forums.ps2dev.org

KiWi

>NIL: wrote:
Code: Select all
MEMSTICKIND
MSTK_PROIND
....
HOMEDUMP.BIN
Some of these match the Memory Stick files/folders.
I wonder what the HOMEBREW.TXT might be about...

You have missed this nice one:

ms0:/PSP/GAME/KERNEL_DUMP/EBOOT.PBP

Unfortunally won't start up at PowerOn ... that's what i thought about ...

KiWi

Yo tmbinc ! Nice to see you joining from Gamecube development to PSP development ... Finding overflows in the Wipeout browser is not the time worth for doing research. I personally think it's easier to find an overflow in the build in media player routines (jpeg viewer, mp3 player, mp4 player etc.) ...

KiWi

The solder pad's around IC9001 are looking good ... http://forum.lik-sang.com/other/psp-release/psp-release75.jpg They're all located near the main area where flash bios and main cpu are located .. but that's work for an maniac to find out which functions are behind each pad ... Maybe somebody has t...

KiWi

Nah .. they don't use the headphone jack for jtag :)

These pins are mostly located near the cpu / bus inside the console ...

finding these pins without an hardware description / cicurit desing will be very hard ...

KiWi

PSPimp wrote:
ModernRonin wrote: and tomorrow you might as well get a MIPS programming handbook and learn about delay slots and such funky stuff like not using hashes as jump addresses ...
Lol - 100 points for PSPimp :)

KiWi

Normally if you have a "bad flash" and sent the psp back to a repair center they're using a so called "JTAG" interface. This interface is a 5 wire connection cable, and with it you have full system access via the cpu to the ram/rom/flashes and you're able to re-program the flashe...

KiWi

Just wondering, whats the likelyhood that once the 1.51 update comes it can be compared to the 1.50 update to find the holes they supposedly fixed? There's no way to compare 1.50 with 1.51 until you have decrypted both bios files ... AES encryption leaves no space for hexedit compare games ... And ...

KiWi

In a good encryption algo you just change 1 bit in the source file and the destination file differs completely. AES is such kind of encryption. This is not a "do a xor / ror " over the data and gotcha ... AES is hacking/cracking proof. If no one spents alot of $$$ money $$$ to hack the cus...

KiWi

Cracking or Brute Forcing AES ist very easy !

You just need some time, that's all.

We're talking about 1-200 thousand years.

Have fun !

KiWi

yea, we kind of hit that wall last night, but i do feel our best bet right now somehow is in the way saved games work Binaries: Crypted UMD: Crypted Wlan: Crypted SaveGames: Crypted In short words: Everything that's communicating with the outside world is crypted. No decryption key = no communicati...

KiWi

If you're intrested in decrypting stuff / analyzing data / doing statistics then have a look at this:

http://www.cryptool.de/download.en.html

It has also the possibility to AES decrypt (and brute force *lol*) psp stuff ..

KiWi

Well, it would suck to see a loading screen halfway through a lap. :) Have a look @ Crazy Taxi for Dreamcast ... that's loading the textures for the buildings, objects and the streets on the fly .. if you're backup is burned in a bad order you're racing trough a wireframe landscape :) It's very imp...

KiWi

@pushpin, that's interesting & it's good to see that developers are minimizing UMD access. Ridge Racers is completely stored in ram ! When you're playing Ridge Racers, you can remove the UMD directly after the race start. The game asks you to to quit, but if you deny to quit, you can race the c...

forums.ps2dev.org

Search found 13 matches

Re: First cut at PSP buffer overflow loader code.

Re: Random blah, wondering on 1.50 - 1.51 hole fills