MPHDowngrader source

[johnmph]

Hello, this is my downgrader source (display modified) :

/*

Version Changer for 2.00 downgrading by mph ([email protected])

Based on :

Hello World v1 for PSP v2.0
(w) 24/09/2005 by Groepaz/Hitmen
http://www.hitmen-console.org

greets to Skylark, Niacin, Skywalker, xor37h, Tyranid

Thanks to yoshihiro for the lflash idea and tests

*/


#include <pspiofilemgr_dirent.h>


void Main (void);
void _start (void) __attribute__ ((section (".text.start")));


// this is our "crt0". not real, very fake. but enough for now :=P

void _start (void)
{
Main();
while (1) {}; // wait forever
}

// font data

const unsigned char font[] =
{

// much better charset, by eddie!
// this is actually the 8x8 neuromancer
// vga/ega mode font :)
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 0x20
0x30,0x78,0x78,0x30,0x30,0x00,0x30,0x00, // 0x21
0x6C,0x6C,0x6C,0x00,0x00,0x00,0x00,0x00, // 0x22
0x6C,0x6C,0xFE,0x6C,0xFE,0x6C,0x6C,0x00, // 0x23
0x30,0x7C,0xC0,0x78,0x0C,0xF8,0x30,0x00, // 0x24
0x00,0xC6,0xCC,0x18,0x30,0x66,0xC6,0x00, // 0x25
0x38,0x6C,0x38,0x76,0xDC,0xCC,0x76,0x00, // 0x26
0x60,0x60,0xC0,0x00,0x00,0x00,0x00,0x00, // 0x27
0x18,0x30,0x60,0x60,0x60,0x30,0x18,0x00, // 0x28
0x60,0x30,0x18,0x18,0x18,0x30,0x60,0x00, // 0x29
0x00,0x66,0x3C,0xFF,0x3C,0x66,0x00,0x00, // 0x2A
0x00,0x30,0x30,0xFC,0x30,0x30,0x00,0x00, // 0x2B
0x00,0x00,0x00,0x00,0x00,0x30,0x30,0x60, // 0x2C
0x00,0x00,0x00,0xFC,0x00,0x00,0x00,0x00, // 0x2D
0x00,0x00,0x00,0x00,0x00,0x30,0x30,0x00, // 0x2E
0x06,0x0C,0x18,0x30,0x60,0xC0,0x80,0x00, // 0x2F
0x7C,0xC6,0xCE,0xDE,0xF6,0xE6,0x7C,0x00, // 0x30
0x30,0x70,0x30,0x30,0x30,0x30,0xFC,0x00, // 0x31
0x78,0xCC,0x0C,0x38,0x60,0xCC,0xFC,0x00, // 0x32
0x78,0xCC,0x0C,0x38,0x0C,0xCC,0x78,0x00, // 0x33
0x1C,0x3C,0x6C,0xCC,0xFE,0x0C,0x1E,0x00, // 0x34
0xFC,0xC0,0xF8,0x0C,0x0C,0xCC,0x78,0x00, // 0x35
0x38,0x60,0xC0,0xF8,0xCC,0xCC,0x78,0x00, // 0x36
0xFC,0xCC,0x0C,0x18,0x30,0x30,0x30,0x00, // 0x37
0x78,0xCC,0xCC,0x78,0xCC,0xCC,0x78,0x00, // 0x38
0x78,0xCC,0xCC,0x7C,0x0C,0x18,0x70,0x00, // 0x39
0x00,0x30,0x30,0x00,0x00,0x30,0x30,0x00, // 0x3A
0x00,0x30,0x30,0x00,0x00,0x30,0x30,0x60, // 0x3B
0x18,0x30,0x60,0xC0,0x60,0x30,0x18,0x00, // 0x3C
0x00,0x00,0xFC,0x00,0x00,0xFC,0x00,0x00, // 0x3D
0x60,0x30,0x18,0x0C,0x18,0x30,0x60,0x00, // 0x3E
0x78,0xCC,0x0C,0x18,0x30,0x00,0x30,0x00, // 0x3F
0x7C,0xC6,0xDE,0xDE,0xDE,0xC0,0x78,0x00, // 0x40
0x30,0x78,0xCC,0xCC,0xFC,0xCC,0xCC,0x00, // 0x41
0xFC,0x66,0x66,0x7C,0x66,0x66,0xFC,0x00, // 0x42
0x3C,0x66,0xC0,0xC0,0xC0,0x66,0x3C,0x00, // 0x43
0xF8,0x6C,0x66,0x66,0x66,0x6C,0xF8,0x00, // 0x44
0xFE,0x62,0x68,0x78,0x68,0x62,0xFE,0x00, // 0x45
0xFE,0x62,0x68,0x78,0x68,0x60,0xF0,0x00, // 0x46
0x3C,0x66,0xC0,0xC0,0xCE,0x66,0x3E,0x00, // 0x47
0xCC,0xCC,0xCC,0xFC,0xCC,0xCC,0xCC,0x00, // 0x48
0x78,0x30,0x30,0x30,0x30,0x30,0x78,0x00, // 0x49
0x1E,0x0C,0x0C,0x0C,0xCC,0xCC,0x78,0x00, // 0x4A
0xE6,0x66,0x6C,0x78,0x6C,0x66,0xE6,0x00, // 0x4B
0xF0,0x60,0x60,0x60,0x62,0x66,0xFE,0x00, // 0x4C
0xC6,0xEE,0xFE,0xFE,0xD6,0xC6,0xC6,0x00, // 0x4D
0xC6,0xE6,0xF6,0xDE,0xCE,0xC6,0xC6,0x00, // 0x4E
0x38,0x6C,0xC6,0xC6,0xC6,0x6C,0x38,0x00, // 0x4F
0xFC,0x66,0x66,0x7C,0x60,0x60,0xF0,0x00, // 0x50
0x78,0xCC,0xCC,0xCC,0xDC,0x78,0x1C,0x00, // 0x51
0xFC,0x66,0x66,0x7C,0x6C,0x66,0xE6,0x00, // 0x52
0x78,0xCC,0xE0,0x70,0x1C,0xCC,0x78,0x00, // 0x53
0xFC,0xB4,0x30,0x30,0x30,0x30,0x78,0x00, // 0x54
0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xFC,0x00, // 0x55
0xCC,0xCC,0xCC,0xCC,0xCC,0x78,0x30,0x00, // 0x56
0xC6,0xC6,0xC6,0xD6,0xFE,0xEE,0xC6,0x00, // 0x57
0xC6,0xC6,0x6C,0x38,0x38,0x6C,0xC6,0x00, // 0x58
0xCC,0xCC,0xCC,0x78,0x30,0x30,0x78,0x00, // 0x59
0xFE,0xC6,0x8C,0x18,0x32,0x66,0xFE,0x00, // 0x5A
0x78,0x60,0x60,0x60,0x60,0x60,0x78,0x00, // 0x5B
0xC0,0x60,0x30,0x18,0x0C,0x06,0x02,0x00, // 0x5C
0x78,0x18,0x18,0x18,0x18,0x18,0x78,0x00, // 0x5D
0x10,0x38,0x6C,0xC6,0x00,0x00,0x00,0x00, // 0x5E
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF, // 0x5F
0x30,0x30,0x18,0x00,0x00,0x00,0x00,0x00, // 0x60
0x00,0x00,0x78,0x0C,0x7C,0xCC,0x76,0x00, // 0x61
0xE0,0x60,0x60,0x7C,0x66,0x66,0xDC,0x00, // 0x62
0x00,0x00,0x78,0xCC,0xC0,0xCC,0x78,0x00, // 0x63
0x1C,0x0C,0x0C,0x7C,0xCC,0xCC,0x76,0x00, // 0x64
0x00,0x00,0x78,0xCC,0xFC,0xC0,0x78,0x00, // 0x65
0x38,0x6C,0x60,0xF0,0x60,0x60,0xF0,0x00, // 0x66
0x00,0x00,0x76,0xCC,0xCC,0x7C,0x0C,0xF8, // 0x67
0xE0,0x60,0x6C,0x76,0x66,0x66,0xE6,0x00, // 0x68
0x30,0x00,0x70,0x30,0x30,0x30,0x78,0x00, // 0x69
0x0C,0x00,0x0C,0x0C,0x0C,0xCC,0xCC,0x78, // 0x6A
0xE0,0x60,0x66,0x6C,0x78,0x6C,0xE6,0x00, // 0x6B
0x70,0x30,0x30,0x30,0x30,0x30,0x78,0x00, // 0x6C
0x00,0x00,0xCC,0xFE,0xFE,0xD6,0xC6,0x00, // 0x6D
0x00,0x00,0xF8,0xCC,0xCC,0xCC,0xCC,0x00, // 0x6E
0x00,0x00,0x78,0xCC,0xCC,0xCC,0x78,0x00, // 0x6F
0x00,0x00,0xDC,0x66,0x66,0x7C,0x60,0xF0, // 0x70
0x00,0x00,0x76,0xCC,0xCC,0x7C,0x0C,0x1E, // 0x71
0x00,0x00,0xDC,0x76,0x66,0x60,0xF0,0x00, // 0x72
0x00,0x00,0x7C,0xC0,0x78,0x0C,0xF8,0x00, // 0x73
0x10,0x30,0x7C,0x30,0x30,0x34,0x18,0x00, // 0x74
0x00,0x00,0xCC,0xCC,0xCC,0xCC,0x76,0x00, // 0x75
0x00,0x00,0xCC,0xCC,0xCC,0x78,0x30,0x00, // 0x76
0x00,0x00,0xC6,0xD6,0xFE,0xFE,0x6C,0x00, // 0x77
0x00,0x00,0xC6,0x6C,0x38,0x6C,0xC6,0x00, // 0x78
0x00,0x00,0xCC,0xCC,0xCC,0x7C,0x0C,0xF8, // 0x79
0x00,0x00,0xFC,0x98,0x30,0x64,0xFC,0x00, // 0x7A
0x1C,0x30,0x30,0xE0,0x30,0x30,0x1C,0x00, // 0x7B
0x18,0x18,0x18,0x00,0x18,0x18,0x18,0x00, // 0x7C
0xE0,0x30,0x30,0x1C,0x30,0x30,0xE0,0x00, // 0x7D
0x76,0xDC,0x00,0x00,0x00,0x00,0x00,0x00, // 0x7E
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

};

#define CMAX_X 60
#define CMAX_Y 38
#define PIXELSIZE 3 //in short
#define LINESIZE 512 //in short
#define FRAMESIZE 0xAA000 //in byte

char line[4][256];


unsigned char *vramtop = (unsigned char *) 0x04000000;
unsigned long drawframe;

// get vram address for character position

unsigned char *GetVramAddr (unsigned long x, unsigned long y)
{
return vramtop + ((drawframe) ? FRAMESIZE : 0) + (x * 4) + (y * LINESIZE * 4) + 0x40000000;
}

// print a single character

void PutChar (unsigned long x, unsigned long y, unsigned long color, unsigned long bgcolor, unsigned char ch, char drawfg, char drawbg, char mag)
{
unsigned char *vptr0; //pointer to vram
unsigned char *vptr; //pointer to vram
const unsigned char *cfont; //pointer to font
unsigned long cx, cy;
unsigned long b;
char mx, my;


cfont = font + (ch * 8);
vptr0 = GetVramAddr(x,y);

for (cy=0;cy<8;cy++)
{
for (my=0;my<mag;my++)
{
vptr = vptr0;
b = 0x80;

for (cx=0;cx<8;cx++)
{
for (mx=0;mx<mag;mx++)
{
if ((*cfont & b) != 0)
{
if (drawfg)
*(unsigned long *) vptr = color;
}
else
{
if (drawbg)
*(unsigned long *) vptr = bgcolor;
}

vptr+=4; // PIXELSIZE*2;
}

b = b >> 1;
}

vptr0 += LINESIZE * 4; // 2
}

cfont++;
}
}

// print a string

void Print(unsigned long x, unsigned long y, unsigned long color, const char *str)
{
while ((*str != 0) && (x < CMAX_X) && (y < CMAX_Y))
{
PutChar(x*8,y*8,color,0,*str,1,1,1);

str++; x++;

if (x >= CMAX_X)
{
x = 0;
y++;
}
}
}

// clear video ram

void Fillvram (unsigned long color)
{
unsigned char *vptr0; //pointer to vram
unsigned long i;


vptr0 = GetVramAddr(0,0);

for (i=0;i<(FRAMESIZE/4)*2;i++)
{
*(unsigned long *) vptr0 = color;
vptr0 += 4;
}
}

// Memory functions

int memcmp (u8 *buf1, u8 *buf2, int size)
{
int x, r = 0;

for (x=0;(x<size) && (r == 0);x++) if (buf1[x] != buf2[x]) r = 1;

return r;
}

// String functions

void strcpy (char *dst,char *src)
{
while ((*dst++ = *src++));
}

int strlen (char *s)
{
int i = 0;


while (*s++) i++;

return i;
}

void PrintLines (void)
{
int i = 0;


for (i=0;i<3;i++) Print(1,i+1,0x00ffffff,line);
}

// for printing a 32bit hex --abu

void num2hex (char *dst, int n)
{
int i;
static char hex[]="0123456789ABCDEF";


for (i=0;i<8;i++) dst = hex[(n >> ((7 - i) * 4)) & 15];
}

// Files functions

#define PSP_O_RDONLY 0x0001
#define PSP_O_WRONLY 0x0002
#define PSP_O_CREAT 0x0200
#define PSP_O_TRUNC 0x0400
#define PSP_O_APPEND 0x0100

#define PSP_SEEK_SET 0
#define PSP_SEEK_CUR 1
#define PSP_SEEK_END 2

// 0x208F,0x109f50bc,sceIoOpen

int sceIoOpen (char *name, int flags, int mode)
{
// function args are readily in registers, so just do syscall --abu
asm("syscall 0x208f");
}

//0x208d,0x810c4bc3,sceIoClose

void sceIoClose (int fd)
{
asm("syscall 0x208d");
}

//0x2091,0x6a638d83,sceIoRead

int sceIoRead (int fd, char *buf, int sz)
{
asm("syscall 0x2091");
}

//0x2093,0x42ec03ac,sceIoWrite

int sceIoWrite (int fd, char *buf, int sz)
{
asm("syscall 0x2093");
}

//0x209B,0xb29ddf9c,sceIoDopen

void *sceIoDopen (const char *dirname)
{
asm("syscall 0x209b");
}

//0x209C,0xe3eb004c,sceIoDread

int sceIoDread (void *fd, SceIoDirent *dir)
{
asm("syscall 0x209c");
}

//0x209D,0xeb092469,sceIoDclose

int sceIoDclose (void *fd)
{
asm("syscall 0x209d");
}

//0x209F,0x06a70004,sceIoMkdir

int sceIoMkdir (char *n, int m)
{
asm("syscall 0x209f");
}
/*
int sceIoUnassign (char *s)
{
asm("syscall 0x20A9");
}
*/
int sceIoAssign (char *s, char *s2, char *s3, int d, int d2, int d3)
{
asm("syscall 0x20A8");
}

int sceIoLseek32 (int fd, long offset, int mode)
{
asm("syscall 0x2097");
}


int copy_file (char *src, char *dst)
{
int srcfd, dstfd, r, w, copied = 0;
char buf[512];


srcfd = sceIoOpen (src,PSP_O_RDONLY,0);
if (srcfd < 0) return -1;

dstfd = sceIoOpen(dst,PSP_O_WRONLY|PSP_O_CREAT|PSP_O_TRUNC,0777);
if (dstfd < 0) { r = dstfd; goto out; }

for (;;)
{
r = sceIoRead(srcfd,buf,512);
if (r <= 0) goto out;

w = sceIoWrite(dstfd,buf,r);
if (w != r) { r = 0xfbadcafe; goto out; }

copied += r;
num2hex(line[2],copied);
line[2][8] = 0;
PrintLines();
}

out:
if (srcfd >= 0) sceIoClose(srcfd);
if (dstfd >= 0) sceIoClose(dstfd);

return r;
}

char err[64] = ""; // you can copy an error msg here

#define FLASH_PATH "flash2:/vsh/etc/index.dat"
#define MS_PATH "ms0:/index.dat"
#define MSBAK_PATH "ms0:/index.dat.bak"

#define BLOCK 512

void Main(void)
{
int fd, fd2, x;
u8 buffer[BLOCK];
u8 buftemp[11] = { 0x49, 0x4E, 0x44, 0x45, 0x58, 0x20, 0x20, 0x20, 0x44, 0x41, 0x54 }; // Pour verifier qu'on est bien au bon endroit
u8 *ptr;


drawframe = 0;

// clear the video ram
Fillvram(0x00000000);

x = 0;

// Lire le block de l'entrée du fichier index.dat
strcpy(line[0],"Patch FAT entry ...");
PrintLines();

fd = sceIoOpen("lflash:",PSP_O_RDONLY,0);
if (fd >= 0)
{
x = sceIoLseek32(fd,0x9C4000,PSP_SEEK_SET); // 0x9C4000 est le bloc qui contient l'entrée de index.dat

sceIoRead(fd,buffer,BLOCK);
sceIoClose(fd);
}

// pointer ptr vers la bonne entrée
ptr = &buffer[0xE0];

// regarder si on a le bon block
if (!(memcmp(ptr,buftemp,11)))
{
// Patcher l'attribut du fichier index.dat
ptr[11] = 0x20; // Attributs changés (plus read only)
ptr[14] = 0xFB; // Octet reservé dans la FAT sert a la protection de copie ?
ptr[22] = 0xFB; // Soit disant l'heure du fichier ??

// Copier dans la lflash
fd = sceIoOpen("lflash:",PSP_O_RDONLY | PSP_O_WRONLY,0777);
if (fd >= 0)
{
x = sceIoLseek32(fd,0x9C4000,PSP_SEEK_SET);

sceIoWrite(fd,buffer,BLOCK);
sceIoClose(fd);
}
}

// Astuce pour assigner la flash0
x = sceIoAssign("flash2:", "lflash0:0,0", "flashfat2:", 0, NULL, 0);

// Copier une copie du fichier dans la ms
strcpy(line[1],"Backup old index.dat file ...");
PrintLines();

x = copy_file(FLASH_PATH,MSBAK_PATH);

// Copier le nouveau fichier
strcpy(line[2],"Copy new index.dat file ...");
PrintLines();

x = copy_file(MS_PATH,FLASH_PATH);

strcpy(line[0],"Patch succesful, please restart and launch update 1.50");
PrintLines();

// endless loop
for (;;)
{
PrintLines();
drawframe = (drawframe) ? 0 : 1;
}
}


For write to flash0 files, i use a trick which change the file attributs.

Thanks to yoshihiro for lflash idea and tests ;-)

[Shapyi]

Very nice MPH. Glad you and Yoshihiro were able to deliever this to the PSP Software Developement scene.

Now we wait to see if Sony releases 2.01 (or higher) to fix the buffer overflow in libTIFF. I wouldn't be surprised if they did.

[Pit0711]

thx,
great work

where can i donate? :-P

[isthar]

mph, good spirit releasing source, very exciting stuff. so this index.dat is like a fat table of the file entries? what exactly lets the updater from sony work after you've a) changed the version and b) messed w/ the index.dat file? [if its ok to ask here, im curious]

[Vampire]

so this index.dat is like a fat table of the file entries? what exactly lets the updater from sony work after you've a) changed the version and b) messed w/ the index.dat file? [if its ok to ask here, im curious]

http://forums.ps2dev.org/viewtopic.php?p=21138#21138

[isthar]

oh geez, thats it? did mph just take an index.dat (the encrypted version) from a 1.00 psp, drop it in flash (with some tricks), so then the updater runs?

am i missing something, but was the only barrier effectively the version number read from index.dat?

Of course getting access to the flash on a 2.0 took time, but wow, amazingly simple.

edit: the index.dat is probably from a 1.00, not a 1.50

[mrbrown]

Yes, did you read the posted source? That's also how the WAB version changer works.

People had better be careful, index.dat comes from the firmware and at least on these boards we treat that as any other copyrighted file - do not link to it from these boards!

[abu]

Hello, this is my downgrader source

Nice program, congratulations. It's a good practise to mention the original source if your code is largely based on someone else's work. At least string functions, copy_file(), PrintLines(), syscall method and num2hex() seem to be copy-paste from my flash-backup tool (http://sunkone.cjb.net/psp/). Nevertheless, keep up the good work ;). Btw, real hackers never downgrade, the work on 2.0 must go on...

[groepaz]

Btw, real hackers never downgrade, the work on 2.0 must go on...

agreed :)

btw did anyone notice how that yoshi dude made a "final" version of this by cleaning it up a bit and removing the original credits in the process ? :=P

[malkomx]

Btw, real hackers never downgrade, the work on 2.0 must go on...

agreed :)

btw did anyone notice how that yoshi dude made a "final" version of this by cleaning it up a bit and removing the original credits in the process ? :=P

http://www.hkmod.com/index.php?t=news_e ... ews_id=141

Close 2 Reality...

[etx]

Good work, thanks for posting the src.

[jockyw2001]

Talkin' credits. I think "akumaatr" deserves major credits for finding the tiff exploit in the 1st place:
http://forums.qj.net/showthread.php?t=16718

Is he a member of hitmen?

/JockyW

[PspPet]

> 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
> 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
Hmm that looks suspiciously like my code....
;-)

[groepaz]

http://www.hkmod.com/index.php?t=news_e ... ews_id=141

Close 2 Reality...

Talkin' credits. I think "akumaatr" deserves major credits for finding the tiff exploit in the 1st place:
http://forums.qj.net/showthread.php?t=16718

Is he a member of hitmen?

ok let me try to shed some light onto that.... the hkmods page isnt 100% correct either.

1) akumaatr did some decent research, and posted a long know exploit. he didnt find the exploit per se, he noticed that its (much likely) present in the libtiff used in the 2.0 firmware. no more no less. that said, this libtiff exploit was known to every selfrespected hacker before, even i knew it existed, and i havent got any trackrecord in that sort of exploits at all :=P (but i'm reading gentoo security stuff every now end then :)) ah yes, and akumaatr isnt a member of hitmen, i've never heard of him infact and i didnt know that post he did before you pointed me at it :)

2) the actual "exploit code", ie what made said exploit actually useful for us, was written by a person (who likes to stay anonymous) on the toc2rta irc channel. IMHO thats the person who deserves most credit for all of this, since he pretty much is the only one who really got down on the dirty stuff. i'm not even sure if he discovered the libtiff exploit himself or if he read said post by akumaatr, it doesnt matter much anyway.

3) i personally, or any other member of hitmen, arent claiming credit for anything except for the little helloworld thingy. (which btw also contains some code which -i think- originally appeared in nemnems helloworld). all i did was writing a little linker script, and cut'n' paste some lines of code. no more than 10 minutes of work involved here :) infact the original reason for making it wasnt to release a helloworld to the public, but to have a somewhat working C environment for further tests (like dumping the memory, flash, etc blabla). niacin (from toc2rta) then asked me to release it for others to play with, which i did. i was really suprised myself that everyone went crazy about that thing :=P

[mrbrown]

So the record has been set straight. The 2.0 exploit is amazing, kudos to the guy responsible. Now, can we get on with coding and leave the scene drama to the scene kiddies? :)

[malkomx]

http://www.hkmod.com/index.php?t=news_e ... ews_id=141

Close 2 Reality...

Talkin' credits. I think "akumaatr" deserves major credits for finding the tiff exploit in the 1st place:
http://forums.qj.net/showthread.php?t=16718

Is he a member of hitmen?

ok let me try to shed some light onto that.... the hkmods page isnt 100% correct either.

1) akumaatr did some decent research, and posted a long know exploit. he didnt find the exploit per se, he noticed that its (much likely) present in the libtiff used in the 2.0 firmware. no more no less. that said, this libtiff exploit was known to every selfrespected hacker before, even i knew it existed, and i havent got any trackrecord in that sort of exploits at all :=P (but i'm reading gentoo security stuff every now end then :)) ah yes, and akumaatr isnt a member of hitmen, i've never heard of him infact and i didnt know that post he did before you pointed me at it :)

2) the actual "exploit code", ie what made said exploit actually useful for us, was written by a person (who likes to stay anonymous) on the toc2rta irc channel. IMHO thats the person who deserves most credit for all of this, since he pretty much is the only one who really got down on the dirty stuff. i'm not even sure if he discovered the libtiff exploit himself or if he read said post by akumaatr, it doesnt matter much anyway.

3) i personally, or any other member of hitmen, arent claiming credit for anything except for the little helloworld thingy. (which btw also contains some code which -i think- originally appeared in nemnems helloworld). all i did was writing a little linker script, and cut'n' paste some lines of code. no more than 10 minutes of work involved here :) infact the original reason for making it wasnt to release a helloworld to the public, but to have a somewhat working C environment for further tests (like dumping the memory, flash, etc blabla). niacin (from toc2rta) then asked me to release it for others to play with, which i did. i was really suprised myself that everyone went crazy about that thing :=P

Thanx for the explanation.

I think the news on HKmod isn't saying that HITMEN should have all the credit.
From what i can read, it seems they are saying that the downgrader was a copy of Hitmen, abu, akumaatr, and anonymous work and contribution.
Which is in fact, what you are saying above also. (except you're mentionning nemnems which is the pretty new information there, but not a relevant one)

[Thanhda]

Hey! Yoshi should be thanking me, i emailled him that idea. Should have known he wouldnt give me any credit. anyway does anyone have the code for the 1.5 version? i want to compile the code so it says my firmware is 9.0 instead of 1.5 so i will never have to deal with these updates.

edit: here proof i figure this out before it came out

http://www.psp-hacks.com/2005/09/26/fir ... /#comments

#52 check it out.

Downgrader was launched
September 27, 2005 @ 4:59 pm

My Post was posted
September 27, 2005 @ 2:17 am

I'm not asking for much i just dont like how yoshi took all credit for the idea when i emailled him it.

[PspPet]

> i want to compile the code so it says my firmware is 9.0 instead of 1.5 so i will never have to deal with these updates.
That can't be done. The way various hacks change the system version (WABVersion changer, the MPH Downloader) is to copy the encrypted version index.dat file from a known system release to your PSP's flash0 volume

Needless to say this is not a 100% open source approach since you must include copyrighted Sony material in your version changer program.
BTW: if giving credit, don't forget Sony who wrote the actual Downgrader (UPDATE) program.

[Thanhda]

> i want to compile the code so it says my firmware is 9.0 instead of 1.5 so i will never have to deal with these updates.
That can't be done. The way various hacks change the system version (WABVersion changer, the MPH Downloader) is to copy the encrypted version index.dat file from a known system release to your PSP's flash0 volume

Needless to say this is not a 100% open source approach since you must include copyrighted Sony material in your version changer program.
BTW: if giving credit, don't forget Sony who wrote the actual Downgrader (UPDATE) program.

i see. haha, no its not a downgrader. its a DownGrader Algorithm, Or method/theory. The app itself doesnt do anything but Change the firmware name, hence not actually downgrading. I just wanted credit for the idea or theory behind the method used to do this downgrading.

[pspd3vil]

Hey! Yoshi should be thanking me, i emailled him that idea. Should have known he wouldnt give me any credit. anyway does anyone have the code for the 1.5 version? i want to compile the code so it says my firmware is 9.0 instead of 1.5 so i will never have to deal with these updates.

edit: here proof i figure this out before it came out

http://www.psp-hacks.com/2005/09/26/fir ... /#comments

#52 check it out.

Downgrader was launched
September 27, 2005 @ 4:59 pm

My Post was posted
September 27, 2005 @ 2:17 am

I'm not asking for much i just dont like how yoshi took all credit for the idea when i emailled him it.

Hello :) lool i've just talk with Yoshi and since September he have never read any email with all stupid spam send you need some credit for what ???? go talk with him if he have used your idea or stop the bulls*it the version changer already exist since July . bye

[Mathieulh]

> i want to compile the code so it says my firmware is 9.0 instead of 1.5 so i will never have to deal with these updates.
That can't be done. The way various hacks change the system version (WABVersion changer, the MPH Downloader) is to copy the encrypted version index.dat file from a known system release to your PSP's flash0 volume

Needless to say this is not a 100% open source approach since you must include copyrighted Sony material in your version changer program.
BTW: if giving credit, don't forget Sony who wrote the actual Downgrader (UPDATE) program.

PspPet I'd suggest you to take a look at the lastest SXT version changer that enables you to change your psp to version 7.50 without the need of using a copyrighted index.dat ;)

cheers :)

[PspPet]

BTW: Why is this thread still alive ?

re: version changer technology
The version tricking technology has changed -- anything discussed over 2 months ago is obsolete.
Those simple tricks (simply bumping the version number) no longer work for a number of reasons. See longer discussions about trying to get 2.x components to work under 1.0/1.50.

re: SXT version changer
Sorry, I shouldn't be talking about that here. It is not open source and does contain Sony copyrighted material.

[mrbrown]

Thread locked.