PSP Assembly

[bradskins]

I have a few questions about assembly language programming.

1. How can you dump C code to PSP assembly?

2. Does Fanjit's new TIFF exploit loader require 1.00, 1.50, 1.51 or 2.00 syscalls?

3. Can anyone who has some nicely documented assembly for the PSP please send me it to learn from?

I know for sure the first question has been answered here before, and I will try to find out the second question in Fanjita's forums as well, but if you can help then I will be grateful.


thank you

bradley

[0okm0000]

HelloWorld 2.0
Hello World for PSP 2.0, includes the TIFF exploit and Sourcecode
http://hitmen.c02.at/html/psp_releases.html

R4400 Manual
similar to the Allegrex CPU contained in the PSP
http://hitmen.c02.at/html/psp_docs.html

Comprehensive Manual:
http://www.eas.asu.edu/~cse530/MIPSPro_ ... g_Vol2.pdf

& Search Forum :D
http://forums.ps2dev.org/search.php

[bradskins]

Great example, but it is a little confusing because there are no syscalls. I was interested in finding a program that make use of the callbackthread syscalls and what not so I could write a program that uses the home and power functions properly.

As for a reference I nabbed a copy of "See MIPS Run" from the university. Every bit helps, so I will be checking those links you sent me.


Does anyone else have a good example code? Also, I am looking for a manual like yeldarb's, and if there isnt one, I guess imma just have to make one myself, but i have to get passed all the formalities the PSP expects first.

[bradskins]

Oh i forgot to mention, 0okm0000 gave me all I will ever need to compile C to assembly

Thanks man

[0okm0000]

syscall example
MPHDowngrader source
http://forums.ps2dev.org/viewtopic.php?t=3519

[Fanjita]

Code: Select all

if ( (you're not working on exploits) &&
     (
       (you're just using the native homebrew loading on 1.0 / 1.5) ||
       (you're using the EBOOT loader / eLoader)
     )
   )
{
  You don't care about syscalls.  You can just use the standard methods from the toolchain to insert function import stubs, and the syscalls will automatically be taken care of by the linker or eloader.

  It's never worth bothering with the syscalls unless you really need to.  You only need to if you're working outside an environment with a linker.  Otherwise, you're just reducing your code's portability (between firmware versions), and increasing its complexity, for no good reason.
}

Sorry for the dodgy pseudocode, I was having trouble writing comprehensible and unambiguous english in the heat.

[bradskins]

and if I was working on an exploit, would I still want to pack my assembly in the usual way? For instance, how could I get my assembly code working on a version 2.60 psp? could I just R.E. the 2.71 update, as well as decrypt the PRX files, insert my line of code in an appropriate location, and then repack a PBP? I am sure things must be more complicated than that, or else it would have been already done!

I am looking into trying my best at opening up the 2.60 psp since it seems like it is reach for us with our current tools. But where would I begin? If someone could just point me in the general direction I could find my way on my own, I'm sure.


Thank you

Bradley.

[bradskins]

oh yeah and I have looked at the downgrader example, but it is run within an environment. I want to know how to find a way to run any bit of code outside the GTA exploit, is the a way? I;m sure if user mode can be accesed outside of GTA then we can get to system access in the same way as the downgrader.

[Jim]

You need to do a lot more reading. There's no way to unpack a pbp, modify it, and repack it again and have it run with firmware > 1.50. The pbps need to be signed once modified and noone knows how to do that.

Also noone knows how to run an exploit outside of the TIFF exploit with FW 2.00 and GTA savegame exploit with FW>2.00 and those holes have been patched with FW>=2.00 and FW>=2.70.

Jim

[bradskins]

Yeah, you are right, I do need to read up more.

If the eboots need to be signed with a signature that has details about what the code is, then the psp can check the program and make sure it matches the signature. Right? on all fw >1.50.

But GTA exploits works by... using an exploit something to do with savegames (havent read up on the details yet). But how did we get code running?

All I would need is to find a way to make the eboot for the 2.70 update, or a program that runs in FW 2.60, to jump to an address where I can put my arbitruary code. We have already found a way to make a program (GTA) run our code, but I want to find a way for the Eboot 2.70 update or another program (like the photo viewer, for another example) to run whatever I want it to, within the 2.70 OS and outside of the GTA program.

But what I really need help on, is if someone knows a good reference on the nature of the "handshakes" that occur between the signature and eboot, and which file the signature is stored in and what kind of encryption ... ect.

I would also like to find a good reference on how to make the "jump to address" goto the begining of my code. Since I would like to have an eboot on the memorystick, or even a binary file, IF i found a way to make a jump, then how would I make the jump goto the begining of my eboot or binary file located on the memstick?

These are all questions that the elites have found answers to, but the elite unfortuatly did not take the time to tell us the story in details, I am sure if they were more willing to reveal their methods then more people would know how to begin. If they told us the details of WHY they though it was impossible to use EBOOT.PBP in the usual way in FW > 1.50, Im sure i would know alot more about the signatures and whatnot. Writing rograms is the easy part of psp dev.

Lastly, I will ask if anyone has heard roumors of possible exploits (that havent been found to be just crashes) in the 2.70 OS.

Thank you

Bradley.

[bradskins]

are there any psar dumpers/prx decryptors for windows?

my psp is now 2.60, I dont have GTA to run the pasr/prx untils from my psp, and i need a dump of the 2.70 and 2.60 udates. If there are any windows programs that can do this please let me know.

bradskins_28@hotmail.com

[bradskins]

Ok now, I found a nice entry

http://www.psphacks.net/content/view/180/

and it brings the question.... does GTA use this kind of encryption? Actually I should be asking... does GTA's savegame use this kind of encryption? If not, then I can see how we were able to run code, if the psp is not trying to shake our hands whiile we are dealing with savegames, then we can run code without worring about handshakes. But all programs that are run by the 2.70 Os, are they also shaking hands all the time? Who would I talk to to find out? is there any artilcles posted on the internet?

[0okm0000]

Yeah, you are right, I do need to read up more.
...

more more more :P

http://forums.ps2dev.org/viewtopic.php?t=6091
Kernel mode under firmware 2.6 * The proof of concept *

I just want to know more about how they found it or the theory behind

2.5 memory dump disassembly, time, skill. thats the theory pretty much :=)

are there any psar dumpers/prx decryptors for windows?
...

NO

How To decompile a .psp and a .psar
http://forums.ps2dev.org/viewtopic.php? ... light=psar

No. not software that ONLY runs under Windows XP
Programs require a homebrew capable PSP (version 1.0 or 1.50 firmware). The PSP has special hardware to decrypt files.

There is a sample in the PSPSDK to decrypt .PRX files (the typical format of .PSP files)
http://svn.pspdev.org/filedetails.php?r ... rev=0&sc=0

There is a program called "PSAR Dumper" that will dump the .PSAR data for the known update programs
http://forums.ps2dev.org/viewtopic.php?t=2883

=====

> Hello all 'im a noob in the psp scene...
Then you should probably ignore the above advice ;->
This stuff is hard to figure out. Don't be one of the idiots who think a 5 minute hack is going to open up the PSP.

If you don't already have a homebrew capable PSP, you probably shouldn't be asking these questions.
If looking for an exploit, please ask elsewhere.

PSAR Dumper 2.0 (PRX 2.0 format decrypted)
http://forums.ps2dev.org/viewtopic.php?t=3554


2.7X PRXDecrypter for 2.6
http://dax.psp-tuts.net/cutenews/show_n ... rom=&ucat=&

[bradskins]

and the 2.50 memory dump..... it takes hardware to do that, right?

[bradskins]

Im sorry if I am not skilled, but I do have time, and Iam study comsci at the university....... I guess to start I have to get the memory dumps going... or

where can I find memory dumps, can someone email/link dumps for me?

[bradskins]

AHH, the 2.50 memory dump is now avaliable without having to use other hardware . i was thinking something along the lines of a device that would be hardwired to the psp to know all of the memory, but if that was possible it would make things easy.

[0okm0000]

Im sorry if I am not skilled, but I do have time, and Iam study comsci at the university....... I guess to start I have to get the memory dumps going... or

where can I find memory dumps, can someone email/link dumps for me?

you need to read up more more more more :P

http://forums.ps2dev.org/viewtopic.php?t=6091
Kernel mode under firmware 2.6 * The proof of concept *
memory dumps

[groepaz]

that thread should be locked. its going nowhere. ever.

[bradskins]

Well, all I have to say is

if everyone who has done anything great for the pspdev community on their own accord took a couple hours to write a page about what kinds of troubles they encountered, how they overcame them, and details that someone fresh on the scene would eat up; then I am sure we would be alot better off than we are now.

The current state of things is: you leave the beginners to sift through a forum. In this forum you might have mention something a long time ago that is relevant to the beginners, but you leave us to try to sort through all this "ohh wouldn't it be great...," "how do you install eloader...," and "where can I download isos..." crap to find something you might have left behind. Maybe I will just go brew up an iso loader for 2.70 just to piss you all off.

bradskins.

[bradskins]

sorry iso loader for 2.6 :P

[Fanjita]

Some knowledge is worth working for.

You might also find that a better way to pick up the necessary knowledge is to start small, coding up some simple apps, before trying to jump in at the deep end to make the next uber exploit.

Making threats is definitely not the way to go - if you're not capable of a little solo research, then no one believes that you're capable of creating an ISO loader.

[groepaz]

Maybe I will just go brew up an iso loader for 2.70 just to piss you all off.

obviously, no. you wont.

[jonny]

if everyone who has done anything great for the pspdev community on their own accord took a couple hours to write a page about what kinds of troubles they encountered, how they overcame them, and details that someone fresh on the scene would eat up; then I am sure we would be alot better off than we are now.

acquiring the required knowledge can require years of study/practice (some stuffs also require personal skills that not everyone is able to acquire)
there are no magic caps, blaming the others for something you are currently not able to understand/do is not a sign of maturity

[Drakonite]

if everyone who has done anything great for the pspdev community on their own accord took a couple hours to write a page about what kinds of troubles they encountered, how they overcame them, and details that someone fresh on the scene would eat up; then I am sure we would be alot better off than we are now.

If everyone spent their type writing crap for people who don't know what they are doing, then no one would be doing anything 'great' People aren't here for your benefit, they are here because they want to work on the psp/ps2.

but you leave us to try to sort through all this "ohh wouldn't it be great...," "how do you install eloader...," and "where can I download isos..." crap to find something you might have left behind.

Er... go take a damn look around. There is a lot of crap in the psp forums because there are a lot of idiots out there, but we fight damn hard to stop crap like that, and this is exactly why. Go take a look at other sites out there that claim to be doing psp homebrew and then try to tell me we are filled with crap posts here.

The real problem is there are far too many people with absolutely no clue what they are doing, including not knowing anything about programming/RE (which are NOT psp/ps2 specific topics), and then posting tons of crap posts expecting us to hold their hand and explain everything to them.