Turns out he’s not just a green frog! So, I’ve been throwing this word around recently and it’s probably about time I explain. Kermit, either a protocol or perhaps a funny name (see KIRK/SPOCK) is a communication interface for the PSP emu. Specifically it allows the PSP to talk to the host.
Now, I can tell there aren’t as many developers here, so I’ll try to simplify for the curious minds but this stuff is pretty complicated. I’ll only explain the API in detail as the lower level still need a little bit of clearing up, but here goes. Read More
First thing first, huge thanks to Proxima and some1. They’ve provided key utilities and advice for this research. So, yeah, it was really only a matter of time till this kind of thing happened. Sony dont just emulate the userland process of a PSP game, they emulate the entire kernel albeit, a modified kernel. The PSP emu has limited access to hardware, with interfacing the hardware done via a Kermit module. Kermit is a old-timers transmission protocol, likely used to talk to the native Vita. Read More
Thanks to a facebook message from my dad yesterday, I was informed of this website: Can you Crack it?. So, promptly, I got onto the job and it was surprisingly easy and I imagine it will be for most people who can reverse engineer and has experience doing so.
Click read more to see how I did it, but I suggest you have a good attempt beforehand. It’s a nice little reverse engineering exercise.
Read More
As an ongoing project, me and some1 have been enhancing this downgrader from birth on the 6.31/6.35 firmwares. This multi-firmware downgrader allows you to install a lower (or higher) firmware without any fuss. No complex flash0 sharing, just running the firmware update.
However, there comes restriction with PSP models and compatible firmware. For example, a PSPgo cannot run 1.50 as there are no drivers for the system and the IPL format is incompatible. Much like this, the PSP 3000 09g is unable to install firmwares < 6.30 which removes it’s ability to appreciate the flexibility of permanent custom firmware.
This is no longer the case.
Read More
It sucks, my beautiful girlfriend’s fallen pretty ill and I want her to get real better soon. If you could spare some time I’d appreciate if you’d drop a comment. Hopefully she’ll be up and running soon again!
She’s suffering from some migraines and it’s causing her a lot of pain. Leave something to help cheer her up, it’ll mean a lot to me!
Love you Emma 
<3
Cheers guys.
Well, I’m no beginner to electronics, but this is my first microcontroller that can directly interface them! So yeah, pretty cool, never messed with AVR in my life, always used PIC for my USB controller. So I’ve been messing around a bit and I’ve done some very basic stuff working with components here and there.
Read on to see the stuff I’ve done.
Read More
The private key for the KIRK 0×10 functionality is known to be stored in a encrypted buffer of 0×20 bytes. Proxima discovered that the KIRK 0×10 operates as this:
Kirk 0x10 - ECDSA Sign hash Invocation: u8 buffer[0x34] u8 encryptedprivatekey[0x20] - the private key returned by KIRK 0xC must be AES encrypted somehow u8 SHA1hashofmessagetosign[0x14] memcpy(buffer,encryptedprivatekey,0x20) memcpy(buffer+0x20,SHA1hashofmessagetosign,0x14) sceUtilsBufferCopyWithRange(newsig,0x28,buffer,0x34,0x10); newsig will have the r and s values for an ECDSA signature This isn't that useful since it is not clear how to encrypt the private key to sign the message. There are some examples in IDStorage where a pre-encrypted private key and public key pair can be used, but no general cases yet.
First a huge thanks to Gusha for his huge support donating a lot of time for testing stuff on his TA-88v3, cheers mate! This post I’ll describe what I have found out so far with the TA-88v3 and provide a model representing the security and operation of the TA-88v3 pre-IPL. Unfortunately, the hash has not been broken but this could be some useful information.
this is a test. cheers guys.
Sony, being as sneaky as they are decided to do a rather interesting move. As researched by Coyotebean, Sony started enforcing using a public key method of verifying KIRK data and removing the ability to load the old types of data. As they did this, firmware 6.30+ cannot decrypt the updater and the PRX inside and therefore cannot use the index.dat spoofing to downgrade.
Read More