sceLflashFatfmtStartFatfmt

moonlight · Post by **moonlight** » Mon Jun 12, 2006 4:42 am

I've logged the call to this function during an "update" process from 1.50 to 1.50 (contrary to what some people think, the update from 1.50 to 1.50 doesn't brick any psp)

The usage is very simple

Code: Select all

int sceLflashFatfmtStartFatfmt&#40;int argc, char *argv&#91;&#93;&#41;

And the updater did something like this to call it:

Code: Select all

char *argv&#91;2&#93;;

argv&#91;0&#93; = "fatfmt";
argv&#91;1&#93; = "lflash0&#58;0,0";

vshLflashFatfmtStartFatfmt&#40;2, argv&#41;;

Note that the updater uses his own version of lflash_fatfmt.prx, and not the one that come with the firmware(which by default is not loaded).
I don't know if there are differences between them.

Also, don't play too much with this function if you don't know what you are doing ;)

dot_blank · Post by **dot_blank** » Mon Jun 12, 2006 10:49 am

wait so is it sceLflash* or vshLflash* ?

thanx in advance for clearing this up

moonlight · Post by **moonlight** » Mon Jun 12, 2006 3:27 pm

dot_blank wrote:wait so is it sceLflash* or vshLflash* ?

thanx in advance for clearing this up

They are the same.

All functions from vshbridge simply set the kernel mode, then call the real function from other module. Then, restore the mode and return the result.

The vshbridge lets the vsh modules(like the updater) to call some functions that are available only for kernel mode, like some loadexec functions , some loadmoduleVSH functions and other. Even there is some idstorage function over there.

I guess that the name suggests it: It's like a bridge between the kernel and the vsh. :)

dot_blank · Post by **dot_blank** » Mon Jun 12, 2006 4:52 pm

yes indeed thank you

moonlight · Post by **moonlight** » Mon Jun 12, 2006 7:06 pm

Also, the 1.50 updater call to these functions from iplupdate.prx:

sceIplUpdateClearIpl() -- no parameters, it erases the blocks of the ipl.

sceIplUpdateSetIpl() -- no parameters. it writes the 1.50 ipl which is embedded in the own iplupdater.prx (contrary to the +2.00 updaters, where the ipl is in the psar)

The iplupdater also exports sceIplUpdateUpdateIpl, but the updater doesn't import it, and it seems that it's not called, it doesn't seem to be an export available for vsh mode. (maybe it's called inside the iplupdater, but i haven't seen that call). Looking at the dissasembly, that function doesn't write to the flash, not at least using the sceNand functions.

Another difference between the 1.50 updater and the 2.XX updaters, is that the iplupdater from 1.50 doesn't use any verification function from sceNand, like sceNandVerifyEcc, etc. (I don't know if it does another kind of verification).

In theory, and only in theory, we can use the following procedure for a 1.00 downgrader:

- Extract iplupdater.prx and flashfmt.prx from the 1.50 update.
- Load them, and hack in ram the iplupdater.prx writing the 1.00 ipl on its "iplbuffer", which is easy to locate looking at the disassembly.
- call sceLflashFatfmtStartFatfmt
- Write the flash0 files of an 1.00 dump using sceIo
- call sceIplUpdateClearIpl
- call sceIplUpdateSetIpl

Using sony code to write the ipl and formatting the flash prior to writing the files should be safer, but it won't be me who tries it :)

dot_blank · Post by **dot_blank** » Tue Jun 13, 2006 10:38 am

yes you are most right ...great stuff :)