JakX / Daxter / USB

[Jabberwocky]

Has anyone managed to get hold of the PS2 side of the USB link and make any sense of it? My PS2 knowledge just isn't up to reverse engeneering the USB stuff, sadly...

[outtony]

PS2? this is psp part of forum.

[Jabberwocky]

Information required to communicate with the PSP via USB is contained in the PS2 IRX. There is no way to communicate with the PSP from the PC over USB without reversing out how the PS2 handshakes and talks to the PSP.

So it is relevant... ;o)

[Gary13579]

I'm pretty sure that JakX will just change some bytes in the SAVEDATA, then the game will detect that and add the features.
If you want to test this, copy the save data over to your computer, hook it up to the PS2, unlock some content, then copy the new savedata to the PSP.
Then just hex-edit the files and compare what has changed.

[Jabberwocky]

If you mean accessing the PSP memory stick in mass storage device mode from the PS2, then no, that's not going to happen. Has any one got JakX / Daxter to test?

[Gary13579]

If you mean accessing the PSP memory stick in mass storage device mode from the PS2, then no, that's not going to happen. Has any one got JakX / Daxter to test?

Why can't it?
I can't think of any other way they would do it.

[Jabberwocky]

No technical reason -- just one of those things Sony wouldn't allow. They are very tight on security, and messing with a memory stick on a different device wouldn't be allowed.

The "proper" way (which you couldn't think of), is by setting up a client / server link from PSP to PS2 and communicating the changes required to either the PS2 or PSP from the other machine. This means the PS2 game may only communicate directly with the PSP game, no other.

[cheriff]

messing with a memory stick on a different device wouldn't be allowed.

I don't follow, why not and how is that different from what I can do now? Right now I can (and have) accessed the ms as mass storage from ps2 to play music and read files, the savegame would be just another file.
Although if the save format is out of game dev's hands in that the kernel does magic encryption or something, then yeah, there might be difficulties in that one.

But it would be cool if there were a client/server prx/irx and you could use psp as a controler and auxillary display, etc.

[Zenurb]

But it would be cool if there were a client/server prx/irx and you could use psp as a controler and auxillary display, etc.

Which is what they are doing with the PS3

[rinco]

Network the PS2 via a wireless router and using PSP as a auxillary display/controller could be achieved right now! No need to wait for PS3.

But back on topic... Anyone got a usb protocol analyser and can sniff jakx/daxter and/or the talkman?

[Jabberwocky]

Can you intercept external USB comms easily? It would be very useful to get the communication log for a PSP and PS2 sync'ing up. If someone has a way of sniffing the data, I can do it. I'll look into it...

It would be good to get this area of PSP dev moving as it would be very useful to be able to do PC<>PSP transfer via USB. WLAN is just too slow for my needs.

Edit: I've just thought -- is the replacement usbd.irx for the PS2 working? It should be easy to add USB sniffing into that to get the data log we need...?

[Jabberwocky]

Does anyone know about the replacement usbd.irx? How far has development gone, will it work as a drop-in replacement for the sony irx?

[Dr. Vegetable]

I have been working toward sniffing the Talkman microphone, but doing it the hard way (without a "real" USB analyzer). I did have an interesting discovery that was mentioned in this thread - "Does Anyone Recognize any of This?" regarding behavior of the PSP when Talkman software is running and the USB cable is connected to a USB port on a PC. I have been meaning to use a software-only USB analyzer running on the PC to see what I can find out about the devices being offered up by Talkman, but that is only one of three PSP projects I've got going on right now. On top of my "day job."

To the Admins:
Do you think this thread and the other one I linked should be moved over into the new PSP Hardware forum? Thanks in advance!

[Jabberwocky]

The same thing happens when you try and look for a connected PS2 on the PSP when it's plugged into a PC. It's just presenting itself using different HID's, and hence the PC doesn't know what to do. To get the PC communicating with the PSP we need to write a USB device driver which mimics the way the PS2 handles the connection. I know squat about USB device drivers, and we have no information on how the PS2 handles the connection, so currently we're a bit screwed... ;o)

I'll see if I can take the first easy step and get a some source for a USB device driver.

*EDIT* I have found http://libusb-win32.sourceforge.net/ -- this will pretend to be a PSP device driver (if you set it up right) so you can communicate with it via a simple library. Nice and easy... Still leaves us dead in the water regarding what we should do when you connect!

[chp]

You could always run windows inside VMWare under some other OS like linux and snoop the traffic there, quite a lot easier to deal with it without messing with the win32 driver model. This was used when reversing the protocol for the NetMD player.

[Dr. Vegetable]

Cool, thanks for the link! I'll try this out and see what I can learn.

I don't know much about USB drivers myself, but I'd been treating my new PSP hacking hobby as a good excuse to learn. (Gotta always move forward if you're gonna keep the skills current in the software industry.)

The only reason I can think of for the PSP to present different HIDs is if it is trying to force the host to treat it differently than the usual Memory Stick reader. This makes me wonder exactly what other goodies are in there.

The USB Implementer's Forum has lots of information and utilities for anyone trying to implement USB support in their products. I've also found a few free programs from other sources that will enumerate USB devices and give you some info about them. The info you can get from this is only useful insofar as the devices either (a) belong to standard device classes, or (b) are documented by the manufacturer. This being Sony, we can pretty much rule out (b).

Anyway, I've been scamming tools and knowledge so far. Haven't had the chance to test any of it out yet with Talkman running, but maybe this weekend...

[Jabberwocky]

Yes, the PSP can operate in a few different ways by the look of it -- the normal mass storage mode, talking to peripherals such as the microphone thing and talking to the PS2. Hence the different HIDs.

You wont be able to snoop around and find anything interesting about the USB connection, really -- I've had a look. And there wont be any point sniffing the packet data from the PC, as the PSP wont be communicating with it in anything other than mass storage mode (which is a known protocol).

The only way to get the PC and PSP talking is by snooping the PSP<>PS2 connection and find out how to handshake. Can anyone write a wrapper for the PS2 usb irx to log the calls to it? Other than that, the only way is disassembling the communications irx on the PS2. So I'm hitting a brick wall here, can anyone assist me?

[digihoe]

What about a hardware snooper? There must be such device, I remember back when I was snooping RS232 I made such a device, will be harder for USB but it's still serial (parallell snooping is not as easy)...

Or should I say logging RS232 data, I used two COM ports set to the highest speed possible. Both were set against an internal clock so it could keep track of when packets were sent and recived so it would get a full log over the whole traffic, but could also see what was recived and sent seperatly...

Best regards!

[chp]

There are hardware snoopers, if you feel like shelling out $5000, which is what the cheapest I saw costed a few years back. It has probably come down some, but it should still be very costly.

[Dr. Vegetable]

Yeah, I priced some of these out recently. They run about $3,000 US for one that can handle High-Speed USB 2.0 traffic.

I've done the COM port thing, too. Pretty handy. You just open two COM ports and route input from each to output of the other, logging traffic to the screen or a file along the way. Great way to get inside someone else's protocol.

I've wondered if a simple USB sniffer could be built using a custom-built hub. Big job, I'm sure, so probably easier to just pony up the $3Gs. Or try to convince my employer that I need it for work... :)

[digihoe]

Is the PS2 USB2.0? I thought it was only USB 1.1... Is there big price diffrence between USB 1.1 and 2.0 loggers?

A custom-built hub I'm sure could work (but it's way too hard to do for me)... But maybe some PS2 freaks already know how to log the port, asking help from them should be the first step...

Best regards!

[Jabberwocky]

PSP is USB2. Although there is nothing stopping it working on a USB1.1 connection afaik. So a USB1.1 logger should work ok...

I've been thinking and I think the best bet is either logging via the usb.irx on the PS2, or by writing something which communicates directly with the PSP USB port. Maybe someone can dissasemble and make sense of the PSP usbpspcm.prx? Considering there is the USB mass storage device as well, I guess there is an underlying USB library which talks directly to the chip...

As usual, I'll do my best to look into things, but I'd love some help! ;o)

[digihoe]

OK, I have been looking around now and I found a logger that is 400USD (still way too much for me) http://www.totalphase.com/products/beagle/usb/ seem's like it could do a work like this...

Best regards!

[Dr. Vegetable]

Hmm... that looks like it would do the trick. Too bad they don't accept PayPal. Well, I suppose I could convince myself that this would be a useful tool to have in the old utility belt...

Good idea using a 1.1 hub to slow the USB down, too. It doesn't get the USB logo unless it'll operate at lower speeds when necessary.

Logging traffic between the Talkman microphone and the PSP might still be tricky since they use all five USB pins, plus the two "DC OUT" pins. So a standard protocol analyzer might still miss some important stuff, and I'll need to jumper the DC lines over to the mic. Logging traffic between a PS2 and a PSP should be considerably easier. Coincidentally, I just bought my very first PS2 today! (Sheesh, what a noob!)

[Jabberwocky]

Right, I've started disassembling and commenting usbpspcm.prx now. Thanks to pspinside I have a few system calls already documented, however there are quite a few missing. Could be a bit tricky figuring out what's going on with absolutely no point of reference... :o/

[Dr. Vegetable]

Sounds promising!

I was wondering if there would be an easy way to share documentation from disassembly of these files without passing around copies of the actual disassembly. (Which would violate Sony copyrights.)

On another platform, early researchers basically had a diff-like program that would enable them to pass around comment files that could automatically be inserted into an unmodified disassembly of the original firmware files. This way, we could each legally disassemble our own files and then add comments and notes from a shared set of text files stored in the SVN repository.

If no such tool already exists, I could take a stab at creating something. But I'd be surprised if there isn't already an easy way to do this. (The trouble with using diff is that its output could include portions of the original code, which might be a bit borderline.)

[Jabberwocky]

I'd forgotten how much of a pain in the arse disassembling risc code is -- all the 16-bit immediate loads to create 32-bit address pointers really screws up the ability to easily trace back pointers in the code...

Anyway, I've made some good progress with the disassembly now, and am actually starting to make some sense of it. There are some interesting looking functions being called in the usb prx which look like they are registering usb protocols according to the text in the prx's. There are a few functions I'd like to have a play with -- is it possible to create a library function to link to a specific NID? Or do you have to know the exact name of the function?

*EDIT* : Aha, I just found the wonderful PSP API Browser http://pspdev.ofcode.com/api.php. This fills in quite a few holes in the sceUsbBus_driver I have (amoung others), although the parameters are wrong in the listings according to the code I have. I guess these functions haven't been explored much yet?

[futaris]

Any chance that I can look through disassembly / comments? Perhaps you can create a diff against the raw disassembly, so that we're not infringing copyright, and others can see your progress.

If you're using windows, just get diffutils, mingw or cygwin and use diff to generate the patches...

http://gnuwin32.sourceforge.net/packages/diffutils.htm

NB, the PS2 only has USB 1.1 so a USB 1.1 protocol logger would definitely do the job nicely. There are protocol loggers that are around the US$400 - $1000 mark. Most of them have an ethernet port...