PSP Assembly

Discuss the development of new homebrew software, tools and libraries.

Moderators: cheriff, TyRaNiD

Post Reply
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

PSP Assembly

Post by bradskins »

I have a few questions about assembly language programming.

1. How can you dump C code to PSP assembly?

2. Does Fanjit's new TIFF exploit loader require 1.00, 1.50, 1.51 or 2.00 syscalls?

3. Can anyone who has some nicely documented assembly for the PSP please send me it to learn from?

I know for sure the first question has been answered here before, and I will try to find out the second question in Fanjita's forums as well, but if you can help then I will be grateful.


thank you

bradley
...
User avatar
0okm0000
Posts: 116
Joined: Fri Jan 13, 2006 9:51 am
Contact:

Post by 0okm0000 »

HelloWorld 2.0
Hello World for PSP 2.0, includes the TIFF exploit and Sourcecode
http://hitmen.c02.at/html/psp_releases.html

R4400 Manual
similar to the Allegrex CPU contained in the PSP
http://hitmen.c02.at/html/psp_docs.html

Comprehensive Manual:
http://www.eas.asu.edu/~cse530/MIPSPro_ ... g_Vol2.pdf

& Search Forum :D
http://forums.ps2dev.org/search.php
PSP hardware hack
http://0okm.blogspot.com/
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

Great example, but it is a little confusing because there are no syscalls. I was interested in finding a program that make use of the callbackthread syscalls and what not so I could write a program that uses the home and power functions properly.

As for a reference I nabbed a copy of "See MIPS Run" from the university. Every bit helps, so I will be checking those links you sent me.


Does anyone else have a good example code? Also, I am looking for a manual like yeldarb's, and if there isnt one, I guess imma just have to make one myself, but i have to get passed all the formalities the PSP expects first.
...
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

Oh i forgot to mention, 0okm0000 gave me all I will ever need to compile C to assembly

Thanks man
...
User avatar
0okm0000
Posts: 116
Joined: Fri Jan 13, 2006 9:51 am
Contact:

Post by 0okm0000 »

syscall example
MPHDowngrader source
http://forums.ps2dev.org/viewtopic.php?t=3519
PSP hardware hack
http://0okm.blogspot.com/
Fanjita
Posts: 217
Joined: Wed Sep 28, 2005 9:31 am

Post by Fanjita »

Code: Select all

if ( (you're not working on exploits) &&
     (
       (you're just using the native homebrew loading on 1.0 / 1.5) ||
       (you're using the EBOOT loader / eLoader)
     )
   )
{
  You don't care about syscalls.  You can just use the standard methods from the toolchain to insert function import stubs, and the syscalls will automatically be taken care of by the linker or eloader.

  It's never worth bothering with the syscalls unless you really need to.  You only need to if you're working outside an environment with a linker.  Otherwise, you're just reducing your code's portability (between firmware versions), and increasing its complexity, for no good reason.
}
Sorry for the dodgy pseudocode, I was having trouble writing comprehensible and unambiguous english in the heat.
Got a v2.0-v2.80 firmware PSP? Download the eLoader here to run homebrew on it!
The PSP Homebrew Database needs you!
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

and if I was working on an exploit, would I still want to pack my assembly in the usual way? For instance, how could I get my assembly code working on a version 2.60 psp? could I just R.E. the 2.71 update, as well as decrypt the PRX files, insert my line of code in an appropriate location, and then repack a PBP? I am sure things must be more complicated than that, or else it would have been already done!

I am looking into trying my best at opening up the 2.60 psp since it seems like it is reach for us with our current tools. But where would I begin? If someone could just point me in the general direction I could find my way on my own, I'm sure.


Thank you

Bradley.
...
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

oh yeah and I have looked at the downgrader example, but it is run within an environment. I want to know how to find a way to run any bit of code outside the GTA exploit, is the a way? I;m sure if user mode can be accesed outside of GTA then we can get to system access in the same way as the downgrader.
...
User avatar
Jim
Posts: 476
Joined: Sat Jul 02, 2005 10:06 pm
Location: Sydney
Contact:

Post by Jim »

You need to do a lot more reading. There's no way to unpack a pbp, modify it, and repack it again and have it run with firmware > 1.50. The pbps need to be signed once modified and noone knows how to do that.

Also noone knows how to run an exploit outside of the TIFF exploit with FW 2.00 and GTA savegame exploit with FW>2.00 and those holes have been patched with FW>=2.00 and FW>=2.70.

Jim
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

Yeah, you are right, I do need to read up more.

If the eboots need to be signed with a signature that has details about what the code is, then the psp can check the program and make sure it matches the signature. Right? on all fw >1.50.

But GTA exploits works by... using an exploit something to do with savegames (havent read up on the details yet). But how did we get code running?

All I would need is to find a way to make the eboot for the 2.70 update, or a program that runs in FW 2.60, to jump to an address where I can put my arbitruary code. We have already found a way to make a program (GTA) run our code, but I want to find a way for the Eboot 2.70 update or another program (like the photo viewer, for another example) to run whatever I want it to, within the 2.70 OS and outside of the GTA program.

But what I really need help on, is if someone knows a good reference on the nature of the "handshakes" that occur between the signature and eboot, and which file the signature is stored in and what kind of encryption ... ect.

I would also like to find a good reference on how to make the "jump to address" goto the begining of my code. Since I would like to have an eboot on the memorystick, or even a binary file, IF i found a way to make a jump, then how would I make the jump goto the begining of my eboot or binary file located on the memstick?

These are all questions that the elites have found answers to, but the elite unfortuatly did not take the time to tell us the story in details, I am sure if they were more willing to reveal their methods then more people would know how to begin. If they told us the details of WHY they though it was impossible to use EBOOT.PBP in the usual way in FW > 1.50, Im sure i would know alot more about the signatures and whatnot. Writing rograms is the easy part of psp dev.

Lastly, I will ask if anyone has heard roumors of possible exploits (that havent been found to be just crashes) in the 2.70 OS.

Thank you

Bradley.
...
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

are there any psar dumpers/prx decryptors for windows?

my psp is now 2.60, I dont have GTA to run the pasr/prx untils from my psp, and i need a dump of the 2.70 and 2.60 udates. If there are any windows programs that can do this please let me know.

[email protected]
...
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

Ok now, I found a nice entry

http://www.psphacks.net/content/view/180/

and it brings the question.... does GTA use this kind of encryption? Actually I should be asking... does GTA's savegame use this kind of encryption? If not, then I can see how we were able to run code, if the psp is not trying to shake our hands whiile we are dealing with savegames, then we can run code without worring about handshakes. But all programs that are run by the 2.70 Os, are they also shaking hands all the time? Who would I talk to to find out? is there any artilcles posted on the internet?
...
User avatar
0okm0000
Posts: 116
Joined: Fri Jan 13, 2006 9:51 am
Contact:

Post by 0okm0000 »

bradskins wrote:Yeah, you are right, I do need to read up more.
...
more more more :P

http://forums.ps2dev.org/viewtopic.php?t=6091
Kernel mode under firmware 2.6 * The proof of concept *
groepaz wrote:
I just want to know more about how they found it or the theory behind
2.5 memory dump disassembly, time, skill. thats the theory pretty much :=)

bradskins wrote:are there any psar dumpers/prx decryptors for windows?
...
NO

How To decompile a .psp and a .psar
http://forums.ps2dev.org/viewtopic.php? ... light=psar
PspPet wrote:No. not software that ONLY runs under Windows XP
Programs require a homebrew capable PSP (version 1.0 or 1.50 firmware). The PSP has special hardware to decrypt files.

There is a sample in the PSPSDK to decrypt .PRX files (the typical format of .PSP files)
http://svn.pspdev.org/filedetails.php?r ... rev=0&sc=0

There is a program called "PSAR Dumper" that will dump the .PSAR data for the known update programs
http://forums.ps2dev.org/viewtopic.php?t=2883

=====

> Hello all 'im a noob in the psp scene...
Then you should probably ignore the above advice ;->
This stuff is hard to figure out. Don't be one of the idiots who think a 5 minute hack is going to open up the PSP.

If you don't already have a homebrew capable PSP, you probably shouldn't be asking these questions.
If looking for an exploit, please ask elsewhere.
PSAR Dumper 2.0 (PRX 2.0 format decrypted)
http://forums.ps2dev.org/viewtopic.php?t=3554


2.7X PRXDecrypter for 2.6
http://dax.psp-tuts.net/cutenews/show_n ... rom=&ucat=&
PSP hardware hack
http://0okm.blogspot.com/
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

and the 2.50 memory dump..... it takes hardware to do that, right?
...
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

Im sorry if I am not skilled, but I do have time, and Iam study comsci at the university....... I guess to start I have to get the memory dumps going... or

where can I find memory dumps, can someone email/link dumps for me?
...
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

AHH, the 2.50 memory dump is now avaliable without having to use other hardware . i was thinking something along the lines of a device that would be hardwired to the psp to know all of the memory, but if that was possible it would make things easy.
...
User avatar
0okm0000
Posts: 116
Joined: Fri Jan 13, 2006 9:51 am
Contact:

Post by 0okm0000 »

bradskins wrote:Im sorry if I am not skilled, but I do have time, and Iam study comsci at the university....... I guess to start I have to get the memory dumps going... or

where can I find memory dumps, can someone email/link dumps for me?
you need to read up more more more more :P

http://forums.ps2dev.org/viewtopic.php?t=6091
Kernel mode under firmware 2.6 * The proof of concept *
memory dumps
PSP hardware hack
http://0okm.blogspot.com/
User avatar
groepaz
Posts: 305
Joined: Thu Sep 01, 2005 7:44 am
Contact:

Post by groepaz »

that thread should be locked. its going nowhere. ever.
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

Well, all I have to say is

if everyone who has done anything great for the pspdev community on their own accord took a couple hours to write a page about what kinds of troubles they encountered, how they overcame them, and details that someone fresh on the scene would eat up; then I am sure we would be alot better off than we are now.

The current state of things is: you leave the beginners to sift through a forum. In this forum you might have mention something a long time ago that is relevant to the beginners, but you leave us to try to sort through all this "ohh wouldn't it be great...," "how do you install eloader...," and "where can I download isos..." crap to find something you might have left behind. Maybe I will just go brew up an iso loader for 2.70 just to piss you all off.

bradskins.
...
bradskins
Posts: 25
Joined: Tue Dec 20, 2005 5:54 pm

Post by bradskins »

sorry iso loader for 2.6 :P
...
Fanjita
Posts: 217
Joined: Wed Sep 28, 2005 9:31 am

Post by Fanjita »

Some knowledge is worth working for.

You might also find that a better way to pick up the necessary knowledge is to start small, coding up some simple apps, before trying to jump in at the deep end to make the next uber exploit.

Making threats is definitely not the way to go - if you're not capable of a little solo research, then no one believes that you're capable of creating an ISO loader.
Got a v2.0-v2.80 firmware PSP? Download the eLoader here to run homebrew on it!
The PSP Homebrew Database needs you!
User avatar
groepaz
Posts: 305
Joined: Thu Sep 01, 2005 7:44 am
Contact:

Post by groepaz »

Maybe I will just go brew up an iso loader for 2.70 just to piss you all off.
obviously, no. you wont.
jonny
Posts: 351
Joined: Thu Sep 22, 2005 5:46 pm
Contact:

Post by jonny »

if everyone who has done anything great for the pspdev community on their own accord took a couple hours to write a page about what kinds of troubles they encountered, how they overcame them, and details that someone fresh on the scene would eat up; then I am sure we would be alot better off than we are now.
acquiring the required knowledge can require years of study/practice (some stuffs also require personal skills that not everyone is able to acquire)
there are no magic caps, blaming the others for something you are currently not able to understand/do is not a sign of maturity
User avatar
Drakonite
Site Admin
Posts: 990
Joined: Sat Jan 17, 2004 1:30 am
Contact:

Post by Drakonite »

bradskins wrote: if everyone who has done anything great for the pspdev community on their own accord took a couple hours to write a page about what kinds of troubles they encountered, how they overcame them, and details that someone fresh on the scene would eat up; then I am sure we would be alot better off than we are now.
If everyone spent their type writing crap for people who don't know what they are doing, then no one would be doing anything 'great' People aren't here for your benefit, they are here because they want to work on the psp/ps2.
but you leave us to try to sort through all this "ohh wouldn't it be great...," "how do you install eloader...," and "where can I download isos..." crap to find something you might have left behind.
Er... go take a damn look around. There is a lot of crap in the psp forums because there are a lot of idiots out there, but we fight damn hard to stop crap like that, and this is exactly why. Go take a look at other sites out there that claim to be doing psp homebrew and then try to tell me we are filled with crap posts here.

The real problem is there are far too many people with absolutely no clue what they are doing, including not knowing anything about programming/RE (which are NOT psp/ps2 specific topics), and then posting tons of crap posts expecting us to hold their hand and explain everything to them.
Shoot Pixels Not People!
Makeshift Development
Post Reply