Routine to bypass a firmware

Page 6/10
1 | 2 | 3 | 4 | 5 | | 7 | 8 | 9 | 10

By gdx

Enlighted (5697)

gdx's picture

14-07-2022, 11:22

Alexey wrote:

I tried to put the universal firmware bypass routine (above) into Carnivore2's Boot Menu. The firmware is indeed bypassed, but Nextor doesn't work, the machine falls into Basic and the CF card gives an error on access.

I finally tested. I don't know what happened, I got confused doing it. Maybe I had a problem with OpenMSX. This routine says to be reviewed, as well as the list of MSXs that do not match.

Other routines work on the emulator with the Carnivore2 emulated. The method for the HB-F5 should work with some modifications. A detection must be added to determine which firmware is modifying the hook and to disable it when necessary only.

By gdx

Enlighted (5697)

gdx's picture

15-07-2022, 12:02

I finally took the time to watch the routine for the "Sony HB-F1, HB-F1II, HB-F9P/S, etc

I made a mistake somewhere but I said that theses firmwares are bypassed when the Hook H.STKE (0FEDAh) is used. So if carnivore2 uses this hook, these firmwares should be disabled, and there is nothing to do for that.

I noted the contents of the hook when used to run the firmware.

Mitsubishi ML-G1: F7 8F 58 40
Sony HB-101: F7 xx 43 40
Sony HB-101P: F7 xx 43 40
Sony HB-201: F7 xx 43 40
Sony HB-201P: F7 xx 43 40
Sony HB-F1: F7 xx 76 40
Sony HB-F1II: F7 xx 76 40
Sony HB-F5: F7 xx 51 40
Sony HB-F9P/S: F7 xx 5C 40

xx is the main Ram slot (4000h~7FFFh)

Contrary to what I said, the following machines are not concerned since the hook is not modified.(The OpenMSX debugger is a bit painful to use)

National FS-4000: C9
National FS-4500: C9
National FS-4600: C9
National FS-4700: C9
Toshiba HX-21I: C9
Toshiba HX-22I: C9
Toshiba HX-23I: C9
Sony HB-55P: C9
Sony HB-75D: C9

I think you now have enough information to bypass the firmware of about 14 machines even if I haven't fixed this routine yet. Smile

By gdx

Enlighted (5697)

gdx's picture

16-07-2022, 00:52

In fact, this is DOS2 that is the problem roughly as pointed by Acet.

By konamiman

Paragon (1176)

konamiman's picture

18-07-2022, 18:25

Quote:

I proposed it to Konamiman for Nextor but which unfortunately did not adopt

I'm aware that the boot process of Nextor is a mess and I want to simplify it, but that will be in Nextor 3, together with other major changes. I'm not sure yet how I will do it, but I'll take in account all the suggestions I have received regarding this subject.

By Wierzbowsky

Guardian (3492)

Wierzbowsky's picture

25-07-2022, 14:23

I've managed to create a file that works on my Hitachi H3. But it needs to be mapped with Dual-Slot to the second slot and the first slot has to be set as extended with the empty subslot x.0 and all other devices enabled. Only then it works.

https://podrezov.com/temp/bypassfw.zip

I am currently trying to create a more convenient solution - to use DefCfg entry to run the special code from Carnivore2's RAM in slot x.2 to bypass the firmware. Doing this from Shadow RAM doesn't work as it is mapped to slot x.0. And in order to work, this code should be run after Nextor's initialization in slot x.1.

Another thing is that using CRTL+STOP to cancel CF card's detection in Nextor is a bad idea as some machines, for example my Hitachi, uses CTRL+STOP to bypass firmware. As a result, booting to DOS2 on this Hitachi is pain in the @ss.

By Wierzbowsky

Guardian (3492)

Wierzbowsky's picture

26-07-2022, 03:30

And finally, I nailed it down! Took quite an effort to make things right. Now I load the hook disabling code into Carnivore2's main RAM, restore all registers to DefConfig state and return control to the system instead of rebooting. From now on selecting DefConfig or by pressing ESC in the Boot Menu, the built-in firmware is automatically bypassed on all machines listed by gdx. I tested this on my physical Hitachi H3 and on all affected machines in OpenMSX emulator.

I would appreciate if you guys could test the new Boot Menu v2.54 with this feature. I've added it to the same archive mentioned in the previous post:

https://podrezov.com/temp/bypassfw.zip

The alternative solution - the special ROM file that comes with its own RCP settings for C2MAN utility, should be started from the Boot Menu with the following configuration:

By foody

Champion (452)

foody's picture

26-07-2022, 05:44

Here is the thing...this is exactly the configuration I have right now...exactly like this. My only problem I have is, I still need to press F5 everytime I power my MSX in order for it to start detecting IDE and so on and get the fmpac + SRAM to work and all the good stuff. If I don't press F5 c2 is never detected, never booted and fmpac is never executed.

Anyone have any idea how to resolve this issue? Here is the setting I have, megaflash rom scc+ placed in slot 1 and C2 placed in slot 2. If I don't press F5 c2 is ignored and all it's features are ignored. Now, I am going to be honest, I will constantly press F5 because I want my MSX2 to run in PAL mode which is way superior in quality and I have pixel perfect and looks great with most of the games. So I guess concerning this factor it is a mode point discussing it, but..for future reference I have this issue unresolved. Can someone help me?

By Manuel

Ascended (18948)

Manuel's picture

26-07-2022, 08:10

Just a question: why do you use both MFR SCC+ and C2 at the same time?

By gdx

Enlighted (5697)

gdx's picture

26-07-2022, 09:55

Good job Alexey! The C2 is increasingly attractive.

By sdsnatcher73

Prophet (3528)

sdsnatcher73's picture

26-07-2022, 13:05

foody wrote:

Here is the thing...this is exactly the configuration I have right now...exactly like this. My only problem I have is, I still need to press F5 everytime I power my MSX in order for it to start detecting IDE and so on and get the fmpac + SRAM to work and all the good stuff. If I don't press F5 c2 is never detected, never booted and fmpac is never executed.

Anyone have any idea how to resolve this issue? Here is the setting I have, megaflash rom scc+ placed in slot 1 and C2 placed in slot 2. If I don't press F5 c2 is ignored and all it's features are ignored. Now, I am going to be honest, I will constantly press F5 because I want my MSX2 to run in PAL mode which is way superior in quality and I have pixel perfect and looks great with most of the games. So I guess concerning this factor it is a mode point discussing it, but..for future reference I have this issue unresolved. Can someone help me?

The reason might be because MFR also has firmware skip code…

Page 6/10
1 | 2 | 3 | 4 | 5 | | 7 | 8 | 9 | 10