konfig wrote:If sony really uses 128bit AES on elf, and we really take full control of the 1.0 psp. We can give the 1.0 psp an unencrypted elf and tell the psp it is an encrypted file, let psp 'decrypt' the file and write the data to ms for us.
So far, just feeding the PSP an encrypted prx to decrypt would be a major milestone IMHO.
You are right. By using this, at least we can get all the 1.0 firmware decrypted, and the 1.5 firmare(indrectly). It will greatly encourage homebrew.
And also many [a, encrypt(a)] data pairs, as many as we want.
konfig wrote:You are right. By using this, at least we can get all the 1.0 firmware decrypted, and the 1.5 firmare(indrectly). It will greatly encourage homebrew.
And also many [a, encrypt(a)] data pairs, as many as we want.
You guys always miss the subtle hints dropped on these boards :). Maybe I'm just a sucker for spelling things out (much to the chagrin sometimes of my fellow hackers :P):
The 1.0 firmware (all PRXs) has already been fully decrypted using code found in the kernel dump. The updater too.
mrbrown wrote:You guys always miss the subtle hints dropped on these boards :). Maybe I'm just a sucker for spelling things out (much to the chagrin sometimes of my fellow hackers :P):
The 1.0 firmware (all PRXs) has already been fully decrypted using code found in the kernel dump. The updater too.
If the 1.5 firmware updater has been fully decrypted, it shouldn't be difficult to write a similar firmware extractor to extract the complete 1.0 PSP firmware, including the bootstrap hidden part. Then, another firmware updater can be developed to flash the 1.0 firmware to 1.5 PSP. Am I missing something? With the decrypted updater onhand, I really don't know why another extractor/updater can't be written. Or are there any more challenges we need to overcome for firmware downgrade?
TalisA wrote:you need a kmain function in your program
I don't think that's the case. You startup.s/crt0.s calls the main function and mine isn't called kmain in the code I have done. The Kdumper doesn't call CreateThread, it just calls 'jal kmain'.
The important thing is that if you were to take code that setups the usual callbacks, you need to modify the CreateThread for your main thread from using attributes of 0x8000 to 0x0000. The 0x8000 means create a user mode thread.
Polite reminder folx, though its not really in the rules, please consider editing posts that you "quote", especially when they get seriously nested. I just trimmed a couple on this page. No true big deal, but when it started making it harder for me to scan for what people are talking about...