MPH Firmware Launcher v1.0

[johnmph]

UPDATE 2 !!!

I have added tutorial for converting firmware in good format, he is added in zip.

Download at http://www.chez.com/mph

-> Use with precaution, i am not responsable for possible damage <-

v1.1 :

- the saved data menu in VSHELL works now
- new prx loader : use /kd/pspbtcnf.txt for know which prx load
- resolve bugs in patch function
- modify information display


I have tested to replace 09.bmp (september) in ms0:/F0/vsh/resource/ and it works, when the firmware is loaded the new image is loaded in background.


TODO :

- Unload all modules already in memory for reload the prx firmware


MPH Firmware Launcher v1.0
---------------------------------

Allows to launch a firmware from the memory stick.


The firmware must be in file format and not in eboot.pbp format, for convert a firmware eboot.pbp in file, use the psardump01 tool (http://www.psp-hacks.com/downloads/psardump01.zip).


Installation :

- For 1.00 firmware : copy MPHFL (in 1.00 folder) to PSP/GAME folder of your memory stick
- For 1.50 firmware : copy MPHFL and MPHFL% (in 1.50 folder) to PSP/GAME of your memory stick

Create a F0 and F1 folder in root of memory stick, put files of flash0 (data, dic, font, kd et vsh) in F0 and put files of flash1 (dic, registry et vsh) in F1.

Run MPH Firmware Launcher.


Limitation :

He is not finished, bugs with somes prx loading.

For the moment, i have test with a 1.50 psp to load 1.00 firmware, it works but the version showed in the VSHELL still 1.50 and the psp crashes if i run an application.

Don't work for the 2.00 firmware because he uses a different encryption system.


You can download 1.00 firmware in good format here : http://www.chez.com/mph/



! Before use this, set the psp language to english because the 1.00 firmware has only 2 languages and he sets to japanese if he doesn't find your language.

[Matrixdub]

This is next to useless; the only reason someone would want to "launch" firmware outside of legitamate/easy methods would be to run homebrew...but you need to be able to run homebrew to run this application!

I say that it is "next to useless" because if this application actually works, then users could effectively downgrade from 1.50 to 1.0 (thus eliminating the need for KXploit, and faster loading of homebrew) but it is not worth the risk of bricking your machine.


....unless...we hack the individual files to make it look like something else....

<<evil laughter>>

[Marco_N]

The only use would be launching 2.00 on a 1.50 and enjoy AVC.

PS
I'd remove that link to the 1.00 firmware if I were you.

[someone]

If working this would be the solution for 1.0 users to buy and run 1.5x UMDs, at least at the moment (that no 2.0 games are out).

I've tried this program on a 1.0 PSP with 1.5 firmware dump (dumped by myself with psardump and put files in right folders) without success.
I've tried first using encripted prx then decrypted prx...both times it didn't work.

With encrypted prx: program gives only errors and "header texts" (text address., size, flash patch, etc) never change.

With decrypted prx: program gives some erorrs, "header texts" change. At top it shows Error : ms0/F0/kd/chkreg.prx.

Both times the last string shown at the bottom is Error: ms0/F0/vsh/module/vshmain.prx.

I hope you can fix it to run on 1.0 psp.

Thanks a lot

[johnmph]

I have updated the app.

I give a video to show it in action, you can download at http://www.chez.com/mph

[someone]

I have updated the app.

I give a video to show it in action, you can download at http://www.chez.com/mph

Thanks for the update!

I'm sorry to report that it's still not working on a 1.0 PSP triying to run 1.5 firmware.
Now with decoded prxs the result is..nothing! Just the program title shows then nothing, with no ms activity.

With encoded prx it start loading (like the video you put on your website), but after a while I get a lot of:
_allocSysMemory:Low: no more space, can not alloc

and similar. Than it hangs with ms light on fix red, and after a while shuts down the psp.
Maybe to go further there is "only" the need of you todo

TODO :

- Unload all modules already in memory for reload the prx firmware

Hope you'll succed in coding that feature soon! :)
Thanks thanks thanks!!

[johnmph]

I have updated the app.

I give a video to show it in action, you can download at http://www.chez.com/mph

Thanks for the update!

I'm sorry to report that it's still not working on a 1.0 PSP triying to run 1.5 firmware.
Now with decoded prxs the result is..nothing! Just the program title shows then nothing, with no ms activity.

With encoded prx it start loading (like the video you put on your website), but after a while I get a lot of:
_allocSysMemory:Low: no more space, can not alloc

and similar. Than it hangs with ms light on fix red, and after a while shuts down the psp.
Maybe to go further there is "only" the need of you todo

TODO :

- Unload all modules already in memory for reload the prx firmware

Hope you'll succed in coding that feature soon! :)
Thanks thanks thanks!!

It works only with encrypted prx, sceKernelLoadModule doesnt load decrypted prx.

I am seeking for the unloading of module, maybe that will solve the bug of the 1.00.

Thanks for the test

[someone]

It works only with encrypted prx, sceKernelLoadModule doesnt load decrypted prx.

I am seeking for the unloading of module, maybe that will solve the bug of the 1.00.

Thanks for the test

Ok, next time I'll test directly with encrypted prx :)

[Matrixdub]

If working this would be the solution for 1.0 users to buy and run 1.5x UMDs, at least at the moment (that no 2.0 games are out).

You can already do this with WAB's version changer.

[someone]

If working this would be the solution for 1.0 users to buy and run 1.5x UMDs, at least at the moment (that no 2.0 games are out).

You can already do this with WAB's version changer.

No, you're wrong. Wab version changer works mostly only on 1.5 firmware. Euro's UMD Videos can't be played on 1.0s. So there is at least one use currently, and it will be precious if and when there will be a way to use (decrypt) 2.0 prx to use upper firmware features on older firmware psps (and I'm not sure that WE9/PES5 and other 2.0 games will work on my 1.0 even with wab version changer....I will try next month when I'll go to buy PES5).


If you can't get the point in this app, then just don't blame the author and follow other threads.

[johnmph]

This is the tutorial for convert firmware in good format :


Convert EBOOT.PBP to files firmware
-----------------------------------

Requires :

- psardump01 by PspPet (http://www.psp-hacks.com/downloads/psardump01.zip)
- pbp-unpacker by pdc (http://www.pdc.me.uk/pbp/)
- EBOOT.PBP firmware what you want convert


1) Extract DATA.PSAR from EBOOT.PBP with pbp-unpacker

2) Copy DATA.PSAR in your memory stick root (ms0:/)

3) Install psardump01 in PSP/GAME (with kxploit for 1.50)

4) Run psardump01, he will erase DATA.PSAR and create OUT and OUTX folder.

5) Delete OUTX folder

6) Open OUT/readme.txt with text editor supporting UNIX format, you will see the list of firmware files

Example :

Extraction report
From PSAR Dump .01
a PspPet utility
-------------
LEGAL NOTICE:
the files extracted are Sony copyrighted material
do not post them on the web or share them
for legal DMCA compatible "fair use" uses only
-------------

Special Files:
version info - saved as ms0:/OUT/data0.bin
other info - saved as ms0:/OUT/data1.bin

Regular Files:
flash0:/data/cert/Class1_PCA_G2_v2.cer (1122 bytes) -- saved as 'ms0:/OUT/Class1_PCA_G2_v2.cer'
flash0:/data/cert/Class1_PCA_G3v2.cer (1508 bytes) -- saved as 'ms0:/OUT/Class1_PCA_G3v2.cer'
flash0:/data/cert/Class1_PCA_ss_v4.cer (854 bytes) -- saved as 'ms0:/OUT/Class1_PCA_ss_v4.cer'

some other files ....

flash0:/vsh/resource/video_plugin.rco (97936 bytes) -- saved as 'ms0:/OUT/video_plugin.rco'
flash0:/vsh/resource/video_plugin_videotoolbar.rco (112392 bytes) -- saved as 'ms0:/OUT/video_plugin_videotoolbar.rco'
-------------

212 data files saved
0 errors

126 decrypted of 212 data files saved



7) You should remake the firmware structure directory using the info of regulars files, see the example :

first line of regular file :

- flash0:/data/cert/Class1_PCA_G2_v2.cer (1122 bytes) -- saved as 'ms0:/OUT/Class1_PCA_G2_v2.cer'


Create data and data/cert folder in ms0:/F0 (because it's flash0:) and move ms0:/OUT/Class1_PCA_G2_v2.cer in ms0:/F0/data/cert/

Do this with all regular files (for flash1:/... files, it's ms0:/F1/...)

8) when all files are moved in good folder, delete OUT folder

You have now the good format for MPH Firmware launcher.

[Matrixdub]

Not to engage with a war or anything (this is the only time I will reply to flaming on this thread-I will ignore you in future) but I DO get the point of this thread (my first reply) I was just saying that this application does SO much more than simply allow UMDs that require a specific firmware to run. And the version changer DOES work on 1.0.

No more non-productive replies.

[cheriff]

but when/if a game comes along that requires a higher fw for reasons other than to force you to upgrade because sony told them to (ie it actually relies on a new feature/function or something), this method could potentially work, since reporting a false version will only get so far, untill a game tries to link at runtime to a function that doesn't exist in the 1.0 fw.
Also if the new browser can be loaded in the new fw ontop of the old one, then we get the sony bowser whilst retaining the ability to run homebrew.
I think this is kinda exciting, especially if it can be done without writing to flash at all ... im sure im not the only one nervous about things like that.

[someone]

This is the tutorial for convert firmware in good format :

Do this with all regular files (for flash1:/... files, it's ms0:/F1/...)

Just one question...psardump don't dump flash1 file from the DATA.PSAR, right? At least, a 1.5 update dumped with psardump on a 1.0 gives only flash0 files.
I'm using manually dumped from flash (using PSP File Assistant) 1.50 flash1 files from a friend of mine.

PS: Today I've tried loading the 1.0 firmware on my 1.0 still with no luck, I always get the no more space error

[someone]

Not to engage with a war or anything (this is the only time I will reply to flaming on this thread-I will ignore you in future) but I DO get the point of this thread (my first reply) I was just saying that this application does SO much more than simply allow UMDs that require a specific firmware to run.

No more non-productive replies.

I don't like flaming too..Maybe I was a bit too harsh, sorry.
You've to admit you too were a little to harsh in you first post.
So, question closed.

Regarding the usefulness of this app (when working), it's obviously not limited to running game umds requiring a greater Fw version. It was only an example!

And the version changer DOES work on 1.0.

Yes it works, but, I repeat, not for the UMD Video part (just read Yoshi's release post or program nfo).
And maybe someone else other than me would prefer not to flash the psp to change version and just run a program like this to load the right firmware on the fly and let the game run in it's proper system enviroment.

[johnmph]

This is the tutorial for convert firmware in good format :

Do this with all regular files (for flash1:/... files, it's ms0:/F1/...)

Just one question...psardump don't dump flash1 file from the DATA.PSAR, right? At least, a 1.5 update dumped with psardump on a 1.0 gives only flash0 files.
I'm using manually dumped from flash (using PSP File Assistant) 1.50 flash1 files from a friend of mine.

PS: Today I've tried loading the 1.0 firmware on my 1.0 still with no luck, I always get the no more space error

Yes, you are right for flash1, but you can copy flash1 files of another firmware (1.00 or 1.50) with tool like you have done with PSP File Assistant.

[someone]

I've seen you released version 1.2 on your website.
Test results:

Again on 1.0 PSP it won't load firmware 1.5 nor 1.0 (maybe you already know that!).
It stops always at the same point, with the following text on screen:

For FW 1.5: Load (57): ms0:/F0/kd/medasync.prx
For FW 1.0: Load (59): ms0:/F0/kd/impose.prx

It don't show errors, but this is maybe due to the fact you changed code to not display them..

Bye

[johnmph]

I've seen you released version 1.2 on your website.
Test results:

Again on 1.0 PSP it won't load firmware 1.5 nor 1.0 (maybe you already know that!).
It stops always at the same point, with the following text on screen:

For FW 1.5: Load (57): ms0:/F0/kd/medasync.prx
For FW 1.0: Load (59): ms0:/F0/kd/impose.prx

It don't show errors, but this is maybe due to the fact you changed code to not display them..

Bye

I think it's because i cant unload module with sceKernelStopModule and sceKernelUnloadModule (because prx has SCE_MODULE_ATTR_CANT_STOP flag).

If i modify the flag to unload it i get the error : sce_kernel_error_not_removable.

it's because prx i want to unload are system prx, i use a trick to load system prx of memory stick firmware but he doesn't unload old system prx in kmem.

After loading some prx, the kmem is full and i get the error :

block.c : _allocSysMemory : Low : no more space, can not alloc ....

I think the good way for loading prx is in reboot.prx code.

[ice-master]

i just tried with 2.0 Firmware (Dumped from a 2.0 PSP) and it doens't load.

I'm patiently waiting for MPH 1.3 ^_^

[someone]

i just tried with 2.0 Firmware (Dumped from a 2.0 PSP) and it doens't load.

I'm patiently waiting for MPH 1.3 ^_^

You wanted to say "dumped from a 2.0 EBOOT.pbp updater"? Or you really mean dumped from a 2.0 psp? This should mean that someone succeded in writing code for the 2.0 buffer overflow exploit to dump the firmware, that seems a little difficult at this point to me.

However, me too is looking forward a new release of MPH Firmware loader, but I don't think it will come soon, because jonmph was studying the updater to search useful infos for a downgrader.
Maybe now all changes beacuse of the new exploit... We will see.

[ice-master]

i just tried with 2.0 Firmware (Dumped from a 2.0 PSP) and it doens't load.

I'm patiently waiting for MPH 1.3 ^_^

You wanted to say "dumped from a 2.0 EBOOT.pbp updater"? Or you really mean dumped from a 2.0 psp? This should mean that someone succeded in writing code for the 2.0 buffer overflow exploit to dump the firmware, that seems a little difficult at this point to me.

However, me too is looking forward a new release of MPH Firmware loader, but I don't think it will come soon, because jonmph was studying the updater to search useful infos for a downgrader.
Maybe now all changes beacuse of the new exploit... We will see.

Someone created a Firmware Dumper for 2.00 ;)

[PspPet]

> i just tried with 2.0 Firmware (Dumped from a 2.0 PSP) and it doens't load.
That won't work. The firmware launcher is a 1.0/1.50 compatible app. It can't decrypt the PSP 2.0 firmware files [they changed the encryption for 2.0 PRXs]

> Or you really mean dumped from a 2.0 psp?
Yes - PSP 2.0 hacks using the TIFF exploit are all the rage.
One such thread-> http://www.psphacks.net/forums/viewtopic.php?t=6787
NOTE: actually works (not one of the many bogus claims)

> You wanted to say "dumped from a 2.0 EBOOT.pbp updater"?
Same difference - neither will work.
FWIW: The results of running the new 2.0 exploit firmware dumper or my PSAR Dumper are almost identical [the mangled headers are slightly different]
Neither will work using the firmware launcher approach.

[if/as the 2.0 exploit technology gets better this *may* be possible, but that's in the future]

[sherpya]

http://oss.netfarm.it/psp/firmware/
there are a python script and a c# (2.0) app to recreate flash0 structure from a psar dump (you must select README.txt in the OUT Directory), it
works with psar dumper directory structure

[logik]

http://oss.netfarm.it/psp/firmware/
there are a python script and a c# (2.0) app to recreate flash0 structure from a psar dump (you must select README.txt in the OUT Directory), it
works with psar dumper directory structure

I never understood why the dumper didn't organize the files automatically. It comes with the source, so it's not hard to fix.

[modsyn]

i'll also mention my flash0 builder program: download