Swapless PSP Exploit Released

YDKCooKiE writes "According to psphacker.com, an updated exploit for PSP 1.5 has been released, allowing PSP 1.5 users to play homebrew software without requiring the swap trick."

Just tried it

[pjameson]

I just tried this yesterday, and finally I get to see what I was missing by having the 1.5 firmware. They really did a great job on this release, but it's going to suck when you have to update to play new commercial games

Re:Hehe...

[Anonymous Coward]

Actually, homebrew is all it will play. Commercial games still won't play, unless you know how to crack the encrypted executables.

This is the best thing for the homebrew scene. You can't run pirated stuff, but you can develop and run your own app on the PSP! How cool is that? I'm playing Rick Dangerous on my PSP! Woohoo!

Because the whole page is basically an ad...

[Tuxedo Jack]

Here's the text and the link it links to.

- - - - -

Just when your fingers are getting sore and your friends keep asking 'Why do you have to switch memory sticks?' Killer-X and the PSP-Dev team have answered our prayers with KXploit, a way to run homebrew on 1.5's... Minus the memory stick swap!

The predecessor of Swaploit, users will now enjoy no more jammed fingers or broken nails with the introduction of "Direct Loader", and 1.5 users can now pretend they own a 1.0.

One of our users, Gavin King (Thanks), posted a comment on how to do this in its simplest form:

"If any of this confused you.... just do the same thing you did with swaploit, but put both folders on the same memory.

Let's use your NES folder as an example.

Your MS1 folder name "NES%" and your MS2 folder leave it the same, naming it "NES".

And that's all you need to do... a simple rename and move."

(I myself tested and verified this to work.)

You can get it in our PSP Download section here.

- - - - -

The file they're referring to is here:

http://files.psphacker.com/cgi-bin/cfiles.cgi?0,0, 0,0,38,469 [psphacker.com]

Re:Exploit?

[linguae]

From dictionary.com:

1. To employ to the greatest possible advantage: exploit one's talents.
2. To make use of selfishly or unethically: a country that exploited peasant labor. See Synonyms at manipulate.
3. To advertise; promote.

Well, installing this exploit does employ the PSP to the greatest possible advantage, IMO, so that definition of the word works fine. Of course, exploit has ta negative definition, but I see nothing negative about using your PSP to play homebrew games, Linux, and other "unsupported" stuff, so I guess the definition of exploit is relative to the speaker/listener.

Re:Sony's really missing an opportunity here

[Gotung]

Do you really think Sony is making a profit on PSP's at $250? They have to combat homebrew because people that buy the PSP solely for homebrew/hacks generate zero (maybe even negative) dollars for Sony. These days game system manufacturers sell their systems for very little profit or even a loss to get the system into peoples hands. They then make the money back by selling games. If they sold a "hackable" version for $400 (so as to actually *GASP* make a profit) would you still buy it?

Technical Explanation

[Bri3D]

This is really old news...anyway...here's the technical explanation of how this works.
The original Japanese PSPs would run unencrypted code straight off of memory sticks. Then Sony released firmware 1.50. Firmware 1.50 required ALL code it ran to be encrypted. But there was a flaw. Some people from a group called psp-dev discovered that the PSP firmware only checked for unencrypted code ONCE, when it read the archive with the name of the application, the icon, etc. They determined that by making an archive with NO code in it, the psp would give it the OK because there was NO code in it whatsoever. Then the memory sticks would be swapped, and the PSP code loader would run the code off the second stick. But that wasn't good enough for PSP-DEV. Using a flaw in the FAT driver on PSP they were able to make this work with ONE memory stick. Why? When two folders are placed on the memory stick, one with a percent sign after it containing the archive and one without a percent sign containing the code, the PSP would allow you to select the archive, then the PSP bootstrapper would read the directory without the %, because the PSP bootstrap and FAT driver do not understand % signs.

Re:Mod Parent Up Informative!

[trekstar25]

They already have. The only firmwares that can be exploited are 1.0 and 1.50. Since, they've released 1.51 and 1.52. They are planning on making upgrades compulsory with new PSP games coming out soon. I'm trying to decide which I want more - a portable NES SNES jukebox (and DOOM, too!), or a portable GTA game. Luckily, I have a while to decide.

gameboy tetris!

[knowles420]

i've been running this since the swap hack was announced. truly the greatest thing about my psp is the fact that i can play gameboy tetris again.

also, check out the kxploit homebrew pack [psphacker.com] for a one stop solution to the emulators and homebrew games available.

File mirror

[coolnicks]

File is berried inside the site

Mirror here : http://data.coolnicks.co.uk/kxploit_1%5B1%5D.5_psp -dev.rar [coolnicks.co.uk]

CoolNicks

Re:Lack of a network effect

[HishamMuhammad]

Or is it a "good, fast, cheap, pick two, tough shit" situation?

Yes, but it's more like a "open, popular -- pick one" situation. A friend of mine is a GP32 developer. The architecture is completely open, he bought it to hack on it more than to play with it. In fact, he's now maintaining the Linux kernel port [cscience.org] for the specific ARM architecture of the GP32 port.

And yes, nobody else had a GP32 in his town when he bought it (or in his state, maybe even country(!), for that matter). But he found a very exciting user and developer community [gp32x.com] on the internet. So the installer base in [whatever specific place you are] is not that relevant.

Still, after seeing the GP32, I was almost tempted to buy one for myself (but I was broke at the time). Chances are, if you buy one, your friends might follow suit.

And emulators work like a charm, so there's no shortage of games, especially if you're into the classics. ;)

Re:Technical Details

[nathanh]

Has anyone seen any details about how these hacks work, or what they exploit? I remember reading in gritty detail about the xbox font hacks, but I haven't seen any technical details on the PSP hacking.

The PSP bootloader checks the folder on the memory card (FAT format) for signed code. If it finds unsigned code, it refuses to boot.

The PSP OS does not check for signed code. It assumes the bootloader has done its job. It just runs whatever code it finds.

Fortunately the PSP bootloader FAT driver and the PSP OS FAT driver don't work the same. The bootloader ignores % signs in folder names. So if you create a folder "FOO" containing NO code, as well as a folder "FOO%" containing homebrew code, then the PSP will happily boot and run your code from the "FOO%" directory. Simply place both the directories on the card and try to play the code in "FOO%".

NB: bootloader in this context isn't quite the same thing as bootloaders on PCs.

Re:Technical Explanation, no!

[Anonymous Coward]

This is not a flaw in the FAT driver, this is a flaw in the shell. It uses sprintf to copy the filename to a different buffer before it calls open and the %, being a printf format operator, is dropped. If you put %s at the end intead of %, the machine will crash.

Re:Technical Details

[binarytoaster]

It's the other way around.

The driver can't see the %, so the OS runs FOO% and the bootloader interprets that as FOO.

Re:Technical Explanation, no!

[springbox]

Which is why it's a good idea to use printf("%s", string); instead of printf(string);

change your psp backgrounds

[knowles420]

since no one's mentioned it yet, to my knowledge, here [pspthemes.com] is a link to pspthemes.com, where you can get all sorts of nifty backgrounds for your psp.

pspersonalize [psphacker.com] is what you need to make them work.