i downloaded the Epsilon bios and it came with a .pdf explainig the process in how they got the UP and Epsilon Bois to work............... it gets technichal so maybe you coders can get a crack at it....................... sorry if you already know about this......
this is the .pdf file
and for those of you wondering about the .flash file format...... and how we can crack it to use it on a 1.5......... if you look twords the bottom of the .pdf you can see it says
Restore onboard NAND – Used to “un-brick” a PSP by programming a known good flash
dump (such as a dump of 1.0 or 1.50 firmware) to your PSP onboard NAND flash. The flash
image must be a file called “nandImage.flash” in the root of the memory stick, in the same
format used by the UP flasher tool (512bytes user + 16bytes extra for each page,
and if you dont want to download the .pdf then read on and this is what they talk about....... it says the only current supported firmware for the UP is 2.71................. so any other firmware WILL NOT WORK that means not even 2.7..... no 2.6 2.5 ........... none of those.......... here is the techy stuff.......
Q: From firmware 2.6 and up, PRX files are protected with a new encryption method. How did you
figure out how to decrypt these files?
A: As most people will now be aware, the discovery of the 2.6 kmode exploit lead to decryption of
modules using the new encryption method. However when we started working on this the kernel
mode exploit was unknown so we took a different approach to reach our goal, one that doesn’t rely
on exploits so should allow us to easily hack new firmware releases in the future once Sony
changes the encryption method again. Here’s how we did it - warning: this is a bit technical, which
unfortunately is required to give a proper answer. Since we couldn't get a dump of kernel memory
from a PSP running the 2.6 firmware, the only way to figure out how to decrypt the 2.6 PRX files
was to disassemble the IPL and see how this decrypted the files while the PSP is booting.
Unfortunately, Sony used a clever trick in the 2.6 IPL to prevent s disassembling it. They
read out some data from the reset vector and use it to decrypt the main portion of the IPL code. The
problem here is that by the time we can run code on the PSP, any attempt to read out this data will
be in vain as it gets scrambled inside the IPL. However, through some hardcore trickery we found a
way to dump the data at the reset vector which enabled us to decrypt the main portion of the IPL
code and then use this to figure out how the 2.6 PRX files were encrypted. The same encryption
method and keys are used in 2.7 and 2.71, so when 2.7 came out we had this dumped and
decrypted very quickly. There is nothing left now they can use to hide the IPL so when the 3.0
firmware eventually comes out its highly likely the encryption will have changed again but it
shouldn’t take too long to figure it out. Sorry to give you the bad news Sony.. the s win
another round, you cannot hide your firmware from our eyes anymore ;)