Skip to content
This repository has been archived by the owner. It is now read-only.
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
DMA
 
 
GTE
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Overview

JPG

Reverse engineering of PlayStation CPU GTE.

The aim of this project is full discovery how Pops emulating GTE and write own port for some of freeware Sony `PlayStation` emulators (e.g. Pcsx). **DEPRECATED**

Since Pops is buggy shit, new goal is: drop acid on PSX CPU, microscope it, find GTE, recover standard cells and study its logic layout.

GTE was always kind of mystery for PSX emu authors, now we have a chance to look how it was made of silicon.

Overall progress:

  • Decap CPU DONE
  • Microscope top metal layer (M2) on 20x zoom DONE
  • Microscope bottom metal layer (M1) DONE
  • Trace both metal layers
  • Delayer metal and microscope diffusion layer DONE
  • Trace diffusion DONE
  • Find all combinations of standard cells DONE
  • Locate GTE DONE
  • Restore GTE logic circuit

News

02 jul 2015:
Almost all standard cells are discovered and identified. GTE location is confirmed at bottom-left corner of chip.

13 sep 2013:
CPU was delayered and imaged on 40x. Now we have to stitch 2900 image pieces (8.5 GB of data) and recover CPU Standard cells %)

2 jun 2013:
Starting to stitch 850 pieces on 20x zoom.

27 may 2013: Sony, squeeze your rolls :P Here we go!

JPG


Waves to http://zeptobars.ru for high-resolution PSX CPU images.

15 oct 2012: I captured PSX CPU die photo, wow :P

PNG

1 feb 2012: Pwned GTE divider, used in RTPS/RTPT. See wiki. Also uploaded gte_divider.h in source tree.

24 aug 2011: Uploaded GTECheck. This small program is used to test GTE instructions on the real hardware.

  • discovered that Pops has bug in AVSZ3 emulation (see wiki)

21 jul 2011: GTETest is reported to be working on real hardware! Thanks to edgbla :) You can grab latest version on SVN.

20 jul 2011: Found strange thing : DPCL and CDP instructions are swapped in opcode table. See details on "Bug_DPCL_CDP" wiki page.
GTETest now uploaded to the repo + I found that GTE instructions opcode decoding in Disasm.c was a bit wrong :=) (OP2 instruction field).

18 jul 2011: GTETest is reported to be not working on real hardware. Still available from downloads though. DPCS disassembled. Found bug in vi2uc.q instruction in prxtool (I already fixed disassembly listings where it was occured). Some small corrections here and there.

23 jun 2011: DCPL was mistyped. It should be DPCL. Small program for PSX was uploaded (GTETest)

24 jun 2011: Added some MDEC reversing by unknown reason

25 jun 2011: Added cool project logo. Tell me, if you have hires microscoped PSX-CPU image, I want to use it as logo.

Credits

Credits go to old scene members:

  • Doomed/Padua: first complete GTE documentation. Where did you get it guys? o_O [now I know hehe]
  • Groepaz/Hitmen: for valuable help with VFPU instructions
  • Tyranid: for prxtool
  • Pcsx team: good testing framework, nah, and for the best opensource PSX emu :P
  • Anonymous contributor for the convudendual Inlinref.pdf "Inline Programming Reference"

(c) org, 2011, 2012

Contact:
email: ogamespec at gmail.com
Skype: ogamespec

About

PlayStation GTE Reversing

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published