hey nem why dont you upgrade to 1.5 and do the same, then hopefully we could start programming in 1.5nem wrote:I dumped the firmware of PSP by electrical means. Peel off the memory chip from PSP mainboard, connect wires to the chip, find which ball is what, and dumped. In the dumped firmware, there are executables. They are mostly encrypted but there does exist unencrypted executables, by which I learned how dynamic link is done.Orion_ wrote:I can't understand how work the call to kernel function.
does the numbers in startup.s are the address of the functions in kernel/memory ?
how did you find them and what was their parameters ?
Another key stayed in 'PBP Exploit Success... but only on 1.0 psp :(' thread. The posts in the thread brought to me inspiration and valuable information. I want to express my best thanks to them all. Unless they point out that ELF file can be executed, it would take more time.
Importing system call seems to be done by loader of PSP system as follows:
- Module or system call group is choosed by ascii string 'module' of STUB_START
- Systemcall is specified by 32bit ID, 'funcid' of STUB_FUNC, and loader searchs from the list
- Loader patches nop in .text.stub to syscall
PSP Firmware/Bios Dumped! (split from hello world thread)
There are 10 types of people in the world: Those who understand binary, and those who don't...
Actually, what we really need is a dump of 1.5, so it doesn't matter. Sure 1.5 only runs encrypted apps (because of a bug fixed in 1.0), but we kinda need to know where that bug was (we can compare the two and find the spots that changed, and probably hit on the bugfix) to help us find where encryption takes place on the PSP, and get code running on 1.5+ firmware.
See http://forums.ps2dev.org/viewtopic.php?t=1586. He showed the contents of one of the files from the firmware.
There are strong inquiry for dumped firmware.
I am very sorry to say that I can not email/share/post the dumped firmware to anyone, at least for now.
Not only ooPo, but someone may claim distribution of dump as a intellectual property right infringement.
Technically speaking, I can not distinguish someone :) from someone :( . So I can not respond to even a personal request by private message or something like that. Your understanding is most appreciated.
Most part of firmware is organized as FAT12 filesystem. There is a way to get firmware files by software means, I think. Every key you need is already available in this forum. All we need is just to write some small code for that. Briefly, use flash0: and sceIo functions.
I am very sorry to say that I can not email/share/post the dumped firmware to anyone, at least for now.
Not only ooPo, but someone may claim distribution of dump as a intellectual property right infringement.
Technically speaking, I can not distinguish someone :) from someone :( . So I can not respond to even a personal request by private message or something like that. Your understanding is most appreciated.
Most part of firmware is organized as FAT12 filesystem. There is a way to get firmware files by software means, I think. Every key you need is already available in this forum. All we need is just to write some small code for that. Briefly, use flash0: and sceIo functions.