QJ.net Game Discussion - PSP, Xbox, Wii, PS3, PSP Homebrew, and PSP Guides

**Dark_AleX** · 07-15-2006, 12:41 AM

Download at

http://dax.psp-tuts.net/

I copy and paste from the readme.
Custom Firmware - The proof of concept by Dark_AleX

There has been lately some discussion about if custom firmware in the psp are posible (note: custom in the sense of writing our own executable code in the system, and not only data like fonts, videos,...)

Even a lot of developers doubt that this is possible due to the protections in the psp.
Well, i'm here with this simple proof of concept to show the contrary :P

Instructions:
(Note: this thing only works for 1.50)

- Copy the PSP folder to the root of your memstick.
- Execute the program "Custom Firmware - The proof of concept"
It will write to the flash some executable files.

Now you are done.

This program has ben tested on my psp. However, as all programs that write to the flash, there is always some risk of bricking the psp. Use it at your own risk.
IMPORTANT (to avoid confussion): the program includes a file called vshmain.prx. This file is NOT of Sony, it comes from me, the source of everything is released.

The features of this custom firmware - proof of concept are:

- Execution of normal pbp's (1.00 ones, no-kxploited)
- Posibility of hiding corrupt icons. (note: by default it's not enabled, look at the file /PSP/SYSTEM/config.txt to see how to enable it)
- Posibility of skipping the SCE logo at the startup. (and in this way avoid the annoying auto-execution of the UMD). Like the previous one, this is not enabled by default.
- "Recovery mode:". If you keep R pressed while starting the psp, it will enter in "Recovery mode".
Recovery mode is not more than a simple application that will let you to use the usb, and execute a program under ms0:/PSP/GAME/UPDATE/EBOOT.PBP, that could be, for example, a sony updater or the 1.50 -> 1.00 downdater.

This would allow to recover potential bricks caused by the writing of bad fonts/videos/sounds... to the flash.
(Note that this wouldn't allow to recover critical things like the overwriting of critical prx's)

- Autoexecution of a program at the startup. See the configuration file at /PSP/SYSTEM/config.txt to see how to use it.

Technical Details for Developers - Why and how this work.

Consider vshmain.prx like the executable of the firmware.
You should know that either in 1.00 or 1.50 we CANNOT execute our own prx's.
However, you should know that we can execute our own elf's

Just creating an elf, renaming it to vshmain.prx and flashing the file does the job

However, notice a VERY IMPORTANT thing. By default, static elf's created by the pspsdk are linked to the address 0x08900000. This address is already taken by a prx of those that are loaded before vshmain.prx.
It's necesary to relocate the elf to a different address not already taken.
This proof of concept use the address 0x09CD3000.

**nesianstyles** · 07-15-2006, 12:43 AM

awesome! Great work dark_alex!

Skate3214 · 07-15-2006, 12:51 AM

Good work, but does this actually work? Like does it allow you to run eboots without kxploit on 1.5 and those other things or are you saying that it may be possible in the future.

**Moose** · 07-15-2006, 12:52 AM

Wow, well done, nice work!

**Dark_AleX** · 07-15-2006, 12:52 AM

Quote:

Originally Posted by psp_bling

Good work, but does this actually work? Like does it allow you to run eboots without kxploit on 1.5 and those other things or are you saying that it may be possible in the future.

Yes, it actually works.

Skate3214 · 07-15-2006, 12:54 AM

Wow thats so awesome, so you've flashed it to your psp yes? And this works on 1.5 right? Sorry for all the questions but i want to try this out.

**Ibanez32** · 07-15-2006, 12:54 AM

Nice work. I'll have to try this.

**Moose** · 07-15-2006, 12:55 AM

I'll give it a try, lets pray that a brick does not come of it. Is it like a firmware emulator or does it change your current f/w flash?

**thunderchild214** · 07-15-2006, 12:56 AM

Yeah congrats, although I'l wait to try this until other people confirm it works...

tc214

**Dark_AleX** · 07-15-2006, 12:56 AM

Quote:

Originally Posted by psp_bling

Wow thats so awesome, so you've flashed it to your psp yes? And this works on 1.5 right? Sorry for all the questions but i want to try this out.

Yes, it's tested in my psp. And it only works in 1.50.

07-15-2006, 12:41 AM	#1
Dark_AleX Developer Join Date: Sep 2005 Posts: 194 Trader Feedback: 0	Custom Firmware - The proof of concept Download at http://dax.psp-tuts.net/ I copy and paste from the readme. Custom Firmware - The proof of concept by Dark_AleX There has been lately some discussion about if custom firmware in the psp are posible (note: custom in the sense of writing our own executable code in the system, and not only data like fonts, videos,...) Even a lot of developers doubt that this is possible due to the protections in the psp. Well, i'm here with this simple proof of concept to show the contrary :P Instructions: (Note: this thing only works for 1.50) - Copy the PSP folder to the root of your memstick. - Execute the program "Custom Firmware - The proof of concept" It will write to the flash some executable files. Now you are done. This program has ben tested on my psp. However, as all programs that write to the flash, there is always some risk of bricking the psp. Use it at your own risk. IMPORTANT (to avoid confussion): the program includes a file called vshmain.prx. This file is NOT of Sony, it comes from me, the source of everything is released. The features of this custom firmware - proof of concept are: - Execution of normal pbp's (1.00 ones, no-kxploited) - Posibility of hiding corrupt icons. (note: by default it's not enabled, look at the file /PSP/SYSTEM/config.txt to see how to enable it) - Posibility of skipping the SCE logo at the startup. (and in this way avoid the annoying auto-execution of the UMD). Like the previous one, this is not enabled by default. - "Recovery mode:". If you keep R pressed while starting the psp, it will enter in "Recovery mode". Recovery mode is not more than a simple application that will let you to use the usb, and execute a program under ms0:/PSP/GAME/UPDATE/EBOOT.PBP, that could be, for example, a sony updater or the 1.50 -> 1.00 downdater. This would allow to recover potential bricks caused by the writing of bad fonts/videos/sounds... to the flash. (Note that this wouldn't allow to recover critical things like the overwriting of critical prx's) - Autoexecution of a program at the startup. See the configuration file at /PSP/SYSTEM/config.txt to see how to use it. Technical Details for Developers - Why and how this work. Consider vshmain.prx like the executable of the firmware. You should know that either in 1.00 or 1.50 we CANNOT execute our own prx's. However, you should know that we can execute our own elf's Just creating an elf, renaming it to vshmain.prx and flashing the file does the job However, notice a VERY IMPORTANT thing. By default, static elf's created by the pspsdk are linked to the address 0x08900000. This address is already taken by a prx of those that are loaded before vshmain.prx. It's necesary to relocate the elf to a different address not already taken. This proof of concept use the address 0x09CD3000.

07-15-2006, 12:51 AM	#3
Skate3214 The Black Parade Join Date: Jan 2006 Location: Port Macquarie,Australia Posts: 827 Trader Feedback: 0	Good work, but does this actually work? Like does it allow you to run eboots without kxploit on 1.5 and those other things or are you saying that it may be possible in the future. __________________ skate3214.deviantart.com

07-15-2006, 12:54 AM	#6
Skate3214 The Black Parade Join Date: Jan 2006 Location: Port Macquarie,Australia Posts: 827 Trader Feedback: 0	Wow thats so awesome, so you've flashed it to your psp yes? And this works on 1.5 right? Sorry for all the questions but i want to try this out. __________________ skate3214.deviantart.com

07-15-2006, 12:54 AM	#7
Ibanez32 Join Date: Jul 2005 Posts: 942 Trader Feedback: 0	Nice work. I'll have to try this. __________________ [CENTER]I think wii need a better name[/CENTER]

07-15-2006, 12:43 AM	#2
nesianstyles Join Date: May 2006 Location: New Zealand Posts: 118 Trader Feedback: 0	awesome! Great work dark_alex!

07-15-2006, 12:52 AM	#4
Moose Enter Custom Title Join Date: Feb 2006 Location: National Front Disco Posts: 13,063 Trader Feedback: 0	Wow, well done, nice work!

07-15-2006, 12:55 AM	#8
Moose Enter Custom Title Join Date: Feb 2006 Location: National Front Disco Posts: 13,063 Trader Feedback: 0	I'll give it a try, lets pray that a brick does not come of it. Is it like a firmware emulator or does it change your current f/w flash?

07-15-2006, 12:56 AM	#9
thunderchild214 Join Date: Jul 2005 Posts: 119 Trader Feedback: 0	Yeah congrats, although I'l wait to try this until other people confirm it works... tc214