PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!


 
 
  1. #1

    First PSP Signed Homebrew is Now Released

    First psp "signed" homebrew..

    Well ok, here it comes. tested on fat PSP with OFW 6.35

    How?
    Simple, notice it contains ~PSP header from demo game (UCES00206), it is exactly same header.
    It is easy to craft last 16 bytes of encrypted data block to match header CMAC - yes, that's the trick

    There are some strange things, it can't run homebrews with bigger executable block (data block does not matter), and because of ~PSP header, it has to match exact size of original game.

    This trick might be possible on firmware kernel modules to get permanent HEN on non-pandrorable PSPs, i was not able to do it but i was not trying that much.

    PS: i am not only one who found this trick
    Yeah i know its not PS3 but the PS3 made it possible due to awesome security

    Source: wololo.net/talk/viewtopic.php?f=5&t=1381&start=150#p20309 and wololo.net/talk/viewtopic.php?f=5&t=1381&p=20720#p20715

    PSP Crypto Keys including the 'Kirk' and 'Spock' keys:

    [Register or Login to view code]

    P.S. None of those keys are on the ps3, don't bother looking there. More keys: http://pastie.org/1467912

    For those who wonder, spock cmd 0x09 key is used to decrypt UMD keys stored in idstorage, those keys are then used by spock cmd 0x08 to decrypt the UMD master key (per disc key) Then this key is used in spock cmd 0x0A to decrypt the UMD raw sectors. Each different psp regions seems to have its own sets of UMD keys.

    You can more or less access Spock through lepton's ram (there is some hidden test mode on lepton allowing you to do just this). More on this later If I ever get the time to clean up those sources.

    P.S. Let's hope sony uses kirk cmd 0x12 for the kernel prx ECDSA checks and that they did the same fail as on ps3, would someone be so kind as to check it out ?

    Syntax for kirk cmd 0x11 key:

    [Register or Login to view code]

    Also below is the PSP Half-Byte loader via Wololo and a video of it in action: wololo.net/talk/viewtopic.php?f=5&t=1381&start=290


    Attached Files Attached Files

  2. #2
    Join Date
    Apr 2005
    Posts
    29,562
    +Rep for the news ModderFokker, and ya, if it was perhaps a new/signed PSP iSO Loader I'd mainpage it but for now I am moving this to the PSP Forum for discussion.

    We just don't have a big PSP following here, and even in general the PSP scene seems to have died down in recent years as more people moved to PS3 perhaps.

  3. #3
    Oh this is very nice progress as concept turns into reality we will see psp/ps3 turned on its head as retail non jb units accept signed homebrew left and right.

    Good Times. After all, It only does everything.

  4. #4
    Great news! Can't wait to see more!

  5. #5
    Join Date
    Nov 2010
    Posts
    2
    Good news. I hope some one will come out with a real CFW soon or find a way to get those v3 boards working properly, by properly I mean not through HEN.

 




Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
  • Register, Login or Activate Your Account to post on the forums.