7/31/2006

eLoader(GTA) w/ USB for FW2.50/2.60 Released

eLoader(GTA) w/ USB for FW2.50/2.60 v1.01 by 0okm
Thanks hitchhikr, John_K & PSPPet

after eLoader(GTA) start
run "USB for eLoader GTA"
than you can use Triangle to turn on USB mode :)

Download-Link: USB_for_eLoader_GTA.zip

[+/-] show/hide this post

7/27/2006

PSP FW 2.80 RELEASED

JAPAN PSP-1000
http://dj01.psp.update.playstati o...2a1ef/EBOOT.PBP

USA PSP-1001
http://du01.psp.update.playstati o...2a1ef/EBOOT.PBP

AU/NZ PSP-1002
http://do01d.psp.update.playstat i...2a1ef/EBOOT.PBP

UK PSP-1003
http://do01b.psp.update.playstat i...2a1ef/EBOOT.PBP

EU PSP-1004
http://de01.psp.update.playstati o...2a1ef/EBOOT.PBP

KOREA PSP-1005
http://do01a.psp.update.playstat i...2a1ef/EBOOT.PBP

HONG KONG/SINGAPORE PSP-1006
http://do01e.psp.update.playstat i...2a1ef/EBOOT.PBP

TAIWAN PSP-1007
http://do01f.psp.update.playstat i...2a1ef/EBOOT.PBP


FW2.80

システムソフトウェア バージョン2.80で更新される主な機能

ネットワーク/Network
 * [RSSチャンネル]で、動画コンテンツと画像コンテンツのダウンロードに対応しました。
 * [ロケーションフリープレイヤー]で、ワイヤレスLANアクセスポイント経由の機器登録が可能になりました。
 ※ロケーションフリーベースステーションについて詳しくは、
  http://www.sony.co.jp/locationfree/psp をご覧ください。

ミュージック/Music
 * 拡張子が「.3gp」のAACファイルを再生できるようになりました。

その他/Others
 * “メモリースティック デュオ”の「MUSIC」、「PICTURE」、「VIDEO」フォルダに保存されたコンテンツに対応しました。
 * “メモリースティック デュオ”にダウンロードできるゲーム体験版に次のものを追加しました。
 「タマラン」体験版ダウンロードページ(2006年8月31日18時まで):
 http://www.jp.playstation.com/scej/title/tama-run/
 Trial Download
 EBOOT.PBP


=============================================================================
PlayStation Portable PSF File Data
=============================================================================

Filename : FW280.SFO

Start of section labels : 144
Start of section data : 1f0
Unknown header data : 01 01 00 00
Number of Sections : 19

Sect Loff Doff Dsiz Duse Dtyp Unkn Label Value
=============================================================================
0 0000 0000 0004 0004 04 0004 BOOTABLE = 1
1 0009 0004 0004 0003 02 0004 CATEGORY = MG
2 0012 0008 0010 000b 02 0004 DISC_ID = MSTKUPDATE
3 001a 0018 0008 0005 02 0004 DISC_VERSION = 1.00
4 0027 0020 0004 0004 04 0004 PARENTAL_LEVEL = 1
5 0036 0024 0004 0004 04 0004 REGION = 32768
6 003d 0028 0080 0017 02 0004 TITLE = PSP™ Update ver 2.80
7 0043 00a8 0080 0023 02 0004 TITLE_0 = PSP™ アップデート ver 2.80
8 004b 0128 0080 0019 02 0004 TITLE_10 = PSP™更新 版本 2.80
9 0054 01a8 0080 0019 02 0004 TITLE_11 = PSP™升级 版本 2.80
10 005d 0228 0080 001e 02 0004 TITLE_2 = Mise à jour PSP™ ver. 2.80
11 0065 02a8 0080 0023 02 0004 TITLE_3 = Actualización de PSP™ ver. 2.80
12 006d 0328 0080 0020 02 0004 TITLE_4 = PSP™-Aktualisierung Ver. 2.80
13 0075 03a8 0080 0025 02 0004 TITLE_5 = Aggiornamento della PSP™ ver. 2.80
14 007d 0428 0080 001a 02 0004 TITLE_6 = PSP™-update versie 2.80
15 0085 04a8 0080 001f 02 0004 TITLE_7 = Actualização PSP™ ver 2.80
16 008d 0528 0080 0029 02 0004 TITLE_8 = Обновление PSP™ вер. 2.80
17 0095 05a8 0080 0020 02 0004 TITLE_9 = PSP™ 업데이트 버전 2.80
18 009d 0628 0008 0005 02 0004 UPDATER_VER = 2.80
=============================================================================
Loff = Offset of the Label Field within the Label section.
Doff = Offset of the Data Field within the Data section.
Dsiz = Size of the Data Field within the Data section.
Duse = Amount of the Data Field that currently contains data.
Dtyp = The Data Field type. 0 = Binary (?), 4 = Integer Word, 2 = String.
Unkn = Unknown field usage.

[+/-] show/hide this post

7/26/2006

PSP Multi Firmware module will support TA-082 on NEXT Ver.

 
PSP Multi Firmware module will support TA-082 on NEXT Ver.
so if your TA-082 PSP is FW2.50 or FW2.60
don't update !!! :P

[+/-] show/hide this post

7/23/2006

1st UMD GAME need FW2.71 ?


=============================================================================
PlayStation Portable PSF File Data
=============================================================================

Filename : X:\UCKS-45027.Tekken_5_Dark_Resurrection\PSP_GAME\PARAM.SFO

Start of section labels : b4
Start of section data : 120
Unknown header data : 01 01 00 00
Number of Sections : 10

Sect Loff Doff Dsiz Duse Dtyp Unkn Label Value
=============================================================================
0 0000 0000 0004 0004 04 0004 BOOTABLE = 1
1 0009 0004 0004 0003 02 0004 CATEGORY = UG
2 0012 0008 0010 000a 02 0004 DISC_ID = UCKS45027
3 001a 0018 0004 0004 04 0004 DISC_NUMBER = 1
4 0026 001c 0004 0004 04 0004 DISC_TOTAL = 1
5 0031 0020 0008 0005 02 0004 DISC_VERSION = 1.02
6 003e 0028 0004 0004 04 0004 PARENTAL_LEVEL = 7
7 004d 002c 0008 0005 02 0004 PSP_SYSTEM_VER = 2.71
8 005c 0034 0004 0004 04 0004 REGION = 32768
9 0063 0038 0080 0019 02 0004 TITLE = TEKKEN DARK RESURRECTION
=============================================================================
Loff = Offset of the Label Field within the Label section.
Doff = Offset of the Data Field within the Data section.
Dsiz = Size of the Data Field within the Data section.
Duse = Amount of the Data Field that currently contains data.
Dtyp = The Data Field type. 0 = Binary (?), 4 = Integer Word, 2 = String.
Unkn = Unknown field usage.

[+/-] show/hide this post

7/20/2006

DevHook 0.45.0000 run MS homebrew on FW2.XX

DevHook 0.45.0000 run MS homebrew on FW2.XX
test

pspsdk\src\samples\controller\basic work :)

hitchhikr's "Kernel mode under firmware 2.6" NOT work :(

[+/-] show/hide this post

7/19/2006

Whether TA-082 can't downgrade is because NAND Flash ID is different?

Today saw a joke :P
someone said: TA-082 cannot downgrade is because NAND Flash ID different
but this only is talked nonsense
I before tested
use 3.3v NAND Flash in TA-082
FW2.60 work normal but FW1.xx not work !!
so this just a BS :P

[+/-] show/hide this post

7/14/2006

about Enable "WMA Playback", "Flash Player" & JP/US "button_assign"

flash1:/registry/system.dreg
"WMA Playback" disabled
0000000 - 0F 00 01 00 20 00 0E 00 02 00 0F 00 01 00 30 34 - .... .........04
0000010 - 80 9D C0 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000020 - 02 77 6D 61 5F 70 6C 61 79 00 00 00 00 00 00 00 - .wma_play.......
0000030 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000040 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000050 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000060 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000070 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000080 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000090 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000A0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000B0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000C0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000D0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000E0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000F0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000100 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000110 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000120 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000130 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000140 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000150 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000160 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000170 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000180 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000190 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001A0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001B0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001C0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001D0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001E0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001F0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................

Comparing "WMA Playback" disabled and enabled
0000000E: 30 84
0000000F: 34 25
00000010: 80 42
00000011: 9D 3F
0000003C: 00 01


"Flash Player" disabled
0000000 - 3F 00 04 00 20 00 0D 00 0F 00 1B 00 0E 00 4A F0 - ?... .........J.
0000010 - F0 02 FF FE 00 0F FF FF FF FF 00 00 00 00 00 00 - ................
0000020 - 03 68 6F 6D 65 5F 75 72 69 00 00 00 00 00 00 00 - .home_uri.......
0000030 - 00 00 00 00 00 00 00 00 00 00 00 00 00 02 20 20 - ..............
0000040 - 02 63 6F 6F 6B 69 65 5F 6D 6F 64 65 00 00 00 00 - .cookie_mode....
0000050 - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 - ................
0000060 - 02 70 72 6F 78 79 5F 6D 6F 64 65 00 00 00 00 00 - .proxy_mode.....
0000070 - 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 - ................
0000080 - 03 70 72 6F 78 79 5F 61 64 64 72 65 73 73 00 00 - .proxy_address..
0000090 - 00 00 00 00 00 00 00 00 00 00 00 00 80 00 04 1C - ................
00000A0 - 02 70 72 6F 78 79 5F 70 6F 72 74 00 00 00 00 00 - .proxy_port.....
00000B0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000C0 - 02 70 69 63 74 75 72 65 00 00 00 00 00 00 00 00 - .picture........
00000D0 - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 - ................
00000E0 - 02 61 6E 69 6D 61 74 69 6F 6E 00 00 00 00 00 00 - .animation......
00000F0 - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 - ................
0000100 - 02 6A 61 76 61 73 63 72 69 70 74 00 00 00 00 00 - .javascript.....
0000110 - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 - ................
0000120 - 02 63 61 63 68 65 5F 73 69 7A 65 00 00 00 00 00 - .cache_size.....
0000130 - 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 - ................
0000140 - 02 63 68 61 72 5F 73 69 7A 65 00 00 00 00 00 00 - .char_size......
0000150 - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 - ................
0000160 - 02 64 69 73 70 5F 6D 6F 64 65 00 00 00 00 00 00 - .disp_mode......
0000170 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000180 - 02 63 6F 6E 6E 65 63 74 5F 6D 6F 64 65 00 00 00 - .connect_mode...
0000190 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001A0 - 02 66 6C 61 73 68 5F 61 63 74 69 76 61 74 65 64 - .flash_activated
00001B0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001C0 - 02 66 6C 61 73 68 5F 70 6C 61 79 00 00 00 00 00 - .flash_play.....
00001D0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001E0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001F0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................

Comparing "Flash Player" disabled and enabled
0000000E: 4A 02
0000000F: F0 D9
00000010: F0 78
00000011: 02 5B
000001BC: 00 01
000001DC: 00 01


"button_assign" JP
0000000 - 0F 00 01 00 20 00 0B 00 05 00 0F 00 04 00 C6 14 - .... ...........
0000010 - 02 C1 F8 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000020 - 02 74 68 65 6D 65 5F 74 79 70 65 00 00 00 00 00 - .theme_type.....
0000030 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000040 - 02 6C 61 6E 67 75 61 67 65 00 00 00 00 00 00 00 - .language.......
0000050 - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 - ................
0000060 - 02 62 75 74 74 6F 6E 5F 61 73 73 69 67 6E 00 00 - .button_assign..
0000070 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000080 - 01 54 48 45 4D 45 00 00 00 00 00 00 00 00 00 00 - .THEME..........
0000090 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000A0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000B0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000C0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000D0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000E0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00000F0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000100 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000110 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000120 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000130 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000140 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000150 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000160 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000170 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000180 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
0000190 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001A0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001B0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001C0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001D0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001E0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
00001F0 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................

Comparing "button_assign" JP and US
0000000E: C6 8B
0000000F: 14 9A
00000010: 02 2E
00000011: C1 E3
0000007C: 00 01

[+/-] show/hide this post

7/10/2006

PSP HW Ver. SpotLight for FW2.5/2.6 v1.01

PSP Hardware Ver. SpotLight for Firmware 2.5/2.6
v1.01 By 0okm



Download-Link: HW_SpotLight.zip


HOWTO:

Extract HW_SpotLight to MemStick
Run it on eLoader with GTA
it will show PSP use Old or New Hardware :D


NOTE
"IC1003" just is LABEL for "InfraRed communication module"
NOT mean that is NEW Ver HardWare(TA-082)
ALL Ver. HardWare have this LABEL

ONLY when open UMD door can see "IC1003" in the right upper corner
that mean this is NEW Ver HardWare(TA-082)!!




Thanks to:

Exploit_2.6 - hitchhikr
http://perso.orange.fr/franck.charlet/
http://forums.ps2dev.org/viewtopic.php?t=6091

eLoader - Ditlew and Fanjita
http://noobz.eu/

GTA Exploit - Edison Carter
http://maxbot.com/

PSAR Dumper - PspPet
http://aibohack.com/psp/
http://forums.ps2dev.org/viewtopic.php?t=3554

PSP SDK - PS2DEV
http://ps2dev.org/
http://forums.ps2dev.org/index.php


About LABEL "IC1003"
when open UMD door, you can see IR LABEL IC1003 in the right upper corner

[+/-] show/hide this post

7/06/2006

FW1.00 DownDate & Helper (prebuilt binary)


CAUTION :
 人柱版。实验用。超危险。无保证,责任自负。
 任何事也会发生。最好避免使用。
 安全出口 → http://www.playstation.jp/psp/

 人柱版。実験用。超危険。無保証自己責任。
 なにが起きても知りません。避けて通るのが吉。
 非常出口 → http://www.playstation.jp/psp/

 To sacrifice yourself. Experimental. Extremely dangerous.
 No warranty. Use on your own risk and responsibility.
 Anything may happen. We recommend you to avoid seeing/downloading/using this.
 Emergency exit -> http://www.playstation.jp/psp/
 * this CAUTION copy from SEC(nem) :p


if you dont know exactly what it does and what you could use it for by looking at the posted code, forget it. you dont need it at all.

Don't use "IPL Data" from "ridge racers's kbooti.bin", it will brick your PSP !!!

HowTo
on FW1.00 PSP
1. Restore FW1.00 PSP to "Default Setting"
2. copy FW1.50 UpDate EBOOT.PBP to a blank 32MB MemStick's Root(ms0:/)
3. Extract FW100HELPER to MemStick
4. run FW100HELPER on FW1.00 PSP, it will Dump FW1.00's IPL, flash0 and FW1.50's ipl_update.prx to ms0:/FW100DOWNDATE
5. when Finished PSP will restart, put this MemStick to FW1.50 PSP

on FW1.50 PSP
6. Restore FW1.50 PSP to "Default Setting"
7. Extract FW100_DownDate to MemStick
8. run FW100_DownDate, when Finished PSP will restart
9. Restore this PSP to "Default Setting"
10. FW1.50 PSP NOW is FW1.00 PSP ^o^


FW100HELPER.zip (moonlight's "1.50 HELPER" mod.)
FW100_DownDate.zip (prebuilt binary)

Download-Link : http://rapidshare.de/files/25091655/FW100_DownDate_v1.05.zip.html

[+/-] show/hide this post

use ipl_update to make FW 1.5 -> 1.0 (proof of concept)


CAUTION :
 人柱版。实验用。超危险。无保证,责任自负。
 任何事也会发生。最好避免使用。
 安全出口 → http://www.playstation.jp/psp/

 人柱版。実験用。超危険。無保証自己責任。
 なにが起きても知りません。避けて通るのが吉。
 非常出口 → http://www.playstation.jp/psp/

 To sacrifice yourself. Experimental. Extremely dangerous.
 No warranty. Use on your own risk and responsibility.
 Anything may happen. We recommend you to avoid seeing/downloading/using this.
 Emergency exit -> http://www.playstation.jp/psp/
 * this CAUTION copy from SEC(nem) :p


if you dont know exactly what it does and what you could use it for by looking at the posted code, forget it. you dont need it at all.

Don't use "IPL Data" from "ridge racers's kbooti.bin", it will brick your PSP !!!


// -------------------------------------------
// most of code from moonlight & PspPet
//
// * FW1.00 DownDate *
// Written by 0okm
// -------------------------------------------
#include <pspkernel.h>
#include <pspsdk.h>
#include <psptypes.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <pspdebug.h>
#include <pspctrl.h>

PSP_MODULE_INFO("FW100_DownDate", 0x1000, 1, 1);

PSP_MAIN_THREAD_ATTR(0);

PSP_HEAP_SIZE_KB(0);

#define printf pspDebugScreenPrintf

int (* sceIplUpdateClearIpl)(void);
int (* sceIplUpdateSetIpl)(void);

/*** This function from PspPet PSARDUMPER ***/
static u32 FindProc(const char* szMod, const char* szLib, u32 nid)
{
    SceModule* modP = sceKernelFindModuleByName(szMod);
    if (modP == NULL)
    {
//        printf("Failed to find mod '%s'\n", szMod);
        return 0;
    }
    SceLibraryEntryTable* entP = (SceLibraryEntryTable*)modP->ent_top;
    while ((u32)entP < ((u32)modP->ent_top + modP->ent_size))
    {
        if (entP->libname != NULL && strcmp(entP->libname, szLib) == 0)
        {
            // found lib
            int i;
            int count = entP->stubcount + entP->vstubcount;
            u32* nidtable = (u32*)entP->entrytable;
            for (i = 0; i < count; i++)
            {
                if (nidtable[i] == nid)
                {
                    u32 procAddr = nidtable[count+i];
//                    printf("entry found: '%s' '%s' = $%x\n", szMod, szLib, (int)procAddr);
                    return procAddr;
                }
            }
//            printf("Found mod '%s' and lib '%s' but not nid=$%x\n", szMod, szLib, nid);
            return 0;
        }
        entP++;
    }
//    printf("Found mod '%s' but not lib '%s'\n", szMod, szLib);
    return 0;
}

void ErrorExit(char *error)
{
    printf("%s\n", error);
    sceKernelDelayThread(15 * 1000 * 1000);
    sceKernelExitGame();
}

char inputlist[12*1024], outputlist[12*1024];
char buffer[8192];

void downdate()
{
    SceUID inp = sceIoOpen("ms0:/FW100DOWNDATE/inputfl.bin", PSP_O_RDONLY, 0777);
    SceUID outp = sceIoOpen("ms0:/FW100DOWNDATE/outputfl.bin", PSP_O_RDONLY, 0777);

    if (inp < 0 || outp < 0)
        ErrorExit("Error Open file.\n");

    if (sceIoRead(inp, inputlist, 12*1024) <= 0)
    {
        sceIoClose(inp);
        ErrorExit("Error Read inputfl.bin file.\n");
    }

    if (sceIoRead(outp, outputlist, 12*1024) <= 0)
    {
        sceIoClose(outp);
        ErrorExit("Error Read outputfl.bin file.\n");
    }

    sceIoClose(inp);
    sceIoClose(outp);

    char *p = inputlist;
    while (*p != 0)
    {
        SceUID fd = sceIoOpen(p, PSP_O_RDONLY, 0777);
        if (fd < 0)
            ErrorExit("Error Read Flash file.\n");
        sceIoClose(fd);
        p += strlen(p)+1;
    }

    if(sceIoUnassign("flash0:") < 0)
    {
        ErrorExit("Error sceIoUnassign flash0\n");
    }
    if(sceIoAssign("flash0:", "lflash0:0,0", "flashfat0:", 0, IOASSIGN_RDWR , 0) < 0)
    {
        ErrorExit("Error sceIoAssign flash0\n");
    }

    char *src = inputlist;
    char *dst = outputlist;
    SceUID infd, outfd;
    int bytesread, totalwritten = 0;

    while (*src != 0)
    {
        infd = sceIoOpen(src, PSP_O_RDONLY, 0777);
        outfd = sceIoOpen(dst, PSP_O_WRONLY | PSP_O_CREAT | PSP_O_TRUNC, 0777);
        if (infd < 0)
        {
            ErrorExit("Error in file.\n");
        }
        if (outfd < 0)
        {
            ErrorExit("Error out file.\n");
        }
        while ((bytesread = sceIoRead(infd, buffer, 8192)) > 0)
        {
            totalwritten += sceIoWrite(outfd, buffer, bytesread);
        }
        sceIoClose(infd);
        sceIoClose(outfd);

        src += strlen(src)+1;
        dst += strlen(dst)+1;
    }
}

int main()
{
    pspDebugScreenInit();

    printf("FW100 DownDate V1.05\n");
    printf("most of code from moonlight & PspPet :)\n\n");

    SceKernelModuleInfo modinfo;
    u32 base;
    SceUID fd;
    SceUID mod;

    mod = sceKernelLoadModule("ms0:/FW100DOWNDATE/FW150_ipl_update.prx", 0, NULL);
    if (mod < 0)
        ErrorExit("Error loading module.\n");

    if(sceKernelDevkitVersion() == 0x01000300)
    {
        if (pspSdkQueryModuleInfoV1(mod, &modinfo) < 0)
            ErrorExit("Cannot query module info.\n");
    }
    else if(sceKernelDevkitVersion() == 0x01050001)
    {
        if (sceKernelQueryModuleInfo(mod, &modinfo) < 0)
            ErrorExit("Cannot query module info.\n");
    }
    else
    {
            ErrorExit("Cannot query module info.\n");
    }

    base = modinfo.text_addr;
//    printf("modinfo.text_addr : %.8X\n", modinfo.text_addr);

        fd = sceIoOpen("ms0:/FW100DOWNDATE/FW100_ipl.bin", PSP_O_RDONLY, 0777);
        if (fd < 0)
            ErrorExit("Cannot read IPL Data\n");
        printf("Reading IPL Data...\n\n");
        sceIoRead(fd, (void *)(base+0x900), 0x37000);
        sceIoClose(fd);

    mod = sceKernelStartModule(mod, 0, NULL, NULL, NULL);
    if (mod < 0)
        ErrorExit("Error Start module.\n");
    sceIplUpdateClearIpl = (void *)FindProc("IplUpdater", "sceIplUpdate_driver", 0x26093B04); //FW1.50 0x8822753c
    sceIplUpdateSetIpl = (void *)FindProc("IplUpdater", "sceIplUpdate_driver", 0xEE7EB563); //FW1.50 0x88227500

    printf("Pass [CIRCLE] to start DownDate, Pass [CROSS] to EXIT\n");
    SceCtrlData pad;
    sceCtrlSetSamplingCycle(0);
    sceCtrlSetSamplingMode(0);
    while(1)
    {
        sceCtrlReadBufferPositive(&pad, 1);
        if (pad.Buttons & PSP_CTRL_CIRCLE)
        {
            printf("start FW1.00 Ipl DownDate\n");
            sceIplUpdateClearIpl();
            sceIplUpdateSetIpl();

            printf("start FW1.00 Flash0 DownDate\n");
            downdate();

            ErrorExit("Finished. Exiting in 15 seconds\n");
        }
        if (pad.Buttons & PSP_CTRL_CROSS)
        {
            sceKernelExitGame();
        }
    }

    return 0;
}

i tested it on PSP FW1.50
and make FW1.50 -> FW1.00 :P

more information
FW100_ipl_update
http://forums.ps2dev.org/viewtopic.php?t=6153

About the 1.00 downgrade idea
http://mphwebsite.tuxfamily.org/punBB/viewtopic.php?pid=12110

sceLflashFatfmtStartFatfmt
http://forums.ps2dev.org/viewtopic.php?p=41886&highlight=iplupdate#41886

[+/-] show/hide this post

7/04/2006

FW100_ipl_update


CAUTION :
 人柱版。实验用。超危险。无保证,责任自负。
 任何事也会发生。最好避免使用。
 安全出口 → http://www.playstation.jp/psp/

 人柱版。実験用。超危険。無保証自己責任。
 なにが起きても知りません。避けて通るのが吉。
 非常出口 → http://www.playstation.jp/psp/

 To sacrifice yourself. Experimental. Extremely dangerous.
 No warranty. Use on your own risk and responsibility.
 Anything may happen. We recommend you to avoid seeing/downloading/using this.
 Emergency exit -> http://www.playstation.jp/psp/
 * this CAUTION copy from SEC(nem) :p

groepaz wrote:
there is no "mix". its just about programming the 1.0 ipl into another firmware, which is pretty much pointless other than for seeing it actually works (or not). merely an interisting experiment for people who know what they are doing.
if you dont know exactly what it does and what you could use it for by looking at the posted code, forget it. you dont need it at all.

Don't use "IPL Data" from "ridge racers's kbooti.bin", it will brick your PSP !!!


// most of code from moonlight & PspPet

#include <pspkernel.h>
#include <psptypes.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <pspdebug.h>

PSP_MODULE_INFO("FW100_ipl_update", 0x1000, 1, 1);

PSP_MAIN_THREAD_ATTR(0);

PSP_HEAP_SIZE_KB(0);

#define printf pspDebugScreenPrintf

int (* sceIplUpdateClearIpl)(void);
int (* sceIplUpdateSetIpl)(void);

/*** This function from PspPet PSARDUMPER ***/
static u32 FindProc(const char* szMod, const char* szLib, u32 nid)
{
    SceModule* modP = sceKernelFindModuleByName(szMod);
    if (modP == NULL)
    {
        printf("Failed to find mod '%s'\n", szMod);
        return 0;
    }
    SceLibraryEntryTable* entP = (SceLibraryEntryTable*)modP->ent_top;
    while ((u32)entP < ((u32)modP->ent_top + modP->ent_size))
    {
        if (entP->libname != NULL && strcmp(entP->libname, szLib) == 0)
        {
            // found lib
            int i;
            int count = entP->stubcount + entP->vstubcount;
            u32* nidtable = (u32*)entP->entrytable;
            for (i = 0; i < count; i++)
            {
                if (nidtable[i] == nid)
                {
                    u32 procAddr = nidtable[count+i];
                    printf("entry found: '%s' '%s' = $%x\n", szMod, szLib, (int)procAddr);
                    return procAddr;
                }
            }
            printf("Found mod '%s' and lib '%s' but not nid=$%x\n", szMod, szLib, nid);
            return 0;
        }
        entP++;
    }
    printf("Found mod '%s' but not lib '%s'\n", szMod, szLib);
    return 0;
}

void ErrorExit(char *error)
{
    printf("%s\n", error);
    sceKernelDelayThread(30 * 1000 * 1000);
    sceKernelExitGame();    
}

int main()
{
    pspDebugScreenInit();

    SceKernelModuleInfo modinfo;
    u32 base;
    SceUID fd;
    SceUID mod;

    mod = sceKernelLoadModule("ms0:/UPDATE/FW150_ipl_update.prx", 0, NULL);
    if (mod < 0)
        ErrorExit("Error loading update module.\n");

    if (sceKernelQueryModuleInfo(mod, &modinfo) < 0)
        ErrorExit("Cannot query module info.\n");

    base = modinfo.text_addr;
    printf("modinfo.text_addr : %.8X\n", modinfo.text_addr);

        fd = sceIoOpen("ms0:/UPDATE/FW100_ipl.bin", PSP_O_RDONLY, 0777);
        if (fd < 0)
            ErrorExit("Cannot read IPL Data\n");
        printf("Reading IPL Data...\n\n");
        sceIoRead(fd, (void *)(base+0x900), 0x37000);
        sceIoClose(fd);

        fd = sceIoOpen("ms0:/UPDATE/FW100_ipl_update.elf", PSP_O_WRONLY | PSP_O_CREAT | PSP_O_TRUNC, 0777);
        if (fd < 0)
            ErrorExit("Cannot save ELF\n");
        printf("Writing ELF...\n\n");
        sceIoWrite(fd, (void *)(base), 0x40000);
        sceIoClose(fd);

    mod = sceKernelStartModule(mod, 0, NULL, NULL, NULL);
    if (mod < 0)
        ErrorExit("Error Start update module.\n");
    sceIplUpdateClearIpl = (void *)FindProc("IplUpdater", "sceIplUpdate_driver", 0x26093B04);
    sceIplUpdateSetIpl = (void *)FindProc("IplUpdater", "sceIplUpdate_driver", 0xEE7EB563);

    printf("start sceIplUpdateClearIpl & sceIplUpdateSetIpl\n");
    sceIplUpdateClearIpl();
    sceIplUpdateSetIpl();

    ErrorExit("Finished. Exiting in 30 seconds\n");

    return 0;
}

i test it with my FW1.50PSP, it's work
& find 1.00IPL can work with FW1.50 :D
now my psp is FW1.50 + 1.00IPL :P

more information
About the 1.00 downgrade idea
http://mphwebsite.tuxfamily.org/punBB/viewtopic.php?pid=12110

sceLflashFatfmtStartFatfmt
http://forums.ps2dev.org/viewtopic.php?p=41886&highlight=iplupdate#41886
moonlight wrote:
Also, the 1.50 updater call to these functions from iplupdate.prx:

sceIplUpdateClearIpl() -- no parameters, it erases the blocks of the ipl.

sceIplUpdateSetIpl() -- no parameters. it writes the 1.50 ipl which is embedded in the own iplupdater.prx (contrary to the +2.00 updaters, where the ipl is in the psar)

The iplupdater also exports sceIplUpdateUpdateIpl, but the updater doesn't import it, and it seems that it's not called, it doesn't seem to be an export available for vsh mode. (maybe it's called inside the iplupdater, but i haven't seen that call). Looking at the dissasembly, that function doesn't write to the flash, not at least using the sceNand functions.

Another difference between the 1.50 updater and the 2.XX updaters, is that the iplupdater from 1.50 doesn't use any verification function from sceNand, like sceNandVerifyEcc, etc. (I don't know if it does another kind of verification).

In theory, and only in theory, we can use the following procedure for a 1.00 downgrader:

- Extract iplupdater.prx and flashfmt.prx from the 1.50 update.
- Load them, and hack in ram the iplupdater.prx writing the 1.00 ipl on its "iplbuffer", which is easy to locate looking at the disassembly.
- call sceLflashFatfmtStartFatfmt
- Write the flash0 files of an 1.00 dump using sceIo
- call sceIplUpdateClearIpl
- call sceIplUpdateSetIpl

Using sony code to write the ipl and formatting the flash prior to writing the files should be safer, but it won't be me who tries it :)

[+/-] show/hide this post

Today received the "PSP Multi Firmware module" Sample PCB


i Will test it tomorrow,
if every things is ok,
will start to produce ^o^

[+/-] show/hide this post