http://www.only4.info/psp-dev/
I don't have a second MS
Can someone confirm it?
psp-dev have released their exploit for ver. 1.5
-
AzureBlaze
- Posts: 2
- Joined: Wed Jun 15, 2005 9:04 pm
Hi
What will happen if instead of doing this swap trick, we build an EBOOT.PBP file with inside another EBOOT.PBP file which is in fact the DATA.PSP just renamed (like in the psp-dev trick)??
Actually I can't test it, because I can't find a way to insert a PBP file inside another one... but still digging.
Regards
What will happen if instead of doing this swap trick, we build an EBOOT.PBP file with inside another EBOOT.PBP file which is in fact the DATA.PSP just renamed (like in the psp-dev trick)??
Actually I can't test it, because I can't find a way to insert a PBP file inside another one... but still digging.
Regards
lol... How did you get it working?
I tried it 2 ways:
#1: Launch the 'launcher' and then immediatily swap the MS's, and I wait for about 4-5 seconds in front on the PSP screen, and then it just shuts off (not reboots)
#2: Launch the 'launcher', what until after the MS light flashes, and the try to replace the MS's, but I'm never fast enough... it just says 'The game could not be started'
I'm trying to run SNES9x
How did you do it?
I tried it 2 ways:
#1: Launch the 'launcher' and then immediatily swap the MS's, and I wait for about 4-5 seconds in front on the PSP screen, and then it just shuts off (not reboots)
#2: Launch the 'launcher', what until after the MS light flashes, and the try to replace the MS's, but I'm never fast enough... it just says 'The game could not be started'
I'm trying to run SNES9x
How did you do it?
Well can't find a way to put an EBOOT.PBP inside another EBOOT.PBP...
BTW, I have tested the trick with two MS and it is working fine.
For those who can't make it run be sure to hav exactly the same path:
MS1 => \PSP\GAME\TEST\EBOOT.PSP from the MS1 folder
MS2 => \PSP\GAME\TEST\EBOOT.PSP from the MS2 folder
If you do not succeed, you are very unluky or very awkward, I did test on an 1.5 JP and works fine at the first test.
BTW, I have tested the trick with two MS and it is working fine.
For those who can't make it run be sure to hav exactly the same path:
MS1 => \PSP\GAME\TEST\EBOOT.PSP from the MS1 folder
MS2 => \PSP\GAME\TEST\EBOOT.PSP from the MS2 folder
If you do not succeed, you are very unluky or very awkward, I did test on an 1.5 JP and works fine at the first test.
ahaa, found out what the problem is. if you use the manual method for making the eboot.pbp on the ms2 it works :) the program that makes it for you seems to not do it right.
check manual on how to: basically just take the data.psp file out of a eboot, and rename it to eboot.pbp and use that in the ms2
So there you go :)
check manual on how to: basically just take the data.psp file out of a eboot, and rename it to eboot.pbp and use that in the ms2
So there you go :)
I can't get over how simple this exploit is, I even tried doing memory stick swapping a while ago, with no results. But taking the data.psp out of an eboot.pbp and renaming it? Now thats clever, yet simple :P
Now, the next step I see being done is using this exploit to load a homebrew app that can flash the firmware files to 1.0, since its now possible to extract and flash firmware :) Saves having to swap memory sticks every time.
Now, the next step I see being done is using this exploit to load a homebrew app that can flash the firmware files to 1.0, since its now possible to extract and flash firmware :) Saves having to swap memory sticks every time.
I don't really understand what the SwapTool does to the original EBOOT.PBP, it seems it extract the .PSP/.ELF file to copy it in the MS2 dir but the last bytes seems modified...(why ? CRC ?)
But if the 2nd method works, it doesn't matter, I understood you just need :
1. a regular pbp archive with only the picture (PNG) and the descriptor (SFO) [and NO .PSP file) on the 1st MS
2. your homebrew elf application renamed as EBOOT.PBP (which is NOT a real PBP file)
Maybe I miss something, seems so easy...
So does the firmware acts in 2 steps ?
1. Read EBOOT.PBP on the memory stick and be sure it is a real one (SFO+PNG) to display it
2. Want to run this pbp ?
//swap the stick
If(real pbp) then
check security();
else
execute(); ???
end if
wooo... is it right ?
But if the 2nd method works, it doesn't matter, I understood you just need :
1. a regular pbp archive with only the picture (PNG) and the descriptor (SFO) [and NO .PSP file) on the 1st MS
2. your homebrew elf application renamed as EBOOT.PBP (which is NOT a real PBP file)
Maybe I miss something, seems so easy...
So does the firmware acts in 2 steps ?
1. Read EBOOT.PBP on the memory stick and be sure it is a real one (SFO+PNG) to display it
2. Want to run this pbp ?
//swap the stick
If(real pbp) then
check security();
else
execute(); ???
end if
wooo... is it right ?
- TiTAN Art Division -
http://www.titandemo.org
http://www.titandemo.org
I guess in 1.5x there's a better check of validity of the eboot.pbp and simply missing data.psp does not cut it.
how about using a proper data.psar or even the whole eboot.pbp (from the firm-update) and use the swap idea.
the check of the eboot should "pass" and then the "swapped" file with the same name will be executed?
gosh i feel smart today =/
how about using a proper data.psar or even the whole eboot.pbp (from the firm-update) and use the swap idea.
the check of the eboot should "pass" and then the "swapped" file with the same name will be executed?
gosh i feel smart today =/
Last edited by MindWall on Thu Jun 16, 2005 3:15 pm, edited 1 time in total.
Makes sense but where do you find a proper DATA.PSAR for firmware 1.0 (if this is your idea to downgrade...) and firmware upgrade checks should occur after...MindWall wrote: [....] how about using a proper data.psar or even the whole eboot.pbp (from the firm-update) and use the swap idea [....]
But for the moment I'm just wondering if the swapping thing works, a poll ?? :D
- TiTAN Art Division -
http://www.titandemo.org
http://www.titandemo.org
no.... no.. the idea was related to the fact that the "exploit"-swap does not work on 1.51 nor 1.52
so.. get the data.psar for ver-up 1.5 stick it in the pbp perform the swap trick and run a homebrew...
and clean update of firmware will be very limiting if you want to use games and whatnot that will require 1.5+
so probably only a partial update of only some modules will be best.
so.. get the data.psar for ver-up 1.5 stick it in the pbp perform the swap trick and run a homebrew...
and clean update of firmware will be very limiting if you want to use games and whatnot that will require 1.5+
so probably only a partial update of only some modules will be best.
It works, but could only get NestrJ to work through the provided MSwap.exeShazz wrote:Makes sense but where do you find a proper DATA.PSAR for firmware 1.0 (if this is your idea to downgrade...) and firmware upgrade checks should occur after...MindWall wrote: [....] how about using a proper data.psar or even the whole eboot.pbp (from the firm-update) and use the swap idea [....]
But for the moment I'm just wondering if the swapping thing works, a poll ?? :D
If I tried SNES9X or Generator, it just froze and then turned off. (This may also be because I didn't have any roms in their folders, but then again NesterJ ran with no roms also)
Thanks Chrighton, it should validate my little scenario :DChrighton wrote:It seems the 1st method using the tool is corrupting the end of the file...)
So now, time to dump the 1.5 firmware using Drakonite's tool ! :D
- TiTAN Art Division -
http://www.titandemo.org
http://www.titandemo.org
I just played my pspChess program for the first time on a real psp. It felt good. Unfortunately I was in the middle of a debug build when I did it and the cursor control was backwards.
It would be nice to see a command line tool that creates the two EBOOT.bin files necessary for getting this exploit to work. That would make it easier for developers to create them in their compile scripts and release them which would make it easier for the end users as well.
It would be nice to see a command line tool that creates the two EBOOT.bin files necessary for getting this exploit to work. That would make it easier for developers to create them in their compile scripts and release them which would make it easier for the end users as well.
it is a command line toolcwbowron wrote:It would be nice to see a command line tool that creates the two EBOOT.bin files necessary for getting this exploit to work. That would make it easier for developers to create them in their compile scripts and release them which would make it easier for the end users as well.
-
thedyingmatt
- Posts: 1
- Joined: Thu Jun 16, 2005 1:37 am
Hi I'm an Uber noob, seeing as this is my first post and all, but I had a few simple questions,
I read on another website, one that I question the validity of, that this could possibly damage your memory stick, or your psp.
I'm just wondering what the chances of this happening are? Is it a slim to none chance?? Or should I just wait until they refine this exploit, if at all possible?? Thanks for any replies in advance.
Matt
I read on another website, one that I question the validity of, that this could possibly damage your memory stick, or your psp.
I'm just wondering what the chances of this happening are? Is it a slim to none chance?? Or should I just wait until they refine this exploit, if at all possible?? Thanks for any replies in advance.
Matt