That's why nes went from $20 for a console to up to $80-100, shit is crazy, I'll just import a famicom for $30, I honestly prefer the famicom over the nes,just looks cool imho
 

shinwg

Well-Known Member
Member
Joined
Jul 1, 2016
Messages
415
Trophies
0
Age
40
XP
531
Country
United States
At least you got money, my parents threw out my NES games when the console started blinking.

Worst part is that it was my Dad who bought my current NES years later.

You sure he didn't buy it for him, not you? That's why nes went from $20 for a console to up to $80-100, shit is crazy, I'll just import a famicom for $30, I honestly prefer the famicom over the nes,just looks cool imho
My NES and SNES both and mad games sold under $20 I remembered the local shop owner give me 20 cents per cartridge, same for the rest N64, game cube, all version game boy, sega genesis, cd, nomad, game gear, dream cast. Ps1, ps2, Xbox. The only console I keep Xbox 360, ps3, ps4 psp 3ds. I wished i can go back undone my mistakes
 
  • Like
Reactions: ClancyDaEnlightened

cvskid

Well-Known Member
Member
Joined
Apr 13, 2014
Messages
2,753
Trophies
1
XP
2,678
Country
United States
Last edited by cvskid,

Zaphod77

Well-Known Member
Member
Joined
Aug 25, 2015
Messages
661
Trophies
0
Age
47
XP
580
Country
United States
The change with the newer bios was to make the console check protection TWICE during the boot.

To beat this, you swap near the end of the white screen from your original to your backup. then wait for the disk to slow down again and swap to your original, then swap again to the backup as soon as the black screen goes away.

Then you have to do the same thing AGAIN if the game has an anti-mod check during boot.

The really fun one is booting a club append disc for DDR with a swap trick. :) Here's how you do it.

0) find some way to hold the sensor down.
1) insert in region original disc.
2) swap to 2nd or 3rd mix right after the disc starts to speed up.
3) swap to original after toc is read and main exe is loaded before protection is checked (when the drive slows down again).
4) after black screen goes away, swap to backup.
5) at memcard screen, swap AGAIN to US disc. when the screen goes away, swap AGAIN to backup.
6) pick option to insert append disc
7) insert original US disc, and trip the sensor
8) wait 10 seconds or so, then swap quickly to the club append.
9) at memcard screen, repeat step 5. you have FINALLY booted it.

9 disc changes. :)
 
  • Like
Reactions: zfreeman

raxadian

Well-Known Member
Member
Joined
Nov 10, 2018
Messages
3,540
Trophies
1
Age
39
XP
3,404
Country
Argentina
Sadly I don’t have my ps1 anymore. I sold it 13 years ago with over 200 games or more. I was an idiot, I sold all my old console very cheap

Not a huge loss if you have a chipped PS2. 99% of PS1 games work on chipped PS2s with the rare few that don't or have problems either having workarounds or working in emulators.
 

ClancyDaEnlightened

GBAtemp Official Psychonaut
Banned
Joined
Jan 29, 2008
Messages
1,875
Trophies
1
Location
somewhere within 4 dimensional space-time
XP
2,622
Country
United States
If i remember right loading from usb on ps2 is slow since ps2 has usb 1.1 ports, not usb 2.0 ports so there can be issues, mainly with video playback in games. That's why i personally think ps2 slim needs a optical drive emulator.

I always used usb loading, I never had any issues with it, both using a usb hdd and usb flash drives, I can see fmv issues, but I skip those anyway

--------------------- MERGED ---------------------------

My NES and SNES both and mad games sold under $20 I remembered the local shop owner give me 20 cents per cartridge, same for the rest N64, game cube, all version game boy, sega genesis, cd, nomad, game gear, dream cast. Ps1, ps2, Xbox. The only console I keep Xbox 360, ps3, ps4 psp 3ds. I wished i can go back undone my mistakes


I was the person buying them too, for like $3-$5 a cart, 10-30 for consoles
 
Last edited by ClancyDaEnlightened,
D

Deleted User

Guest
I bet, in like a month, we end up seeing some homebrew memory card that runs games from n sd card, and it'll be insanely easy. I can see it happening.

I wonder if any other games will be able to use this. Gonna have to check out the local charity shops for one of these games.
 
  • Like
Reactions: ClancyDaEnlightened

Deleted member 323844

Well-Known Member
Member
Joined
Feb 17, 2013
Messages
802
Trophies
1
XP
2,335
Country
Spain
I bet, in like a month, we end up seeing some homebrew memory card that runs games from n sd card, and it'll be insanely easy. I can see it happening.

I wonder if any other games will be able to use this. Gonna have to check out the local charity shops for one of these games.
Iirc SIO2SD is doable on PS1, but I guess the Memory Card bus on PS1 is slow as hell, so it probably does not worth at all.
 
  • Like
Reactions: ClancyDaEnlightened
General chit-chat
Help Users
    Dark_Phoras @ Dark_Phoras: Ai! That's good morning!