use ipl_update to make FW 1.5 -> 1.0 (proof of concept)

[0okm0000]

CAUTION :
　人柱版。实验用。超危险。无保证，责任自负。
　任何事也会发生。最好避免使用。
　安全出口 → http://www.playstation.jp/psp/

　人柱版。実験用。超危険。無保証自己責任。
　なにが起きても知りません。避けて通るのが吉。
　非常出口 → http://www.playstation.jp/psp/

　To sacrifice yourself. Experimental. Extremely dangerous.
　No warranty. Use on your own risk and responsibility.
　Anything may happen. We recommend you to avoid seeing/downloading/using this.
　Emergency exit -> http://www.playstation.jp/psp/
　* this CAUTION copy from SEC(nem) :p

if you dont know exactly what it does and what you could use it for by looking at the posted code, forget it. you dont need it at all.

Don't use "IPL Data" from "ridge racers's kbooti.bin"
it will brick your PSP !!!

Code: Select all

// -------------------------------------------
// most of code from moonlight & PspPet
//
// * use ipl_update to make FW 1.5 -> 1.0 *
// Written by 0okm
// -------------------------------------------
#include <pspkernel.h>
#include <pspsdk.h>
#include <psptypes.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <pspdebug.h>
#include <pspctrl.h>

PSP_MODULE_INFO&#40;"FW100_DownDate", 0x1000, 1, 1&#41;;

PSP_MAIN_THREAD_ATTR&#40;0&#41;;

PSP_HEAP_SIZE_KB&#40;0&#41;;

#define printf pspDebugScreenPrintf

int &#40;* sceIplUpdateClearIpl&#41;&#40;void&#41;;
int &#40;* sceIplUpdateSetIpl&#41;&#40;void&#41;;

/*** This function from PspPet PSARDUMPER ***/
static u32 FindProc&#40;const char* szMod, const char* szLib, u32 nid&#41;
&#123;
    SceModule* modP = sceKernelFindModuleByName&#40;szMod&#41;;
    if &#40;modP == NULL&#41;
    &#123;
//        printf&#40;"Failed to find mod '%s'\n", szMod&#41;;
        return 0;
    &#125;
    SceLibraryEntryTable* entP = &#40;SceLibraryEntryTable*&#41;modP->ent_top;
    while &#40;&#40;u32&#41;entP < &#40;&#40;u32&#41;modP->ent_top + modP->ent_size&#41;&#41;
    &#123;
        if &#40;entP->libname != NULL && strcmp&#40;entP->libname, szLib&#41; == 0&#41;
        &#123;
            // found lib
            int i;
            int count = entP->stubcount + entP->vstubcount;
            u32* nidtable = &#40;u32*&#41;entP->entrytable;
            for &#40;i = 0; i < count; i++&#41;
            &#123;
                if &#40;nidtable&#91;i&#93; == nid&#41;
                &#123;
                    u32 procAddr = nidtable&#91;count+i&#93;;
//                    printf&#40;"entry found&#58; '%s' '%s' = $%x\n", szMod, szLib, &#40;int&#41;procAddr&#41;;
                    return procAddr;
                &#125;
            &#125;
//            printf&#40;"Found mod '%s' and lib '%s' but not nid=$%x\n", szMod, szLib, nid&#41;;
            return 0;
        &#125;
        entP++;
    &#125;
//    printf&#40;"Found mod '%s' but not lib '%s'\n", szMod, szLib&#41;;
    return 0;
&#125;

void ErrorExit&#40;char *error&#41;
&#123;
	printf&#40;"%s\n", error&#41;;
	sceKernelDelayThread&#40;15 * 1000 * 1000&#41;;
	sceKernelExitGame&#40;&#41;;
&#125;

char inputlist&#91;12*1024&#93;, outputlist&#91;12*1024&#93;;
char buffer&#91;8192&#93;;

void downdate&#40;&#41;
&#123;
	SceUID inp = sceIoOpen&#40;"ms0&#58;/FW100DOWNDATE/inputfl.bin", PSP_O_RDONLY, 0777&#41;;
	SceUID outp = sceIoOpen&#40;"ms0&#58;/FW100DOWNDATE/outputfl.bin", PSP_O_RDONLY, 0777&#41;;

	if &#40;inp < 0 || outp < 0&#41;
		ErrorExit&#40;"Error Open file.\n"&#41;;

	if &#40;sceIoRead&#40;inp, inputlist, 12*1024&#41; <= 0&#41;
	&#123;
		sceIoClose&#40;inp&#41;;
		ErrorExit&#40;"Error Read inputfl.bin file.\n"&#41;;
	&#125;

	if &#40;sceIoRead&#40;outp, outputlist, 12*1024&#41; <= 0&#41;
	&#123;
		sceIoClose&#40;outp&#41;;
		ErrorExit&#40;"Error Read outputfl.bin file.\n"&#41;;
	&#125;

	sceIoClose&#40;inp&#41;;
	sceIoClose&#40;outp&#41;;

	char *p = inputlist;
	while &#40;*p != 0&#41;
	&#123;
		SceUID fd = sceIoOpen&#40;p, PSP_O_RDONLY, 0777&#41;;
		if &#40;fd < 0&#41;
			ErrorExit&#40;"Error Read Flash file.\n"&#41;;
		sceIoClose&#40;fd&#41;;
		p += strlen&#40;p&#41;+1;
	&#125;

    if&#40;sceIoUnassign&#40;"flash0&#58;"&#41; < 0&#41;
    &#123;
		ErrorExit&#40;"Error sceIoUnassign flash0\n"&#41;;
    &#125; 
	if&#40;sceIoAssign&#40;"flash0&#58;", "lflash0&#58;0,0", "flashfat0&#58;", 0, IOASSIGN_RDWR , 0&#41; < 0&#41;
    &#123;
		ErrorExit&#40;"Error sceIoAssign flash0\n"&#41;;
    &#125; 

	char *src = inputlist;
	char *dst = outputlist;
	SceUID infd, outfd;
	int bytesread, totalwritten = 0;

	while &#40;*src != 0&#41;
	&#123;
		infd = sceIoOpen&#40;src, PSP_O_RDONLY, 0777&#41;;
		outfd = sceIoOpen&#40;dst, PSP_O_WRONLY | PSP_O_CREAT | PSP_O_TRUNC, 0777&#41;;
		if &#40;infd < 0&#41;
		&#123;
			ErrorExit&#40;"Error in file.\n"&#41;;
		&#125;
		if &#40;outfd < 0&#41;
		&#123;
			ErrorExit&#40;"Error out file.\n"&#41;;
		&#125;
		while &#40;&#40;bytesread = sceIoRead&#40;infd, buffer, 8192&#41;&#41; > 0&#41;
		&#123;
			totalwritten += sceIoWrite&#40;outfd, buffer, bytesread&#41;;
		&#125;
		sceIoClose&#40;infd&#41;;
		sceIoClose&#40;outfd&#41;;

		src += strlen&#40;src&#41;+1;
		dst += strlen&#40;dst&#41;+1;
	&#125;
&#125;

int main&#40;&#41;
&#123;
	pspDebugScreenInit&#40;&#41;;

	printf&#40;"FW100 DownDate V1.05\n"&#41;;
	printf&#40;"most of code from moonlight & PspPet &#58;&#41;\n\n"&#41;;

	SceKernelModuleInfo modinfo;
	u32 base;
	SceUID fd;
	SceUID mod;

	mod = sceKernelLoadModule&#40;"ms0&#58;/FW100DOWNDATE/FW150_ipl_update.prx", 0, NULL&#41;;
	if &#40;mod < 0&#41;
		ErrorExit&#40;"Error loading module.\n"&#41;;

	if&#40;sceKernelDevkitVersion&#40;&#41; == 0x01000300&#41;
	&#123;
		if &#40;pspSdkQueryModuleInfoV1&#40;mod, &modinfo&#41; < 0&#41;
			ErrorExit&#40;"Cannot query module info.\n"&#41;;
	&#125;
	else if&#40;sceKernelDevkitVersion&#40;&#41; == 0x01050001&#41;
	&#123;
		if &#40;sceKernelQueryModuleInfo&#40;mod, &modinfo&#41; < 0&#41;
			ErrorExit&#40;"Cannot query module info.\n"&#41;;
	&#125;
	else
	&#123;
			ErrorExit&#40;"Cannot query module info.\n"&#41;;
	&#125;

	base = modinfo.text_addr;
//	printf&#40;"modinfo.text_addr &#58; %.8X\n", modinfo.text_addr&#41;;

		fd = sceIoOpen&#40;"ms0&#58;/FW100DOWNDATE/FW100_ipl.bin", PSP_O_RDONLY, 0777&#41;;
		if &#40;fd < 0&#41;
			ErrorExit&#40;"Cannot read IPL Data\n"&#41;;
		printf&#40;"Reading IPL Data...\n\n"&#41;;
		sceIoRead&#40;fd, &#40;void *&#41;&#40;base+0x900&#41;, 0x37000&#41;;
		sceIoClose&#40;fd&#41;;

	mod = sceKernelStartModule&#40;mod, 0, NULL, NULL, NULL&#41;;
	if &#40;mod < 0&#41;
		ErrorExit&#40;"Error Start module.\n"&#41;;
	sceIplUpdateClearIpl = &#40;void *&#41;FindProc&#40;"IplUpdater", "sceIplUpdate_driver", 0x26093B04&#41;; //FW1.50 0x8822753c
	sceIplUpdateSetIpl = &#40;void *&#41;FindProc&#40;"IplUpdater", "sceIplUpdate_driver", 0xEE7EB563&#41;; //FW1.50 0x88227500

	printf&#40;"Pass &#91;CIRCLE&#93; to start DownDate, Pass &#91;CROSS&#93; to EXIT\n"&#41;;
	SceCtrlData pad;
	sceCtrlSetSamplingCycle&#40;0&#41;;
	sceCtrlSetSamplingMode&#40;0&#41;;
	while&#40;1&#41;
	&#123;
		sceCtrlReadBufferPositive&#40;&pad, 1&#41;;
		if &#40;pad.Buttons & PSP_CTRL_CIRCLE&#41;
		&#123;
			printf&#40;"start FW1.00 Ipl DownDate\n"&#41;;
			sceIplUpdateClearIpl&#40;&#41;;
			sceIplUpdateSetIpl&#40;&#41;;

			printf&#40;"start FW1.00 Flash0 DownDate\n"&#41;;
			downdate&#40;&#41;;

			ErrorExit&#40;"Finished. Exiting in 15 seconds\n"&#41;;
		&#125;
		if &#40;pad.Buttons & PSP_CTRL_CROSS&#41;
		&#123;
			sceKernelExitGame&#40;&#41;;
		&#125;
	&#125;

	return 0;
&#125;

i tested it on PSP FW1.50
and make FW1.50 -> FW1.00 :P

[0okm0000]

more information
FW100_ipl_update
http://forums.ps2dev.org/viewtopic.php?t=6153

About the 1.00 downgrade idea
http://mphwebsite.tuxfamily.org/punBB/v ... ?pid=12110

sceLflashFatfmtStartFatfmt
http://forums.ps2dev.org/viewtopic.php? ... date#41886

[dot_blank]

this is a good step in the right
direction ....good stuff 0okm thanx again
...to avoid more people who do not
know what they are doing and causing
more bricks to happen (although these
people sell great psps at cheap price :D

i recommend a prebuilt binary for those
who cant pull this off ....and directions would
seem almost spoiling i think :)

[0okm0000]

FW1.00 DownDate

CAUTION :
　人柱版。实验用。超危险。无保证，责任自负。
　任何事也会发生。最好避免使用。
　安全出口 → http://www.playstation.jp/psp/

　人柱版。実験用。超危険。無保証自己責任。
　なにが起きても知りません。避けて通るのが吉。
　非常出口 → http://www.playstation.jp/psp/

　To sacrifice yourself. Experimental. Extremely dangerous.
　No warranty. Use on your own risk and responsibility.
　Anything may happen. We recommend you to avoid seeing/downloading/using this.
　Emergency exit -> http://www.playstation.jp/psp/
　* this CAUTION copy from SEC(nem) :p

if you dont know exactly what it does and what you could use it for by looking at the posted code, forget it. you dont need it at all.

Don't use "IPL Data" from "ridge racers's kbooti.bin", it will brick your PSP !!!

HowTo
on FW1.00 PSP
1. Restore FW1.00 PSP to "Default Setting"
2. copy FW1.50 UpDate EBOOT.PBP to a blank 32MB MemStick's Root(ms0:/)
3. Extract FW100HELPER to MemStick
4. run FW100HELPER on FW1.00 PSP, it will Dump FW1.00's IPL, flash0 and FW1.50's ipl_update.prx to ms0:/FW100DOWNDATE
5. when Finished PSP will restart, put this MemStick to FW1.50 PSP

on FW1.50 PSP
6. Restore FW1.50 PSP to "Default Setting"
7. Extract FW100_DownDate to MemStick
8. run FW100_DownDate, when Finished PSP will restart
9. Restore this PSP to "Default Setting"
10. FW1.50 PSP NOW is FW1.00 PSP ^o^

FW100HELPER.zip (moonlight's "1.50 HELPER" mod.)
FW100_DownDate.zip (prebuilt binary)

Download-Link : http://rapidshare.de/files/25091655/FW1 ... 5.zip.html

[dot_blank]

thats more like it :)

[Guest]

oooh no... I've seen evil... my eyes are burning :)
bad.. bad... kbooti