Exiting back to PSP firmware and running EBOOTs

[JoshDB]

Is exiting back to the PSP's default firmware and/or running EBOOTs possible yet? If so, how?

Thanks and regards,

[link]

What are you talking about? 2.01+ ?

[JoshDB]

Exiting LUAPlayer with a function, i.e. [luaplayer:exit()] or running an EBOOT through Lowser.

[youresam]

Nope. Guess why... thats right, people could make ISO loaders...
However, I do want System.exit().... Chrystalize has it.

[Dr. Vegetable]

Nope. Guess why... thats right, people could make ISO loaders...

Huh? Maybe I'm just being dense, but I don't see how adding this feature to Lua would enable people to run any EBOOTs that they couldn't just execute directly from the standard PSP firmware. I don't think this gives the creeps anything they couldn't do by other means.

But maybe you shouldn't explain, because I think we're straying into lockdown territory....

[JoshDB]

I don't think you could make ISO loaders in LUA.

[chaos]

Juarez:load()

;p

[nevyn]

It's because Shine wants to make the LuaPlayer environment safe. Allowing arbitrary C code to be executed is plain dangerous; that code could easilly wipe the firmware before you even get to blink.

There's talk about modularizing LuaPlayer by adding dynamic loading of user-sanctioned and user-added C libraries tho'. Such a C library could do pretty much anything.

[Dr. Vegetable]

That makes a lot of sense; kinda like the Java sandbox concept.

The problem is that, with the spectre of compiled, stand-alone "Lua" apps, people could upload trojans, claiming that they were built with Lua when in fact they are just plain old malicious code. It would be nice if there was some kind of trusted certification board that could perform at least basic confirmation that each uploaded program (Lua or not) was legit. Perhaps this could be supported by community donations to pay for any PSPs that get bricked in the process.

Or maybe that would just be a magnet for the bad guys...

[nevyn]

That makes a lot of sense; kinda like the Java sandbox concept.

The problem is that, with the spectre of compiled, stand-alone "Lua" apps, people could upload trojans, claiming that they were built with Lua when in fact they are just plain old malicious code. It would be nice if there was some kind of trusted certification board that could perform at least basic confirmation that each uploaded program (Lua or not) was legit. Perhaps this could be supported by community donations to pay for any PSPs that get bricked in the process.

Or maybe that would just be a magnet for the bad guys...

Exactly.

I've had that idea too, but for the C libraries. With the libraries, there's no need for compiling your own Lua app, anyway. So a way to sign those libraries (not to stop unsigned code to be run, but to inform the user whether a library is checked for exploits or not) would be real nice.

You're welcome to startup such an initiative :)

[Dr. Vegetable]

You're welcome to startup such an initiative :)

Yes, but how do you know that you can trust me? :)

Actually, I do have some ideas for how this might work that could be of benefit to developers and end users alike. I am not sure that I have the mental bandwidth for such a project, but I might look into this. If anyone would like to discuss this with me, please send a PM as it would be best to keep many of the inner details out of the general public eye for the security of the resulting system. Also, I think I've dragged this thread far enough OT!

[JoshDB]

Okay well whether or not loading EBOOTs is feasable or not, could we atleast get exiting back to firmware?

Please?

And Shine could put a confirmation screen on the EBOOT runner, saying "Hey, do you want to run this EBOOT? I'm not responsible if your psp gets bricked by running this."

Simple, guys.