PSP [firmware] Dump [program]

Discuss the development of new homebrew software, tools and libraries.

Moderators: cheriff, TyRaNiD

User avatar
sq377
Posts: 87
Joined: Mon Apr 11, 2005 3:30 am

Post by sq377 »

So then we could pretty simply change the background on the 1.0 psp's, correct?
openfly
Posts: 6
Joined: Fri May 13, 2005 2:00 am

Post by openfly »

If someone is willing to confirm the flash0 is easily writeable... which i assume it is as sony does firmware updates =P... then yes, it should be possible to change the background to something prettier.
_Psycho
Posts: 28
Joined: Thu Apr 14, 2005 3:02 am
Location: Montréal, Canada

Post by _Psycho »

Good bet is that its writable when it flash itself (boot and mount the flash0 rw) then on a normal boot, the parititon is probably read only, with a place to write data like /tmp maybe, else thats should not be writable except if you can write a software that probably unmount and remount the flash0 read/write, not sure the OS can do that or whatever. (my opinion thought i can be really wrong).
pedroleite
Posts: 39
Joined: Sun Apr 10, 2005 8:31 am

Post by pedroleite »

I can't test this... I was 1.50 upgraded from 1.0 and now I'm 1.51... :) guess I could keep trying to keep up.

From my experience with flash filesystems, using a Compaq iPaq with linux... these filesystem had to write a whole block of data at once to flash. Usually they done it in a compressed form, and tried to minimize the number of writes to the same flash address..
This isn't a clustered file system, with easy access for sure.
The flashing of the firmware is probably sequencial, erasing and writing a block at time...

Also... flash required the erase before write cycle... This has changed now? :)
Sculay
Posts: 6
Joined: Sat May 14, 2005 6:33 am

Post by Sculay »

if Vampire extracted the gameboot stuff is there any chance of extracting the encrypted parts awswell or can u extract all of it but ull need a big MS for dat since theres two partions which both together hold 32mb can sumbody try this or has this been already been delt with

if im being corrected after this post soz as this is my first post
PSP Warrior
pedroleite
Posts: 39
Joined: Sun Apr 10, 2005 8:31 am

Post by pedroleite »

If flash one contains configuration data (I presume the system settings and user settings, connections) it should be writable...

The vsh/theme dir looks promising... intended...
Hiub
Posts: 2
Joined: Mon Apr 25, 2005 12:56 am

Post by Hiub »

OK, from what I've gathered here, using the certificates which hold the public key, PSP is allowed to decrypt the file and run it. Did Sony ever plan for us to have access to those certificates? If that is the case, then the keys should be stored in all of those certificates unencrypted. Someone said previously that the encryption key for Wi-Fi communication is there, so just with that people should be able to get a kick start on the information being sent. Anybody try to open up any of these certs with regular ol' windoze?
Krevnik
Posts: 71
Joined: Wed Mar 09, 2005 12:07 pm

Post by Krevnik »

Careful with that route. I suggest that anyone looking into interception of the wireless get RSA Security's documentation on BSAFE first. If it isn't public, talk them into getting you some docs as if you were interested in their services, but need more information on their method of doing things to feel comfortable with it.

My take:
Using something like RSA encryption is not very fast and is not very useful for real-time data. Instead RSA would be used to encrypt the AES key and send it to the other PSP (swapping public keys in the process, these keys could be small, such as 512 bit, and be used once). This way you are guaranteed that as long as there is no man-in-the-middle intercepting and retransmitting traffic, the intended recipient will receive the AES key and now your transmission is encrypted and fast. SSH does something similar but with DES3 or Blowfish, PGP used to use IDEA, but I am not sure which encryption scheme they use now.

My take might be a little old, and a bit off... so definitely get RSA Security to send you some educational material on their methods before attempting to get into this route. It will save you lots of time that you would spend doing trial-and-error.

It is a pretty good idea though, especially if you can get a man-in-the-middle attack going.

Although on the topic of unencrypted keys in the certificates: This is how a certificate works. The private key is held by Sony, lets say, and is used to sign the AES key (encrypt it). The public key can decrypt it, but not anything else can (the public key can be generated from the private though). So you know it came from Sony's private key... and trust it enough to use the AES key to decrypt and execute. Sony wouldn't care if we got the public keys (those Verisign certs are standard and already on most PCs, for example), since they are worthless for getting custom code to execute, unless we can factor a large 1024-bit number with only four factors. (1, itself, and then two prime numbers)
Last edited by Krevnik on Sat May 14, 2005 3:22 pm, edited 1 time in total.
FrostAie
Posts: 18
Joined: Sat May 14, 2005 3:17 pm

hey weird thing

Post by FrostAie »

i downloaded it and put it my PSP in the right folder but i have a 1.5 and it booted up but then sum error poped up
tempuser
Posts: 1
Joined: Sat May 14, 2005 4:47 pm

Post by tempuser »

..
Post Reply