• Hey Guest. Check out your NeoGAF Wrapped 2025 results here!

PSP: Let the Homebrew Coding Begin!

M

McFly

Member
http://www.psphacks.net/content/view/192/2/

Wednesday, 04 May 2005
Well, looks like it has finally happened.

loser has released the elf2pbp tool.

What it does is takes an elf file (a binary executable file) that has been compiled for the PSP and converts it into a PBP file which can then be run from a memory card.

Of course, with everything, there is a catch. First, you need to have a Japanese PSP. Second, you need to have NOT flashed your PSP to version 1.5.

Glad I didn't flash mine over. Once I can get some kind of cross compile environment set up, perhaps I'll give this a try.

Here's the quote:

"This tool takes an elf file compiled for psp and "converts" it into a PBP file.
You can then copy this pbp file to a subdir in "PSP/GAME" on your memcard (eg to "PSP/GAME/APP1/EBOOT.PBP")
This tool has been designed so that you could run it at the end of your makefile,
you could even set your makefile to then copy the pbp to your psp after making it
(assuming you first set your psp to usb mode).

Let the pspdev begin! "

"Ver.3
Slightly updated version of the elf2pbp tool.

The included param.sfo file is now made as simlpe and generic as i could
while it would still work. You can now also set the name of your app from the command line

eg: ebp2elf main.elf "My First Demo"

Here's the link to the file for download:
http://www.internalreality.com/elf2pbp3.zip
http://www.internalreality.com/
Click to expand...

I can't try it out as I don't have a japanese PSP, but it sounds like the first step to homebrew games and emus is done. :)

Fredi
 
Holy... here's hoping they crack it for everyone.

That said, anyone know anywhere that still sells none 1.5 japanese PSPs?
 
Because it looks like the 1.0 firmware did not check to make sure that binaries were encrypted or signed first. 1.5 fixed that "flaw"

So if you don't have a japanese 1.0 psp, this is worthless to you.

However, look at the story on the front page for details.
Click to expand...

Yikes - their original release didn't even check if the code was signed before it ran! Talk about lazy bugtesting! :lol
 
I hope that gives the hackers something to look for when making a more universal crack.

I was doing some reading that suggested that MAME as-is is not going to run well on a PSP, which was disheartening. I'd think a scaled-back version could be done, at least for older games. I could live with it if it only emulated games pre 1990 (or 1985, even).
 
Ah crap. Hopefully there's a way to downgrade the firmware.

I really don't care that much about the updates provided in 1.5, except for faster sleep mode init.

I was doing some reading that suggested that MAME as-is is not going to run well on a PSP, which was disheartening. I'd think a scaled-back version could be done, at least for older games. I could live with it if it only emulated games pre 1990 (or 1985, even).
Click to expand...
I think those older games will run fine. Mame for MIPS Pocket PCs could run games like Galaga, etc. at full speed on processors slower than the one in PSP.
 
to be honest mame isnt a very good emulator UNLESS u want perfect ports and a beefy pc. I think psp could run alot of games with other "lighter" emulators that mame could not.
 
Excellent! I still hope Sony will release an official kit, but this is a very good alternative.
I'm surprised it took them such a short time. Congrats!
 
NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!!!!!!!!!!!!


Well, there is a positive thing... I won't just be throwing myself on PSP programming just yet: I rather though have somethign officially supported like the PS2Linux kit (I'd pay for it of course) rather than something like HAM (which is no bad, but I like PS2Linux better... well that and SPS2 ;)).
 
So, wait.

How did they get around the whole encryption thing with unsigned code?

Or did the first version of the firmware not give a damn if the code was unsigned? Jesus.

Edit: Looks like the thread answered my question for me. The 1.0 Japanese PSPs didn't check at all.

...Which means there's still a long way to go to get unsigned code running on US PSPs.
 
I DIDNT UPGRADE!!!! WOOHOO!!!!

Once the ball gets rolling, those who need version 1.0 Japanese PSPs will have a friend in me. I am pretty sure most used units on the shelves here did not have their firmwares flashed.
 
Good news for all those programmers out there hope to see some cool PSP Apps or even Emulators but I have a question, my girlfriend still has a 1.0 Jap unit and all she plays is Lumines. I'm reading a lot of comments that because she didn't flash to 1.5 she won't be able to play newer games? any truth to that?
 
"I knew there would be a reason not to upgrade the firmware eventually.
Me = happy."

PAYBACK! Deliberately didn't upgrade following talk with Jonny about this. NOW GIVE ME TEH MAMES! :D
 
Can someone explain to me the basics of software "signing"? I mean.. how can a piece of software have a "signature" that you can't just copy and then put into your own program so that it works?
 
tried it.

it appears in the Games list and you can run it , you get the PSP screen, then the unit takes you back to the PSP main screen.

All we need now is the killer app to go in there (mamemamemamemamemamemame...)
 
terrygolder said:
It would be nice to play nes, snes and genesis games on the go. Nomad and GameAxe are too harsh on batteries.
Click to expand...

Get a Zodiac and Little John Z. LJZ is an awesome little multiemulator (covering NES, SNES, Genesis, GG/SMS, and some others), and it just so happens that there are other emulators for the Zodiac. Plus, the Zodiac uses SD cards (larger and cheaper than MS Duos) and has two slots to boot.

Granted, all of the Zodiac's native games suck, but if you're going to get a dedicated emulation handheld, it's awesome.
 
AtomicShroom said:
Can someone explain to me the basics of software "signing"? I mean.. how can a piece of software have a "signature" that you can't just copy and then put into your own program so that it works?
Click to expand...

The executable is encrypted. The loader decipts it before execution.
 
There is people that says that our PSPs when in v0.0 form didn't check signatures...which is highly unlikelly IMO...
In that case, all the ones who did the update are screwed :)


I wonder if a HelloWorld application would work...Someone could try it using a MIPS compiler...Of course there would be need stdlib and stdio from the devkit...
 
Don't the newer games ship with the updated firmware on the disc? Prompting you to run the installer? I thought WipEout Pure JAP was one of the games that done that.


And if they can run this because of no check for unsigned code, I'd be surprised if they find a way around 1.5. Exponentially harder if that was the reason it's working in the first place.
 
Dazzla said:
I'd be surprised if they find a way around 1.5. Exponentially harder if that was the reason it's working in the first place.
Click to expand...
mod chip. this is essentially the way all Tivo's were hacked pre killhdinitrd. Basically the older Tivo PROMs didn't check for a signed kernel. So you PROM mod your Tivo with a incircuit flashable socket, flash the prom to kill the checking portion of the code, and move on your way.

essentially all they have to do now is make a modchip that is essentially a 1.0 BIOS and the homebrew scene explodes. of course a soft mod is much preferable for those of us who don't solder, but this is definitely the flood gates starting to crack open.
 
borghe said:
mod chip. this is essentially the way all Tivo's were hacked pre killhdinitrd. Basically the older Tivo PROMs didn't check for a signed kernel. So you PROM mod your Tivo with a incircuit flashable socket, flash the prom to kill the checking portion of the code, and move on your way.
Click to expand...

Where teh feck are you going to put a modchip inside the PSP? Good luck with that one. I would pick up a second unit though and reflash the BIOS (if that becomes possible) if it meant I could play all the emulators on it, though. The PSP screen alone is worth it.
 
Nerevar said:
Where teh feck are you going to put a modchip inside the PSP? Good luck with that one. I would pick up a second unit though and reflash the BIOS (if that becomes possible) if it meant I could play all the emulators on it, though. The PSP screen alone is worth it.
Click to expand...

I hope someone makes a softmod through the USB or something.
 
Wow. It's just a matter of time before it's going to work for 1.5 firmware PSP's or a way is worked out how to downgrade your PSP.

Brilliant. Now please port Mame :)
 
eh.. be creative.. if instead of a mod chip it was a small cable coming out of a drilled hole and going into a dongle casing that held the mod chip, I can think of PLENTY of people who would go that route because of all that is implied. you could probably go other routes as well.

as I said, softmod would be preferable for many reasons.. we can hope.
 
Dazzla said:
Don't the newer games ship with the updated firmware on the disc? Prompting you to run the installer? I thought WipEout Pure JAP was one of the games that done that.


And if they can run this because of no check for unsigned code, I'd be surprised if they find a way around 1.5. Exponentially harder if that was the reason it's working in the first place.
Click to expand...

Wipeout did not prompt an upgrade on my machine.
 
AtomicShroom said:
Can someone explain to me the basics of software "signing"? I mean.. how can a piece of software have a "signature" that you can't just copy and then put into your own program so that it works?
Click to expand...
Before signing any games, the game system maker generates a single private/public key pair. They keep the private key secret and burn the public key into the ROM of the system.

Without getting into the math, a core idea of public/private key crypto is that you can't easily generate one key from the other. A hacker trying to brute-force out a private key from a modern public key is typically attempting to solve a problem that will take much longer to complete than their lifetime will allow them.

1. Before manufacturing, the system maker uses a one-way math routine (hard/impossible to reverse) against the executable file to generate a smaller number that represents that file.

2. Encrypt that small number using the secret private key of the public/private key pair.

3. Append the encrypted number to the executable file.

The "game loader" code on the console/portable does the following sequence of checks every time it starts a game:

1. Use the same one-way math routine to generate a small number that represents the file. If the file has not been modified, this number should be equal to the one the system maker generated.

2. Decrypt the stored encrypted number in the executable file using the ROM public key.

3. Compare the current number with the original number included with the file. If they are the same, start the game. If not, display an error message or halt the system.

Hacks (and the reason they won't work):

Can I modify the file's signature to match my modified version of the file? This won't work, because you'll only be modifying the *encrypted* number, not the number itself. After modifying the encrypted number, chances are that it won't decrypt to the number you want, and you can't just come up with the right encrypted number because you don't have the private key.

Can I zero out the file's signature? Same problem. An encrypted number of all zeros will just decrypt back to a number that won't match the file.

Can I break into the console maker's building and steal the private key? Not likely. As you might expect, there tends to be a lot of security around an important key like this. Besides hardware devices whose primary purpose is to protect these keys against theft, you'll probably have armed guards to contend with.
 
I doubt games will require a firmware update to run. Usually the Sony game libraries are loaded from the disc. The firmware only handles non gaming related tasks, like browsing the memory card, user interface etc.
 
PizzaFarmer: You're overlooking the most obvious hack-- hcking the firmware itself, so that it doesn't check the key at all. Given that we know this works in firmware 1.0, I have no doubt people are trying to find where the code that does this lives and replace it.

I would not be to surprised to see hacked versions of firmware for installation after a while.
 
this is huge because we all know at bare minimum, ALL Japanese PSPs will be able to able to downgrade to 1.0 firmware and execute homebrew software (once they figure out how to write an app to read the BIOS). And even if apps do BIOS version checking, you can just run an upgrade to take you to the newest bios and you are good to go. then just downgrade back when you want to run homebrew.

the trick of course is to get this going on US PSPs. Of course if the US models are hardware identical and the region info is in the BIOS, well, that solves half of that problem.
 
pcostabel said:
I doubt games will require a firmware update to run. Usually the Sony game libraries are loaded from the disc. The firmware only handles non gaming related tasks, like browsing the memory card, user interface etc.
Click to expand...

To be honest, I see things the other way - since the PSP has a persistent OS running, it's possible that newer games may be dependent on newer versions of the OS.

Time will tell, I guess...
 
In that case, people with older firmware would not be able to run the game or will be forced to update the firmare first. I don't see Sony doing something like this. On the PS2 the OS resides on disc. I doubt PSP is any different.
 
You must log in or register to reply here.

Similar threads

The Homebrew Channel has ceased development due to stolen Nintendo code
33
2K
ReyBrujo replied
  • Poll
The Game Awards 2025 | OT | Let Us Dream
|OT| Event  63 64 65 66 67
3K
3K
saintjules replied
Let It Die : Inferno
26
1K
Revolutionary replied
  • Poll
"Do not let that Expedition game win GOTY." - Shroud
5 6 7 8 9
406
2K
DeVeAn replied
Modern Vintage Gamer: The Nintendo Wii Homebrew Channel drama explained
Drama Analysis Trailer 
1
596
SidViscous replied
Top Bottom