Source: Davee's Blog

Turns out he's not just a green frog! So, I've been throwing this word around recently and it's probably about time I explain. Kermit, either a protocol or perhaps a funny name (see KIRK/SPOCK) is a communication interface for the PSP emu. Specifically it allows the PSP to talk to the host.

Now, I can tell there aren't as many developers here, so I'll try to simplify for the curious minds but this stuff is pretty complicated. I'll only explain the API in detail as the lower level still need a little bit of clearing up, but here goes. 

Continue reading...

Source: Davee's Blog

First thing first, huge thanks to Proxima and some1. They've provided key utilities and advice for this research. So, yeah, it was really only a matter of time till this kind of thing happened. Sony dont just emulate the userland process of a PSP game, they emulate the entire kernel albeit, a modified kernel. The PSP emu has limited access to hardware, with interfacing the hardware done via a Kermit module. Kermit is a old-timers transmission protocol, likely used to talk to the native Vita.

Continue reading...

Source: Davee's Blog

Thanks to a facebook message from my dad yesterday, I was informed of this website: Can you Crack it?. So, promptly, I got onto the job and it was surprisingly easy and I imagine it will be for most people who can reverse engineer and has experience doing so.

Click read more to see how I did it, but I suggest you have a good attempt beforehand. It's a nice little reverse engineering exercise.

Continue reading...

Source: Davee's Blog

As an ongoing project, me and some1 have been enhancing this downgrader from birth on the 6.31/6.35 firmwares. This multi-firmware downgrader allows you to install a lower (or higher) firmware without any fuss. No complex flash0 sharing, just running the firmware update.
However, there comes restriction with PSP models and compatible firmware. For example, a PSPgo cannot run 1.50 as there are no drivers for the system and the IPL format is incompatible. Much like this, the PSP 3000 09g is unable to install firmwares < 6.30 which removes it's ability to appreciate the flexibility of permanent custom firmware.

This is no longer the case.

Continue reading...

Source: Davee's Blog

It sucks, my beautiful girlfriend's fallen pretty ill and I want her to get real better soon. If you could spare some time I'd appreciate if you'd drop a comment. Hopefully she'll be up and running soon again!

She's suffering from some migraines and it's causing her a lot of pain. Leave something to help cheer her up, it'll mean a lot to me!

Love you Emma :D <3
Cheers guys.

Source: Davee's Blog

Well, I'm no beginner to electronics, but this is my first microcontroller that can directly interface them! So yeah, pretty cool, never messed with AVR in my life, always used PIC for my USB controller. So I've been messing around a bit and I've done some very basic stuff working with components here and there.

Read on to see the stuff I've done.

Continue reading...

Source: Davee's Blog

The private key for the KIRK 0x10 functionality is known to be stored in a encrypted buffer of 0x20 bytes. Proxima discovered that the KIRK 0x10 operates as this:

Continue reading...

Source: Davee's Blog

First a huge thanks to Gusha for his huge support donating a lot of time for testing stuff on his TA-88v3, cheers mate! This post I'll describe what I have found out so far with the TA-88v3 and provide a model representing the security and operation of the TA-88v3 pre-IPL. Unfortunately, the hash has not been broken but this could be some useful information.

Continue reading...

Source: Davee's Blog

this is a test. cheers guys.

Source: Davee's Blog

Sony, being as sneaky as they are decided to do a rather interesting move. As researched by Coyotebean, Sony started enforcing using a public key method of verifying KIRK data and removing the ability to load the old types of data. As they did this, firmware 6.30+ cannot decrypt the updater and the PRX inside and therefore cannot use the index.dat spoofing to downgrade.

Continue reading...

Source: Davee's Blog

Now that 6.20 TN-A is out in the open, allow me to describe the kernel vulnerability used. Back in 5.70/6.00 Sony introduced a feature into the sceUtility_private library that allowed to set and unset a callback with kernel privileges.

These two functions are not normally imported so they require some special techniques such as syscall estimation to reach them in order to utilise their functionality.

Now, how does this kernel exploit work?

Continue reading...

Source: Davee's Blog

Well, finally decided that I'll update this blog... hopefully I'll remember to do so in the future also! Yep, life is busy just now, school, school, school so not much time for code or stuff. In the meantime, I guess all I can do is end this with a rather epic video. The romance of a turtle and a cat.



Interesting, huh?

Source: Davee's Blog

Hello everyone, this is my blog! After owning x-fusion for nearly four years, decided I should get a new domain, hence this blog.

I've never had a blog before, so bear with me whilst I get used to all this fancy software (currently using wordpress atm). Back to the point, I made this blog in order to share research and post stuff that interest me when I see them. I'm currently actively working on the PS3 and the PSP so no doubt I'll post some information regarding whatever I find.

In specifics, I am working on the PSPgo privately researching the firmware and the hardware for changes between the previous models. I am also actively working on the lv2 reverse-engineering of the PS3.

In other notes, I am ment to be playing at a music festival with my band on the 29th May, 2010. So, I'm looking forward to that. If you didn't know I play in a band called "Guide the Light". You should check us out, I mean we played with Pearl and the Puppets (who are really good and you should also check out).

Anyway, think I'mma finish off there, ran out of things to say.

- Davee 2010