PSP Firmware/Bios Dumped! (split from hello world thread)

Discuss the development of new homebrew software, tools and libraries.

Moderators: cheriff, TyRaNiD

nem
Posts: 73
Joined: Thu Jan 13, 2005 9:21 pm
Contact:

Post by nem »

Orion_ wrote:I can't understand how work the call to kernel function.
does the numbers in startup.s are the address of the functions in kernel/memory ?
how did you find them and what was their parameters ?
I dumped the firmware of PSP by electrical means. Peel off the memory chip from PSP mainboard, connect wires to the chip, find which ball is what, and dumped. In the dumped firmware, there are executables. They are mostly encrypted but there does exist unencrypted executables, by which I learned how dynamic link is done.

Another key stayed in 'PBP Exploit Success... but only on 1.0 psp :(' thread. The posts in the thread brought to me inspiration and valuable information. I want to express my best thanks to them all. Unless they point out that ELF file can be executed, it would take more time.

Importing system call seems to be done by loader of PSP system as follows:

- Module or system call group is choosed by ascii string 'module' of STUB_START
- Systemcall is specified by 32bit ID, 'funcid' of STUB_FUNC, and loader searchs from the list
- Loader patches nop in .text.stub to syscall
Orion_
Posts: 69
Joined: Thu Jan 27, 2005 8:47 am

Post by Orion_ »

thanks for the answer :)
my utmost respect !
Neila
Posts: 79
Joined: Sat Apr 23, 2005 3:36 am
Location: Canada

Post by Neila »

seriously cool ! =)
how about flashing the chip back with firmware ver1.0? Is that possible?
(ie flash a 1.5 with 1.0)
(1 + 1 == 10 ) == true
nem
Posts: 73
Joined: Thu Jan 13, 2005 9:21 pm
Contact:

Post by nem »

Grover wrote:Another q. To the people who made this - is the elf a normal ps2 elf? Or something a little modified?
Not same. Please refer to outpatch.cpp and startup.s of the source code package, and the executable itself.
Jordan wrote:I've been using Elf2PBP to convert a few PS2 apps this morning, and haven't had any success
This seems to be a common pitfall. Let me explain.
PBP is a sort of archive format like tar, and it contains eight files. PBP is not executable file but something like a package. We need to pack app info, images, and executable file into PBP to execute something on a PSP from memory stick.
Though PSP executable can be compiled by PS2 toolchain, with some special options for compiler, PS2 app is not compatible with PSP. Basically, PS2 and PSP share machine code architecture because they are both MIPS CPU. In detail they are different. PS2 is R5900 and PSP is R4000. Along with hardware and system software architecture difference, PS2 executable binary is not compatible with PSP.
You need to discover some hardware architecture of PSP and system call APIs, patch gcc compiler to make it more suitable for PSP, gather them to PSP SDK, and port/recompile the app.
Busby wrote:Can I ask in what direction your going now with this? any other idea's you are working on?
The Hello World is so simple and has very limited access to the PSP hardware/system software. We need to discover much more information like above mentioned. And, big big big problem to execute own code on 1.50 PSP...
Hmm, what's next to do is also a big problem. :)
Orion_
Posts: 69
Joined: Thu Jan 27, 2005 8:47 am

Post by Orion_ »

I tried to do something fast but can't test on my psp, cos I flashed it to 1.5 :'(
could someone with a 1.0 psp test it ? thanks :)
http://perso.wanadoo.fr/onori/yn/EBOOT.zip
nem
Posts: 73
Joined: Thu Jan 13, 2005 9:21 pm
Contact:

Post by nem »

Neila wrote:how about flashing the chip back with firmware ver1.0? Is that possible?
It is possbile but difficult, and need a lot of effort to do so.

First, you need to get firmware dump of 1.00 PSP. Sacrifice a 1.00 PSP and get dumped by means of previously mentioned.
Please, please do not ask me to copy/share/post the firmware. ooPo gets angry and kicks off me :(

Second, peel off the memory chip from 1.50 PSP, connect it to some circuit, and reflash.

Third, put the chip back to mainboard. Some BGA rework is needed, which is not easy thing. Refer to related sites.

And now, you get 1.00 PSP. :)
As usual, there could be easier way but I do not know now.
Neila
Posts: 79
Joined: Sat Apr 23, 2005 3:36 am
Location: Canada

Post by Neila »

I was a just curious (theoretical quastion)... not asking for anything. :)
maybe in a year or two, if there are still no other solutions ;)
(1 + 1 == 10 ) == true
Guest

Post by Guest »

I split this off because I felt this was important news. :)

Yes, this is the real thing. Nem has had this working for awhile now from what I understand. Homebrew dev on PSP owes much to his hard work. :)
ale275
Posts: 10
Joined: Tue Dec 28, 2004 4:54 am

Post by ale275 »

probably there're some via that allow us to work on bios without desolder it??
LiquidIce
Posts: 55
Joined: Mon Apr 04, 2005 1:15 am
Contact:

Post by LiquidIce »

ale275, it's quite possible now that the dump of the original firmware is in the capable hands of a few really good programmers that we might see some tricks posted on how to update firmware on our 1.5's without cracking open the case. However this is just speculation, and don't count on the 1.0 firmware being posted anywhere on these boards.

nem you are the frickin man! You will be my PSP hero forever if you get everyone's 1.5 to do homebrew. I have faith, keep up the good work!
pokeman1019
Posts: 9
Joined: Sat May 07, 2005 10:30 pm

Post by pokeman1019 »

I tried to do something fast but can't test on my psp, cos I flashed it to 1.5 :'(
could someone with a 1.0 psp test it ? thanks :)
http://perso.wanadoo.fr/onori/yn/EBOOT.zip
Yep it works.
Orion_
Posts: 69
Joined: Thu Jan 27, 2005 8:47 am

Post by Orion_ »

pokeman1019 > thanks !
what does it show ?
I hope the graphics and colors are right.
beefyoxo
Posts: 4
Joined: Sat May 07, 2005 11:13 pm

Post by beefyoxo »

It looks fantasic Colours seem to consist of Turquise,purple blue green and yellow. Hmm i can make a small psp vid if some one can host it
Orion_
Posts: 69
Joined: Thu Jan 27, 2005 8:47 am

Post by Orion_ »

I would be glad if someone could make a screencapture, It should be like this (this is the pc version)
Image

beefyoxo : I can host it :)
silkworm
Posts: 1
Joined: Sat May 07, 2005 10:05 pm
Location: SE Asia

Post by silkworm »

probably there're some via that allow us to work on bios without desolder it??
These tracks, in particular, look interesting to me:
Image
Image

The pinout image is from a datasheet of a different Samsung IC, KD5657 which is a 32MB/32MB SDR+NAND multi-chip package. The KE5658 is a DDR+NAND combo, also 32MB/32MB. If I'm correct the location of the NAND pins would be similiar.
beefyoxo
Posts: 4
Joined: Sat May 07, 2005 11:13 pm

Post by beefyoxo »

I have a PSP vid of PSPlasma running it's 5.5MB just pm me if you want to host it
Shahel
Posts: 3
Joined: Sat May 07, 2005 11:41 pm

Post by Shahel »

Image
Image
Orion_
Posts: 69
Joined: Thu Jan 27, 2005 8:47 am

Post by Orion_ »

thanks for the pictures !
unfortunatly , the colors are all wrong :(
Orion_
Posts: 69
Joined: Thu Jan 27, 2005 8:47 am

Post by Orion_ »

here is the video, thanks to beefyoxo
http://perso.wanadoo.fr/onori/yn/M4V10006.MP4
anyway, the colors are all wrong, even with a correct version, I can't understand why :(
Shapyi
Posts: 95
Joined: Mon Apr 25, 2005 9:31 am

Post by Shapyi »

Orion_ wrote:here is the video, thanks to beefyoxo
http://perso.wanadoo.fr/onori/yn/M4V10006.MP4
anyway, the colors are all wrong, even with a correct version, I can't understand why :(
Because the PSP Hello World demo has the colors BGR instread of RGB. Thats why the colors are wrong. Hope that helps.
Orion_
Posts: 69
Joined: Thu Jan 27, 2005 8:47 am

Post by Orion_ »

nope, I use BGR :)
neckarb
Posts: 13
Joined: Tue Apr 05, 2005 4:02 am

Post by neckarb »

very cool dude i was wondering would it be possible to change the only update that works we have i.e. v1.5 back to someof the v1.00 stuff so that we could run homebrew apps ie if we could make the new update 1.5a or somethin like that any ideas? if im talking rubbish feel free to tell me, just an idea.
fobbio18
Posts: 5
Joined: Thu Mar 31, 2005 9:01 am

Post by fobbio18 »

Can't we trick the system into thinking the 1.00 firmware is an update? Maybe modify the param.sfo or so?

Quick! Somebody port an SNES/MAME emulator to the PSP! :)
Orion_
Posts: 69
Joined: Thu Jan 27, 2005 8:47 am

Post by Orion_ »

looking at the video, the effect is very slow, and it should be faster than that ! (I use fixed point precalc table)
I guess the cpu don't run at fullspeed. if you want a good emulator, we must found how to overclock the psp to its max speed ^^
neckarb
Posts: 13
Joined: Tue Apr 05, 2005 4:02 am

Post by neckarb »

would it be possible to change the only update that works we have i.e. v1.5 back to someof the v1.00 stuff so that we could run homebrew apps ie if we could make the new update 1.5a or somethin like that any ideas? if im talking rubbish feel free to tell me, just an idea.
Orion_
Posts: 69
Joined: Thu Jan 27, 2005 8:47 am

Post by Orion_ »

no, even if we have a dumped 1.0 bios, the 1.5 update program contain an encrypted bios, so we should encrypt the 1.0 bios to replace the 1.5 one, and we still don't know how to do that, and if someone find how to encrypt things for psp, then we don't need 1.0 bios anymore because we could encrypt the homebrew program directly and run it on 1.5 ^^
neckarb
Posts: 13
Joined: Tue Apr 05, 2005 4:02 am

Post by neckarb »

oh ok just an idea
Guest

Post by Guest »

ale275 wrote:probably there're some via that allow us to work on bios without desolder it??
There are no vias on the PSP mainboard that I could see. There are many effin tiny pads however.
Orion_
Posts: 69
Joined: Thu Jan 27, 2005 8:47 am

Post by Orion_ »

thanks a lot to beefyoxo for beta testing my little demo
after some test, here is the final version with correct colors :)
http://perso.wanadoo.fr/onori/yn/EBOOTv5.zip

and photo by beefyoxo:
http://perso.wanadoo.fr/onori/yn/DSC00099.JPG
User avatar
Thanhda
Posts: 331
Joined: Sat Apr 09, 2005 2:08 am
Location: Canada
Contact:

Post by Thanhda »

Neila wrote:seriously cool ! =)
how about flashing the chip back with firmware ver1.0? Is that possible?
(ie flash a 1.5 with 1.0)
man, we shouldnt be thinking of how to go from 1.5 to 1.0, we should be thinking how can we go from 1.0 code to 1.5 code.

To: Nem, when do you think this will be posible?
There are 10 types of people in the world: Those who understand binary, and those who don't...
Locked