Advancements in 1.51...
I think I finally understand what you are saying. I think you are confusing homebrew firmware with a homebrew application.HaredX wrote:and the other means would be what? We already know that we cannot run the 1.50 upgrade unedited to downgrade a 1.51 psp, which means we would have to create a homebrew app to downgrade the psp with the 1.50 files
I think what others in this thread, who have been working on this, are trying to do is to figure out a process where they can run a modified version of the 1.5 firmware, as you have stated.
I don't think that a modified version of the firmware is the same thing as a homebrew application (which is what currently works on 1.0 and 1.5).
With that being said, I still fully disagree with you that this isn't the path to take. Creating a homebrew version of the firmware is the way to run applications on 1.51/1.52 IMHO.
It's just a matter of time before someone figures out how to modify the firmware to make this work, again IMHO.
I apologize for being a bit of an arse to you earlier in this thread HaredX
That I don't know. However if it's anything like replacing the firmware on the xbox or the firmware on a DVD player all that needs to be done is to find a way to write to the EEPROM.HaredX wrote:ok then how do you plan to run the homebrew version of the firmware without being able to run homebrew? also, it's all good, I get quite angry from time to time as well ;-)
This can come from either a hardware hack or someone breaking the mysterious RSA encryption stuff around the firmware (which is more likely, IMHO).
"but if it comes from the RSA stuff doesn't that mean we can run signed code and thus run homebrew?"
Possibly but not necessarily. Granted I have limited knowledge of encryption but I know how PGP works and I've been using it for a long time now...thanks Phil Zimmerman! The keys used for accessing the firmware could be different than the ones used for accessing the flash.
But to answer your question honeslty. I don't know. What I do know is that everytime someone says it can't be done there really is a kid in Finland who does it. It's only a matter of time.
And I ripped that off shamelessly, so deal.
The firmware data itself is the DATA.PSAR, not the DATA.PSP. DATA.PSP is the FLASH application that actually does the flashing (plus something else I can't get right now). It's a program, the executable the PSP runs in order to upgrade.
All the data found in a DUMP is in DATA.PSAR file.
A gross way to confirm this is to compare the file size of DATA.PSAR (a compressed and encrypted file) with the size of the DUMP packed into a .rar file. DATA.PSAR is a little bit larger because of the encryption:
1.50 DATA.PSAR: 10.149.440 bytes (9.67MB)
1.50 DUMP.RAR: 9.590.082 bytes (9.14MB)
So, the file that needs to be changed in order to allow the downgrade is the DATA.PSP, the flashing program. This is the program that compares the firmware found in the PSP with the new one about to be installed.
All the data found in a DUMP is in DATA.PSAR file.
A gross way to confirm this is to compare the file size of DATA.PSAR (a compressed and encrypted file) with the size of the DUMP packed into a .rar file. DATA.PSAR is a little bit larger because of the encryption:
1.50 DATA.PSAR: 10.149.440 bytes (9.67MB)
1.50 DUMP.RAR: 9.590.082 bytes (9.14MB)
So, the file that needs to be changed in order to allow the downgrade is the DATA.PSP, the flashing program. This is the program that compares the firmware found in the PSP with the new one about to be installed.
well this will never happen seeing as data.psp file is encrypted, we can't modify it without the RSA private key knowledge and just patching the commands in without the psp's encryption would cause the data to either return error or run unstable.
would sony be stupied enough to encrypt the .psar file with the same private key as the .psp file, if so it would be more possible to figure out the key by reverse engineering the decrypter to use two files (one the encrypted and the other not) or sets of files and the reversed engineered decrypter could use those to to figure out the two keys. Although a Programming genius would be neccessary to do this.
another possibilty is to find the area of the data.psp file that compares the contents of the .psar file to the current fw on the psp and delete it (not likely this will happen)
would sony be stupied enough to encrypt the .psar file with the same private key as the .psp file, if so it would be more possible to figure out the key by reverse engineering the decrypter to use two files (one the encrypted and the other not) or sets of files and the reversed engineered decrypter could use those to to figure out the two keys. Although a Programming genius would be neccessary to do this.
another possibilty is to find the area of the data.psp file that compares the contents of the .psar file to the current fw on the psp and delete it (not likely this will happen)
Just jumping in to point out the obvious Catch-22.
I see alot of "We need to make PSP1.51 run our special homebrew-app to downgrade, so we can run our homebrew-apps." If you can even get a simple helloworld to run on PSP1.51, why would you downgrade it? ;)
Sony wins the war with this whole Firmware thing. Excluding the idea of modchips, by the time Sony reaches firmware 2.00..... the number of software exploits can be reduced to zero. There are only so many ways to execute code. If they got annoyed enough, they could just remove that "GAME" option off the menu and end this executing off Memstick thing alltogether. Packing the updates on all the new UMDs will do just fine.
I'm not saying to give up mind you, there's probably a way to get into 1.51(since 1.52's security fix implies a hole in 1.51).
I think y'all should focus on the "%n" issue that crashes the PSP 1.51.
I see alot of "We need to make PSP1.51 run our special homebrew-app to downgrade, so we can run our homebrew-apps." If you can even get a simple helloworld to run on PSP1.51, why would you downgrade it? ;)
Sony wins the war with this whole Firmware thing. Excluding the idea of modchips, by the time Sony reaches firmware 2.00..... the number of software exploits can be reduced to zero. There are only so many ways to execute code. If they got annoyed enough, they could just remove that "GAME" option off the menu and end this executing off Memstick thing alltogether. Packing the updates on all the new UMDs will do just fine.
I'm not saying to give up mind you, there's probably a way to get into 1.51(since 1.52's security fix implies a hole in 1.51).
I think y'all should focus on the "%n" issue that crashes the PSP 1.51.
Learning to hack is not bad in itself; it's what you do with your abilities that count. - a.k.a. Shadow-Me-Twice of ddrfreak.com
Somehow I got to agree with you on this. This whole firmware update feature is also a big way to prevent people to find exploits... even if they do, probably every update or so, a new exploit would need to be found.TRF-Yu-Ki wrote:Just jumping in to point out the obvious Catch-22.
I see alot of "We need to make PSP1.51 run our special homebrew-app to downgrade, so we can run our homebrew-apps." If you can even get a simple helloworld to run on PSP1.51, why would you downgrade it? ;)
Sony wins the war with this whole Firmware thing. Excluding the idea of modchips, by the time Sony reaches firmware 2.00..... the number of software exploits can be reduced to zero. There are only so many ways to execute code. If they got annoyed enough, they could just remove that "GAME" option off the menu and end this executing off Memstick thing alltogether. Packing the updates on all the new UMDs will do just fine.
I'm not saying to give up mind you, there's probably a way to get into 1.51(since 1.52's security fix implies a hole in 1.51).
I think y'all should focus on the "%n" issue that crashes the PSP 1.51.
The only thing I disagree with you about is that they would remove the game option off the menu, because this is a feature they implanted for something. When will it be used and what for... we can only guess, but it's there for something and they wouldn't remove a featured they promoted along with the PSP.
But surely is there a way to work around all those exploits to avoid that, and I believe downgrading is one of those. Only thing the task of upgrading to play a PSP game, downgrading to play homebrew, on the first thought seems a bit discouraging to do, but it's a way like any other. Though, no one is perfect, we all do mistakes or forget details. Also there is to know, Sony's putting a lot of energy on the PSP right now, but it won't always be the case. Whenever the PS3 is coming out, in my opinion, they will slightly drop this whole PSP attention thing. I don't say they will completly stop whatsoever, they might only won't be as paranoid as they are right now, and concentrate more on the PS3 security for a bit... This is only speculation though and I might be seriously wrong over this.
Sorry if this is a bit off topic, although, I just wanted to give my opinion on this follow up. I am not really knowledgeable with all this encryption stuff, and I can only support you guys in your hard work.
I completely disagree, I think somewhere along the lines we will find a good technique to edit the upgrades and even if sony keeps releasing the upgrades to block exploits, someone will find a way to impliment modified firmware flashes so that they contain all the features of the newer updates but still allow running unsigned code
Well damn. Now I have seen everything.HaredX wrote:I completely disagree, I think somewhere along the lines we will find a good technique to edit the upgrades and even if sony keeps releasing the upgrades to block exploits, someone will find a way to impliment modified firmware flashes so that they contain all the features of the newer updates but still allow running unsigned code
Listen, Hared, I tried it. Granted, my means were rather shoddy, but just editing the files doesn't work. Think of a WEP key for instance. You input X-number of characters and it generates a WEP key for that passphrase. Now change one letter, the WEP key changes.
Now, imagine if the Updates + AES worked in a similar fashion. Perhaps at a point in the code, the AES key would be generated with that point in mind. Change that point and regenerate the code, the code is different.
Now picture that when you go in and edit the files. The PSP will be expecting one thing and it finds another. It simply says "No way..."
I respect your persistence. But I tried every conceiveable idea that came to my mind. None of which worked. Many of which, described in this very thread. Considering the talk around here, I probably got as far as we could ever get. The update actually RAN, but ceased the instant it saw the source is older than the destination. Then it reboots the PSP and everything is as it was.
Any software method of downgrading, like team Xecuter says WAB is working on, would only work on PSPs capable of homebrew, unless WAB used an illegal devkit to create these downgrades.
Until the hole in 1.51 is discovered, there will be no downgrading...
Now, imagine if the Updates + AES worked in a similar fashion. Perhaps at a point in the code, the AES key would be generated with that point in mind. Change that point and regenerate the code, the code is different.
Now picture that when you go in and edit the files. The PSP will be expecting one thing and it finds another. It simply says "No way..."
I respect your persistence. But I tried every conceiveable idea that came to my mind. None of which worked. Many of which, described in this very thread. Considering the talk around here, I probably got as far as we could ever get. The update actually RAN, but ceased the instant it saw the source is older than the destination. Then it reboots the PSP and everything is as it was.
Any software method of downgrading, like team Xecuter says WAB is working on, would only work on PSPs capable of homebrew, unless WAB used an illegal devkit to create these downgrades.
Until the hole in 1.51 is discovered, there will be no downgrading...
ugh if the hole in 1.51 is found there will be no need to downgrade that's what i have been saying. anyways, I saw everyone give up like this in the ps2 scene when we were trying to be able to play burned games that had DNAS protection online, low and behold a little less than a month later a patcher was released to put a DNAS id onto a burned disc. It will happen.
It would be nice if it would happen sooner rather than later, and it would also be good if we didn't have groups like Team Xecuter claiming that they found a way to do it but decided not to release that information and instead leave it to secretive groups like WAB and PsP-DeV (the spanish one) to release it.HaredX wrote:It will happen.
Dan Jackson
Actualy, Team X said the Hardware they had developed allowed them to hardmod, AND figure out how to do it via softmod. They said this would be released by a team like WAB in the not to distant future.HaredX wrote:danj, the method team xecuter has developed requires a special piece of hardware that they are currently developing, its not a softmod. WAB released 2.5 loader today which is an alpha version of their upcoming 3.0 release
Prayin to God won't help, I never listen
I agree I really think they know how but are waiting for some time to release it god i would do almost ne thing to run hombre on my 1.52Danj wrote:It would be nice if it would happen sooner rather than later, and it would also be good if we didn't have groups like Team Xecuter claiming that they found a way to do it but decided not to release that information and instead leave it to secretive groups like WAB and PsP-DeV (the spanish one) to release it.HaredX wrote:It will happen.
*sigh*
Get over the downgrading... Just forget about it. Its not going to happen until there is a hardware means of reflash available to the public and I think when it comes to that the Sesame Street word for the day that most applies would be "NEVER".
I have said time and again the 'update' is checked against something else. But I never thought it was checked against an encrypted file contained in the flash. Something that we can't touch as it is, at least without bricking a PSP.
Downgrade = not in the foreseeable future.
And if it does happen to be made, then I would surely question the legality of the finding...
Get over the downgrading... Just forget about it. Its not going to happen until there is a hardware means of reflash available to the public and I think when it comes to that the Sesame Street word for the day that most applies would be "NEVER".
I have said time and again the 'update' is checked against something else. But I never thought it was checked against an encrypted file contained in the flash. Something that we can't touch as it is, at least without bricking a PSP.
Downgrade = not in the foreseeable future.
And if it does happen to be made, then I would surely question the legality of the finding...