Ever heard of PSIO? No, I hadn’t until recently but it’s something that has certainly fascinated me. The PSIO project is a way of playing PlayStation One games on the original console without any form of chip or back up disc, but through an SD Card that will have its own built in multifunctional operating system with the ability to play PlayStation One games, and possibly even Homebrew.
In my previous article on Charles Proxy many people have been stating that Fiddler 2 is free, and asking for guides regarding that. As I have had time to look into Fiddler, I thought I’d write a quick tutorial for those who wish to use this as an alternative to Charles.
Since the latest firmware is now out, that seemingly leaves us without PSN or any form of Online gaming which does take some of the fun out of the Vita, and with all the Sales and free games coming from Sony at the moment it’s horrible that if you wish to keep your exploit then you have to update, right? Wrong. There is a simple way around this by using a Proxy server.
Note from Wololo, a bit of context on this article: if you’re running a CFW on your 6.60 PSP such as Pro CFW, you are regularly using the 6.60 kxploit without knowing it. The vulnerability was exploited and released by developers Davee and some1, about a year ago, and pro CFW relies on it. Today jigsaw gives a full explanation of the inner working of this exploit.
660 kxploit is within ifhandle.pfx, which is the PSP port of mbuf. mbuf is the basic unit of memory management for network packets and socket buffers. It’s originated from BSD, and is widely adopted by commercial products due to BSD license. ifhandle is obviously ported from FreeBSD 4 release with slight changes. Some routines of ifhandle are 100% duplication of original mbuf code. Read the rest of this entry »
Let me explain: if an exploit is found (and revealed) in a Game on the PSP, Sony will simply remove the game temporarily from the PSN Store, and it will be available again only if the game’s developers fix the issue. So the only people who will be able to benefit the exploit will be those who downloaded the game from the PSN Store before the exploit was made public. (unless you didn’t know, the PSPGo has no UMD drive, and therefore all games for this machine must be bought on the PSN)
Yep, that’s not cool, and it explains why Freeplay doesn’t want to make the recent hack of the PSP Go public (the exploit is still useful for hackers as it allows to run unsigned code on the PSPGo, and therefore analyze its firmware more precisely). It also explains why we should now be looking for vulnerabilities in the PSP Firmware (such as the laughman tiff exploit that led to chickHEN a few months ago) rather than games.
In this article I will explain how to monitor the PSP Menu with PSPLink. If you haven’t read my previous post on savegames exploits, I suggest you do it, as it is a nice introduction to PSP exploits. Disclaimer: I’m not the best PSPLink user in the world, so this article might be incomplete on some parts.
Imagine you have a file that crashes your PSP. It can be a video file, an mp3, an image, etc… (I will explain later how you can find or create these files). How would you tell if it can become an exploit or not? Well, as usual, the answer is clear: PSPLink.
PSPLink is a very usueful tool to analyze the Ram of the PSP. If you don’t have it yet, google for it. I personally have the version included with the minimalist PSPSDK.
PSPLink has two parts of interest for this: one that goes on the PSP (basically, an EBOOT, as most homebrews), and two executables that run on the PC (they will display the information sent by the PSP to the PC).
Once you have installed PSPLink on your PSP and plugged your PSP to your computer with a USB cable, open 2 command-line windows, in which you will run respectively usbhostfs_pc and pspsh.
When this is done, you can run the PSPLink EBOOT on your PSP. If everything goes well, pspsh on your computer will display “host0:/” and usbhostfs will say “Connected to Device”. It should look like this:
If you need more information on PSPLink, google for it.
Running the XMB/VSH
Now that’s the interesting part. If you’re a developer, you might know how to run your homebrews’ prx files from there. But how can you access the PSP Menu? Well that’s actually very easy, as you only need to type the two following commands in pspsh:
And that’s it! Let me tell you, it is way easier than doing it for savegames, as no plugins are required.
When the crash occurs, pspsh should display the current state of the registers, and lots of useful information.
From here, what you need is MIPS assembly knowledge, and lots of patience. But I can’t teach you that . For the basics, you can still read my article on Savegames, as we are looking for the exact same thing: a way to overwrite $ra
By the way, you need a hacked PSP to run PSPLink, so don’t try this on Official Firmwares.
Do you shop at Amazon?
If you like my work and are an Amazon shopper, please consider using the links below. It won’t cost you anything more, and I will get a small percentage of the sales.
Thanks for your support!