** WARNING **
This software accesses to system memory and firmware, which may cause
SEVERE DAMAGE TO YOUR EQUIPMENT. There are some possibilities of
PERMANENT DESTRUCTION OF THE PSP. NO WARRANTY. USE AT YOUR OWN RISK!
** WARNING **
PSP Dump released. Only for PSP 1.00. Firmware files can be dumped by software.
This software is for browsing only. If you want to get the files, please do NOT ask me.
Write your own code to do so. It's fun. :)
Some note:
Only FAT organized area of on-board flash chip, system file volume and configuration file volume, can be browsed.
There is bootstrap area with equipment serial IDs in the flash chip, and the area is unreachable by this software.
Bootstrap code is different between PSP 1.50 and PSP 1.00. If you want to reflash 1.50 to 1.00, files obtained by
this method may not be enough. When you try reflash, I recommend to beware this difference.
http://anon.ug.to/sec/pspdump.html
PSP [firmware] Dump [program]
PSP [firmware] Dump [program]
Last edited by nem on Mon May 09, 2005 7:04 am, edited 1 time in total.
Good stuff nem works great thanks.
File list of flash0 and flash1 note capital letters are directories:
flash0
->
DATA
DIC
FONT
KD
VSH
flash0\DATA\CERT
->
class1 pca g2 v2.cer
class1 pca g3v2.cer
class1 pca ss v4.cer
class2 pca g2 v2.cer
class2 pca g3v2.cer
class2 pca ss v4.cer
class3 pca g2 v2.cer
class3 pca g3v2.cer
class3 pca ss v4.cer
class4 pca g2 v2.cer
class4 pca g3v2.cer
rsa1024 v1.cer
rsa2048 v3.cer
rsa secureserver.cer
sce ca01.cer
sce ca02.cer
sce ca03.cer
sce ca04.cer
sce ca05.cer
verisign tsa ca.cer
flash0\DIC\
->
apotp.dic
atokp.dic
aux0.dic
aux1.dic
aux2.dic
aux3.dic
flash0\FONT\
->
jpn0.pgf
ltn0.pgf
ltn1.pgf
ltn10.pgf
ltn11.pgf
ltn12.pgf
ltn13.pgf
ltn14.pgf
ltn15.pgf
ltn2.pgf
ltn3.pgf
ltn4.pgf
ltn5.pgf
ltn6.pgf
ltn7.pgf
ltn8.pgf
ltn9.pgf
flash0\KD\
->
ata.prx
audio.prx
audiocodec.prx
blkdev.prx
chkreg.prx
clockgen.prx
codec.prx
ctrl.prx
display.prx
dmacman.prx
dmacplus.prx
emc ddr.prx
emc sm.prx
exceptionman.prx
fatmsmod.prx
ge.prx
gpio.prx
hpremote.prx
i2c.prx
idstorage.prx
ifhandle.prx
impose.prx
init.prx
interruptman.prx
iofilemgr.prx
isofs.prx
lcdc.prx
led.prx
lfatfs.prx
lflash fatfmt.prx
libatrac3plus.prx
libhttp.prx
libparse http.prx
libparse uri.prx
loadcore.prx
loadexec.prx
me for vsh.prx
me wrapper.prx
mebooter.prx
mebooter umdvideo.prx
mediaman.prx
mediasync.prx
memab.prx
memlmd.prx
mesg led.prx
mgr.prx
modulemgr.prx
mpeg vsh.prx
mpegbase.prx
msaudio.prx
mscm.prx
msstor.prx
openpsid.prx
pew.prx
power.prx
pspbtcnf.txt
pspbtcnf game.txt
pspbtcnf updater.txt
pspcnf tbl.txt
pspnet.prx
pspnet adhoc.prx
pspnet adhoc auth.prx
pspnet adhoc download.prx
pspnet adhoc matching.prx
pspnet adhocctl.prx
pspnet ap dialog dummy.prx
pspnet apctl.prx
pspnet inet.prx
pspnet resolver.prx
pwm.prx
reboot.prx
registry.prx
rtc.prx
semawm.prx
sircs.prx
stdio.prx
sysclib.prx
syscon.prx
sysmem.prx
sysmem uart4.prx
sysreg.prx
systimer.prx
threadman.prx
uart4.prx
umd9660.prx
umdman.prx
usb.prx
usbstor.prx
usbstorboot.prx
usbstormgr.prx
usbstorms.prx
usersystemlib.prx
utility.prx
utlis.prx
vaudio.prx
vaudio game.prx
videocodec.prx
vshbridge.prx
wlan.prx
flash0\vsh\etc\
->
index.dat
jis2ucs.bin
jis2ucs.cbin
ucs2jis.bin
ucs2jis.cbin
version.txt
flash0\vsh\module\
->
auth plugin.prx
chnnlsv.prx
common gui.prx
common util.prx
dialogmain.prx
game plugin.prx
heaparea1.prx
heaparea2.prx
impose plugin.prx
msgdialog plugin.prx
netconf plugin.prx
netplay client plugin.prx
netplay server utility.prx
opening plugin.prx
osk plugin.prx
paf.prx
pafmini.prx
photo plugin.prx
savedata auto dialog.prx
savedata plugin.prx
savedata utility.prx
sysconf plugin.prx
update plugin.prx
video plugin.prx
vshmain.prx
flash0\vsh\resource\
->
01.bmp
02.bmp
03.bmp
04.bmp
05.bmp
06.bmp
07.bmp
08.bmp
09.bmp
10.bmp
11.bmp
12.bmp
auth plugin.rco
game plugin.rco
gameboot.pmf
impose plugin.rco
msgdialog plugin.rco
msvideo plugin.rco
music plugin.rco
netconf dialog.rco
netplay plugin.rco
opening plugin.rco
osk plugin.rco
osk utility.rco
photo plugin.rco
savedata plugin.rco
savedata utility.rco
sysconf plugin.rco
system plugin.rco
system plugin bg.rco
system plugin fg.rco
topmenu plugin.rco
update plugin.rco
video plugin.rco
video plugin videotoolbar.rco
flash1
->
DIC
REGISTRY
VSH
flash1\DIC\
->
atokl0.dat
flash1\REGISTRY\
->
system.ireg
system.dreg
flash1\VSH\
->
THEME
flash1\VSH\THEME\
->
empty directory
File list of flash0 and flash1 note capital letters are directories:
flash0
->
DATA
DIC
FONT
KD
VSH
flash0\DATA\CERT
->
class1 pca g2 v2.cer
class1 pca g3v2.cer
class1 pca ss v4.cer
class2 pca g2 v2.cer
class2 pca g3v2.cer
class2 pca ss v4.cer
class3 pca g2 v2.cer
class3 pca g3v2.cer
class3 pca ss v4.cer
class4 pca g2 v2.cer
class4 pca g3v2.cer
rsa1024 v1.cer
rsa2048 v3.cer
rsa secureserver.cer
sce ca01.cer
sce ca02.cer
sce ca03.cer
sce ca04.cer
sce ca05.cer
verisign tsa ca.cer
flash0\DIC\
->
apotp.dic
atokp.dic
aux0.dic
aux1.dic
aux2.dic
aux3.dic
flash0\FONT\
->
jpn0.pgf
ltn0.pgf
ltn1.pgf
ltn10.pgf
ltn11.pgf
ltn12.pgf
ltn13.pgf
ltn14.pgf
ltn15.pgf
ltn2.pgf
ltn3.pgf
ltn4.pgf
ltn5.pgf
ltn6.pgf
ltn7.pgf
ltn8.pgf
ltn9.pgf
flash0\KD\
->
ata.prx
audio.prx
audiocodec.prx
blkdev.prx
chkreg.prx
clockgen.prx
codec.prx
ctrl.prx
display.prx
dmacman.prx
dmacplus.prx
emc ddr.prx
emc sm.prx
exceptionman.prx
fatmsmod.prx
ge.prx
gpio.prx
hpremote.prx
i2c.prx
idstorage.prx
ifhandle.prx
impose.prx
init.prx
interruptman.prx
iofilemgr.prx
isofs.prx
lcdc.prx
led.prx
lfatfs.prx
lflash fatfmt.prx
libatrac3plus.prx
libhttp.prx
libparse http.prx
libparse uri.prx
loadcore.prx
loadexec.prx
me for vsh.prx
me wrapper.prx
mebooter.prx
mebooter umdvideo.prx
mediaman.prx
mediasync.prx
memab.prx
memlmd.prx
mesg led.prx
mgr.prx
modulemgr.prx
mpeg vsh.prx
mpegbase.prx
msaudio.prx
mscm.prx
msstor.prx
openpsid.prx
pew.prx
power.prx
pspbtcnf.txt
pspbtcnf game.txt
pspbtcnf updater.txt
pspcnf tbl.txt
pspnet.prx
pspnet adhoc.prx
pspnet adhoc auth.prx
pspnet adhoc download.prx
pspnet adhoc matching.prx
pspnet adhocctl.prx
pspnet ap dialog dummy.prx
pspnet apctl.prx
pspnet inet.prx
pspnet resolver.prx
pwm.prx
reboot.prx
registry.prx
rtc.prx
semawm.prx
sircs.prx
stdio.prx
sysclib.prx
syscon.prx
sysmem.prx
sysmem uart4.prx
sysreg.prx
systimer.prx
threadman.prx
uart4.prx
umd9660.prx
umdman.prx
usb.prx
usbstor.prx
usbstorboot.prx
usbstormgr.prx
usbstorms.prx
usersystemlib.prx
utility.prx
utlis.prx
vaudio.prx
vaudio game.prx
videocodec.prx
vshbridge.prx
wlan.prx
flash0\vsh\etc\
->
index.dat
jis2ucs.bin
jis2ucs.cbin
ucs2jis.bin
ucs2jis.cbin
version.txt
flash0\vsh\module\
->
auth plugin.prx
chnnlsv.prx
common gui.prx
common util.prx
dialogmain.prx
game plugin.prx
heaparea1.prx
heaparea2.prx
impose plugin.prx
msgdialog plugin.prx
netconf plugin.prx
netplay client plugin.prx
netplay server utility.prx
opening plugin.prx
osk plugin.prx
paf.prx
pafmini.prx
photo plugin.prx
savedata auto dialog.prx
savedata plugin.prx
savedata utility.prx
sysconf plugin.prx
update plugin.prx
video plugin.prx
vshmain.prx
flash0\vsh\resource\
->
01.bmp
02.bmp
03.bmp
04.bmp
05.bmp
06.bmp
07.bmp
08.bmp
09.bmp
10.bmp
11.bmp
12.bmp
auth plugin.rco
game plugin.rco
gameboot.pmf
impose plugin.rco
msgdialog plugin.rco
msvideo plugin.rco
music plugin.rco
netconf dialog.rco
netplay plugin.rco
opening plugin.rco
osk plugin.rco
osk utility.rco
photo plugin.rco
savedata plugin.rco
savedata utility.rco
sysconf plugin.rco
system plugin.rco
system plugin bg.rco
system plugin fg.rco
topmenu plugin.rco
update plugin.rco
video plugin.rco
video plugin videotoolbar.rco
flash1
->
DIC
REGISTRY
VSH
flash1\DIC\
->
atokl0.dat
flash1\REGISTRY\
->
system.ireg
system.dreg
flash1\VSH\
->
THEME
flash1\VSH\THEME\
->
empty directory
Last edited by skippy911 on Mon May 09, 2005 9:19 am, edited 2 times in total.
Aha, the information on the file list does give a bit of information about the encryption system: it uses certificates. Verisign is involved, a few Sony-specific certificates it seems, and a few others which seem to be self-signed by Sony. Anyone take a peek at these certificates and checked them out for anything interesting? Are they standard RSA/SSL type certificates (X509-style)?
I really want to know , what is the total size of the file extracted?
is that around 8mb? as we know that sony reserve about 8mb space for the kenrel.
if that's smaller that 8mb , that mean sony still have room to add more application to the firmware , that's a good news
if that's bigger that 8mb , where are those files come from??haha~~
is that around 8mb? as we know that sony reserve about 8mb space for the kenrel.
if that's smaller that 8mb , that mean sony still have room to add more application to the firmware , that's a good news
if that's bigger that 8mb , where are those files come from??haha~~
-
ModernRonin
- Posts: 10
- Joined: Sat May 07, 2005 5:19 pm
- Location: Colorado
- Contact:
Hey nem, when you get some time, do you mind looking for symbols in the following files and tell us if you find anything interesting:
loadcore.prx
loadexec.prx
usbstorboot.prx
I'm particularly interested in knowing if "usbstorboot" means there's some way we can boot the PSP off a USB storage device...
Has anyone snooped the USB connection while the PSP is powering up?
loadcore.prx
loadexec.prx
usbstorboot.prx
I'm particularly interested in knowing if "usbstorboot" means there's some way we can boot the PSP off a USB storage device...
Has anyone snooped the USB connection while the PSP is powering up?
Konfig I think your onto something there.. might be the answer to this guys post..
http://forums.ps2dev.org/viewtopic.php?t=1629
so then the PSP might be reloading OS when the PSP splash screen shows.. only time you dont see it is when playing movie UMDs and the Sampler disc but that would be cuz its got what it needs right there.. That may also explain these "Firmware Update w/ Game" like GT4mobile is claimed to contain.. hmmm??
http://forums.ps2dev.org/viewtopic.php?t=1629
so then the PSP might be reloading OS when the PSP splash screen shows.. only time you dont see it is when playing movie UMDs and the Sampler disc but that would be cuz its got what it needs right there.. That may also explain these "Firmware Update w/ Game" like GT4mobile is claimed to contain.. hmmm??
My name's not nem, but as far as being able to see symbols in those files just isn't possible. Of course, this is based on information in a previous post on this thread. Only three files of all the prx's are not encrypted, these falling into the encrypted pool. Maybe nem has another way to scan the assemblies up his sleeve ;)
--
blargh!
blargh!
I think some misunderstanging about os kernel.konfig wrote:I guess the 8MB OS kernel(at least most of them, game related) is launched from the game disk other than the firmware.
This makes things easy when the low efficiency 8MB huge OS kernel becomes a burden for developers someday.
if os kernel is load from game disk , psp firmware should just include the bios (just like computer , only bios is load when boot up , you can load any kind of OS on the bios)
but now the case is , psp has it own OS , and game developer need to develop their game for this OS. (just like developing a application on windows , you need to call some kernel/core function to access the machine). And we dont know game developer can write their own function to access the machine without using the kernel function or not. (for example , you cant direct access the parallel port in windows xp bypassing the xp kernel , but you can do it at linux and windows 98)
and if the kernel is load from disk , the speed will very very slow (imagine the different between the speed you boot linux from cd and the speed you boot from harddisk)
anyway , those file from the firmware give us some hints about PSP programming , that's a good thing. thank all people working on dumping the firmware and disk
With the firmware updated, some OS function may be unavailable for games. That's why game disk includes these files.laichung wrote:I think some misunderstanging about os kernel.konfig wrote:I guess the 8MB OS kernel(at least most of them, game related) is launched from the game disk other than the firmware.
This makes things easy when the low efficiency 8MB huge OS kernel becomes a burden for developers someday.
if os kernel is load from game disk , psp firmware should just include the bios (just like computer , only bios is load when boot up , you can load any kind of OS on the bios)
but now the case is , psp has it own OS , and game developer need to develop their game for this OS. (just like developing a application on windows , you need to call some kernel/core function to access the machine). And we dont know game developer can write their own function to access the machine without using the kernel function or not. (for example , you cant direct access the parallel port in windows xp bypassing the xp kernel , but you can do it at linux and windows 98)
and if the kernel is load from disk , the speed will very very slow (imagine the different between the speed you boot linux from cd and the speed you boot from harddisk)
anyway , those file from the firmware give us some hints about PSP programming , that's a good thing. thank all people working on dumping the firmware and disk
As for why psp firmware not only includes the bios, I think the XMB and the application embodied (such as video player, mp3 player) need the OS.
So the psp firmware may includes these parts:
1) BIOS(maybe not)
2) OS (for XMB and the embodied application, may be unavailable for games in the future)
3) the XMB and the embodied application(updated simultaneously with the OS)
As I know, there is some difference between PC OS and the PSP OS
1) PC OS like windows supports both multi-thread and multi-process. but as for the PSP OS, multii-process is not need. When you are playing a game, it seems impossible to be downloading something for the internet.
2) PSP game is not and should not always based on the PSP OS. Every PC has different hardwares(even using the same OS). So the software must based on OS because they don't know on what kind of hardware they will run. But as for console platforms, they always have the same hardwares, so it is no problem that games can be completely independent of OS. They can be directly based on BIOS, or even the bottom level hardware, it is much more efficient than based on the OS.
I think the meaning of PSP OS for games is just to provide some function library(most important, I/O library) to reduce the development cost. But at the same time, the 8MB OS core is of low efficiency, so further games should not use this OS anylonger.
What you say just bring me another idea about those files, thanks.
What I'm thinking is , actually those library file can be excluded from the firmware(since they are not BIOS/Core library). why they are there because some applications(XMB , etc) need it.
so game developer must include the library in the UMD, because they dont know those library file already existed inside the firmware.
What sony said about "8mb OS kernel" may be somethings else.
Anyway , we still need times to discover it. work hard everone~~thanks
What I'm thinking is , actually those library file can be excluded from the firmware(since they are not BIOS/Core library). why they are there because some applications(XMB , etc) need it.
so game developer must include the library in the UMD, because they dont know those library file already existed inside the firmware.
What sony said about "8mb OS kernel" may be somethings else.
Anyway , we still need times to discover it. work hard everone~~thanks
konfig wrote:With the firmware updated, some OS function may be unavailable for games. That's why game disk includes these files.laichung wrote:I think some misunderstanging about os kernel.konfig wrote:I guess the 8MB OS kernel(at least most of them, game related) is launched from the game disk other than the firmware.
This makes things easy when the low efficiency 8MB huge OS kernel becomes a burden for developers someday.
if os kernel is load from game disk , psp firmware should just include the bios (just like computer , only bios is load when boot up , you can load any kind of OS on the bios)
but now the case is , psp has it own OS , and game developer need to develop their game for this OS. (just like developing a application on windows , you need to call some kernel/core function to access the machine). And we dont know game developer can write their own function to access the machine without using the kernel function or not. (for example , you cant direct access the parallel port in windows xp bypassing the xp kernel , but you can do it at linux and windows 98)
and if the kernel is load from disk , the speed will very very slow (imagine the different between the speed you boot linux from cd and the speed you boot from harddisk)
anyway , those file from the firmware give us some hints about PSP programming , that's a good thing. thank all people working on dumping the firmware and disk
As for why psp firmware not only includes the bios, I think the XMB and the application embodied (such as video player, mp3 player) need the OS.
So the psp firmware may includes these parts:
1) BIOS(maybe not)
2) OS (for XMB and the embodied application, may be unavailable for games in the future)
3) the XMB and the embodied application(updated simultaneously with the OS)
As I know, there is some difference between PC OS and the PSP OS
1) PC OS like windows supports both multi-thread and multi-process. but as for the PSP OS, multii-process is not need. When you are playing a game, it seems impossible to be downloading something for the internet.
2) PSP game is not and should not always based on the PSP OS. Every PC has different hardwares(even using the same OS). So the software must based on OS because they don't know on what kind of hardware they will run. But as for console platforms, they always have the same hardwares, so it is no problem that games can be completely independent of OS. They can be directly based on BIOS, or even the bottom level hardware, it is much more efficient than based on the OS.
I think the meaning of PSP OS for games is just to provide some function library(most important, I/O library) to reduce the development cost. But at the same time, the 8MB OS core is of low efficiency, so further games should not use this OS anylonger.
Thanks all :)
Now I'm away from our Titan base and have limited access to resources. Narrow connection to the net also prevents me from even reading the forum. Things go too fast to catch up. :(
Source code.
I need some brush-ups of the code. Maybe later.
skippy911:
Thanks for your list. Good work! Can I add some info to your list?
Krevnik:
Certificates.
Lots of certificates in flash0:\data\cert\. They are ordinal base64 encoded certificate, not encrypted. Their role is still unknown.
laichung:
Total size of the files in flash0: is around 12MBytes. Where are those files come from? My obserbation/guess as follows:
- Memory chip on board contains 32MByte SDRAM and 32MByte FlashROM.
- 32MByte FlashROM consists of 1MByte bootstrap area and 31MByte disk storage area.
- Disk storage area have two partitions, 24MByte flash0: and 4MByte flash1:
- flash0: as system file volume, flash1: as configuration file volume
SONY says 32MByte SDRAM is divided to two parts, 8MByte kernel memory and 24MByte user memory.
User memory seems to be 0x08800000..0x09ffffff.
When system starts up, some files/modules are loaded to kernel memory, not all.
Now I'm away from our Titan base and have limited access to resources. Narrow connection to the net also prevents me from even reading the forum. Things go too fast to catch up. :(
Source code.
I need some brush-ups of the code. Maybe later.
skippy911:
Thanks for your list. Good work! Can I add some info to your list?
Code: Select all
files in flash0:
flash0:\
<DIR> data
<DIR> dic
<DIR> font
<DIR> kd
<DIR> vsh
flash0:\data\
<DIR> cert
flash0:\data\cert\
1122 Class1_PCA_G2_v2.cer
1508 Class1_PCA_G3v2.cer
854 Class1_PCA_ss_v4.cer
1126 Class2_PCA_G2_v2.cer
1504 Class2_PCA_G3v2.cer
848 Class2_PCA_ss_v4.cer
1122 Class3_PCA_G2_v2.cer
1508 Class3_PCA_G3v2.cer
848 Class3_PCA_ss_v4.cer
1122 Class4_PCA_G2_v2.cer
1508 Class4_PCA_G3v2.cer
1066 RSA1024_v1.cer
1233 RSA2048_v3.cer
840 RSA_SecureServer.cer
1387 SCE_CA01.cer
1387 SCE_CA02.cer
1387 SCE_CA03.cer
1387 SCE_CA04.cer
1387 SCE_CA05.cer
1402 VeriSign_TSA_CA.cer
flash0:\dic\
1346880 apotp.dic
939166 atokp.dic
14886 aux0.dic
9647 aux1.dic
4631 aux2.dic
13172 aux3.dic
flash0:\font\
1679100 jpn0.pgf
123896 ltn0.pgf
113200 ltn1.pgf
58256 ltn10.pgf
55924 ltn11.pgf
61816 ltn12.pgf
58788 ltn13.pgf
64100 ltn14.pgf
59924 ltn15.pgf
129652 ltn2.pgf
115940 ltn3.pgf
132536 ltn4.pgf
121548 ltn5.pgf
138472 ltn6.pgf
124868 ltn7.pgf
56512 ltn8.pgf
54484 ltn9.pgf
flash0:\kd\
13232 ata.prx [PSP] sceATA_ATAPI_driver
9040 audio.prx [PSP] sceAudio_Driver
3248 audiocodec.prx [PSP] sceAudiocodec_Driver
3712 blkdev.prx [PSP] sceBLK_driver
3488 chkreg.prx [PSP] sceChkreg
2416 clockgen.prx [PSP] sceClockgen_Driver
4096 codec.prx [PSP] sceWM8750_Driver
5600 ctrl.prx [PSP] sceController_Service
7248 display.prx [PSP] sceDisplay_Service
6032 dmacman.prx [PSP] sceDMAManager
8768 dmacplus.prx [PSP] sceDMACPLUS_Driver
2384 emc_ddr.prx [PSP] sceDDR_Driver
8080 emc_sm.prx [PSP] sceNAND_Driver
3248 exceptionman.prx [PSP] sceExceptionManager
71760 fatmsmod.prx [PSP] sceMSFAT_Driver
8720 ge.prx [PSP] sceGE_Manager
3184 gpio.prx [PSP] sceGPIO_Driver
6800 hpremote.prx [PSP] sceHP_Remote_Driver
4368 i2c.prx [PSP] sceI2C_Driver
7072 idstorage.prx [PSP] sceIdStorage_Service
10848 ifhandle.prx [PSP] sceNetIfhandle_Service
32480 impose.prx [PSP] sceImpose_Driver
7056 init.prx [PSP] sceInit
9872 interruptman.prx [PSP] sceInterruptManager
11520 iofilemgr.prx [PSP] sceIOFileManager
23520 isofs.prx [PSP] sceIsofs_driver
3328 lcdc.prx [PSP] sceLCDC_Driver
2448 led.prx [PSP] sceLED_Service
37472 lfatfs.prx [PSP] sceLFatFs_Driver
6192 lflash_fatfmt.prx [PSP] sceLflashFatfmt
10192 libatrac3plus.prx [PSP] sceATRAC3plus_Library
36896 libhttp.prx [PSP] SceHttp_Library
3008 libparse_http.prx [PSP] SceParseHTTPheader_Library
8112 libparse_uri.prx [PSP] SceParseURI_Library
10928 libupdown.prx [PSP] SceUpdateDL_Library
41168 loadcore.prx [PSP] sceLoaderCore
8016 loadexec.prx [PSP] sceLoadExec
1040 me_for_vsh.prx [PSP] me_for_vsh
13008 me_wrapper.prx [PSP] sceMeCodecWrapper
285856 mebooter.prx [PSP] sceMeBooter
126448 mebooter_umdvideo.prx [PSP] sceMeBooter
8240 mediaman.prx [PSP] sceUmd_driver
2816 mediasync.prx [PSP] sceMediaSync
15216 memab.prx [PSP] sceMemab
8800 memlmd.prx [PSP] sceMemlmd
14128 mesg_led.prx [PSP] sceMesgLed
20720 mgr.prx [PSP] sceMgr_Driver
13824 modulemgr.prx [PSP] sceModuleManager
19664 mpeg_vsh.prx [PSP] sceMpeg_library
4304 mpegbase.prx [PSP] sceMpegbase_Driver
8112 msaudio.prx [PSP] sceMsAudio_Service
16048 mscm.prx [PSP] sceMScm_Driver
20352 msstor.prx [PSP] sceMSstor_Driver
3136 openpsid.prx [PSP] sceOpenPSID_Service
1728 peq.prx [PSP] scePEQ_Library_driver
12608 power.prx [PSP] scePower_Service
1584 pspbtcnf.txt [PSP]
1376 pspbtcnf_game.txt [PSP]
1600 pspbtcnf_updater.txt [PSP]
432 pspcnf_tbl.txt [PSP]
27472 pspnet.prx [PSP] sceNet_Library
20080 pspnet_adhoc.prx [PSP] sceNetAdhoc_Library
10832 pspnet_adhoc_auth.prx [PSP] sceNetAdhocAuth_Service
7904 pspnet_adhoc_download.prx [PSP] sceNetAdhocDownload_Library
9088 pspnet_adhoc_matching.prx [PSP] sceNetAdhocMatching_Library
17968 pspnet_adhocctl.prx [PSP] sceNetAdhocctl_Library
2608 pspnet_ap_dialog_dummy.prx [PSP] sceNetApDialogDummy_Library
22784 pspnet_apctl.prx [PSP] sceNetApctl_Library
130944 pspnet_inet.prx [PSP] sceNetInet_Library
6880 pspnet_resolver.prx [PSP] sceNetResolver_Library
1904 pwm.prx [PSP] scePWM_Driver
53136 reboot.prx [PSP] sceReboot
16896 registry.prx [PSP] sceRegistry_Service
11136 rtc.prx [PSP] sceRTC_Service
34768 semawm.prx [PSP] sceSemawm
6464 sircs.prx [PSP] sceSIRCS_IrDA_Driver
3744 stdio.prx [PSP] sceStdio
6032 sysclib.prx [PSP] sceSysclib
9936 syscon.prx [PSP] sceSYSCON_Driver
72304 sysmem.prx [PSP] sceSystemMemoryManager
27536 sysmem_uart4.prx [PSP] sceSystemMemoryManager
5808 sysreg.prx [PSP] sceSYSREG_Driver
2736 systimer.prx [PSP] sceSystimer
44512 threadman.prx [PSP] sceThreadManager
2288 uart4.prx [PSP] sceUart4
17504 umd9660.prx [PSP] sceUmd9660_driver
34864 umdman.prx [PSP] sceUmdMan_driver
29248 usb.prx [PSP] sceUSB_Driver
8656 usbstor.prx [PSP] sceUSB_Stor_Driver
13088 usbstorboot.prx [PSP] sceUSB_Stor_Boot_Driver
10720 usbstormgr.prx [PSP] sceUSB_Stor_Mgr_Driver
9328 usbstorms.prx [PSP] sceUSB_Stor_Ms_Driver
1168 usersystemlib.prx [PSP] sceKernelLibrary
9216 utility.prx [PSP] sceUtility_Driver
10272 utils.prx [PSP] sceKernelUtils
2784 vaudio.prx [PSP] sceVaudio_driver
1088 vaudio_game.prx [PSP] sceVaudio_driver
3824 videocodec.prx [PSP] sceVideocodec_Driver
2704 vshbridge.prx [PSP] sceVshBridge_Driver
114480 wlan.prx [PSP] sceWlan_Driver
flash0:\vsh\
<DIR> etc
<DIR> module
<DIR> resource
flash0:\vsh\etc\
480 index.dat
131072 jis2ucs.bin
16182 jis2ucs.cbin
131072 ucs2jis.bin
33672 ucs2jis.cbin
135 version.txt
flash0:\vsh\module\
5856 auth_plugin.prx [PSP] auth_plugin_module
8464 chnnlsv.prx [PSP] sceChnnlsv
16944 common_gui.prx [PSP] sceVshCommonGui_Module
15392 common_util.prx [PSP] sceVshCommonUtil_Module
22784 dialogmain.prx [PSP] sceDialogmain_Module
33168 game_plugin.prx [PSP] game_plugin_module
1952 heaparea1.prx [PSP] scePafHeaparea_Module
1952 heaparea2.prx [PSP] scePafHeaparea_Module
4256 impose_plugin.prx [PSP] impose_plugin_module
8996 msgdialog_plugin.prx sceVshMSDPlugin_Module
149184 msvideo_plugin.prx [PSP] msvideo_plugin_module
204608 music_plugin.prx [PSP] music_plugin_module
39744 netconf_plugin.prx [PSP] sceVshNetconf_Module
16432 netplay_client_plugin.prx [PSP] sceVshGSPlugin_Module
10592 netplay_server_utility.prx [PSP] sceVshGSUtility_Module
4960 opening_plugin.prx [PSP] opening_plugin_module
35520 osk_plugin.prx [PSP] sceVshOSK_Module
599072 paf.prx [PSP] scePaf_Module
513184 pafmini.prx [PSP] scePaf_Module
79056 photo_plugin.prx [PSP] photo_plugin_module
60224 savedata_auto_dialog.prx [PSP] sceVshSDAuto_Module
61344 savedata_plugin.prx [PSP] sceVshSDPlugin_Module
59344 savedata_utility.prx [PSP] sceVshSDUtility_Module
42464 sysconf_plugin.prx [PSP] sysconf_plugin_module
15840 update_plugin.prx [PSP] update_plugin_module
137936 video_plugin.prx [PSP] video_plugin_module
67040 vshmain.prx [PSP] vsh_module
flash0:\vsh\resource\
6176 01.bmp
6176 02.bmp
6176 03.bmp
6176 04.bmp
6176 05.bmp
6176 06.bmp
6176 07.bmp
6176 08.bmp
6176 09.bmp
6176 10.bmp
6176 11.bmp
6176 12.bmp
4556 auth_plugin.rco
57148 game_plugin.rco
200704 gameboot.pmf
87828 impose_plugin.rco
7028 msgdialog_plugin.rco
158124 msvideo_plugin.rco
220976 music_plugin.rco
68552 netconf_dialog.rco
12560 netplay_plugin.rco
254480 opening_plugin.rco
318548 osk_plugin.rco
121384 osk_utility.rco
182604 photo_plugin.rco
68328 savedata_plugin.rco
64428 savedata_utility.rco
151540 sysconf_plugin.rco
98136 system_plugin.rco
10776 system_plugin_bg.rco
45508 system_plugin_fg.rco
216320 topmenu_plugin.rco
14048 update_plugin.rco
26464 video_plugin.rco
115888 video_plugin_videotoolbar.rco
NB:
[PSP] is ~PSP type encrypted file. Right column is module name.
pspbtcnf*.txt seems to be boot configuration file for each mode.
nn.bmp is background image of XMB. it's 60x34 bitmapKrevnik:
Certificates.
Lots of certificates in flash0:\data\cert\. They are ordinal base64 encoded certificate, not encrypted. Their role is still unknown.
Code: Select all
Type and publisher of certificates
Class1_PCA_G2_v2.cer SHA1/RSA1024 VeriSign
Class1_PCA_G3v2.cer SHA1/RSA2048 VeriSign
Class1_PCA_ss_v4.cer MD2 /RSA1024 VeriSign
Class2_PCA_G2_v2.cer SHA1/RSA1024 VeriSign
Class2_PCA_G3v2.cer SHA1/RSA2048 VeriSign
Class2_PCA_ss_v4.cer MD2 /RSA1024 VeriSign
Class3_PCA_G2_v2.cer SHA1/RSA1024 VeriSign
Class3_PCA_G3v2.cer SHA1/RSA2048 VeriSign
Class3_PCA_ss_v4.cer MD2 /RSA1024 VeriSign
Class4_PCA_G2_v2.cer SHA1/RSA1024 VeriSign
Class4_PCA_G3v2.cer SHA1/RSA2048 VeriSign
RSA1024_v1.cer SHA1/RSA1024 ValiCert
RSA2048_v3.cer SHA1/RSA2048 RSA Security
RSA_SecureServer.cer MD2 /RSA1024 RSA Data Security
SCE_CA01.cer SHA1/RSA2048 SCEI
SCE_CA02.cer SHA1/RSA2048 SCEI
SCE_CA03.cer SHA1/RSA2048 SCEI
SCE_CA04.cer SHA1/RSA2048 SCEI
SCE_CA05.cer SHA1/RSA2048 SCEI
VeriSign_TSA_CA.cer SHA1/RSA1024 VeriSign, Time Stamping Authority laichung:
Total size of the files in flash0: is around 12MBytes. Where are those files come from? My obserbation/guess as follows:
- Memory chip on board contains 32MByte SDRAM and 32MByte FlashROM.
- 32MByte FlashROM consists of 1MByte bootstrap area and 31MByte disk storage area.
- Disk storage area have two partitions, 24MByte flash0: and 4MByte flash1:
- flash0: as system file volume, flash1: as configuration file volume
SONY says 32MByte SDRAM is divided to two parts, 8MByte kernel memory and 24MByte user memory.
User memory seems to be 0x08800000..0x09ffffff.
When system starts up, some files/modules are loaded to kernel memory, not all.
Code: Select all
13232 ata.prx [PSP] sceATA_ATAPI_driver Interesting. Need to start checking pinouts...
-
pedroleite
- Posts: 39
- Joined: Sun Apr 10, 2005 8:31 am
I will regret asking for this...
But:
https://securitycenter.verisign.com/cel ... earchStart
Can anyone just check the serial number, or Name on certificate for those... and provide the information for the search...
A public certificate is public... somwhere...
At least knowing the dates issued and expired will reveal a game lifetime...
My games will expire? I can't let my great-great-great-granson's play Wipeout Pure?
:)
If those are regular certificates, and CA's, there should be some kind of signature or encoding...
One of those certificates will open a key somewhere, and allow decryption to occur...
One can't encrypt... but one can decrypt...
I couldn't find ASN.1 structures inside the EBOOT.PBP...
I will try a trick later, using the <script src=""> also... can't the browser be tricked by javascript, frames, or query, maybe pathinfo (/dir/file.cer/nowhere.txt) ?
But:
https://securitycenter.verisign.com/cel ... earchStart
Can anyone just check the serial number, or Name on certificate for those... and provide the information for the search...
A public certificate is public... somwhere...
At least knowing the dates issued and expired will reveal a game lifetime...
My games will expire? I can't let my great-great-great-granson's play Wipeout Pure?
:)
If those are regular certificates, and CA's, there should be some kind of signature or encoding...
One of those certificates will open a key somewhere, and allow decryption to occur...
One can't encrypt... but one can decrypt...
I couldn't find ASN.1 structures inside the EBOOT.PBP...
I will try a trick later, using the <script src=""> also... can't the browser be tricked by javascript, frames, or query, maybe pathinfo (/dir/file.cer/nowhere.txt) ?
nem wrote:Thanks all :) <...>
Krevnik:
Certificates.
Lots of certificates in flash0:\data\cert\. They are ordinal base64 encoded certificate, not encrypted. Their role is still unknown.
Allow me to shed some light then, based on some easy research by visiting the companies in question, and my own work dealing with CAs setting up my IMAP server. :)
Code: Select all
Class1_PCA_G2_v2.cer SHA1/RSA1024 VeriSign
Class1_PCA_G3v2.cer SHA1/RSA2048 VeriSign
Class1_PCA_ss_v4.cer MD2 /RSA1024 VeriSign
Class2_PCA_G2_v2.cer SHA1/RSA1024 VeriSign
Class2_PCA_G3v2.cer SHA1/RSA2048 VeriSign
Class2_PCA_ss_v4.cer MD2 /RSA1024 VeriSign
Class3_PCA_G2_v2.cer SHA1/RSA1024 VeriSign
Class3_PCA_G3v2.cer SHA1/RSA2048 VeriSign
Class3_PCA_ss_v4.cer MD2 /RSA1024 VeriSign
Class4_PCA_G2_v2.cer SHA1/RSA1024 VeriSign
Class4_PCA_G3v2.cer SHA1/RSA2048 VeriSign
Code: Select all
RSA1024_v1.cer SHA1/RSA1024 ValiCert
RSA2048_v3.cer SHA1/RSA2048 RSA Security
RSA_SecureServer.cer MD2 /RSA1024 RSA Data Security
Code: Select all
SCE_CA01.cer SHA1/RSA2048 SCEI
SCE_CA02.cer SHA1/RSA2048 SCEI
SCE_CA03.cer SHA1/RSA2048 SCEI
SCE_CA04.cer SHA1/RSA2048 SCEI
SCE_CA05.cer SHA1/RSA2048 SCEI
Code: Select all
VeriSign_TSA_CA.cer SHA1/RSA1024 VeriSign, Time Stamping Authority This as a whole is a trust tree, to setup a base list of trusted certificates for the PSP. Anything signed directly by the owners of these certificates, or using a key which has been signed by the owners of these certificates will be trusted. (I.E. can the certificate presented by the game/software to be run be verified as to be connected to these certificates?)
This is very grim news indeed, especially after seeing the size of those suckers. 1-2 kilobit is pretty strong with 2 kilobit being military-grade as of 1996-2000.
However, there is some good news in this, since Verisign is included in the trust tree. Once someone figures out how binaries are signed/encrypted, it might be possible to 'short-cut' Sony's signing process and go through Verisign to get something signed. However, we cannot be certain that Verisign will use the same keys to sign a homebrew certificate, or that Sony won't cut Verisign out of the trust tree at some point if they deem it as required action.
Not to mention that becoming a CA through Verisign locks out anyone without gobs of money and a reputation that Verisign says they will 'trust' (i.e. whomever pays Verisign gobs of money is trusted).
-
blackdroid
- Posts: 564
- Joined: Sat Jan 17, 2004 10:22 am
- Location: Sweden
- Contact: