FIRMWARE FILES
===========
Update v1.50 has been made available!
http://forums.ps2dev.org/viewtopic.php?t=1201
Firmware 1.50 comparative study
http://forums.ps2dev.org/viewtopic.php?t=1303
Discussion On The PBP File Format
http://forums.ps2dev.org/viewtopic.php?t=929
dissecting the .psp file...
http://forums.ps2dev.org/viewtopic.php?t=1154
PSP File (Research Thread)
http://forums.ps2dev.org/viewtopic.php?t=1463
Discussion of the PSAR file format
http://forums.ps2dev.org/viewtopic.php?t=931
=========
NETWORKING
=========
PSP Namco museum transfer
http://forums.ps2dev.org/viewtopic.php?t=1264
Web Browser in Wipeout Pure
http://forums.ps2dev.org/viewtopic.php?t=1223
PSP Network Update Tricks
http://forums.ps2dev.org/viewtopic.php?t=908
=======
UTILITIES
=======
Program for parsing data in PARAM.SFO files
http://forums.ps2dev.org/viewtopic.php?t=923
PBP Unpacker v0.40 for Windows
http://forums.ps2dev.org/viewtopic.php?t=1316
PSF editor that isn't Windows/.NET
http://forums.ps2dev.org/viewtopic.php?t=1496
WipeOut Pure wad dump
http://forums.ps2dev.org/viewtopic.php?t=1605
PSP Dump (nem's dumper program + discussion)
http://forums.ps2dev.org/viewtopic.php?t=1623
============
STRANGE QUIRKS
============
Very odd PBP quirk
(broken png header = view uninitialized memory)
http://forums.ps2dev.org/viewtopic.php?t=1215
I decided to try messing with the PNG within the PBP.
(This is the preview display picture for the update)
Trying things like removing the IEND tag and duplicating the IHDR tag.
One attempt had a very strange outcome....
The preview does not render the PNG. I must assume it can't.
However, the PSP does not give up;
Rather, it grabs JPEGs from /PSP/PHOTO/ and displays a jumble of those instead, in a strange collage with transparency dividing the squashed JPEGs!
Stranger still, this 'new' preview pic is different when highlighted/unhighlighted if there is more than 1 bootable item on the mem stick and if you have too many JPEGs, the pictures may 'spill' onto the next preview item!
View parts of memory on PSPOK, I can confirm that the picture is not a mix from /PSP/PHOTO/
(let's face it, this seemed far too random)
but it is actually being read directly from the PSP's memory.
I imagine the update preview pic is reading from memory where the PNG decoder should have put the icon. Only the PNG decoder did not successfully decode.
The transparent parts must be non-image data in memory.
Also, after playing Ridge Racers, the preview pic reads RR game data.
(broken sfo header = view uninitialized memory as a string)
http://forums.ps2dev.org/viewtopic.php?t=1326
How To Crash The PSPI was playing with the .SFO files and noticed that they do not do range checking on the offsets for the variable values. If you set the offset for the TITLE variable to a number beyond the end of the file it will display whatever is in memory at that address on the screen in the game browser (as a null-terminated string). If the memory access causes a fault the system will power off (no harm done).
I don't know how useful this will prove as it displays a maximum of 20 characters and there is no address consistency as the addresses you enter are offsets from wherever in memory the data happened to be loaded. It might be good for some memory sniffing though.
The specific place in EBOOT.PBP that you would change is the 4 bytes at position 0x98 (the original value is 0x00000018, change it to anything). To make the PBP file a more managable size for this purpose you can crop it at offset 0x3251 (where it says "~PSP"... don't need the executable because it won't be executed). Put the file on the PSP memory card in \PSP\GAME\UPDATE, then go to Game -> Memory Stick in the PSP menu and press X. Right there as the title you will see the memory contents... if there is no title that means the data at that address is zero.
(playing with trying to run psp files)
http://forums.ps2dev.org/viewtopic.php?t=1462
We assembled this file with as and used it as data.psp in eboot.pbp, and when we tried to launch it, the PSP would shut off.
What's interesting is that when we run the output from as through ld then the PSP won't shut off, rather it reports that the game could not be loaded.
This seems to indicate that the PSP is trying to execute our file, even though it is not encrypted. I had hoped that someone here might have some ideas as to what is going on here.
Web Browser in Wipeout PureI knew that something strange was going on causing the PSP to shut off, and I knew that it wasn't executing the code. But I did know that the PSP was shutting off when the file wasn't linked, which meant to me that it was treating it differently. Sure, it could have been random garbage that came out when the PSP tried to decrypt it, but of all the tests I've done, all the code I tried, it always came out the same way when it wasn't linked. So I doubt that the changes from the linker caused it to decrypt differently and not crash.
(using javascript to access unintended memory areas)
http://forums.ps2dev.org/viewtopic.php?p=10213#10213
Wipeout Pure "ghost" Save File, Arbitrary code?You can write the document with JavaScript, the timer function works and if you change the text of a button in a form with document.button.value="x", the old length of the text is used, showing memory garbage after the x
(possible exploit by using wipeout ghost save files)
http://forums.ps2dev.org/viewtopic.php?t=1563
UMD file system accessI was able to load arbitrary code (NOP's followed by a JMP loop (essentially a 'halt') by editing a Wipeout Pure "ghost" save file. I believe this exploit may be extensible to the Wipeout Pure game save files. If so, this may be a good entry point for a bootloader.
Unfortunately, while executing NOP's is an interesting start ... I'll need to bone up on the instruction set of the PSP cpu before anything useful can be done with this.
The entry point to edit and insert an overflow of NOP instructions is at offset 0xA14 in any ghost save file.
(using the wipeout browser to access files on the umd)
http://forums.ps2dev.org/viewtopic.php?t=1585
========<html>
<head>
<title>UMD</title>
</head>
<body background="file://disc0:/PSP_GAME/PIC1.PNG">
<img src="file://disc0:/PSP_GAME/ICON0.PNG">
</body>
</html>
MISC STUFF
========
Devkit Pictures
http://forums.ps2dev.org/viewtopic.php?t=918
===================
HOMEBREW PROGRAMMING
===================
Hello World for PSP
(compiled elf in the first post, source available on page 3)
http://forums.ps2dev.org/viewtopic.php?t=1570
Library function list
http://forums.ps2dev.org/viewtopic.php?t=1594
