Quote:
|
Originally Posted by nothought Hello PSP Sceners:
I am now interested in PSP hack scene. Spent most of my time in XBox scene and Pocket PC.
First I would like to cover the basics... how it all started with PSP. XBox was the infamous 007 savegame bug. Where did PSP start? Do you have any links to those primordial forum postings about the first exploit?
I want to learn from bottom-up. BTW... these cool apps you make, are you using Sony's developmental SDK (leaked copy)? Heard that Sony gave a PSP emulator for those registered developers... would be cool to use it instead of bricking real PSP.
Thanks for any leads you may have. |
Hmm...I'll share from what I know.
First of all, the Sony PSP SDK that was leaked is actually incomplete, thus it doesn't work.
People use a C++ toolchain in Cygwin for development, or something to that measure. If we DID have the actual SDK, we'd be bricking less PSP's because we'd have the PSP emulator, and we wouldn't NEED exploits as we could sign the software ourselves, and even run any kind of program on any firmware, including 2.0, 2.01, 2.5, and 2.6.
PSP homebrew was first started after a group known as the Saturn Expedition Committee figured out a way to trick the PSP to run homebrew code on a 1.0 firmware by making it look like a program signed by Sony. It was compiled with the PS2dev toolchain from ps2dev.org. Engadget has an article here:
http://www.engadget.com/entry/1234000233042443/
Since then, though, the site seems to have gone down. Their app was a simple "Hello World" script that could only be turned off after activating by pulling the battery out, since at the time they still hadn't figured out the program exit code.
1.5 homebrew was finally achieved when a group known as the KXploit team figured out how to bypass the PSP's new security checks by making it read an actual Sony-signed eboot from a folder, then immediately re-routing all functions to another, unsigned eboot after the security certificate was read. This was achieved at first by swapping a Memory Stick with a signed EBOOT on it shortly after launching the app with a stick that had the exact same program directories, but a homemade EBOOT in place of the signed one. It read the signature from the legit one, but ran the code of the homebrew. Later on, they bypassed the need for a stick swap by telling the PSP to run an app from a folder with a % at the end. You had two folders:
homebrew
homebrew%
My theory is that it ran the % eboot first, but after reading the signature, because the PSP's firmware prevents it from reading invalid characters (% in this case) in the name, it looked for the folder "homebrew" instead of "homebrew%" and ran the eboot.
2.0 homebrew was found after someone discovered that a hacked .tif file could crash the PSP. Soon afterwards, a person called groepaz from the homebrew groups Team Hitmen and Toc2rta was able to create the first Hello World app for PSP by taking advantage of the .tif exploit and telling the PSP to run a .bin file located in the root directory of the Memory Stick.
http://pspupdates.qj.net/2005/09/hello-20-world.html
Later on, a user known as Fanjita developed the 2.0 EBOOT loader, which can run some 1.5 and 1.0 homebrew on a 2.0 PSP. It has its limitations, though; because the .tif exploit runs in user mode rather than kernel, homebrews that require special firmware-based functions to operate(IR port, USB access, WiFi, etc.) don't run, as access to the kernel is denied.
Uhh...that's as much as I really know. If you have experience in C++/C, here's a couple of links that might push you in the right direction:
http://forums.qj.net/showthread.php?t=13778 http://forums.ps2dev.org/ http://ps2dev.org/
Linear Mode
