Search found 36 matches

by nem
Thu Sep 06, 2007 1:10 am
Forum: PSP Development
Topic: Service mode by power supply pins?
Replies: 68
Views: 76930

Long time passed after I appeared the scene. Here is how I find to get into service mode. Pretty long. ;) There was a rumor that battery may be involved to service mode, so firstly I examined battery communication. Text below was written long time ago and includes some obsolete descriptions. Battery...
by nem
Wed Apr 19, 2006 6:24 pm
Forum: PSP Development
Topic: Read PSP NAND Flash DATA to PC
Replies: 35
Views: 33350

Mainboard mod for 'Titan Base', my attempt to interrupt flash line:

http://sec.pn.to/pw/?plugin=attach&pcmd ... efer=Bases
by nem
Wed Feb 22, 2006 11:13 pm
Forum: PSP Development
Topic: PSP Flash Chip Facts: The Good, the Bad and the Ugly
Replies: 194
Views: 170869

FYI :) unsigned long ecctbl&#91;4096&#93;; /*&#31639;&#20986;&#29992;&#12486;&#12540;&#12502;&#12523;&#12398;&#28310;&#20633;*/ void make_ecctbl&#40;&#41; &#123; int i; for &#40;i=0; i<4096; i++&#41; &#123; ecctbl&#91;i&...
by nem
Tue Dec 13, 2005 1:11 am
Forum: PSP Development
Topic: PSP Flash Chip Facts: The Good, the Bad and the Ugly
Replies: 194
Views: 170869

Dr. Vegetable,

You would better to add power pads for flash,

Code: Select all

Vss  Power ground for flash chip 
Vcc  +3.3V power for flash chip 
GND and Vdd is for DRAM. Vcc(+3.3V) is used for some I/O including daughter board.
by nem
Sun Dec 11, 2005 7:19 pm
Forum: PSP Development
Topic: PSP Flash Chip Facts: The Good, the Bad and the Ugly
Replies: 194
Views: 170869

Sorry for late. Following is a brief memo (could be obsolete partly) for memory chip of PSP, reversed result. Note that there may be misunderstanding and/or mistakes. Please confirm yourself before applying hardware hacks for the PSP. SAMSUNG MCP memory chip pinout, flash related &#40;Top view&a...
by nem
Thu Oct 27, 2005 2:09 am
Forum: PSP Development
Topic: Service mode by power supply pins?
Replies: 68
Views: 76930

CPU chip reads the memory chip to retrieve IPL on cold start, when you press the power switch.
Power is only applied to CPU chip after pressing the power switch, and I observe no access to memory chip when battery placed, external power connected, and so on.
by nem
Wed Oct 26, 2005 9:56 pm
Forum: PSP Development
Topic: Service mode by power supply pins?
Replies: 68
Views: 76930

Any need for hardware hack? :)
by nem
Wed Oct 19, 2005 11:33 pm
Forum: PSP Lua Player Development
Topic: Lua Player at the O'Reilly European Open Source Convention
Replies: 11
Views: 8896

The session was good to see.
See you later at Maker Faire at EuroOSCON ;)
by nem
Sun Oct 02, 2005 8:21 am
Forum: PSP Development
Topic: Decrypting IPL
Replies: 22
Views: 25330

Theoretically, decryption of IPL enables us to decrypt all files on further versions, until sony thinks out something spechial anti-hack measure. If sony do not have some sort of secret weapon, this could be difficult to achieve. I was so excited that I became insane and wrote like that. Possibly s...
by nem
Sat Oct 01, 2005 11:32 pm
Forum: PSP Development
Topic: Decrypting IPL
Replies: 22
Views: 25330

There are various way to get the IPL dumped. For I am out now, explaining briefly. Direct hardware access, by which I firstly got the dump, is a little annoying to do. You have to peel off the memory chip, or need to interrupt the pattern on the PSP main board. The more convenient way is to read by ...
by nem
Sat Oct 01, 2005 4:48 pm
Forum: PSP Development
Topic: Decrypting IPL
Replies: 22
Views: 25330

Decrypting IPL

I have successed to decrypt IPL. Here is how. This article is mostly based on my guess, so there could be some errors. IPL overview Within the on-board flash ROM, there exist non fat organized area which contains encrypted bootstrap code, or IPL; Initial Program Loader. While booting up CPU reads th...
by nem
Fri Sep 30, 2005 8:21 pm
Forum: PSP Development
Topic: PSAR Dumper 2.0 (PRX 2.0 format decrypted)
Replies: 60
Views: 127330

Great work!
How did you manage to get the table?
IPL hack or something like that?
by nem
Mon Jun 20, 2005 10:14 pm
Forum: PSP Development
Topic: Kill 5 psp in 1 lesson dont touch your flash
Replies: 19
Views: 15717

Sorry about your bricked PSP, Yoshihiro :( Here is how to setup PSP to enable recovering bad flash. A little hard way though. ;) If you have direct hardware access to flash chip, it is possible to reflash. You will need to interrupt physically the lines between CPU chip and MCP memory chip if you wa...
by nem
Sun Jun 12, 2005 6:28 pm
Forum: PSP Development
Topic: PSP Error code FFFFFED3?
Replies: 1
Views: 5584

I think error code 0xfffffed3 is related to decryption.
Could be something like 'key type number not found' I guess.
by nem
Sun May 22, 2005 9:56 pm
Forum: PSP Development
Topic: Sound output
Replies: 11
Views: 16539

Found function names of sceAudio. API name for sceAudio STUB_FUNC 0xCB2E439E,sceAudioSetChannelDataLen STUB_FUNC 0x13F592BC,sceAudioOutputPannedBlocking STUB_FUNC 0x95FD0C2D,sceAudioChangeChannelConfig STUB_FUNC 0x136CAF51,sceAudioOutputBlocking STUB_FUNC 0xE9D97901,sceAudioGetChannelRestLen STUB_FU...
by nem
Sun May 15, 2005 5:27 am
Forum: PSP Development
Topic: Sound output
Replies: 11
Views: 16539

Sound output

A demo program to output sound can be downloaded from: http://anon.ug.to/sec/index.html Enjoy! :) API's not yet documented... Briefly, sceAudio_2 sceAudio/0x13F592BC Output sound, blocking sceAudio_3 sceAudio/0x5EC81C55 Initialize channel and allocate buffer sceAudio_4 sceAudio/0x6FC46853 Terminate ...
by nem
Tue May 10, 2005 12:56 am
Forum: PSP Development
Topic: PSP [firmware] Dump [program]
Replies: 69
Views: 67125

Thanks all :) Now I'm away from our Titan base and have limited access to resources. Narrow connection to the net also prevents me from even reading the forum. Things go too fast to catch up. :( Source code. I need some brush-ups of the code. Maybe later. skippy911: Thanks for your list. Good work! ...
by nem
Mon May 09, 2005 7:03 am
Forum: PSP Development
Topic: PSP [firmware] Dump [program]
Replies: 69
Views: 67125

Not responsible.
So far I did not kill PSP by this software.
by nem
Mon May 09, 2005 6:34 am
Forum: PSP Development
Topic: PSP [firmware] Dump [program]
Replies: 69
Views: 67125

PSP [firmware] Dump [program]

** WARNING ** This software accesses to system memory and firmware, which may cause SEVERE DAMAGE TO YOUR EQUIPMENT. There are some possibilities of PERMANENT DESTRUCTION OF THE PSP. NO WARRANTY. USE AT YOUR OWN RISK! ** WARNING ** PSP Dump released. Only for PSP 1.00. Firmware files can be dumped b...
by nem
Sun May 08, 2005 2:31 pm
Forum: PSP Development
Topic: PSP Firmware/Bios Dumped! (split from hello world thread)
Replies: 38
Views: 81425

There are strong inquiry for dumped firmware. I am very sorry to say that I can not email/share/post the dumped firmware to anyone, at least for now. Not only ooPo, but someone may claim distribution of dump as a intellectual property right infringement. Technically speaking, I can not distinguish s...
by nem
Sat May 07, 2005 4:40 pm
Forum: PSP Development
Topic: PSP Firmware/Bios Dumped! (split from hello world thread)
Replies: 38
Views: 81425

how about flashing the chip back with firmware ver1.0? Is that possible? It is possbile but difficult, and need a lot of effort to do so. First, you need to get firmware dump of 1.00 PSP. Sacrifice a 1.00 PSP and get dumped by means of previously mentioned. Please, please do not ask me to copy/shar...
by nem
Sat May 07, 2005 4:22 pm
Forum: PSP Development
Topic: PSP Firmware/Bios Dumped! (split from hello world thread)
Replies: 38
Views: 81425

Another q. To the people who made this - is the elf a normal ps2 elf? Or something a little modified? Not same. Please refer to outpatch.cpp and startup.s of the source code package, and the executable itself. I've been using Elf2PBP to convert a few PS2 apps this morning, and haven't had any succe...
by nem
Sat May 07, 2005 3:35 pm
Forum: PSP Development
Topic: PSP Firmware/Bios Dumped! (split from hello world thread)
Replies: 38
Views: 81425

I can't understand how work the call to kernel function. does the numbers in startup.s are the address of the functions in kernel/memory ? how did you find them and what was their parameters ? I dumped the firmware of PSP by electrical means. Peel off the memory chip from PSP mainboard, connect wir...
by nem
Sat May 07, 2005 11:20 am
Forum: PSP Development
Topic: ELF structures/sections
Replies: 5
Views: 5505

For your interest, notes for PSP ELF format and program loader. Some need confirmation. - ELF Type: EXEC(0x0002) NB:PRX have 0xffa0,0xff81, etc. - ELF Flags: seems not to be used - any section name, any section deploying is allowed, except .rodata.sceModuleInfo for module information - .rodata.sceMo...
by nem
Sat May 07, 2005 10:53 am
Forum: PSP Development
Topic: Library function list
Replies: 100
Views: 83810

some stub as follows: STUB_START "sceCtrl",0x40010000,0x00020005 STUB_FUNC 0x6A2774F3,sceCtrlSetSamplingCycle STUB_FUNC 0x1F803938,sceCtrlReadBufferPositive STUB_END STUB_START "sceDisplay",0x40010000,0x00030005 STUB_FUNC 0x0E20F177,sceDisplaySetMode STUB_FUNC 0x289D82FE,sceDispl...
by nem
Sat May 07, 2005 5:59 am
Forum: PSP Development
Topic: Firmware file system access via wipeout browser
Replies: 42
Views: 70514

Ah, I already menthioned flashing in another thread. I need more sleep. my head sucks.

I have not try to replace loader after I can execute some PBPs on 1.0. Listed in TODO list.
by nem
Sat May 07, 2005 4:09 am
Forum: PSP Development
Topic: Hello World for PSP
Replies: 99
Views: 173814

The bitmap in the code is 5551 formatted short. You'll find in the code how rgb is assigned to. I do not know about tools. I wrote some small code to convert the image.
by nem
Sat May 07, 2005 1:54 am
Forum: PSP Development
Topic: Hello World for PSP
Replies: 99
Views: 173814

Thanks for you all :) Discussions and infos in this forum enabled me to make Hello World. There are some inquiries about source code. Here you are: http://anon.ug.to/sec/pub/hellopsp_src_Rel1.zip To build the code, I used ps2dev toolchain for PS2. There is no devtool for PSP yet. PS2 and PSP both us...
by nem
Fri May 06, 2005 10:57 pm
Forum: PSP Development
Topic: Firmware file system access via wipeout browser
Replies: 42
Views: 70514

I should post some specimen. Firmware version 1.00 release:1.00: build:228,0,3,1,0:root@psp-vsh system:17919@release_103a,0x01000300: vsh:p4029@special_day1,v9972@special_day1,20041201: Firmware version 1.50, updated from 1.00 release:1.50: build:376,0,3,1,0:root@psp-vsh system:20182@release_150,0x0...
by nem
Fri May 06, 2005 10:46 pm
Forum: PSP Development
Topic: Firmware file system access via wipeout browser
Replies: 42
Views: 70514

Firmware file system access via wipeout browser

As Vampire posted at dev forum, UMD file system can be accessed via wipeout browser using file://disk0:/... Firmware, or on-board flash chip file system can be accessed by same way using flash0 as drive string. <a HREF="file&#58;//flash0&#58;/vsh/etc/version.txt">version.txt</a><br...