Custom Firmware For the PSP-3000 Released 97
Busshy writes "Today, owners of PSP-3000 consoles, and those on PSP-2000s with boards that were previously incompatible, have now joined all those who have been enjoying PSP homebrew for years with the release of a new custom firmware that brings emulation and much more to those systems. You will need the recent Chickhen homebrew enabler installed for it to work."
Re:Uses (Score:3, Informative)
Games for the PSP are very cheap. I was considering cracking mine before just to get simple stuff like a better media player front end and an alarm clock. Emulators would be cool too but I didn't get the device just for gaming.
Piracy, Shmiracy (Score:3, Informative)
Yes, you can use this to pirate. Whoopdodoo. There are lots of other benefits you're overlooking.
- Running games off the memstick is much faster than waiting for the UMD to load
- You can fit several games on the memstick (some may be pirated, if you're a dishonest prick who wants the platform to fail). That means you don't need to lug a ton of fragile disks around when you travel.
- Not using the UMD means extended battery life.
This is really spiffy, don't get me wrong. But what I'd really like is an update to 5.50 firmware so the copy of Final Fantasy VII I just BOUGHT will play on my hacked PSP. I think all the PS1 re-releases from E3 require updated firmware, and that blows.
Re:Piracy, Shmiracy (Score:2, Informative)
If you paid for it and it doesn't work, then downloading [thepiratebay.org] a copy that does is 100 per cent reasonable.
Re:Hurray! (Score:1, Informative)
Take that figure. Double it. Subtract 4. Then multiply by a million and you'll be close to the number of PSPs sold. There have been about 48 million PSPs sold to date. In the history of hand held consoles, the PSP has been the most successful competitor to Nintendo's offerings.
Re:Piracy, Shmiracy (Score:5, Informative)
you can run FFVII on CFW
you need to use the recovery menu to select "use version.txt" then usb toggle flash0 find version.txt and change all 5.00 or 500 to 5.50/550
I have not gotten FFVII but it worked for Fire pro wrestling G off the japanese store.
Re:Hurray! (Score:2, Informative)
Fixed that for you [gamasutra.com].
It's Not Really "Custom Firmware" (Score:5, Informative)
Custom Firmware is a bit of a misnomer. For the PSP-3000 (and last sub-model of the 2000, T88v3) it's not possible to replace the built-in firmware with a truly custom firmware, as Sony does signature checking that would keep the PSP from loading unsigned firmware. This is different from the early PSPs, where it was possible to fake out the device and make it accept any firmware.
Anyhow, this isn't a custom firmware in the traditional sense, rather it's more of a injection attack of the PSP's operating system. Normally unsigned code is blocked by the OS, but there's a vulnerability in the TIFF decoder that allows for executing such code. Using the ChickHEN tool (a compromised TIFF file and a payload) the OS's signature checks can be compromised by injecting replacement files in to the running OS, which the PSP happily complies with. With the check disabled, the PSP will run unsigned code for homebrew, but it lacks the drivers necessary to run backup/pirated games. This is an important distinction, because the ChickHEN tool has been around for a few weeks now and is not what TFA is talking about.
This latest hack (5.03 GEN-A) finally takes it one step further and uses the ability to run unsigned code to inject the additional drivers needed to make the PSP treat ISOs on a Memory Stick as a UMD game. This hack isn't necessary to run homebrew, it's solely for running commercial games. Notably it's still entirely a runtime attack, and if the PSP cold boots it will return to normal operation.
This is to Sony's advantage (what little good news there is, at least), because the hardware has not been compromised in any way. As PSPs can not be flashed with earlier firmware versions, all PSPs running firmware versions later than 5.03 can not be attacked as the TIFF vulnerability was fixed. This limits the number of vulnerable units to old units that haven't been upgraded, as new units will come with the fixed firmware. Of course this doesn't preclude another software vulnerability being found in the OS or a hardware attack, but usable software vulnerabilities are very rare, and a hardware attack would be the equivalent of the Holy Grail at this point.
Anyhow, since it's not a real custom firmware, it's not necessarily a viable long-term hack. Users will never be able to upgrade their firmware, so any software that requires a later firmware version (and can't be trivially bypassed by lying to it) would be unusable in hacked PSPs. Sony no doubt will be working to isolate hacked PSPs in this manner.
Re:Pandora (Score:3, Informative)
Re:Uses (Score:3, Informative)
None of those tools is useful in and of itself; they all enable other things to run or work. Twilight Hack is an exploit, PatchMii is a system patcher, DVDX is a DVD-Video mode enable hack that doesn't require patching. But even so:
Since most users of "homebrew-enabled" Wiis are using it to pirate games, and the Twilight Hack is the most popular game exploit entry point and, until recently, the only one, most of its users are certainly using it with the end goal of piracy in mind.
PatchMii was some code developed to download an IOS from nintendo's update servers, patch it on the fly, and install it (enabling legal IOS patching). Its original use is also practically obsolete - originally it was released as a platform to experiment with IOS patches, and then it was used to enable DVD-Video mode on users with modchips (ironically, good modchips tend to actually break the use of DVDs for homebrew because they make them appear as game discs, which are subject to heavier restrictions). This restriction is now circumvented and PatchMii is no longer necessary (or supported for current DVDX versions). The only real improvement to homebrew from patched IOSes is the USB 2.0 driver, which, guess what, was actually developed for piracy, and is also obsolete or should become such for homebrew, since MINI (a true homebrew replacement for IOS which enables a truly 100% nintendo-free environment) plus Linux yields ridiculously higher performance than the crappy IOS-based USB EHCI driver (the latter doesn't even use IRQs). Given that PatchMii serves a limited purpose for homebrew these days, and that it is, on the other hand, the base for all of the warez-enabled modified IOS installers, we can also certainly say that most of the users of the PatchMii codebase are also using it with the end goal of piracy in mind.
Finally, even though DVDX serves a very specific purpose (trick IOS into turning on DVD mode for the user without having to patch it, so homebrew can read from DVDVideo or DVDR discs for data), and even though it's quite simple code, and even though warez loaders need to patch IOS anyway (since pure DVD mode isn't compatible with games), the very first DVD warez loader (which, by the way, sucked very badly) used it because the developer was too incompetent to figure out what bit to flip inside the IOS that he was already patching. So even DVDX, a tool that couldn't possibly be useful for piracy, indeed was used for that, although we can't speak of a majority of users here (the guy eventually figured out what he had to patch and it is no longer required).
We can't have nice things - anything and everything that homebrew developers make will be abused by much larger numbers of warez users. I say this as a former developer of all three of the tools mentioned. It's rather depressing that, say, the software installation interface that I reverse engineered and then added support for in libogc (originally used to install The Homebrew Channel, DVDX, etc) is now mostly used to install warez-patched IOSes and VC/WiIWare warez, and that even the libogc library that I developed it for turned out to contain a large steaming pile of code copied straight from the Nintendo SDK.
Glossary for those not familiar with Wii homebrew stuff:
IOS - an OS that runs on the Wii's "Starlet" ARM sub-CPU that contains security features and drivers for most wii-exclusive functionality that wasn't present in the GameCube. Unrelated to Cisco IOS.
Twilight Hack - exploit in Zelda: Twilight Princess that lets you run a homebrew executable. Recently open-sourced.
PatchMii - downloads and patches an IOS from Nintendo's servers and installs it, all on the fly and automatically. Originally released as an open-source platform for IOS experimentation.
DVDX - a trick using a hidden channel and some context save code. Basically it has a flag set that makes the Wii consider it the "DVD Player Channel", for which support officially exists and for which there's a special DVD drive mode, even tho
Re:Uses (Score:3, Informative)
The Twilight Hack is an entry vector - a way of loading your own code on the system to begin with. You need one of those to run the tools necessary to set up, install, and run copied games. Therefore, and taking into account that many more people using homebrew applications to run warez than not, and that the Twilight Hack is one of two available ones at this time and clearly the all-time most popular one to date (since the newer one, bannerbomb, is very recent), most users of the Twilight Hack have used it with the ultimate goal of running warezed games.
Re:Uses (Score:3, Informative)
Warezed games can be run from DVD-Rs and USB drives. Sure, you run the loader from an SD card, but that's a few kilobytes. My point is that the only way to run Wii warez without a modchip is via loaders installed using/via homebrew, and the most popular way of launching homebrew to date is the Twilight Hack. Every single person out there who pirates Wii games without a modchip (a number much larger than the people purely using homebrew for legal purposes) has used either the Twilight Hack or Bannerbomb.