Custom everdrive MD v3 menu
Posted: Fri Nov 28, 2014 3:01 pm
I've recently been thinking about the possibilities of a custom everdrive menu (MDOS.bin), and therefore started reverse engineering how the software works. I haven't achieved much, but I wanted to create a thread to see if someone already did the same thing, has any information about it, or is interested in such a thing. I still need to ask krikzz, maybe he is willing to give me more information on the thing.
Some possibilities for this:
- Change pretty much anything about the looks of the menus
- Have the menu make sound effects
- Write "applications" (vgm player, hex editor) that don't need the console to reset to turn back to the menu
- Make SD-Cards that directly boot a game (this might be interesting for people who do speedruns of games and often hard-reset the console)
The thing is however, that this stuff needs to fit in ram, or else you will have to flash it, which is very slow.
So here's what I found out so far: When the everdrive turns on, there's a bootloader in address space 0x0000 - 0xFFFF (the bootloader takes only ~23kB of that, the rest is zeroes). The bootloader is then trying to read from the sd-card and copies the mdos.bin to ram. I've dumped the bootloader but haven't found the actual routine that copies the mdos.bin yet. Still inside MDOS.bin you will find a lot of jumps to subroutines in ram, so I'm quite sure that it's being copied to ram before being executed.
Controlling the SD-card seems to be done via the addresses 0x80000,0x80002,0x80004,0x80006.
There don't seem to be any integrity checks for mdos.bin. I was able to change the menu colors by just changing the corresponding values in the mdos.bin, without the need to generate anything like a checksum.
So if anyone has already tried this and has more information than I have, feel free to inform me
Some possibilities for this:
- Change pretty much anything about the looks of the menus
- Have the menu make sound effects
- Write "applications" (vgm player, hex editor) that don't need the console to reset to turn back to the menu
- Make SD-Cards that directly boot a game (this might be interesting for people who do speedruns of games and often hard-reset the console)
The thing is however, that this stuff needs to fit in ram, or else you will have to flash it, which is very slow.
So here's what I found out so far: When the everdrive turns on, there's a bootloader in address space 0x0000 - 0xFFFF (the bootloader takes only ~23kB of that, the rest is zeroes). The bootloader is then trying to read from the sd-card and copies the mdos.bin to ram. I've dumped the bootloader but haven't found the actual routine that copies the mdos.bin yet. Still inside MDOS.bin you will find a lot of jumps to subroutines in ram, so I'm quite sure that it's being copied to ram before being executed.
Controlling the SD-card seems to be done via the addresses 0x80000,0x80002,0x80004,0x80006.
There don't seem to be any integrity checks for mdos.bin. I was able to change the menu colors by just changing the corresponding values in the mdos.bin, without the need to generate anything like a checksum.
So if anyone has already tried this and has more information than I have, feel free to inform me