Wololo: Hi some1, can you quickly Introduce yourself?

Some1: My name is Jason, and I’m just some guy who was bored, had a psp, and wanted to learn some programming.

Some1: My first psp was a Christmas present from my parents back in 2005, however I didn’t start developing/hacking on it till October 2009 when I wanted to play some GBA/N64 emulators on my psp.

Wololo: what was your first contribution to the scene?

Some1:My first contribution to the scene was the Sukiri Demo HBL adaption.

Wololo: Is there a hack/homebrew that impressed you, or that you love?

Some1:The Pandora of course.  In my opinion it was the most genius “hack” for the psp.  Also, my favorite homebrew is Cavestory, awesome plot and gameplay.

Wololo: There was some kind of mystery around this downgrader, when a testing video “leaked” on youtube…can you explain why you didn’t release the downgrader at that time? You promised me you would tell me everything after the release .

Wololo: Are you working on something else? A new project you’d like to share?

Some1: There are a couple projects I have started but I can’t find the time to finish them.  One of the projects at the top of my list is finishing a new devhook-type app made my TheLemonMan which will allow you to go from OFW 500-660 to another OFW between 500-660.

Some1: I would rather not comment on my unreleased work

Wololo: Will we be seeing you on the PS Vita scene?

Some1: Yes, I will be buying a Vita as soon as it is released in US, and I will be involved in the scene as much as I can.  I’m also currently loooking for someone who does have a Vita so I can do some remote testing. [Note from wololo: I'm that guy, I guess ]

Wololo: A final word for the interview?

Some1: I would like to give a message to any and all devs already in the psp scene and new ones coming for the vita scene; do not make any type of piracy software!  I’m really getting tired of all the piracy going around, the ps3 scene (the very little that I followed) seemed to be based around mainly piracy, I haven’t seen that much homebrew for it, it’s quite sad, and I don’t want to see the Vita go down the same route.

Thanks a lot for your time some1, see you soon on the Vita side of the fence

Those of you who have been following my blog for a while know that I’m in the whole “hacking” stuff for one simple reason: my mind refuses to understand that some great hardware is crippled by bad business decisions. In the case of the PSP, that device had everything to become the best platform for emulators and indie apps, but Sony locked the PSP, and made sure indie devs couldn’t join the fun with a prohibitive entry price (dev kits cost 1500$ initially, and you had to prove you were a respectable company, sign an NDA, before being able to get access).

History, helped by Apple and Google, proved that locking indie devs out of their ecosystem was one of Sony’s biggest mistakes in the past years. They tried to fix it with the Playstation Minis, but it was too late.

Xperia Play, the PS Vita, as well as their new series of tablets bring Sony an opportunity to right this. Sony is now trying to solve the issue of device fragmentation (Android devs know too well about this issue) with a system called the Playstation Suite, which is more or less a virtual machine that will enable developers to create a game once, and run it on several platforms (for now, the PS Vita, Sony’s Android tablets, and the Xperia play, but depending on success, other non-Sony Android tablets/phones, and maybe the PS3, might join the fun).

We’ve heard of the Playstation suite before, but a “recent” (I’m kinda late on this one) technical presentation in October gave lots of details on what it’s going to be. The presentation explains it in details, but the things that got my attention are:

• No painful joining process. Homebrew/indie developers as well as companies are welcome, no NDA
• Small entry fee (not announced)
• Open forums for code discussion and sharing
• PC emulator to test the code
• No need to sign the content in order to test it (this one is fishy…does it mean we can distribute our content outside of the Sony store if we feel like it, just like on Android?)
• C#, running in a Mono virtual machine

So, it looks like Sony is finally trying to embrace the homebrew community here, by providing something that will be close to what google Market or the Apple AppStore have for devs. Yet it’s Sony, I can’t help but feel that there will be too much restrictions one way or another… and with their past, it’s difficult to trust Sony when they say “we love indie devs”. What do you guys think?

Nevertheless, this sounds like a wise move, the Vita will be only one device among others, but Sony can leverage their existing game library on many devices, and it could be that the paystation suite will become their strongest asset in the mobile market.

For those of you who are interested, a closed beta has started a few days ago. Anybody can register, but not everybody will be accepted. To me, if Sony does things correctly, they could become “again” one of the major actors of mobile gaming.

There’s one thing we hate even more, it’s GPL infringement.

In the early days of the PSP scene, devs were sharing their work only to a close circle of fellow coders. Knowledge on how to compile and code for the PSP was difficult to get, and people had to prove they were worth the trust in order to access some of the most critical knowledge of the PSP scene. Custom Firmwares, in particular, were entirely closed source, difficult to reverse engineer, and difficult to fake (except a few hexedits or youtube videos using basic plugins that changed the firmware name or number, easily debunked)

But the scene has evolved since those days, and open source code has become the norm for many psp projects. One of these projects is the famous Pro CFW, licensed under the GPL.

Our forums have recently been spammed by posts about a  “Custom Firmware” named 6.XX GOD, created by faker DJGodman. More than a fake, let’s say that it is an “extended” version of CFW Pro, with additional plugins. None of these plugins have been created by DJGodman, mind you, but his application seems to be a nice compilation of the Pro CFW + a bunch of plugins. Why not… some people might like an “all in one” solution, all of these tools are free to use, most of them are open source and under the GPL, so it’s ok to use them…

… except DJGodman is the kind of person who thinks that adding 10 lines of C in a 100’000 line codebase is enough to claim all ownership to the software, and change the license from GPL to closed-source Creative commons.

Of course that’s not the way it works, and after repeated unmet demands to respect the license of Pro CFW, our friend DJGodman earned a nice ban from our forums.

The story could have stopped here, but he thought it would be funny to create several accounts on our forums, and come back with new versions of his “Custom Firmware”. DJGodman didn’t understand the basic idea of respecting devs, and when we told him “please respect the GPL license and publish the entire source code”, he misunderstood that with “please hide as much as you can the fact that you stole source code from dozens of psp devs”.

This is how the Pro Inferno Driver (an advanced iso driver created by Pro CFW devs) magically became the “GODriver” in DJGodman’s version, and how all credits in the firmware were replaced by bullsh*t such as “I, DJGodman, created all of this”. He even pushed the insult to our intelligence by claiming on our forums that all Pro code had been removed from his project (hint: nobody can code a new CFW overnight).

Now, I couldn’t care less if it wasn’t for the repeated personal attacks from that individual to me and other devs, which is funny but gets boring very quickly.

So I decided to dig into “6.XX GOD”…

The readme itself gives strong hints that something’s fishy. The license is under Creative Commons, but that “CFW” includes GPL code such as Codestation’s prxshot, or some1′s Kernel exploit for 6.39/6.60. That’s already a good sign we’re looking at some stolen code.

The faker took care of replacing all strings mentioning Pro CFW with strings mentioning his name instead, so a quick look into the code’s strings doesn’t show anything, but as we unpack the zipped files in the Eboot, we start to see interesting stuff…

No need for me to go further, there’s stolen code from Pro CFW here. Actually, 99% of the code in 6.XX GOD is a direct copy of Pro CFW.

I trust DJGodman when he says this is not a hexedit. He actually recompiled Pro CFW and probably even added some of his own code there. So, there’s genuine work in there, and people might be tempted to try his CFW…but given the quality of his support forums (the CFW section has 10 posts, including 5 that are fake accounts recommending users to download a virus, claiming it is a psp hack), I’d label this “CFW” as a huge piece of cr*p, and I  suggest you to stick with Pro CFW

Welcome to the scene. Talented devs like Virtuous Flame and Coldbird share their work to the entire community, and this is how a lowlife dev-wannabe thanks them, by repackaging their work and claiming all ownership.

In conclusion, here’s a personal message to DJGodman and his followers: it seems you do have some programming skills, I’ve rarely seen such an elaborate fake (thanks to the fact that CFW Pro is open source), you should try to contribute for real to the scene, instead of packaging Pro CFW and a few plugins into an Eboot and claim it’s a new CFW.

And a final note: you didn’t get banned from our forums because we don’t like your CFW. You got banned because you’ve been disrespecting the psp underground community, continuously.

A few weeks ago, Total_Noob had announced in this interview that he was investigating Kernel exploits on the latest firmware. He then confirmed he was onto something, by showing a video running a kernel exploit POC on a PSP running OFW 6.38.

Today this video shows that porting TN Hen to the latest firmwares seemed like a piece of cake for this talented dev.

In the interview, as well as in his recent videos, Total_Noob (and HacKmaN) stated that this Hen would not be released because of the scene’s attitude towards developers and the whole debate about isos.

Comments about the video on youtube show a mix of angry people, people who promise that 6.38 users are not pirates, that they will “behave”, but we all know how it goes: as long as Hen does not support piracy, “nobody” cares about it, and most of the ones who care just come to insult the lack of iso support.

Total_Noob is now following the path of Davee and Team Typhoon, who had a working Hen on firmware 6.20 more than a year ago, but never released it because of the scene’s attitude.

As far as I’m concerned, I’ve been in the scene long enough to know this: the scene is made of 95% of morons who are in this only for piracy. I fight for the remaining 5%.

However, Developer Total_Noob announced via a video on his youtube Channel that he found a new Kernel exploit on firmware 6.38.

The video doesn’t show much, and a user-mode fake homebrew could do the same, but given the source I’m inclined to say that this is legit

Total_Noob states in his video that he has no current plan to release anything for now, so let’s wait a little bit

Feel free to discuss this breakthrough in the dedicated thread on  /talk

I had the opportunity to chat with Total_Noob about his ongoing projects for the psp, so read along if you want to learn about the upcoming features for TN-HEN E…

Total_Noob, thanks for your time . Let’s start with the basics, can you quickly introduce yourself ?

Total_Noob:  My name is Andy, I’m a fifteen years old student. I came to the scene sometime in 2008

When did you get your first PSP ?

Total_Noob: I got my first PSP phat when I was 13. A present from my parents on my birthday. Soon, my cousin hacked my PSP and I had CFW 3.40 OE-A. I really enjoyed my homebrews.

So, you were into hacks from the start…when did you join the scene as a “dev”, what was your first contribution?

Total_Noob: Hm…initially I joined QJ.net. My first plugin was MusicHold, maybe some people will remember it: It allows you to press right and left trigger, while your PSP is in hold mode. Torch, the developer of Hold+ added this feature to his awesome plugin.

Was there a hack or a hacker on the PSP that really impressed you ?

Total_Noob: The hack wich impressed me (and still impresses me) is the Pandora battery. My cousin downgraded my PSP with that and it was just like magic . Every developer who worked on this project impressed me

Let’s move on to your work on the kernel exploit. So… to put things simply, how did you find this exploit?

Total_Noob: 2 years ago ( or one ? ), Yoshihiro gave me a hint about a vulnerability in utility.prx. I was a noob and at first I didn’t understand where the Kernel Exploit was. In August 2010, I was actively looking for a Kernel Exploit and I stumbled upon a function in utility.prx wich was calling a buggy power function with k1 shifted. At that point I remembered that Yoshihiro had told me about this
wololo: So from then you started working on a Hen….

Total_Noob: yes.

how long do you think you spent in total working on the exploit + the Hen ?

Total_Noob: Veeeeeeery much. Since October 2010 till now
wololo: do you have an idea how many hours you spent?
Total_Noob: Well, I worked every weekend on the HEN, so… thousands of hours maybe? Maybe that’s a bit exaggerated…but definitely hundreds of hours.

are you still working on TN Hen ?

Total_Noob: Of course I am! I’m a bit sad, ’cause people think I left the scene. I invented maaany new features and I promise, you guys will be excited once you know what the features are
wololo: Oh, so TN-E is coming…can you reveal a few features you are working on ?
Total_Noob: Well….I think TN-E is ready for release. But maybe my brain will tinker some new features . OK, here are a few:

• - Added OSK Character Limit Increase (the Internet Browser OSK only supports 512 characters. This patch allows you to use 1518 characters).
• - Added password control at startup.
• - Added UMD patch (umd4hombrew is not necessary anymore).
• - Added usbdevice.
• - Added PSX multi-disc support.
• - Added possibility to hide hen eboot in the game menu.
• - Added version.txt display.
• - Added more functions to kubridge library.
• - Added a surprise

Total_Noob: The suprise will hew you guys down
wololo: hehe, can’t wait

What was the biggest challenge when you worked on TN Hen ?

Total_Noob: There was no huge difficulty. Fix bugs, add patches for stability, fix bugs again… the most difficult part was probably to fix bugs I couldn’t reproduce myself.
wololo: ah, good point, so how did you proceed to fix those?
Total_Noob: Trial and error, send new versions regularly to the testers. Sometimes it took me a whole weekend to fix a bug! Like the 32gb Memory Stick problem (Homebrew execution crash)

wololo: Thanks, moving on to your “future” projects…

Lots of people are expecting a Hen for 6.37 (and now I see that 6.38 is out)…do you have an answer for them?

Total_Noob: Yesterday I saw a new function wich has a vulnerability, but it is probably not exploitable. I’ll investigate more after the TN-E release.
wololo: Ok, not sure yet if this is really exploitable, right? But at least it means some vulnerabilities are still around.
Total_Noob: Exactly.

What kind of advice would you give to people who want to become console “hackers”?

Total_Noob: Learn with practice, do NOT start with the hardest thing, such as a CFW.

I assume you know that geohot was recently threatened by Sony (they settled the case earlier this month). Are you afraid the same kind of stuff might happen to PSP hackers?

Total_Noob: No, I’m not afraid. They care much more about the PS3

are you getting an NGP?

Total_Noob: If I’ve got enough money, I’ll buy it for sure
wololo: hehe, any games you’re hoping to play on that new console?
Total_Noob: Assassin’s Creed! or God Of War
wololo: the best part of Assassin’s Creed is Jade Raymond
Total_Noob: Haha, yes she looks nice

Thanks a lot for your answers , any final word?

Total_Noob: Yes, I am developing with my friend HacKmaN.
wololo: Say hi to him, and thanks a lot for your time, Total_Noob!

Missed the first parts of the interview? You can find part 1 here, and part 2 here

Still with us? Great, welcome to this last part of my big interview with two of the main active hackers on the PSP scene nowadays, Coldbird and Virtuous Flame. In this last part, we discuss a bit of 6.37 hacking, and the two devs’ thoughts on the NGP.

Based on your experience with CFW Pro, do you think hacking the PSP has become easier since the 1.xx era ? Or harder?

coldbird: Well… in early times – 1.0 and 1.5 – no real hacking was required… And nowadays, once you did the initial hacking (with no means to debug, besides framebuffer coloring), you can always rely on psplink to help you out with breakpointing / testing…

Also, we developed our own debugging applications, one being named “Jumper”, which allows us to inject a OllyDBG like trace function into a module, to see its program flow…

I dont think its any easier to hack 6.XX Firmwares than it was back in 3.XX. A few protections were added, but its the same process involved. Just that we know a bit more about the hardware / software now than we did before.

Many people ask me if a Kernel exploit/HEN for firmware 6.37 is likely to happen… do you have an answer for them?

coldbird: Unless we discover a suitable Kernel Exploit or Boot-Stage exploit, no – not yet.

For those that do wish to go on a 6.37 exploithunt…Search for Syscall exports that might be exploitable. Many people still dont know how we can make the jump from user to kernel. Syscalls are the only way in! For newbies, get yourself prxtool, get yourself psardumper… decrypt 6.37 and dig in.

As for us… we lack the time to do active searching ourselves. Maintaining PRO as is is enough of a job next to studying, reallife, etc.

6.37 already allows to run user mode homebrews, and a large number of isos using a few signing tricks. We haven’t seen a patch from Sony yet, do you think they gave up on the PSP?

coldbird: Nah. They just got lazy… Not too many people know that the homebrew scene even exists. The homebrew / cfw users make up a small percentage of the overall users. If I go out today, and ask 10 psp owners, I’m already lucky if 1 of them knows what a homebrew is.

They became lazy but they are still operating, and thus only do what they have to do to counteract it in measurable ways. Besides… the ISO signing algorithm by TPU and co only work with pre-generated demo headers, giving you a very strict limit in iso filesize and iso crypt codes. The only real way sony will counteract this is to keep the future released demos below the already existing maximum demo size, to not allow further isos becoming playable.

At least thats my guess here.

What piece of advice would you give to people who want to know “how” to become a hacker?

coldbird: Hm… depends what they wish to do obviously. Well for PSP… the first thing you WILL need is a good MIPS Assembly Instruction sheet, unless you know MIPS Assembly already. No hacking without Assembly.

Virtuous Flame: My advice is “Always curious. And better know nothing than half-know”
coldbird: Ah our friend is talking in cryptic language again. Curiosity is very important though, and a big thirst for knowledge.
Virtuous Flame: I see many devs trying to crack a bug just by replacing files. If they just went deeper into the assembly they would find out a better/wider solution.
coldbird: Yup…

Virtuous Flame: For example, one protection we had to bypass at some point was just made of two new functions added in 6.xx kernel. And it blocked us for many months.
coldbird: Yeah… sheesh that took us forever. But it was so simple: Sony just “cloned” functions with different nids, to trigger a “function not found” error in older firmwares. This simple thing kept us looking for many months, because we were expecting something really difficult,  and were too blind to accept the possibility that it could be a minimal thing.

Any “developer anecdote” you would like to share?

Virtuous Flame: During one of our experiments we found a weird bug in 6.20 utility modules
coldbird: yeah.
coldbird: And evil game developers misusing it for intended crashing…
wololo: Wait, seriously? Game developers don’t intentionally do that
coldbird: they do.
Virtuous Flame: They used a bug fixed in 6.3x to crash any Firmware under 6.3x
wololo: so that’s an anti downgrade feature, somehow ?
Virtuous Flame: Yes. I guess they intened to trigger a bug from Sony’s “bug fix list”. They do nothing in the code except loading and unloading libmp3…
coldbird: Its just a 6.20 bug, which occurs when unloading libmp3, freezing the system
Virtuous Flame: During this process 6.20 kernel corrupts its user memory, which causes random crashes
coldbird: they [The game devs] knew of it… and added it to ensure no 6.20 ofw could – using tricks – play the game.

Are you guys gonna get an NGP?

coldbird: I wont… unless someone magically donates me one or something.
In that case I would continue as I already did for PSP. Take a deeper look into it when possible… and see if i can extend its featureset.
Virtuous Flame: As for me, why not? I am sure Sony must regret selling me the pspgo
Wololo:
coldbird: Even if the statement of my friend sounds a bit… i dont know how to say it…We dont want to harm sony.

Ok, that’s basically it for my questions, any final word for the readers ?

coldbird: Hm.. final sentence. Sounds important. Can it be anything?
Wololo: definitely
coldbird: In that case, I wanna thank everyone who got involved with our development of PRO-CFW and its subprojects, like the online mode, especially my friend Virtuous Flame who sticked with me ever since the start of it. But also the others who were directly or indirectly involved in making progress in the PSP scene, be it Dark Alex, who I always looked up to, Mathieulh, Geohotz and also the early birds of the scene, like Nem who helped us get as far as we are now.

I also want to add a personal greeting of my own to Aznk, my most relyable Betatester in the PRO-Project and my girlfriend Crispy who cheers me up and gives me strength when I’m down.

Wololo: Virtous Flame, any final word, or thing you want to discuss?
Wololo: Ah, I have to go to bed, or my wife will kill me (again!)
coldbird: “Again”? You a zombie?
Wololo: Yup…she basically kills me every sunday night
coldbird: So mate, give wololo your final sentence so he can die in peace.

Virtuous Flame: The era of PSP may end very soon, but soon a new dawn will rise.
Is this good enough ?
coldbird: poethical.

Wololo: Thanks SO MUCH for your time guys!

Missed the first part of the interview? You can find it here

Coldbird and Virtuous Flame are the talented devs behind CFW Pro, a (Light) Custom Firmware that is progressively becoming the most mainstream CFW solution for most PSP Owners. I had the privilege to discuss with them about their ongoing work a few days ago, here is the second part of this interview.

What was the hardest challenge you had to deal with while working on CFW PRO?

coldbird: Easy one. Haters. Next question please
Well… if you want technical aspects, I can give that too. Our very first problem was  that the exploit used on 6.20… wasn’t usable on 6.3X
Wololo: you mean the user mode exploit
coldbird: Nah… the Power Kernel Exploit. We have spent several days trying to figure out how to use the exploit (which was still there) in a way we can get kernel access.
Wololo: I see…so it was still here, but not usable in the same way
coldbird: Well… TN was very very lucky… Because Sony’s compiler shifted functions in a way he could easily exploit em.
Wololo: I remember VF dealing with many issues, involving the AC Adaptor
Virtuous Flame: Yep. Even 5.03 kernel have to find a new way to exploit
coldbird: The alignment of functions (4byte alignment) is very important for TN’s code to work. otherwise he cant trigger a callback In 6.3X… we had the problem that Sony’s compiler shifted functions differently, aligning them in the worst possible way.
After 2 days of thinking I had a brilliant idea which even caught my pro-mate over here offguard. I figured out that on PSP Go… it was possible to use the power exploit, to null whole buffer ranges on a 16byte alignment. I then analyzed 6.3X sysmem.prx, to find a suitable exploitable dynamic jal instruction, and we just nulled a user accessible syscall using the psp go exploit i discovered. We then setup a proper wrapper code to pass exploitable arguments and bruteforce a exploitable callback id (required for nulling big ranges of memory in kernel), which allowed us to reach a dynamic jal instruction from a user available sysmem callback. [Kids, I hope you're taking notes ]

Virtuous Flame: When Davee released his downgrade he used sceKernelUtilsMd5BlockInit for the exploit. It is nicer but we still used our own way to exploit… that took us several days
coldbird: this is also the easiest proof that Pro is not a copy. Everyone who is too lazy to look at our assembly is just a random brainless flamer
Wololo: ah, that’s a very nice transition, because that was actually my next question

Some people have been claiming that you are mostly “stealing” other people’s work. I’m sure you are aware of these accusations, is there anything you want to reply to that?

coldbird: Well… if we are stealers, then so is every CFW out there… cause we all reversed the m33 sysctrl module at some point. The only component in our cfw which is not ours (coded from scratch) is the m33 iso driver.
Virtuous Flame: not only. The usbdevice.prx as well comes from M33
coldbird: Yeah. for the usb mounting.
Virtuous Flame: During our reversing of older CFW prx, we had the idea to open source a CFW.
coldbird: Yeah… the world’s rotting but this is why we wanna go the way PRO is going right now…

Thanks for the transition,you stated that CFW PRO will become open source soon. What’s your goal with open-sourcing? Is that also a way to reply to the “stealing” accusations?

coldbird: Nah… the people saying we steal would still say we do, even if we opensourced it. We are doing it because with every new generation of CFW, it was always the same problem: due to the closed source behaviour, every new iteration required a full reinventing of the wheel. With a fully working and proper CFW source being open, this will improve future CFW development a lot. And killer features like online mode will ensure the PSP stays alive, (even after NGP is out) as a online themed multiplayer portable device, which is fully open and the source viewable by everyone.
Wololo: Aren’t you afraid this will also give away some precious information to Sony?
Virtuous Flame: It may increase the risk of leaking CFW secrets to Sony etc, but since PSP is dying the risk is mininized.
coldbird: Why do you think we timed it like this?

Can you talk about the recent work on “permanent patch” for new PSP models?  Don’t you think it’s a bit dangerous to permanently patch unhackable motherboards?

coldbird: Yes, but DA did it too before Pandora was out.
Wololo: Wow, that’s true, didn’t even remember that!
coldbird: Besides the only danger lies in idiots popping the battery out while flashing.
Virtuous Flame: Yes. It’s controlable for now. Now with a bit of work, devs could program tools that would safely go to OFW, recovery mode, etc…

[Note by Wololo: you can follow the ongoing developments of permanemt CFW on unchackable motherboard on our forums here, credits go to kgsws for the initial research ]

You mentioned it several times in your blog, can you describe in a few words the concept of the Online CFW (CFW PRO-C)? I think everybody’s excited, and would love to know what this will bring to end users

coldbird: xbox live for psps. just free.
I’m sure you know xlink kai [Note by wololo: see wikipedia here].  Its a tunneling software, grabbing airwaves and tunneling the ethernet frames over udp to the other peers to “enable online play”. Our online mode does the same,  just that it isnt grabbing airwaves, but instead replacing the sony adhoc modules with a identical copy which uses infrastructure to do the tunneling.

Basically it is a adhoc module emulator, providing a copy of the adhoc functions. The game itself will think it operates on adhoc, while it really connects to our master server for peer matching, and then uses peer 2 peer transmissions to contact all the other players necessary for a game.

Ignoring the technical yada yada it allows all psp multiplayer games to play online.

the master server is in fact extremely lightweight, cross plattform compilable, and c++ based. Running on standby, the master server eats less than 5mb memory, with only about 1kb of data in memory for each user connected. Which means that even a lowend vserver with lets say, 128mb ram, can easily house several thousand users.
wololo: I’m gonna run my copy of the master server on my PSP
coldbird: you will be laughing, but indeed the master server can even run on a psp. Its a cross plattform app which runs fine on psp, linux (32 and 64bit) and windows (only tested on 32bit). The master server operates on tcp connections, while the peers run on udp.

The only important thing bout online mode is to be close to your wifi router, due to the nature of udp not having error correction, and airwaves being unrelyable the distance to the router is important for lagfree gaming

wololo: Ok, now I really can’t wait. This basically means that even when Sony stops supporting the PSP, we will still have a very lively community… I didn’t imagine such a bright future for our beloved console

How many hours did you both roughly spend so far working on CFW PRO?

coldbird: uff…how many hours… we have been working on it for how many months now? 8? 9? several hundred hours – for sure.
Virtuous Flame:
changeset: 0:8ff166839936
date: Fri Jan 07 08:42:22 2011 +0800
summary: Add basic framework
This is where PRO-A begins
coldbird: that sums up the creation of our repository, but we worked a lot without a dedicated repository before that. That kinda falsifies the results cause most of the time went into early coding, creation of a suitable exploit suite, etc…
Virtuous Flame: 2010/11 we created 6.31 hen repo
Coldbird: well if it has to be hours. the several hundreds should do its job as a answer i think. We didnt really count em but it was a lot

That’s it for this second part of the interview. Last but not least, in the 3rd part, we will discuss the hacking of future firmwares, and the NGP. Stay tuned

Today I had the privilege to discuss with both Coldbird and Virtuous Flame and talk about their ongoing work. In this interview, we talked a bit about their history in the PSP scene, upcoming features in CFW Pro, and their insight on various technical subjects such as the hack of firmware 6.37, or permanent CFW possibilities on unhackable motherboards… sounds interesting? Well, the tasty bits are in the interview, follow me

Hi guys, thanks a lot for your time today, can you both quickly introduce yourself?

coldbird: Hm.. I’m 20 years old, as of writing this I’m in the 12th grade and studying IT-Sciences… something I really regret nowadays cause it really isn’t what I was expecting it to be when I first started it. With 8 years I got really obsessed with computers after a aquaintance gave me his old broken DOS computer which I patched up… and started hacking DOS-adventure games…

I’ve learned different assembly languages and am now moving onto the database programming / network security sector. Most of my time I spend coding on private things or coding for money / school projects. If I do find some spare time next to that I usually deal with reallife affairs like family problems or I just go take a walk to get some fresh air. As a IT specialist its kinda difficult to get some spare time you can actually spend without computers.

Virtuous Flame: I am a Chinese student. Months ago I came to the PSP scene by chance and got acquainted with Coldbird. It’s some kind of fate I think.

When did you guys get your first PSPs?

coldbird: I still remember when the NDS / PSP first launched and I couldn’t really enjoy playing NDS even though I got one as a present from my sister. I was fascinated with the PSP from the very start and saved a lot of cash myself to get my first 1000 unit. As I was hacking all kind of computers before that, I was of course interested in hacking the PSP too… and kinda got into the whole “how the hell do you get this down to 1.5 hackable fw“-affair.
Eventually I’ve found myself following people like Fanjita back then, up to the first Grand Theft Auto exploit based downgrader… after that I got a lot more involved, and several PSPs followed (different generation models) – which later on died a martyr death while working on my own developments.
So a long story short – I was there from the european launch onwards.
Wololo: Damn, I remember walking the streets of Akihabara like a zombie, looking for an unpatched copy of GTA
coldbird: Haha. Poor you, I bought one immediately when I heard of the first Fanjita Eloader.

Virtuous Flame: On 2007-10-4 I bought myself a PSP-2K, just shipped with 3.71-M33. That was the golden time of PSP CFW. Since then I became curious on how PSP OFW/CFW works.

Kingdom Hearts, one of the many PSP Games you can't play on a PSP Go... except for CFW Pro users

So, you guys basically started right away with the goal of using CFW/Hen, etc… when exactly did you start getting “actively” involved in the scene? I mean, as devs ?

coldbird: Hm… as for me it was when the whole Fastloader ISO Loading occured, later on Devhook. I analyzed PRX modules from ISO dumps checking for incompatiblities with Fastloader and tried to resolve them somehow, for some games I succeeded, for some I failed. With Devhook rising, I was one of the first guys to start the whole “Plugin Hype” we see today. I created the first working cheat device for Devhook – one for Breath of Fire 3 in fact, later on one for Valkyria Profile -  Parts of my codes and suggestions were then included in CWCheat by Weltall.

Virtuous Flame: I started my “career” by pointing out and temporarily fixing a bug in TN-A. [Note by wololo? you can still find this version in the "older releases" section of our TN Hen page]

Is there an event in the PSP scene that impressed/shocked you when you were a newbie? An impressive hack, for example? Hackers you like?

coldbird: Definitely. Snes9xTYL by YoyoFR. I’m a big SNES fan, and fullspeed SNES emulation on PSP, especially on advanced titles like Starfox or Chrono Trigger / Super Mario RPG were a big surprise for me.
Even today I find myself using that Homebrew a lot, to replay my old classics.

Virtuous Flame: For me, it’s M33 CFW from Dark_Alex. I still remember, when NP9660 iso driver lauched I was wondering how an OFW module turned out to be a hacked ISO driver…
coldbird: Haha, yeah. I remember that… DA discovered the module and how to use it way before Sony launched PSN.
Virtuous Flame: …until I reversed galaxy and finally understood

Wololo: Ok, I have a few other questions about your background, but I’ll come to them later, I want to talk a bit about the present and the future

so let’s move on to your current work… why did you guys decide to start working on a Hen/CFW ?

coldbird: I can’t talk for my mate here but I did it because 5.XX CFWs were getting old. Not in the “oh its boring way” but “oh its a pain to work on it” way. Also, Sony keeps pumping out new hardware revisions of its console. Old OFW modules weren’t compatible with new models, so we required something that made the newer models exploitable…

The biggest plus for PRO cfw / hen is it’s hardware compatiblity: OFW is not compatible to the new 9g models, while 6.35 is, making ours the most compatible CFW. Also, for ISO playback… it started to become a big pain on older Firmwares due to driver problems (mostly ME-related). Also PSN dealt a lot of trouble, because sony coded a new psn downloader.
Basically – a new OFW moduleset was required, to keep compatiblity up for OFW components / newer models.

Virtuous Flame: Initially, we were just curious to know how the kxploit worked on 6.20.
As soon as we completed a HEN-like prototype, we felt it could be upgraded to (L)CFW, to meet everyone’s needs.

Was the 6.35 Hen your first work together, or did you guys already work together in the past?

coldbird: our first major work together was 6.31 HEN actually. We later – when Sony updated ofw – found out that 6.31 and 6.35 posed absolutely no difference, so we upgraded our code.

Wololo: Ah, true. You guys started on 6.31, and moved on to 6.35 later on
Virtuous Flame: Yes. We even have a 6.36HEN for those guys who upgraded their FW just for MHP3
The main purpose of this HEN is to downgrade
coldbird: Yeah… for downgrading purposes.

Actually, some people keep asking me about 6.36… so your advice for them would be, run this Hen to downgrade to 6.35, right ?

coldbird: Yup. 6.35 + version.txt fake + 6.35 update file. I didn’t test it myself, as the 6.36 hen was a quick recode from my mate here, but this should work. At least it did for him.
Virtuous Flame: Yes. Since 6.3x removed old decrypt support. It couldn’t go down to 5.xx kernel until Davee released his downgrader.
coldbird: Actually 6.20 was even blocked…But Davee added the missing decrypt keys. So up to 6.36 you can change between 6.20, 6.35 and 6.36 freely.
On 9g models however, you can only go down to 6.30, because of driver issues… So you see the downgrade to 6.20 is not possible on those units.

So, back to CFW Pro, many hackers work alone, why did you two decide to work together on this project?

Virtuous Flame: basically we were introduced by a common friend a while ago, and discovered we were working on similar projects. That friend got us to cooperate and we came to like each other and trust each other…

ok, give us a few hints, what’s coming in the next release of CFW PRO? (I’ve seen the blog post with a list of changes, can you give more details ?)

coldbird: Well… all the things mentioned in the changelog plus PSP Go Hibernation Fix for High Memory Applications. And… you wanna mention it VF?
Virtuous Flame: Not to the public
coldbird: Well. Atleast get our mate Wololo horny. lol
[...] <– [I promised I wouldn't reveal this bit... let's say that it will be a very nice addition to CFW Pro ]

So Let’s sum this up, CFW Pro B4 will have the following new features:

• New ISO Driver “Inferno” (boosting game compatiblity by a lot)
• Version.txt Display
• Improved Plugin Compatiblity (NID resolver changes + other fixes)
• Custom PSX Manual Compatiblity
• Parental Level Check for ISOs
• Anti NBGI Fixes (fixes a bunch of “broken” games)
• PSP Go Hibernation Fix for High Memory Applications
• A nice additional surprise…

That’s it for the first part of this interview. In the next parts we will discuss FW Pro-C and its online features, permanent CFW on new PSP models, and hacking the firmware 6.37, Stay tuned

2 days ago, developer coldbird sent a very strong message on his blog regarding the future of 6.35 Pro, a (Light) Custom Firmware developed by himself and Virtuous Flame. In a blog post packed with information, Coldbird announced 2 major points:

• 6.35 Pro-B is close to completion, and will support PSX games (the real deal)
• Plans for Pro-C are already being made, and this will be the last closed source release of the 6.35 Pro CFW
• Releases after Pro-C will be open source, and Coldbird announced this open source project might enter the PSP Genesis competition

You’d rather read Coldbird’s entry by yourselves, but there’s a strong message here that the PSP scene should go back to joining forces, share knowledge, in order to build a strong CFW experience, to make the PSP better even after it will have been long forgotten by Sony and the NGP.

There’s also some bitterness in Coldbird’s post, but overall this sounds to me like a very promising future for our console. Open source CFW? The last time this happened was so long ago  most of you probably don’t even know this ever happened. As one of the devs of the first open source Homebrew loader for the PSP, I can only applause this initiative.

Version Pro-B is not there yet, and coldbird’s blog post talks about version C and beyond that…things might change until this happens, but let’s hope for the best, and let me wish luck to the 6.35 Pro team

source coldbird’s blog, thanks to TerryCee for the tip