This shows you the differences between two versions of the page.
documentation:dipir_patching [2022/11/07 14:49] – created fixelsan | documentation:dipir_patching [Unknown date] (current) – external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ==== Generic getbootdev code : ==== | ||
+ | |||
+ | < | ||
+ | E3 A0 00 xx E1 A0 F0 0E | ||
+ | where xx is boot device | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== ==== | ||
+ | |||
+ | ==== FZ1 Patching ==== | ||
+ | |||
+ | < | ||
+ | DIPIR Rev =0 | ||
+ | DipirEnv @0x5d14 | ||
+ | DipirRoutines @0x5d68 | ||
+ | @0x5dd8 write new dipirroutines version 0xf4840010 (old content 0xc90a8c33) to force cdrom dipir calling of getbootdev | ||
+ | @0x5df8 write getbootdev offset 0x5dfc (old content 0xfc747ccf) | ||
+ | @0x5dfc write ldr r0,#1 ; movs pc,lr ;//boot device # | ||
+ | what damaged is the demo key,that is not used by rom anyway | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== FZ10 `94 Patching ==== | ||
+ | |||
+ | < | ||
+ | DIPIR Rev =1.55 | ||
+ | DipirEnv @0x57e4 | ||
+ | DipirRoutines @0x583c | ||
+ | Scrap buffer @0x58b8 - 0x592b | ||
+ | |||
+ | 1. Copy DipirEnv to @0x58b8 | ||
+ | 2. Patch DipirEnv references @0x13b8 | ||
+ | 3. Copy DipirRoutines to 0x57e4 | ||
+ | 4. Update DipirEnv-> | ||
+ | 5. Write @0x5910 mov r0,#1 ; movs pc,lr #bootdevice # | ||
+ | 5. Patch DipirRoutines-> | ||
+ | 6. Patch DipirRoutines-> | ||
+ | |||
+ | Damaged : copyright string | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== FZ10 '95 Patching (Anvil) ==== | ||
+ | |||
+ | < | ||
+ | DIPIR Rev =1.66 | ||
+ | DipirEnv @0x7824 | ||
+ | DipirRoutines @0x789c | ||
+ | Scrap buffer @0x7867 - 0x79db, 0x7164-0x719f | ||
+ | |||
+ | 1. Copy DipirEnv to @0x7867 | ||
+ | 2. Patch DipirEnv references @0x2a70, 0x7740 | ||
+ | 3. Copy DipirRoutines to 0x7824 | ||
+ | 4. Update DipirEnv-> | ||
+ | 5. Write @0x7164 mov r0,#1 ; movs pc,lr #bootdevice # | ||
+ | 5. Patch DipirRoutines-> | ||
+ | 6. Patch DipirRoutines-> | ||
+ | |||
+ | Damaged : copyright strings | ||
+ | |||
+ | </ | ||
+ | ===== CDRomDipir patching ===== | ||
+ | |||
+ | ==== v1.35, 2076 bytes ==== | ||
+ | |||
+ | raw md5: 38bb8a25dfcfc691e92d4341cfb1c2ec | ||
+ | |||
+ | decrypted md5: 585950b1c1d9a347f2f41b07ffb4c475 | ||
+ | |||
+ | offset 0x620, | ||
+ | |||
+ | DOES NOT CHECK DISKDIGEST! | ||
+ | |||
+ | |||
+ | ==== v1.37 2236 bytes ==== | ||
+ | |||
+ | raw md5: d1564bd92f3c2fa82762bed32375048a | ||
+ | |||
+ | decrypted md5: a7c49440c5c934d7400ee275a88fc065 | ||
+ | |||
+ | offset 0x6a8, 0x6ac, 0x6b0 → e3500000, 13a00006, 191babf0 to e1a00000 e1a00000 e1a00000 | ||
+ | |||
+ | DOES NOT CHECK DISKDIGEST! | ||
+ | |||
+ | |||
+ | ==== v1.54 5168 bytes ==== | ||
+ | |||
+ | raw md5: 5cc62eca6f1f4c7b4a74093de1e21633 | ||
+ | |||
+ | decrypted md5: 8c6bc5d77e8c921b4799b1102693d91b | ||
+ | |||
+ | offset 0x828, 0x82c, 0x830 → e3500000, 13a00006, 191babf0 to e1a00000 e1a00000 e1a00000 | ||
+ | |||
+ | for bypassing the diskdigest : offset 0xa78→ EB000156 to E3A00001 | ||
+ | |||
+ | |||
+ | ==== v?.?? 5996 bytes ==== | ||
+ | |||
+ | raw md5: 93a6d77f3dc4df73d7f819598de97ddb | ||
+ | |||
+ | decrypted md5: 6c81ffb575ff78625cc66a5fa8076fcd | ||
+ | |||
+ | offset 0xcd4, 0xcd8, 0xcdc → E1300001, 13A00006, 1A00014E to e1a00000 e1a00000 e1a00000 | ||
+ | |||
+ | DOES NOT CHECK DISKDIGEST! | ||
+ | |||
+ | |||
+ | ==== v?.?? 6448 bytes ==== | ||
+ | |||
+ | raw md5: 07530dc9acd786dc52734aae9046973c | ||
+ | |||
+ | decrypted md5: de264fbb6c579700060741911cb8213f | ||
+ | |||
+ | offset 0xc20, | ||
+ | |||
+ | for bypassing the diskdigest : offset 0xdbc → EBFFFF53 to E3A00001 | ||
+ | |||
+ | |||
+ | ==== v1.66 6664 bytes ==== | ||
+ | |||
+ | raw md5: 6575e80b4895215e9cb641c9186b90d8 | ||
+ | |||
+ | decrypted md5: 62aa65f18d61966852bd040598aab1a9 | ||
+ | |||
+ | offset 0xb48, 0xb4c, 0xb50 → E3310000, 13A00006, 1A00007F to e1a00000 e1a00000 e1a00000 | ||
+ | |||
+ | for bypassing the diskdigest : offset 0xcc0 -> EBFFFF68 to E3A00001 | ||
+ | |||