How to boot a FW

[slasher2661996]

Yes, i need to emulate the flash0 to be like ms0:/fw/

Do i still need the IPL todo so?

[Dariusc123456]

Yes you do need a IPL to run off the memory stick. Just read about how the IPL is use. Search it up on google.

[Davee]

Yes you do need a IPL to run off the memory stick. Just read about how the IPL is use. Search it up on google.

Right, I'mma be blunt. You need to stop pretending you know what your talking about because the shit coming out of your mouth is disgusting. I constantly see you posting acting like you know what your talking about and it is really annoying. It's also misleading to developers. You do NOT need a new IPL. Devhook is the best example.

[Bubbletune]

It might be feasible to make your application directly reboot into a memory stick firmware such as one installed by Time Machine (Or a "Test M33" firmware from DC if you want a later firmware like 5.00M33).

You'll probably have to do something along these lines :/

You'll need a custom IPL which modifies the Time Machine IPL for this. You should already be running it in service mode.Time Machine can boot normally to flash0 from service mode. I'm assuming that if you store a variable at a fixed address in RAM, you can access it at IPL time when you suspend and resume the PSP. Make your app store a variable at a hard coded location and then suspend and restart the PSP. You could use the RTC alarm function to make it automatically power on again. When the PSP powers on it will execute the IPL again. You should have a custom IPL on the memory stick. In the IPL you can detect whether the PSP was cold booted or whether its resuming from a suspend. If it was previously suspended then you should look for your variable at your memory location too see whether your app wants to boot another firmware. If it does then your IPL should patch the TimeMachine IPL to directly start which ever memory stick firmware IPL instead of waiting for a button press. If it is coldboot then your IPL should directly start the Time Machine IPL so the PSP boots normally.

Or you can just make it reboot and hold the corresponding button for Time Machine =.=

You don't have access to the main RAM so early in a cold reboot, and by the time you have, it's likely that it's already been cleared.

Easiest way to do this is by extending the Time Machine IPL with a custom IPL that reads commands left by your application.

... what? No.

Aren't there are IPL patches as well for the booting from memory stick firmware?!? I don't think simply restarting with a Time Machine memory stick firmware's reboot.bin is going to make it boot from the memory stick!

Yes, it would. You can take the rebootex.bin from tmctrl.prx and the reboot.bin from loadexec.prx, load them both into memory, and when you jump into it, it'll reboot right into it, providing you're coming from a similiar firmware, if that's not the case you might need to copy a few decryption keys in the right place, but that's not that much of a big deal.

You mean the lflash emulation is completely transparent and boots 1.50/3.40OE firmware with the stock IPL in TM??
What about the 1.50 Slim version through TM?

There's a few patches applied to redirect the lflash access in the IPL. If you're booting from reboot.bin though, that isn't necessary, and you just need to patch reboot.bin and the lflash driver once the kernel has been initialized.

[Dariusc123456]

Yes you do need a IPL to run off the memory stick. Just read about how the IPL is use. Search it up on google.

Right, I'mma be blunt. You need to stop pretending you know what your talking about because the shit coming out of your mouth is disgusting. I constantly see you posting acting like you know what your talking about and it is really annoying. It's also misleading to developers. You do NOT need a new IPL. Devhook is the best example.

Dave, if you read the whole thread, its talking about he want to make a IPL.

[Davee]

Yes you do need a IPL to run off the memory stick. Just read about how the IPL is use. Search it up on google.

Right, I'mma be blunt. You need to stop pretending you know what your talking about because the shit coming out of your mouth is disgusting. I constantly see you posting acting like you know what your talking about and it is really annoying. It's also misleading to developers. You do NOT need a new IPL. Devhook is the best example.

Dave, if you read the whole thread, its talking about he want to make a IPL.

No he doesn't. He wants to reboot into a different firmware from the memory stick.

[Wally]

Yes you do need a IPL to run off the memory stick. Just read about how the IPL is use. Search it up on google.

Right, I'mma be blunt. You need to stop pretending you know what your talking about because the shit coming out of your mouth is disgusting. I constantly see you posting acting like you know what your talking about and it is really annoying. It's also misleading to developers. You do NOT need a new IPL. Devhook is the best example.

Dave, if you read the whole thread, its talking about he want to make a IPL.

You've gotta learn to STFU sometimes..

[slasher2661996]

Yea , Dariusc i don't care how i do it i just wanna do it.

So, Davee, a need to look at Devhook?

[Torch]

You don't have access to the main RAM so early in a cold reboot, and by the time you have, it's likely that it's already been cleared.

How does Time Machine handle suspend/resume? It starts execution from the beginning of the IPL again on resume right? Doesn't it need to know which firmware is currently loaded?

[Bubbletune]

You don't have access to the main RAM so early in a cold reboot, and by the time you have, it's likely that it's already been cleared.

How does Time Machine handle suspend/resume? It starts execution from the beginning of the IPL again on resume right? Doesn't it need to know which firmware is currently loaded?

Suspend/resume is a not a cold reboot.

[Torch]

Suspend/sleep is a not a cold reboot.

Read my post carefully. The whole variable in RAM thing was after an induced suspend/resume, but forcing the IPL to take the cold boot branch to simulate rebooting into the memory stick firmware. Thats why I mentioned a custom IPL to handle it.

[Bubbletune]

Suspend/sleep is a not a cold reboot.

Read my post carefully. The whole variable in RAM thing was after an induced suspend/resume, but forcing the IPL to take the cold boot branch to simulate rebooting into the memory stick firmware. Thats why I mentioned a custom IPL to handle it.

You'd reinitialize hardware which has already been initialized that way, though. You can't do that, which is one of the reasons why the 1.50 kernel add-on didn't work on the PSP Slim. In order to boot the PSP in a state in which it would work, all hardware has to be initialized by the 1.50 kernel, including hardware that doesn't turn off in sleep mode. If a different kernel already initialized it, you can't just override that. Loading reboot.bin instead, and overriding just the decryption keys, is a way more effective way to boot into a new firmware without going over the whole initialization process again. Of course this won't let you run really ancient firmwares that weren't ment for that model, for example the 1.50 firmware on the Slim, because you'd need the PSP to be initialized completely by that kernel. You can't do that by going suspend/resume though, that's not enough. In fact, I recall some post in lan.st saying that was the reason why there is no 1.50 kernel add-on on the Slim, but why there is TimeMachine (even a cold reset didn't turn off enough hardware to boot into the 1.50 firmware).

[Torch]

The 1.50 hardware reinit problem was mentioned by DAX in the TM readme.

What was happening in Booster's original service mode->flash0 boot IPL where it would reboot after suspend/resume if you didn't hold L trigger? Was that simply following the coldboot branch if you didn't hold L (and the hardware re-init didn't cause any problems) or was it doing a full cold reboot if you didn't hold L?

[Bubbletune]

The 1.50 hardware reinit problem was mentioned by DAX in the TM readme.

What was happening in Booster's original service mode->flash0 boot IPL where it would reboot after suspend/resume if you didn't hold L trigger? Was that simply following the coldboot branch if you didn't hold L (and the hardware re-init didn't cause any problems) or was it doing a full cold reboot if you didn't hold L?

A full cold reboot.

[sauron_le_noir]

DAX use a 1.5 kernel with some module that handle slim hardware taken from OFW 3.40

[slasher2661996]

DAX use a 1.5 kernel with some module that handle slim hardware taken from OFW 3.40

Thats the hybrid fw, but thats not what were talking about

[Torch]

The 1.50 hardware reinit problem was mentioned by DAX in the TM readme.

What was happening in Booster's original service mode->flash0 boot IPL where it would reboot after suspend/resume if you didn't hold L trigger? Was that simply following the coldboot branch if you didn't hold L (and the hardware re-init didn't cause any problems) or was it doing a full cold reboot if you didn't hold L?

A full cold reboot.

Then it seems the cold reboot was intentional. Why would he do that on purpose??? I was under the assumption that it was a bug and it was following the cold boot branch without actually rebooting and the re-init didn't cause problems; hence my previous recommendation.

[sauron_le_noir]

indeed

[Salvy]

Sorry for going offtopic:

Isn't xmoxasx' signature against this forum's rules since it leads to warez?

[jbit]

Isn't xmoxasx' signature against this forum's rules since it leads to warez?

Yes, it's a spam bot, gone now....

[slasher2661996]

Back to the real topic:

So, i need to look at DevHook?

[Torch]

Back to the real topic:

So, i need to look at DevHook?

No, loading CFW is much simpler like BubbleTune said. Its not open source anyway. Look at the source of CFWEnabler (the one reversed by Davee) if you want to see how to load another rebootex.bin.

[slasher2661996]

thanks