Update. I have tried this with an OldCrow modchip on a PU-8 (SCPH-1002), and it works fine.
Emulators this game fails in is pSX (PSXFIN) and NO$PSX. I will note that the game boots past the security check in PCSXR too, but it also skips many intro videos. I find it extremely odd that the only emulator which actually emulates the original HC05 firmware dump from the Motorola chip (which is NO$PSX) actually fails to boot the game.
The game however, runs perfectly on XEBRA, ePSXe and MEDNAFEN.
I have the source code to PCSXR, and I've tried disabling and playing with the timing of some HC05 commands, but yet, nothing seems to alter the security check.
I've done some reversing in IDA, and one address that seemed like a good area to look at was 0x80020DF8. With that said, LameGuy64 has managed to make a patch which bypasses the first check in NO$PSX (simply enter these instructions at the said address) and manually replace each instruction.
Code: Select all
; Set address 0x80055388
lui a0,$8005
ori a0,$5388
; Write first word
lui v0,$8001
ori v0,$ce38
sw v0,0(a0)
; Write second word
lui v0,$0000
ori v0,$0133
sw v0,4(a0)
; Set the registers
lui v0,$8015
ori v0,$fd4c
lui v1,$0000
ori v1,$0133
lui a0,$8012
ori a0,$94c8
lui a1,$8012
ori a1,$9480
lui a2,$0000
ori a2,$0133
lui t0,$8005
ori t0,$51f0
; Branch to jr instruction
beq zero,zero,$80020ebc
nop
However, once the patch is entered and you've bypassed it, if you keep playing the game up until it asks for the second disc (which is about 4 minutes of video), the second security check takes places and repeats the same error screen in my first post.
My assumption is that the game is checking something to do with the CD access. It could be checking an interrupt response, a certain commands timing or simply the table of contents.
Note that my file versions are as followed:
- NO$PSX V2.0.
- XEBRA 180107 (07/JAN/2018?).
- MEDNAFEN V1.21.2.
, "PlayStation", 
, 
, "DUALSHOCK", "Net Yaroze" and "PSone" are registered trademarks of Sony Computer Entertainment Inc. 
.