forums.ps2dev.org

Actually, the AVC hasn't been figured out yet ether, but that is even harder. Anyway, if you want to know. 1) in psplink (1.5 kernel only) with the wlan switch off do pokew 0x88196474 0x46c06841 pokew 0x8818df48 0x46c046c0 (hopefully these address will be the same) 2) switch on the wlan and do thsu...

im using libusb with windows 7 64 bit now. You can get it with Minimalist PSPSDK for Windows and driver signing must be disabled to use it. If you dont know how to install it, Start->RightClick Computer->Manage->Device Manager->Highlight your pc name->Action Menu->Add legacy hardware. inf: C:\pspsdk...

try starting it with another port

can a ta-85 write to battery rom? i thought there was a chart some where.

I have a 2 in 1 pandora battery that iv had for about 2 years. Its a total peace of crap and it wont last more then 1 day when its not in use, meaning its been drained probably 20 times which isnt really good for it. With the most recent drain the battery will no longer boot the psp. I am able to bo...

Sorry i dont, the compiler issue comes and goes. However after a long time of experimenting i was able to dump the pre-ipl of my slim using timemachine here are some notes i made: THE BASIC IPL: Size: 0x3008 bytes (12KB + 8 bytes) - haven't tried any larger Load address: 0x040E0000 Format: bytes 0x0...

thanks, yes i noticed that gcc was sort of mangling the code when i put it under ida so i was going to try and upgrade to the latest version. Ill take a shot at an older gcc instead.

it only did it when an optimization flag was specified. O2 Os

dark_hex wrote:Someone can give me the 6.20 ipl ou the 6.10.

here is psardumper for 6.20 usermodules only and phat/slim ipl http://www.bbtgp.net/downloads/620_psar ... es_only.7z . having a hard time getting the kernel keys(cant get pandora to run my ipl)

Sorry for the dumb questions, half of what i post i end up figuring out eventually. Does any one have any info on the slims pre-ipl? What I'm trying to do is to get time machine to load my ipl so i can dump main.bin. To do that i need to reverse it etc, but time machine ipl calls some unfamiliar pre...

Well, a couple of threads back i started to try and reverse the ipl so i could get the kernel keys for psar dumper. (It isn't going to well =P) So iv taken to loading the ipl in vram, patching some of the nasty parts that would cause a crash and executing the decryption parts like sceDecypt1((void*)...

Is there a way to change a kernel threads stack pointer? Iv tried using assembly and it just crashes the psp every time. I need about 2MB of stack. Or would expanding the kernel partition work? iv tried using sctrlHENSetMemory to allocate 6MB to partition 8, my prx loaded fine but the stack was stil...

Thanks anyways, i found out what those 16 bytes are here http://forums.ps2dev.org/viewtopic.php?t=3573 that helped allot.

Yesterday i updated psardumper with the table keys for 6.20 and decrypted/dumped all of the user modules resources and ipls etc Next i need to reverse the ipl to get the kernel keys. My problem is that the code doesn't make since after i run it though prxtool e.g. prxtool -b -w -r 0x40EFFF0 %RTS% > ...

I believe its loaded in user mode because of the attribute. 5 | 0x0B800000 | 8388608 | 8388608 | 8388608 | 000F |///net librarys 6 | 0x08800000 | 50331648 | 24467456 | 23653632 | 000F | here is the code i have now, its not done yet. i want to figure out whats going on in psn. #include <pspkernel.h> ...

i got it hooked with out any errors, the only problem is with sctrlHENFindFunction now.

I really don't like asking for help but this problem has completely defeated me. The problem is that vsh loads the net librarys in a different partition then normal game mode. e.g. VSH Memory Partitions&#58; N | BASE | SIZE | TOTALFREE | MAXFREE | ATTR | ---|------------|----------|-----------|-...

I wouldn't speak of secrecy, but rather keeping it closed source. There's a lot of things to do if you want to, say, add an icon to the XMB. Memory Stick icons are the easiest, but others require a lot more work. Considering that, I think releasing the source will just lead to people leeching of Ga...

Iv been reverse engineering game categories for a couple of weeks but its quite hard to keep up with Bubbletune and his weekly releases. If i make any progress i will be sure to post a tutorial on how everything works. Its to bad there's so much secrecy around the xmb like vlf and game categories. T...

Thanks guys, helped me out a little.

well there it is... zr&#58;0x00000000 at&#58;0xDEADBEEF v0&#58;0x00000001 v1&#58;0x00000000 a0&#58;0x00000001 a1&#58;0x0BBAFB00 a2&#58;0xDEADBEEF a3&#58;0xDEADBEEF t0&#58;0xDEADBEEF t1&#58;0xDEADBEEF t2&#58;0xDEADBEEF t3&#58;0xDEADBEEF t4&#58;0xDEA...

Yes that's much to large. The UID was 0x0435AB53 and after i ran it though my reverse it was 0x0095CD80 but its not large enough to be a address either as the code implies. Im going to have psplink step through the code later to see what the registers are while its doing its thing. Should help me un...

I was doing a little reversing on SensMe yesterday and i ran across some code i couldn't really figure out: First, the part of the function im working on gets the module uid like so sceKernelGetModuleIdByAddress(module_start) and passess it to another function. This is the part i don't understand- $...

iv been trying get psplink to reset into updater mode on my slim with m33 5.00 and all iv got it to do so far is crash. As the command is obvious reason enough, i want to take a crack at decrypting the 6.00 firmware. So far i have been able to reboot into updater mode with time machine running 1.50 ...