Hi,
Here is my crappy GD / IDE test code for checking the Holly lockout...
https://mega.co.nz/#!654gUBiI!XkG0QLjgGI...GgvhqOuqc0
I haven't had chance to do much else yet, but I'm hoping it can be bypassed by forcing some specific Word values onto the G1 bus.
It easiest to just load the binary from Dreamshell, then press Y to switch to "ATA" mode.
Pressing X should switch between Hex and ASCII display, but it can be a bit messed up (code needs checking / fixing).
If you then press A, it will do the usual "g1_activation" check by reading the whole BIOS.
But, it only knows whether it has passed the check by reading back a specific WORD value from your HDD / CF.
It's easier to understand if you look in the code. eg...
if (*DMA_LOAD_ADDR == 0x49524952) // Check the first word of the buffer to make sure it matches MY HDD contents!!
Remember, when it displays the hex on screen, it's actually Byte-swapped too, so the value I see on screen is 0x5249.
I just used an arbitrary sector on the HDD for the test - you have to change the default FAD at the top of the code to suit your HDD. eg...
int dump_fad = 314;
(I just used the FAD address, even though I'm reading from HDD.
)
So basically....
1. Run the GD.BIN.
2. Find any arbitrary Word value on your IDE device using the D-Pad, but keep the Offset to 0!
3. Note down the FAD address where your Word is.
4. Modify the default FAD value at the top of the code.
5. Modify the check code to match the Word at that address.
Hope that makes sense - it's just a quick-and-dirty way to test the lockout.
To force the HOLLY check to Fail, I simply switched the physical Flash BIOS switch on my DC DURING the check!
(I'm using sd_loader_with.bios, so it still passes the test in either switch setting).
So, probably best just to switch back to the stock Sega BIOS, then try some different code tests to see if you can get it to pass.
If it does get locked out, you CAN re-do the test and get it to unlock the G1 / IDE again (you don't need to reset the DC).
Don't try DMA in the code though, it wasn't fully working anyway (locks up when waiting for DMA flag, so had to add a delay instead.)
PIO works fine for checking the Holly lockout, so don't press B if the lockout fails!
Oh, and make sure that nothing in the code is writing back to your IDE device or you might corrupt something! :o
A lot of junk in the code is from me trying to get it to boot a game from IDE many months ago, so please ignore it.
The code also contains chunks of other people's code (like Bluecrab's PSO loader syscall routines), but it's all in the public domain anyway.
It does have some basic GD Syscall redirection though, so all the PIO / DMA reads are being redirected via cdfs_redir.s, and going back to the C routines.
As always, I'm probably over-complicating things.
If you read the bottom part of the code, it makes more sense. lol
OzOnE.