I worked on the Metal Gear Solid port from PSX to PC, and Konami programmers chose a wild trick to store how the "C4" bomb was planted - either on the wall, or on the ground.
Essentially the pointer pointed to the same physical memory address, but if it was planted on the wall (or on the ground, I forgot) - then it was OR-ing it with 80000000h or was A0000000h - or maybe something else - lol was long time ago.
It was fun porting this on PC, and right now I don't even remember what I did exactly - hahaha
This is also how the memory card bootloader works.
There is a faulty array iterator in the BIOS code that can copy arbitrary data to locations higher up in the memory map than the base pointer. Normally that wouldn't let you overwrite any executable code because the base pointer is very high up (might be a stack pointer?). But because of the memory aliasing, if you set the right value the write "wraps around" and lets you clobber the BIOS.
This means you can boot a custom BIOS, effectively, by just going into the memory card screen. From there you can execute a PSX.EXE without going through the mechacon checks, bypassing copy protection
---
I wouldn't mind learning more about the MGS port. Do you remember much about it?
It uses TCL for most of the scripting, IIRC. In fact I think MGS 1-4 use the same lineage of scripting languages.
MGS2 source code was leaked recently, but my guess would be that was a complete rewrite and shared very little from the PSX codebase.
Usually, that kind of stunt nowadays is done by using the lowest significant bits and masking them off when dereferencing the pointer, trading off for a higher alignment (so 4 bits gives you 16-byte alignment).
The PS1 also happens to have RAM aliasing, because there's not enough RAM to cover the entire decoding window for the RAM. I don't know the details, but I've seen PS1 executables setting their stack pointer to the end of the devkit's 8 MiB of RAM and yet they work on retail units, because it ends up at the end of the retail's 2 MiB of RAM. So theoretically, you could stuff bits in there too (and without messing with different memory regions with different cache behaviors).
You can see this on many consoles, iirc it basically just boils down to some address pins not being connected anywhere, so whatever the pins are set to doesn't matter as they're just out in the air so to say.
Interesting! Trying to find that particular code in the decompiled code is proving challenging. I wonder if they haven't yet discovered and documented that yet!
...and resulted in some models having a backwards-compatibility mode not too dissimilar to the PC's A20 gate, although for only a short period of time.
Nowadays this stuff is standardized by hardware extensions.
Arm Top Byte Ignore (TBI), Intel Linear-Address Masking (LAM) and its fixed version Linear Address Space Separation (LASS), AMD Upper Address Ignore (UAI) still unsecure from SLAM exploits. Then you have security extensions build on top of this like ARM Memory Tagging Extension (MTE).
Not only that, for a device from 1995... It's still amazing to learn about this, its not as if most people will read this once, and remember everything on the page in one go.
What a beautifully designed website. Everything is thoughtfully set-up and well placed. A great example of a well curated digital garden. It feels well kept and very human crafted.
The architecture which made me fall in love with RISC (or "load-store" if you prefer) and see the error of my ways with x86 (insert your derogatory term here).
The PS1 architecture is fascinating - it will also reveal why PS1 games have such a unique, recognizable style that games are trying to recreate nowadays.
Love Copetti. Even as someone who is not particularly knowledgeable of everything he’s talking about, I I really enjoy thumbing through his writing and diagrams. There’s just something really fun about trying to understand what is going on under the hood with these machines, especially fifth and sixth generation consoles
Copetti enjoyers should also checkout everything Fabien Sanglard has done, including the Wolfenstein and Doom Black Books, the Another World port analyses, and the other dozens of code reviews he's posted. https://fabiensanglard.net/
They hold up pretty well when you play them as they were originally supposed to: on a CRT if you can or using emulators' CRT filters if you can't. Trying to play them at very high resolutions on crisp LCD displays is the worst way to go IMO.
It's interesting how different it is from the N64, which was seemingly designed to produce perfectly correct pixels even though no player would own displays that could really show the difference. I guess that's what you get when you let SGI design the GPU.
Yeah, any 8/16-bit pixel are t wasn't made to be viewed on a screen with that high a resolution. CRTs smoosh/blur the image a bit so you don't see all the hardlines.
I own a CRT and several playstation games. Many (most?) of the 3D games don't hold up that well. The aliasing artifacts are still quite visible and many games have occlusion bugs that TFA alludes to.
The PS1 didn't even have perpsective corrected texture mapping, some titles handled that manually to make it look less shit but not all titles did so.
The evolution of graphics was brutal in the 90s and early 00s, but somewhere around the PS3's appearance it slowed down since lighting models were becoming "good enough" on the PS3 for not being annoyingly bad and asset creation costs became the limiting factor rather than hardware.
> They hold up pretty well when you play them as they were originally supposed to: on a CRT if you can or using emulators' CRT filters if you can't
On the emulator side I would definitely recommend Duckstation. It's performant, has great UI / UX and also has a CRT filter available by default that more or less recreates the original look, even slightly warping the image to make you feel like you are staring into a TV tube.
Nah, I was there a million years ago, and I always thought the PSX looked like crap compared to PC games of the era with their wobbly polygons and warping textures. And that is assuming that you were using SCART with a clean RGB signal, composite was even worse.
Eeh ... speak for yourself. PS1 did mark the dawn of the 3D era for home consoles. There are lots of people who are into the low poly 3D models with the characteristic PS1 "wobble".
Sure a lot of it may be nostalgia but it does have its charm and I can say it's grown a lot on me over time. Especially once I learned about the PS1's unique hardware limitations. If my social media feed is anything to go by "PS1 graphics" are having a bit of a revival with lots of people trying to recreate that look.
Yes an entire generation of games running on a mere 2MB of RAM and 1MB of VRAM.
The crazy thing too was how much a step up PS2 was compared to PS1 in terms of available compute and sheer horsepower. But even that wasn't enough for a sandbox game like GTA 3 to run without a lot of clever tricks [1]
Graphically, either play on a CRT (or with CRT filters) or use an emulator that has PGXP geometry correction to eliminate vertex jittering at higher rendering resolutions.
As for gameplay, that console has a massive library, with thousands of commercially released games (and a lot of hidden gems). I'd be surprised if any gamer wouldn't find at least one to their taste in that catalog.
It does. The SPU only handles decoding and playback of ADPCM samples from its own memory and receives all CD audio from an I2S bus; the CD-ROM sector decoder chip handles XA-ADPCM decoding and resampling to 44.1 KHz internally, then sends the audio over I2S as if it were CD-DA. This is also why the SPU's ADPCM format is slightly different from XA-ADPCM (no interleaving and 5 filter coefficient presets rather than just the 4 used by XA-ADPCM and the older ADPCM format used on the SNES).
Executing the instruction after the jump seemed mental, but after a few days it was second nature. N64 had related issue: had to find an instruction to put between two multiplies. If the first multiple multiplied by zero or otherwise finished in two cycles, the CPU would freeze if the next instruction was also a multiply.
Another weird corner case is that COP2 (GTE) instructions actually start executing one instruction early with respect to where the program counter is. As a result when an exception happens the kernel interrupt handler checks to see if the next instruction is COP2 and has to add 4 to the program counter in order to not execute it twice.
Also COP2 instructions were not allowed in branch delay slots (presumably for similar reasons), however some games (from memory Tekken3) do actually do this. I always wondered if it was a sneaky anti-emulation thing :) (because many emulators had issues with this, or needed special handling).
Did read this years ago and read it today again. Just so happy that there are people producing such quality work. Even if I personally don't know much about any of it, I still find myself being totally sucked in while reading.
There are memory regions that are mapped to the same physical memory - https://psx-spx.consoledev.net/memorymap/
I worked on the Metal Gear Solid port from PSX to PC, and Konami programmers chose a wild trick to store how the "C4" bomb was planted - either on the wall, or on the ground.
Essentially the pointer pointed to the same physical memory address, but if it was planted on the wall (or on the ground, I forgot) - then it was OR-ing it with 80000000h or was A0000000h - or maybe something else - lol was long time ago.
It was fun porting this on PC, and right now I don't even remember what I did exactly - hahaha
This is also how the memory card bootloader works.
There is a faulty array iterator in the BIOS code that can copy arbitrary data to locations higher up in the memory map than the base pointer. Normally that wouldn't let you overwrite any executable code because the base pointer is very high up (might be a stack pointer?). But because of the memory aliasing, if you set the right value the write "wraps around" and lets you clobber the BIOS.
This means you can boot a custom BIOS, effectively, by just going into the memory card screen. From there you can execute a PSX.EXE without going through the mechacon checks, bypassing copy protection
---
I wouldn't mind learning more about the MGS port. Do you remember much about it?
It uses TCL for most of the scripting, IIRC. In fact I think MGS 1-4 use the same lineage of scripting languages.
MGS2 source code was leaked recently, but my guess would be that was a complete rewrite and shared very little from the PSX codebase.
Usually, that kind of stunt nowadays is done by using the lowest significant bits and masking them off when dereferencing the pointer, trading off for a higher alignment (so 4 bits gives you 16-byte alignment).
The PS1 also happens to have RAM aliasing, because there's not enough RAM to cover the entire decoding window for the RAM. I don't know the details, but I've seen PS1 executables setting their stack pointer to the end of the devkit's 8 MiB of RAM and yet they work on retail units, because it ends up at the end of the retail's 2 MiB of RAM. So theoretically, you could stuff bits in there too (and without messing with different memory regions with different cache behaviors).
You can see this on many consoles, iirc it basically just boils down to some address pins not being connected anywhere, so whatever the pins are set to doesn't matter as they're just out in the air so to say.
6 replies →
Interesting! Trying to find that particular code in the decompiled code is proving challenging. I wonder if they haven't yet discovered and documented that yet!
https://github.com/FoxdieTeam/mgs_reversing/blob/master/sour...
Early Macs used the upper byte of 32-bit pointers for other data:
https://en.wikipedia.org/wiki/Classic_Mac_OS_memory_manageme...
...and resulted in some models having a backwards-compatibility mode not too dissimilar to the PC's A20 gate, although for only a short period of time.
Nowadays this stuff is standardized by hardware extensions.
Arm Top Byte Ignore (TBI), Intel Linear-Address Masking (LAM) and its fixed version Linear Address Space Separation (LASS), AMD Upper Address Ignore (UAI) still unsecure from SLAM exploits. Then you have security extensions build on top of this like ARM Memory Tagging Extension (MTE).
This is great, but it was originally published in 2019. See the past discussions in 2020: https://news.ycombinator.com/item?id=27576902 (114 comments also).
It’s been updated many times since then!
So? That was 5-7 years ago. I haven't seen this before, so I appreciate it being posted :)
Yep! Just that the post title should have a (2019) in it. Or maybe (2021) or (2025), given the most recent revision dates.
1 reply →
Not only that, for a device from 1995... It's still amazing to learn about this, its not as if most people will read this once, and remember everything on the page in one go.
1 reply →
What a beautifully designed website. Everything is thoughtfully set-up and well placed. A great example of a well curated digital garden. It feels well kept and very human crafted.
Hey all, I posted this as I'm currently working on a PS1-related project that I hope to release soon.
Does anyone have recommendations for a PS1 web/js/wasm emulator? PCSX-Redux [0] has been great on desktop, and DuckStation [1] as well.
I found a few js/emscripten efforts, but if anyone has a rec, I'd appreciate it. Thanks!
[0] https://github.com/grumpycoders/pcsx-redux/
[1] https://duckstation.org/
The architecture which made me fall in love with RISC (or "load-store" if you prefer) and see the error of my ways with x86 (insert your derogatory term here).
The PS1 architecture is fascinating - it will also reveal why PS1 games have such a unique, recognizable style that games are trying to recreate nowadays.
Love Copetti. Even as someone who is not particularly knowledgeable of everything he’s talking about, I I really enjoy thumbing through his writing and diagrams. There’s just something really fun about trying to understand what is going on under the hood with these machines, especially fifth and sixth generation consoles
Copetti enjoyers should also checkout everything Fabien Sanglard has done, including the Wolfenstein and Doom Black Books, the Another World port analyses, and the other dozens of code reviews he's posted. https://fabiensanglard.net/
1994 always gets me too. It feels like they are more a late 90s thing.
They didn't launch outside of Japan until late 1995, so most people got one in '96.
Which means that we're really talking about hardware from 91-93, right? I.e. if launch was 94 then they were designing in 91-93ish.
PS2 didn't come out until 2000. Most of the games I remember are from later too.
I love a pre-Claude article
These articles are always excellent.
PS1 games do not hold up so good, but PS2 games uprezzed to 1440p-4k are basically perfect imo.
They hold up pretty well when you play them as they were originally supposed to: on a CRT if you can or using emulators' CRT filters if you can't. Trying to play them at very high resolutions on crisp LCD displays is the worst way to go IMO.
It's interesting how different it is from the N64, which was seemingly designed to produce perfectly correct pixels even though no player would own displays that could really show the difference. I guess that's what you get when you let SGI design the GPU.
1 reply →
Yeah, any 8/16-bit pixel are t wasn't made to be viewed on a screen with that high a resolution. CRTs smoosh/blur the image a bit so you don't see all the hardlines.
I own a CRT and several playstation games. Many (most?) of the 3D games don't hold up that well. The aliasing artifacts are still quite visible and many games have occlusion bugs that TFA alludes to.
The PS1 didn't even have perpsective corrected texture mapping, some titles handled that manually to make it look less shit but not all titles did so.
The evolution of graphics was brutal in the 90s and early 00s, but somewhere around the PS3's appearance it slowed down since lighting models were becoming "good enough" on the PS3 for not being annoyingly bad and asset creation costs became the limiting factor rather than hardware.
1 reply →
> They hold up pretty well when you play them as they were originally supposed to: on a CRT if you can or using emulators' CRT filters if you can't
On the emulator side I would definitely recommend Duckstation. It's performant, has great UI / UX and also has a CRT filter available by default that more or less recreates the original look, even slightly warping the image to make you feel like you are staring into a TV tube.
Nah, I was there a million years ago, and I always thought the PSX looked like crap compared to PC games of the era with their wobbly polygons and warping textures. And that is assuming that you were using SCART with a clean RGB signal, composite was even worse.
What I find truly ironic is how CRT shaders work best on a 4k display with good HDR performance.
4k lets you scale the image and insert scanlines without scaling artifacts and with enough extra pixels to make the scanlines feel properly soft.
HDR lets the shader compensate for the brightness lost to the CRT filter without desaturating the color.
3 replies →
> PS1 games do not hold up so good
Eeh ... speak for yourself. PS1 did mark the dawn of the 3D era for home consoles. There are lots of people who are into the low poly 3D models with the characteristic PS1 "wobble".
Sure a lot of it may be nostalgia but it does have its charm and I can say it's grown a lot on me over time. Especially once I learned about the PS1's unique hardware limitations. If my social media feed is anything to go by "PS1 graphics" are having a bit of a revival with lots of people trying to recreate that look.
I had the N64. It did not wobble. Seeing a Playstation in action with its wobble was so weird.
3 replies →
I'm 35, I know, I was there.
>o by "PS1 graphics" are having a bit of a revival with lots of people trying to recreate that look.
Yea I like it too I'm not saying it is bad :)
Also I do hate these cringe zoomers.
It is quite amazing to me to see the specs and what developers managed to squeeze out of that!
Yes an entire generation of games running on a mere 2MB of RAM and 1MB of VRAM.
The crazy thing too was how much a step up PS2 was compared to PS1 in terms of available compute and sheer horsepower. But even that wasn't enough for a sandbox game like GTA 3 to run without a lot of clever tricks [1]
[1] https://youtu.be/cIbCxbrBCys?si=cLMr4-7ubGD4fNWi
2 replies →
Graphically, either play on a CRT (or with CRT filters) or use an emulator that has PGXP geometry correction to eliminate vertex jittering at higher rendering resolutions.
As for gameplay, that console has a massive library, with thousands of commercially released games (and a lot of hidden gems). I'd be surprised if any gamer wouldn't find at least one to their taste in that catalog.
The 2D ones (e.g. Symphony of the Night) do.
Love the 2D games of the PS1 era. I still replay Mega Man X4/5/6 every once in a while.
Why did I think the XA decompression happened in the CD-ROM unit rather than the SPU?
It does. The SPU only handles decoding and playback of ADPCM samples from its own memory and receives all CD audio from an I2S bus; the CD-ROM sector decoder chip handles XA-ADPCM decoding and resampling to 44.1 KHz internally, then sends the audio over I2S as if it were CD-DA. This is also why the SPU's ADPCM format is slightly different from XA-ADPCM (no interleaving and 5 filter coefficient presets rather than just the 4 used by XA-ADPCM and the older ADPCM format used on the SNES).
Executing the instruction after the jump seemed mental, but after a few days it was second nature. N64 had related issue: had to find an instruction to put between two multiplies. If the first multiple multiplied by zero or otherwise finished in two cycles, the CPU would freeze if the next instruction was also a multiply.
Another weird corner case is that COP2 (GTE) instructions actually start executing one instruction early with respect to where the program counter is. As a result when an exception happens the kernel interrupt handler checks to see if the next instruction is COP2 and has to add 4 to the program counter in order to not execute it twice.
Also COP2 instructions were not allowed in branch delay slots (presumably for similar reasons), however some games (from memory Tekken3) do actually do this. I always wondered if it was a sneaky anti-emulation thing :) (because many emulators had issues with this, or needed special handling).
They should start teaching about plash speed routers in schools.
Did read this years ago and read it today again. Just so happy that there are people producing such quality work. Even if I personally don't know much about any of it, I still find myself being totally sucked in while reading.
[flagged]
I love his work. I bought one of his books recently :)