Ok, so I've been fooling around with lflash and reading the forums and such. Obviously, lflash doesnt let you access the entire firmware.
Well, what does?
Does anyone have any ideas?
I've dumped the entire lflash to a bin file on my memory stick (1.50) and mounted the partitions in linux. Pretty cool, for one. But as mentioned in another thread, there are two small sections at the end that are 00. Is this possibly just being obscured by the kernel?
I've been looking around and I don't really see another avenue, but one has to exist. I assume the firmware updater programs are using some other method of accessing the flash chip directly that we don't know about?
And, granted, I've been working on this PSP Dev stuff for about a day, I kind of know what I'm doing. I'm 21 and I've been coding and doing hardware projects for years on all sorts of different platforms. </useless-information>
I'm writing a low level fat12 driver for accessing (with read/write) the partitions on lflash directly. Scarey, but, it should work. If for nothing else it could be used for changing the backgrounds. But maybe in the future replace modules and other info easily. Not sure if I'm actually going to finish it because I don't see an immediate use for it. Although, it would be nifty to get the backgrounds changed.
Anyway... has anyone found out any alternate method of accessing the flash with write access, aside from lflash? I'd be happy with something as low level as accessing the I/O data/address/we/ce/etc pins directly and doing the timings by hand.
Hope we find something!
-Klim
Re-Flashing the Flash
The kernel sceNand_driver library is the low-level interface used to read and write flash directly. The updater includes modules that update flash using this library.
And there is already a FAT12 FS driver that reads and writes lflash, the first two partitions are exposed as flash0: and flash1:. flash0: is setup as read-only, flash1: is writeable. The last two partitions don't appear to be used for anything.
You might be able to get away with changing your background by writing a .bmp to flash1:/vsh/theme/wallpaper.bmp. I have not verified this, and you do so at your own risk.
And there is already a FAT12 FS driver that reads and writes lflash, the first two partitions are exposed as flash0: and flash1:. flash0: is setup as read-only, flash1: is writeable. The last two partitions don't appear to be used for anything.
You might be able to get away with changing your background by writing a .bmp to flash1:/vsh/theme/wallpaper.bmp. I have not verified this, and you do so at your own risk.
Well, the reason for making code to access FAT12 through lflash would be to basicly write to the flash0 area easily. I dont see any other way to do it, unless I'm just missing something. There is a module for the MS FAT access, but I dont see anything else for writing flash0. Has someone already writen something? Or am I missing something?
I've poked around on flash1 a bit... i cluttered it up a little by throwing random files on it to see if it would work. But anyway...
Ok, as far as these functions go:
Do you or anyone have any information on them? operands and such? I'll go poking around and seeing if I can reverse any of it if no one has any information. I dont see hardly anything about any of them listed on the forums anywhere.
I'd really like to get ahold of the full flash contents. I've thought about ripping the chip off and doing it physically with a microcontroller and some simple code to rip it and send it over a serial port to my PC. (ATmega8515 or something). I'm not quite that brave yet though. Because I know theres pretty much no way I'd get it back on the board, and I dont have the cash for another PSP at the moment.
Anyway...
Thanks,
-Klim
I've poked around on flash1 a bit... i cluttered it up a little by throwing random files on it to see if it would work. But anyway...
Ok, as far as these functions go:
Code: Select all
0xa513bb12 sceNandInit
0xd305870e sceNandEnd
0x73a68408 sceNandSuspend
0x0f9bbbbd sceNandResume
0xae4438c7 sceNandLock
0x41ffa822 sceNandUnlock
0xe41a11de sceNandReadStatus
0x7af7b77a sceNandReset
0xfcdf7610 sceNandReadId
0x89bdca08 sceNandReadPages
0x8af0ab9f sceNandWritePages
0x766756ef sceNandReadAccess
0x0adc8686 sceNandWriteAccess
0xeb0a0022 sceNandEraseBlock
0x5182c394 sceNandReadExtraOnly
0xef55f193 sceNandCalcEcc
0xce9843e6 sceNandGetPageSize
0x716cd2b2 sceNandWriteBlock
0x01f09203 sceNandIsBadBlock
0x9b2ac433 sceNandTestBlock
I'd really like to get ahold of the full flash contents. I've thought about ripping the chip off and doing it physically with a microcontroller and some simple code to rip it and send it over a serial port to my PC. (ATmega8515 or something). I'm not quite that brave yet though. Because I know theres pretty much no way I'd get it back on the board, and I dont have the cash for another PSP at the moment.
Anyway...
Thanks,
-Klim
flash1:/vsh/theme/wallpaper.bmp
Writing a bmp to flash1:/vsh/theme/wallpaper.bmp didn't seem to work.
I used the following code:
wallpaper.c (snipped)
its just a copy of flash0:/vsh/resources/11.bmp. I dumped flash1 again and its definately there as wallpaper.bmp.
Hopefully this is useful info. lol
-Klim
I used the following code:
Code: Select all
#include "wallpaper.c"
void writewallpaper(void) {
int fd;
fd = sceIoOpen("flash1:/vsh/theme/wallpaper.bmp", O_CREAT | O_WRONLY, 0777);
if (fd < 0) goto endit;
sceIoWrite(fd, newwall, 6174);
sceIoClose(fd);
endit:
pgWaitVn(100);
}
Code: Select all
unsigned char newwall[6174] =
{
0x42, 0x4D, 0x1E, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0x00, 0x00, 0x00, 0x28, 0x00,
0x00, 0x00, 0x3C, 0x00, 0x00, 0x00, 0x22, 0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x00, 0x00,
0x00, 0x00, 0xE8, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2E, 0x74, 0x98, 0x2E, 0x74, 0x98, 0x2E, 0x74, 0x98, 0x2E,
0x74, 0x98, 0x2E, 0x74, 0x98, 0x2E, 0x74, 0x98, 0x2E, 0x74, 0x98, 0x2E, 0x74, 0x98, 0x2E, 0x74,
.....
.....
.....
0x4A, 0x77, 0x18, 0x4A, 0x77, 0x18, 0x4A, 0x77, 0x18, 0x4A, 0x77, 0x18, 0x4A, 0x77,
} ;
Hopefully this is useful info. lol
-Klim
Finally got it to work... lol
Maybe when i get bored i'll make a little prog to copy backgrounds from the MS...
EDIT: Oh, i put it in the video section beause if you have a pic loaded with the photo viewer, and its in the background, when you go to something else (like the video part) it unloads it... just to prove its actually the 11.bmp on the flash.
Maybe when i get bored i'll make a little prog to copy backgrounds from the MS...
EDIT: Oh, i put it in the video section beause if you have a pic loaded with the photo viewer, and its in the background, when you go to something else (like the video part) it unloads it... just to prove its actually the 11.bmp on the flash.
Nice Klimru, if i remember correctly either Nem or soeone else from saturn changed their background with a similar method to their logo, dont remember where the pic of it is though.
It would be nice to make a homebrew app for the specific task of replacing wallpapers, just be sure to code in a filesize/type/format check, to make sure the image is the correct dimensions and bit depth, i dread to think what would happen if someone replaced one of the 12 bitmaps with a bitmap the actual size of the screen.
if you were going to try that though, i'd do it for say, 11, and set the date/time to the last day of november at 23:58pm, so if it for some reason screwed up, theres a chance it would work okay again if you left it off for a few minutes, given that the small image is stretched, i get a sneaky feeling that it would infact work, i may go try it ;)
It would be nice to make a homebrew app for the specific task of replacing wallpapers, just be sure to code in a filesize/type/format check, to make sure the image is the correct dimensions and bit depth, i dread to think what would happen if someone replaced one of the 12 bitmaps with a bitmap the actual size of the screen.
if you were going to try that though, i'd do it for say, 11, and set the date/time to the last day of november at 23:58pm, so if it for some reason screwed up, theres a chance it would work okay again if you left it off for a few minutes, given that the small image is stretched, i get a sneaky feeling that it would infact work, i may go try it ;)
If you search around this forum you can find out how to do this. Do you think klimru does magic? He had to learn from somewhere
EDIT: Heres the link http://forums.ps2dev.org/viewtopic.php?t=2161
EDIT: Heres the link http://forums.ps2dev.org/viewtopic.php?t=2161
If you have to ask you'll probably end up with a brick. It's not an easy full proof opporation, lots can go wrong very easily.un1que wrote:welll............
can someone give me step by step instructions on how to do this.....
Shoot Pixels Not People!
Makeshift Development
Makeshift Development
-
greycellgreen
- Posts: 8
- Joined: Thu Jun 09, 2005 6:17 am
Now I am usuming that you wrote 11.jpg not wallpaper.jpg to the flash so what esle could be placed in theme?
I would asume that it would be more than just the BG I noticed that the floating line things (technical name) are 3d renders comming from (cant remember the name off hand) but it may be posible to put a diff prx (I belive it was prx) in its place.
Dunno.
Good job btw.
PyroSama
I would asume that it would be more than just the BG I noticed that the floating line things (technical name) are 3d renders comming from (cant remember the name off hand) but it may be posible to put a diff prx (I belive it was prx) in its place.
Dunno.
Good job btw.
PyroSama