Duplicate payload in images to support fake memcards with 512 kb chips

README.md

@@ -68,6 +68,7 @@ If you are using a Memcard Pro, or need to use the two memory card slots normall
 
 ## Changelog
 
+* 2022-04-07: Duplicate payload in images to support fake memcards with 512 kb chips
 * 2022-03-18: New kernel patch for slot 2; should fix games which can't handle wrong memory card handshake
 * 2021-10-04: Unirom version updated to 8.0.J
 * 2021-07-03: FreePSXBoot patches the kernel when run from slot 2 (memory card can remain inserted)
@@ -102,28 +103,28 @@ As more reliable or faster versions of the exploit are developed, the images are
 
 | BIOS version/region | BIOS CRC32 | Models | 100% reliable | Download Link Slot 2 (recommended) | Download Link Slot 1 (For Memcard Pro) |
 |---------------------|------------|--------|---------------|------------------------------------|----------------------------------------|
-| 1.0 (1994-09-22) I | 3b601fc8 | SCPH-1000 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-1.0-1994-09-22-I-3b601fc8-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-1.0-1994-09-22-I-3b601fc8-slot1.mcd) |
-| 1.1 (1995-01-22) I | 3539def6 | SCPH-3000 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-1.1-1995-01-22-I-3539def6-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-1.1-1995-01-22-I-3539def6-slot1.mcd) |
-| 2.0 (1995-05-07) A | 55847d8c | SCPH-1001 | **Yes; see note below** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-2.0-1995-05-07-A-55847d8c-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.0-1995-05-07-A-55847d8c-slot1.mcd) |
-| 2.0 (1995-05-10) E | 9bb87c4b | SCPH-1002 | **Yes; see note below** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-2.0-1995-05-10-E-9bb87c4b-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.0-1995-05-10-E-9bb87c4b-slot1.mcd) |
-| 2.1 (1995-07-17) A | aff00f2f | SCPH-1001 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-2.1-1995-07-17-A-aff00f2f-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.1-1995-07-17-A-aff00f2f-slot1.mcd) |
-| 2.1 (1995-07-17) E | 86c30531 | SCPH-1002 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-2.1-1995-07-17-E-86c30531-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.1-1995-07-17-E-86c30531-slot1.mcd) |
-| 2.1 (1995-07-17) I | bc190209 | SCPH-3500 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-2.1-1995-07-17-I-bc190209-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.1-1995-07-17-I-bc190209-slot1.mcd) |
-| 2.2 (1995-12-04) A | 37157331 | SCPH-1001<br/>SCPH-5003 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-2.2-1995-12-04-A-37157331-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.2-1995-12-04-A-37157331-slot1.mcd) |
-| 2.2 (1995-12-04) E | 1e26792f | SCPH-1002 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-2.2-1995-12-04-E-1e26792f-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.2-1995-12-04-E-1e26792f-slot1.mcd) |
-| 2.2 (1995-12-04) I | 24fc7e17 | SCPH-5000 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-2.2-1995-12-04-I-24fc7e17-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.2-1995-12-04-I-24fc7e17-slot1.mcd) |
-| 3.0 (1996-09-09) I | ff3eeb8c | SCPH-5500 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-3.0-1996-09-09-I-ff3eeb8c-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-3.0-1996-09-09-I-ff3eeb8c-slot1.mcd) |
-| 3.0 (1996-11-18) A | 8d8cb7e4 | SCPH-5001<br/>SCPH-5501<br/>SCPH-5503<br/>SCPH-7003 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-3.0-1996-11-18-A-8d8cb7e4-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-3.0-1996-11-18-A-8d8cb7e4-slot1.mcd) |
-| 3.0 (1997-01-06) E | d786f0b9 | SCPH-5502<br/>SCPH-5552 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-3.0-1997-01-06-E-d786f0b9-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-3.0-1997-01-06-E-d786f0b9-slot1.mcd) |
-| 4.0 (1997-08-18) I | ec541cd0 | SCPH-7000<br/>SCPH-7500<br/>SCPH-9000 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-4.0-1997-08-18-I-ec541cd0-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.0-1997-08-18-I-ec541cd0-slot1.mcd) |
-| 4.1 (1997-11-14) A | b7c43dad | SCPH-7000W | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-4.1-1997-11-14-A-b7c43dad-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.1-1997-11-14-A-b7c43dad-slot1.mcd) |
-| 4.1 (1997-12-16) A | 502224b6 | SCPH-7001<br/>SCPH-7501<br/>SCPH-7503<br/>SCPH-9001<br/>SCPH-9003<br/>SCPH-9903 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-4.1-1997-12-16-A-502224b6-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.1-1997-12-16-A-502224b6-slot1.mcd) |
-| 4.1 (1997-12-16) E | 318178bf | SCPH-7002<br/>SCPH-7502<br/>SCPH-9002 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-4.1-1997-12-16-E-318178bf-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.1-1997-12-16-E-318178bf-slot1.mcd) |
-| 4.3 (2000-03-11) I | f2af798b | SCPH-100 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-4.3-2000-03-11-I-f2af798b-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.3-2000-03-11-I-f2af798b-slot1.mcd) |
-| 4.4 (2000-03-24) A | 6a0e22a0 | SCPH-101 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-4.4-2000-03-24-A-6a0e22a0-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.4-2000-03-24-A-6a0e22a0-slot1.mcd) |
-| 4.4 (2000-03-24) E | 0bad7ea9 | SCPH-102 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-4.4-2000-03-24-E-0bad7ea9-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.4-2000-03-24-E-0bad7ea9-slot1.mcd) |
-| 4.5 (2000-05-25) A | 171bdcec | SCPH-101<br/>SCPH-103 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-4.5-2000-05-25-A-171bdcec-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.5-2000-05-25-A-171bdcec-slot1.mcd) |
-| 4.5 (2000-05-25) E | 76b880e5 | SCPH-102 | **Yes** | [20211004 Slot 2](images/slot2/freepsxboot-unirom-fastload-20211004-bios-4.5-2000-05-25-E-76b880e5-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.5-2000-05-25-E-76b880e5-slot1.mcd) |
+| 1.0 (1994-09-22) I | 3b601fc8 | SCPH-1000 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-1.0-1994-09-22-I-3b601fc8-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-1.0-1994-09-22-I-3b601fc8-slot1.mcd) |
+| 1.1 (1995-01-22) I | 3539def6 | SCPH-3000 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-1.1-1995-01-22-I-3539def6-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-1.1-1995-01-22-I-3539def6-slot1.mcd) |
+| 2.0 (1995-05-07) A | 55847d8c | SCPH-1001 | **Yes; see note below** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-2.0-1995-05-07-A-55847d8c-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.0-1995-05-07-A-55847d8c-slot1.mcd) |
+| 2.0 (1995-05-10) E | 9bb87c4b | SCPH-1002 | **Yes; see note below** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-2.0-1995-05-10-E-9bb87c4b-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.0-1995-05-10-E-9bb87c4b-slot1.mcd) |
+| 2.1 (1995-07-17) A | aff00f2f | SCPH-1001 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-2.1-1995-07-17-A-aff00f2f-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.1-1995-07-17-A-aff00f2f-slot1.mcd) |
+| 2.1 (1995-07-17) E | 86c30531 | SCPH-1002 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-2.1-1995-07-17-E-86c30531-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.1-1995-07-17-E-86c30531-slot1.mcd) |
+| 2.1 (1995-07-17) I | bc190209 | SCPH-3500 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-2.1-1995-07-17-I-bc190209-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.1-1995-07-17-I-bc190209-slot1.mcd) |
+| 2.2 (1995-12-04) A | 37157331 | SCPH-1001<br/>SCPH-5003 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-2.2-1995-12-04-A-37157331-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.2-1995-12-04-A-37157331-slot1.mcd) |
+| 2.2 (1995-12-04) E | 1e26792f | SCPH-1002 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-2.2-1995-12-04-E-1e26792f-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.2-1995-12-04-E-1e26792f-slot1.mcd) |
+| 2.2 (1995-12-04) I | 24fc7e17 | SCPH-5000 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-2.2-1995-12-04-I-24fc7e17-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-2.2-1995-12-04-I-24fc7e17-slot1.mcd) |
+| 3.0 (1996-09-09) I | ff3eeb8c | SCPH-5500 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-3.0-1996-09-09-I-ff3eeb8c-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-3.0-1996-09-09-I-ff3eeb8c-slot1.mcd) |
+| 3.0 (1996-11-18) A | 8d8cb7e4 | SCPH-5001<br/>SCPH-5501<br/>SCPH-5503<br/>SCPH-7003 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-3.0-1996-11-18-A-8d8cb7e4-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-3.0-1996-11-18-A-8d8cb7e4-slot1.mcd) |
+| 3.0 (1997-01-06) E | d786f0b9 | SCPH-5502<br/>SCPH-5552 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-3.0-1997-01-06-E-d786f0b9-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-3.0-1997-01-06-E-d786f0b9-slot1.mcd) |
+| 4.0 (1997-08-18) I | ec541cd0 | SCPH-7000<br/>SCPH-7500<br/>SCPH-9000 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-4.0-1997-08-18-I-ec541cd0-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.0-1997-08-18-I-ec541cd0-slot1.mcd) |
+| 4.1 (1997-11-14) A | b7c43dad | SCPH-7000W | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-4.1-1997-11-14-A-b7c43dad-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.1-1997-11-14-A-b7c43dad-slot1.mcd) |
+| 4.1 (1997-12-16) A | 502224b6 | SCPH-7001<br/>SCPH-7501<br/>SCPH-7503<br/>SCPH-9001<br/>SCPH-9003<br/>SCPH-9903 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-4.1-1997-12-16-A-502224b6-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.1-1997-12-16-A-502224b6-slot1.mcd) |
+| 4.1 (1997-12-16) E | 318178bf | SCPH-7002<br/>SCPH-7502<br/>SCPH-9002 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-4.1-1997-12-16-E-318178bf-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.1-1997-12-16-E-318178bf-slot1.mcd) |
+| 4.3 (2000-03-11) I | f2af798b | SCPH-100 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-4.3-2000-03-11-I-f2af798b-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.3-2000-03-11-I-f2af798b-slot1.mcd) |
+| 4.4 (2000-03-24) A | 6a0e22a0 | SCPH-101 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-4.4-2000-03-24-A-6a0e22a0-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.4-2000-03-24-A-6a0e22a0-slot1.mcd) |
+| 4.4 (2000-03-24) E | 0bad7ea9 | SCPH-102 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-4.4-2000-03-24-E-0bad7ea9-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.4-2000-03-24-E-0bad7ea9-slot1.mcd) |
+| 4.5 (2000-05-25) A | 171bdcec | SCPH-101<br/>SCPH-103 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-4.5-2000-05-25-A-171bdcec-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.5-2000-05-25-A-171bdcec-slot1.mcd) |
+| 4.5 (2000-05-25) E | 76b880e5 | SCPH-102 | **Yes** | [20220318 Slot 2](images/slot2/freepsxboot-unirom-fastload-20220318-bios-4.5-2000-05-25-E-76b880e5-slot2.mcd) | [20211004 Slot 1](images/slot1/freepsxboot-unirom-fastload-20211004-bios-4.5-2000-05-25-E-76b880e5-slot1.mcd) |
 
 **Note for BIOS 2.0 (SCPH-1001 or SCPH-1002) slot 1 only**: the memory card containing FreePSXBoot must be inserted in slot 1, and **another memory card must be present in slot 2**. The memory card in slot 2 can have any content.
 

builder/builder.cc

@@ -261,7 +261,7 @@ static void usage() {
     printf(
         "-slot     the slot where the memory card will be inserted (1 or 2). If slot is 1, the memory card must be "
         "removed after the exploit is triggered. If slot is 2, the exploit disables the memory card in slot 2, and it "
-        "can be left there. Some BIOSes only have a slot 1 exploit.");
+        "can be left there.\n");
     printf("-base     the base address of the stack array being exploited from buInit\n");
     printf(
         "-vector   the address of the value we want to modify. Use 0x802 as a prefix, e.g. 0x802009b4 to modify value "
@@ -667,12 +667,13 @@ static void createImage(ImageSettings settings, const uint8_t* stage2, uint32_t
         throw std::runtime_error("Payload is 128 bytes and its checksum is not bad.");
     }
 
+    constexpr std::size_t payloadOffset = frameSize * 16;
     if (exploitSettings.type == ExploitType::MemcardISR) {
         // Store the payload with correct checksum in the last directory entry (frame 15)
-        putU32Vector(&out[0x780], payload);
+        putU32Vector(&out[payloadOffset - frameSize], payload);
         out[0x7ff] = crc;
         // Also store the payload with bad checksum in the first broken sector entry (frame 16)
-        putU32Vector(&out[0x800], payload);
+        putU32Vector(&out[payloadOffset], payload);
         out[0x87f] = ~crc;
     } else if (exploitSettings.type == ExploitType::ICacheFlush) {
         // Store the payload with correct checksum in all broken sector entries (frames 16 to 35 included)
@@ -682,10 +683,18 @@ static void createImage(ImageSettings settings, const uint8_t* stage2, uint32_t
         }
     } else {
         // Store the payload with bad checksum in the first broken sector entry (frame 16)
-        putU32Vector(&out[0x800], payload);
+        putU32Vector(&out[payloadOffset], payload);
         out[0x87f] = ~crc;
     }
 
+    // If total size is less than 64 kB, duplicate the content to the next 64 kB.
+    // This cheap fix makes it possible to use fake memory cards with a 512 kbits (64 kB) chip.
+    if (payloadOffset + payload.size() <= out.size() / 2) {
+        std::memcpy(out.data() + out.size() / 2, out.data(), out.size() / 2);
+    } else {
+        printf("Note: payload size is more than half the card size.\n");
+    }
+
     FILE* outFile = fopen(settings.outputFileName.c_str(), "wb");
     if (!outFile) {
         throw std::runtime_error("Failed to open output file " + settings.outputFileName);
@@ -697,7 +706,6 @@ static void createImage(ImageSettings settings, const uint8_t* stage2, uint32_t
 
 int main(int argc, char** argv) {
     banner();
-
     const flags::args args(argc, argv);
 
     auto modelVersionStr = args.get<std::string>("model");