DREAMCAST BIOS FLASHING STORY
I have modified the DC bios IC , to added a FLASH ic (MX29LV160 /SOP44) apon the bios ROM IC,two month ago. Base on the Russian DC-web : http://www.dc-swat.ru/blog/hardware/16.html#comment15
It works well,use the DREAMSHELL 4.0, I could play SDISO games and flash the bios file easy,it could test just after flash. I have try all ver. bios (jap, usa,eur, dev_dc). DC could all work well .
So i start to hack the original bios file. when i translate jap text to chinese, the bios could work well in any DC EMU(nulldc,Chankast ,demul <need to path crc>). The Chinese text show beautiful. I am so exciting about that.
Then i copy the Chinese_bios to a SD card loader (http://www.dc-swat.ru/blog/hardware/14.html )and Flash into DC. DC freezed in the swirl logo .
So i recognized, the bios booting up must have a self-check. If it failed,be freeze. I found,the check could passed when i only make slight modify to bios, more ...be failed.
As i dont know SH4 ASM, so i couldnot modify Assembly instructions to skip the self-check.
ANYBODY,do you help me to skip it? or somebody you know,be expert in SH4 ASM ?
IF skip it, we could do anything to original bios. and could show in a real dc.
It is wellknow, Naomi have 32M Ram . It is larger then DC,so it could run faster.After bios translate,I have consider to modify bios ram map,make dc could recognize more RAM (replace the origin 16M ram IC to be needed) .
But I am be stuck by the self-check,now. Please help me ~
Good Luck everday~
How the sega checksum work?
anybody know how to jump the check order ?
I could modify "pvr" and "text" as the picture below, till now.
link83 have hack a dev_bios ,and get rid of the HASH CHECKSUM, anybody could send it to me??
Hey go a idea for you make a bios so you dont need to use a gd-rom that would be cool?
I'm not sure of how the RAM is put into the DC but you make larger RAM chips possible with additional data lines, and so if there's no spare data lines that are assigned to the RAM, you're looking at coding your own bios... Good luck with that.
It's stuck even if you reflash with stock bios?
I helped link83 for a while on the Dreamcast bios (in fact we both ended up with our own versions but for some odd reason mine wouldn't run on the actual hardware (mine was based off the hkt-0120 bios while his was from the retail Dreamcast bios) and I can tell you right now that there is no such thing as a hash check on the Dreamcast bios and most certainly nothing we needed to kill or bypass. There is however a hash check on the katana hkt-0120 bios and even on naomi bioses, considering I don't own either of the devices I couldn't look into it. If you need my or link83's bios I'll be happy to provide it to you.
I've got some NAOMI bios files if needed, and a NAOMI.
No EEPROMs or a programmer though so can't test anything.
Thanks everybody care about DC bios hack!
DEAR Mathieulh, I need your and link83's BIOS, Please send email for me ~ thanks!
Does you mean, RETAIL DC HAVENOT CHECKSUM, but DEV DC HAVE A unknown HASH CHECKSUM ?
I have try to modify retail dc bios before , it freeze in swire too.
The checksum has boring me for a long time.Wish i could find something form your Bios.
i found the dc bios some block have been compressed. when i touch the TEXT AREA with SH4 CODES,my dc be freezen in swire.
who have some software to Release OR Extract the compressed part ?
maybe you couldnt understand my meaning,To see my picture below:
when i modify the JAP words that nulldc debug show: unknown opcode 0x? , my dc work well. (debug1,2)
but i touch the JAP words that nulldc debug show some sh4 code, my dc freezen on swire(debug3,4)
who have some ideal to decompress it? or some ideal to solve the problem,please tell me ,thanks!
Last edited by LeGIt; 04-20-2011 at 09:38 AM.
Reason: i r the merginator!
here you go http://lan.st/moddedbioses.rar you'll see here link83's bios, a mod of his bios I made (although it's been a while so I don't even remember what for) and the lastest iteration of my bios (I have tons of different builds on my computer but this one is the lastest and appears stable) Both bioses have parts from the hkt-0120 bios and the retail one making them quite similar in the end considering we were aiming at getting the same features to work. Keep in mind that for some unknown reason while my build works fine on emulators it fails to run on the actual hardware, link83's bios which is close to the retail builds runs just fine on the actual hardware.
Yes, retail dreamcasts have no kind of checksum when it comes to run the bios, while the hkt-0120 unit does, it probably comes from the fact that the hkt-0120 unit's bios is writeable and sega didn't want people to mess with it for some reason. The naomi biosses also sport some checksum.
Originally Posted by mych
The fact that the swirl starts on your Dreamcast means that it's not a checksum issue, more an issue with your bios. Keep in mind that emulators aren't the actual hardware and differences do exist, this means that something running on an emulator might not run on the real hardware.
Last edited by LeGIt; 09-20-2012 at 04:52 AM.
Reason: Double Post Merge
I have reigon free bios ( retail and dev) . do you have a msn or email ? maybe you will interesting at it .
Originally Posted by mathieulh
I guess ,the part of bios have be compressed.
do you have some software tool to watch bios Structure, or Release or Extract is more helpful for me.
BTW: I have send a email to drkIIRaziel,the father of NULLDC. Wish he could take some advise for BIOS HACK.
Last edited by mych; 11-02-2010 at 04:26 AM.
Region free is just changing at 0x51E 1EB0 to 08A0 (in hexa) as far as I remember of (the location is the same in the retail or the hkt-0120 bios)
Originally Posted by mych
Both link83 and my bioses already have this address changed.
I used IDA and a lot of manual compare mostly but I still don't know what a lot of the bios code was for, it'd certainly help to have the sources to look at xD. It's been way too long since I last looked at it though.
I knows the 0x51E code modify,but my retail bios is deffent from yours. IT is dumped of a mask rom from old DC. After Comparison ,I found it is base on DC 1_004_01.bin . Are you interest it？
Sure, it might be interesting to look at some older revision of the bios.