Psp Cfw Wiki

Use M33 network update(3.80 M33 or lastest cf) - Network update from dark-alex.org page.This allows easy update of your custom firmware through wi-fi. Hide PIC0.PNG and PIC1.PNG in game menu(3.80 M33-5 or latest) - when on This allows faster browse in XMB games.This setting only applies to any kind of apps/games (pbp, iso) that load from MS. This can be used for an almost complete PSP CFW experience. Can play PSP games, and PS1 games but without sound. The two available options are ARK or TN-V. TN-V recreates the PSP XMB interface, but ARK has more flexibility with regards to where it can load files from, which is a. Bejeweled 2 PSP Shin Megami Tensei: Persona 3 Portable Despicable Me Groovin’ Blocks PSP Lego Harry Potter: Years 1-4 Gravity Crash Portable Piyotama PSP Kingdom Hearts: Birth By Sleep. Version 6.31 (29 July 2010) Warriors Of The Lost Empire Madden NFL 11 PSP YS Seven Zuma PSP Valkyria Chronicles 2 Ace Combat Joint Assault.

PlayStation Portable homebrew refers to the process of using exploits and hacks to execute unsigned code on the PlayStation Portable (PSP).

Applications[edit]

Additional features added including the ability to emulate and play the ROMs of other consoles, play homebrew games, share music, print photos, watch videos from streaming sites such as YouTube, and run additional video formats originally unsupported by the device.^[1]

Emulation[edit]

Homebrew emulators were created for NES, SNES, Game Boy Color, Game Boy Advance, Sega Genesis and N64 console systems among others. Numerous different emulators were created for the most popular consoles.^[2]PlayStation 1 emulation was native, made by Sony.

History of homebrew[edit]

Soon after the PSP was released, hackers began to discover exploits in the PSP that could be used to run unsigned code on the device. Sony released version 1.51 of the PSP firmware in May 2005 to plug the holes that hackers were using to gain access to the device.^[3] On 15 June 2005 the hackers distributed the cracked code of the PSP on the internet. Hackers refused to apply updates which would render their hacks unusable so Sony attempted to convince users that there was a benefit to upgrading by including new features in the firmware updates, such as a web browser, and not just security patches to plug the vulnerabilities. BusinessWeek dubbed this the 'carrot-and-stick' approach.^[1]

In August 2005 Sony released version 2.0 of the firmware which included the web browser, file compatibility updates and other features.^[4] Hackers and other homebrew enthusiasts then encountered the first trojan for the PSP. Symantec called this trojan 'Trojan.PSPBrick'. Users attempting to downgrade their PSP using this software instead found that it was rendered inoperable as this software deleted mandatory/important system files.^[5] Over the course of 2005 Sony released six different versions of the firmware and hackers typically responded to it by downgrading to avoid the new security updates.^[1]

In mid-2006, after several months of problems in defeating the PSP's firmware a file was posted online which allowed new PSPs running firmware version 2.6 to downgrade to 1.5 so they could then be hacked using older methods. This reportedly caused more buzz in the community than any recent official offerings for the device.^[6]

Dark_AleX[edit]

Dark AleX (aka Dark_AleX, Dax, Darkethe) is a Spanishprogrammer who writes homebrew applications for the PlayStation Portable. Dark AleX, as well as other variations of the name, is a pseudonym under which he works.^[7] One of the drawbacks of downgrading the PSP is that new official media may require the presence of a new firmware edition. Dark_Alex had released a Custom Firmware called 'Dark Alex's Open Edition firmware' or 'Custom Firmware (CFW)' which opens the firmware and allows users to use the existing feature set of the current edition. Sony quickly patched the firmware again, continuing the cat-and-mouse game with the hackers and users.^[8] In 2006 Sony released six updates to the system firmware and in 2007 they released another six updates.^[4] In July 2007 Dark_AleX officially stopped his work on the PSP, citing perceived problems with Sony as one of the reasons for his departure.^[9]Some people even suggested that Dark_AleX was paid by Sony not to release any more custom firmware, but Sony denied this.^[10]

Custom Firmware allows the running of unsigned code such as homebrew applications and UMD backups, emulators for other consoles, as well as PlayStation games when the disc images are converted into PSP format.^[11]

Half Byte Loader[edit]

Half Byte Loader (also known as HBL) is an open source software project that aims at loading homebrew for PlayStation Portable handheld console through user-mode exploits. It does not provide any mechanism for loading official games or ISO images. HBL was built from scratch to be easily portable to any user-mode exploit. The project was created and started by m0skit0 and ab5000.^[12][13] It is currently maintained by wololo.^[14]

HBL was created initially for the Medal of Honor Heroes exploit. An alpha version was released as open source by m0skit0 and ab5000 in November 2009, which ran very simple homebrews.^[12] When the Patapon 2 demo exploit was found and leaked, wololo joined the project and proposed to port HBL to this new exploit.^[15] The AdvancedPSP forums, which hosted the project, were shut down by the hosting and the project moved to wololo/talk^[16] forums. wololo also created a new public SVN repository for HBL at Google Code.^[14] Other PSP hackers such as Davee and neur0n joined in to help the development of this port. HBL for Patapon 2 passed to beta version, and can be considered the first useful HBL version, released in March 2010. HBL was subsequently ported to several other user-mode exploits, and also served as base for other projects, like the PRO CFW project.

HBL was also ported to run on Sony PlayStation Vita's PSP emulator with very little modifications. This project was named Vita HBL (VHBL) and was uploaded to HBL's public repository by wololo in March 2012.^[17][18]

Statements[edit]

Motivation for homebrew[edit]

Psp 1001 Cfw

Hackers have stated that the motivation for unlocking the PSP has nothing to do with piracy, but allowing individuals full access to the products they've purchased and the freedom to do what they want with the item as well as the interest in exploring something unknown.^[1][19] Fanjita, a member of the hacker group 'N00bz!', stated,

'Everyone has the right to do what they want with their own hardware. Piracy does upset me, and because what we are doing opens the way to piracy it's harder to justify it morally. But our stance on piracy is clear, and we hope to be role models. Sony have never been in touch with me, so I am confident that what we are doing is legal.'^[8]

Sony's position[edit]

Sony has told the media that any issues resulting from running modified code on the device would void the warranty.^[3][1] They have also stated that the problem is not with homebrew but piracy.^[8] However their constant firmware updates have been seen as attempts to hamper homebrew development.^[20] According to Phillip Torrone from Make magazine, this hampering could be due to the attempts to curb piracy and may cause more harm than good. He thinks that 'the really smart companies should release their products to the alpha geeks for six months and let the alpha geeks play around with them. It seems to me they'd save a lot of money on R&D, and they'd come out with much more solid products.'^[19]

However, Sony has also said that, when questioned about homebrew game support, Jack Tretton replied with,

'I think that is something that is in the works. We certainly see some of the stuff that has been done via homebrew, and it's incredibly creative. And I think we'd like to try and tap into that a little bit more.'^[21]

Psp Pro Cfw

References[edit]

1. ^ ^abcdeKenji Hall (2005-12-01). 'Attack of the Playstation Hackers'. BusinessWeek. Retrieved 2008-07-21.
2. ^Silvester, Niko (28 December 2018). 'Top 10 Game System Emulators for PSP'. Lifewire. Retrieved 24 January 2019.
3. ^ ^ab'Sony battles hackers over hijacked games'. Reuters. 2005-07-06. Retrieved 2008-12-02.
4. ^ ^ab'Playstation.com - Support - System Updates - psp'.
5. ^Robert McMillan (2005-10-08). 'Trojan Trashes Playstation Portable'. PC World. Retrieved 2008-07-22.
6. ^Mike Musgrove (2006-06-06). 'Routine Upgrades Are the Bane of 'Homebrew' Enthusiasts'. The Washington Post. Retrieved 2008-07-28.
7. ^Rubens, Paul (2007-02-26). 'Three hacker teams unlock the PSP'. BBC News. Retrieved 2008-02-17.
8. ^ ^abcPaul Rubens (2007-02-26). 'Three hacker teams unlock the PSP'. BBC. Retrieved 2008-07-21.
9. ^Patel, Nilay. 'PSP modder extraordinare Dark_AleX calls it quits'. engadget. Retrieved 2008-08-05.
10. ^Totilo, Stephen. 'Sony Exec Talks New PSP's Upgrades, GPS Attachment, NYC Appeal And More'. MTV. Retrieved 2008-08-05.
11. ^Swann, Graham. 'Investigating the PSP's PSone emulator'. Eurogamer. Retrieved 2008-08-05.
12. ^ ^abWololo (2009-11-29). 'MOHH exploit – m0skit0's eLoader alpha release (Devs only)'. Wololo.net. Retrieved 2012-09-26.
13. ^'LICENSE - valentine-hbl - Half Byte Loader - Google Project Hosting'. Retrieved 2013-06-21.
14. ^ ^ab'valentine-hbl - Half Byte Loader - Google Project Hosting'. Retrieved 2013-06-21.
15. ^'(devs only) Valentine: Half-Byte Loader port to the Patapon2 demo exploit ·'. Wololo.net. 2010-03-29. Retrieved 2013-06-21.
16. ^'wololo.net/talk • View forum - Half Byte Loader Development'. Wololo.net. Retrieved 2013-06-21.
17. ^'VHBL: source uploaded to the svn, and new forum ·'. Wololo.net. 2012-03-03. Retrieved 2013-06-21.
18. ^Callaham, John. 'Neowin - Where unprofessional journalism looks better'. Neogamr.net. Archived from the original on 2012-10-07. Retrieved 2013-06-21.
19. ^ ^abMike Musgrove (2005-07-12). 'Tapping into Tinkering'. The Washington Post. Retrieved 2008-07-22.
20. ^Gregory A. Quirk (2007-11-20). 'Under the Hood: Sony Playstation Portable slims down'. EETimes. Retrieved 2008-07-22.
21. ^Greg Miller (2007-07-23). 'Mailbag for 23 July 2007 - The Small Fish'. IGN. Archived from the original on 13 January 2009. Retrieved 2008-12-24.

Custom firmware, also known as aftermarket firmware, is an unofficial new or modified version of firmware created by third parties on devices such as video game consoles and various embedded device types to provide new features or to unlock hidden functionality. In the video game console community, the term is often written as custom firmware or simply CFW, referring to an altered version of the original system software (also known as the official firmware or simply OFW) inside a video game console such as the PlayStation Portable, PlayStation 3, PlayStation Vita and Nintendo 3DS.

Ps3 Cfw Wiki

Video game consoles[edit]

Custom firmware often allow homebrew applications or ROM image backups to run directly within the game console, unlike official firmware, which usually only allow signed or retailed copies of software to run. Because custom firmware is often associated with software piracy, console manufacturers such as Nintendo and Sony have put significant effort into blocking custom firmware and other third party devices and content from their game consoles.

PlayStation Portable, PlayStation 3 and PlayStation Vita[edit]

Custom firmware is commonly seen in the PlayStation Portable handhelds released by Sony. Notable custom firmware include M33 by Dark_AleX as well as those made by others such as the 5.50GEN series, Minimum Edition (ME/LME), and PRO.

Custom firmware is also seen in the PlayStation 3 console. Only early 'Fat' and Slim (CECH-20xx until CECH-25xx) model to run custom firmware. Slim (CECH-30xx) and Super Slim model can only run HEN (Homebrew Enabler), which has functionality similar to a custom firmware.

The PlayStation Vita, has eCFW meaning custom firmware for PSP running in the PSP emulator of the PS Vita. These eCFWs include ARK, TN-V and more recently, Adrenaline, which includes more features since it was hacked from the native side. In 2016 things changed for the PS Vita scene, as a Team called Molecule released HENkaku which alters the OFW of the PS Vita on firmware 3.60 and by doing so creating a custom firmware on your handheld, opening it up like never before. The team behind the original HENkaku has also released taiHEN. taiHEN is a framework on which the newest version of HENkaku runs. It is a way to load plugins at the system level like you were used to on the PSP allowing you to change/add function to your console.^{[citation needed]} Enso is a bootloader vulnerability of the Vita that make HENkaku permanent and allows to run itself on the boot. So the Vita has a full CFW with HENkaku taiHEN and Enso. People on 3.60 can also update to 3.65 without losing HENkaku Enso.

Nintendo 3DS[edit]

The modding scene of the Nintendo 3DS primarily involve custom firmware (software which patches the official firmware 'on the fly'), which requires an exploit to obtain control of the ARM9, the 3DS' security coprocessor, and, secondarily, flash cartridges, which emulate an original game cart (which can be solely used to play untouched game cart ROM backups). The current most widely used CFW is Luma3DS, developed by Aurora Wright and TuxSH, which allows unsigned CIA (CTR Importable Archives) installation, includes open-source rewritten system firmware modules, and exception handling for homebrew software developers. Other past and abandoned CFWs included Gateway (a proprietary CFW locked to a flash cartridge via DRM and the first publicly available one), Pasta, RxTools (the first free and widely used one), Cakes CFW^[1] (the first open source CFW, which used a modularized approach for patches and was the inspiration for the following ones), ReiNAND, which Luma3DS was originally based on, and Corbenik;^[2] as of now the only custom firmware still currently being developed is Luma3DS (previously known as AuReiNAND). 3DS CFWs used to rely on 'EmuNAND'/'RedNAND', a feature that boots the system from an unpartitioned space of the SD card containing a copy of the 3DS' NAND memory. These EmuNANDs could protect the 3DS system from bricking, as the usual system NAND was unaffected if the emuNAND is no longer functioned properly or was otherwise unusable. EmuNANDs could also be updated separately from the usual system NAND, allowing users to have the latest system version on the EmuNAND while retaining the vulnerable version on the system NAND; thus making online play and Nintendo eShop access possible on outdated 3DS system versions.EmuNANDs were obsoleted by the release of arm9loaderhax, a boot-time ARM9 exploit that allowed people to safely use SysNAND and update it, as CFWs started patching the OS' update code so that official updates wouldn't remove the exploit. However, this exploit required a downgrade to a very early system version to get the console's unique OTP, necessary for the installation.On May 19, 2017 a new exploit basis called sighax was released, replacing arm9loaderhax and allowing users to get even earlier control of the system, granting code execution in the context of the bootROM and thus a cleaner environment, with no downgrades or OTP required. Boot9Strap, a user-friendly version of sighax, was released.At the same time, another bootROM exploit called ntrboot was announced, which allows people to use a backdoor present in the bootROM to get full system control on any 3DS console regardless of the firmware version (as the bootROM can't be updated), only requiring a modified DS flash cartridge and a magnet. The initial release was on August 12, supporting the AceKard 2i and R4i Gold 3DS RTS cartridges.

Nintendo Switch[edit]

Currently, several custom firmwares for the Switch console exist: Atmosphère, ReiNX and SX OS. The differences between them are largely inconsequential; Atmosphère remains in active development and is free and open-source software. ReiNX bases much of its code off Atmosphère^[3] but with some modifications to runtime components and a different bootloader, while SX OS is closed source and paid, but largely based on Atmosphère code despite assertions to the contrary.^[4]

Nintendo has made the Switch environment much more secure than previous consoles. Despite this, there exist notable bugs which lead to user exploits. Of these, the NVIDIA Tegra stack bug (CVE-2018-6242)^[5] is the most well-exploited. It leverages the Recovery Mode (RCM) of the Switch unit in order to push unsigned/unverified payloads,^[6] in turn granting the user access to arbitrary code execution. This vulnerability has been further leveraged by users within the Switch hacking scene to reverse-engineer the firmware, leading to two other notable exploits: Nereba and Caffeine. While RCM is a hardware exploit, Nereba and Caffeine are software exploits and rely on the console being at or below specific firmware versions in order to make use of the exploits. RCM, being hardware related, merely relies on the console being vulnerable to that particular exploit and does not have a firmware requirement or range.

Due to NVIDIA's disclosure of CVE-2018-6242, Nintendo was forced to address the vulnerability,^[7] and during late 2018 began manufacturing and distributing units which have been hardware patched and are unable to access the RCM vulnerability. Any unit manufactured during or after this time is likely to be hardware patched, including the Switch Lite and the newer 'red box' Switches, and any unit which is hardware patched and running a relatively recent firmware is unlikely to be able to access custom firmware at this time or in the future due to the unusually secure software environment of the Switch.

Android[edit]

The practice of replacing the system partition of the Android operating system, usually mounted as read-only,^[8][9] with a modified version of Android is called 'flashing.' The procedure is generally not supported by device manufacturers, and requires advanced knowledge of OS mechanics. However, recent years have brought many more manufacturers, such as LG,^[10] Motorola,^[11] OnePlus,^[12] Google^[13] (but not on devices that are locked by certain carriers such as Verizon or AT&T), and Sony^[14] allowing customers to unlock the bootloader, bypassing secure boot, without the need for exploits. The 'custom ROMs' being used may include different features, require less power, or offer other benefits to the user.

Other devices[edit]

Various other devices, such as digital cameras, wireless routers and smart TVs, may also run custom firmware.^[15] Examples of such custom firmware include:

• Rockbox for portable media players
• iPodLinux for iPod portable media players
• CHDK^[16] and Magic Lantern^[16] for Canon digital cameras
• Nikon Hacker project for Nikon EXPEED DSLRs
• Coreboot and Libreboot for computers
• Many third-party firmware projects for wireless routers, including:
  • LibreWRT project for Ben Nanonote, Buffalo WZR-HP-G300NH and other computers with minimal resources^[17]
  • OpenWrt, and its derivatives such as DD-WRT^[16]
  • RouterTech, for ADSL gateway routers based on the Texas Instruments AR7 chipset (with the Pspboot or Adam2bootloader)
• Cable Hack and Sigma for uncappingcable modems, but with dubious legality^[18][19]
• Firmware that allows DVD drives to be region-free
• SamyGO, modified firmware for Samsung smart TVs^[20]

See also[edit]

References[edit]

1. ^'Cakes CFW Developer Announces the dropping of the Project'.
2. ^'Corbenik's author and maintainer announces his retirement from the project'.
3. ^'ReiNX removing Atmosphere name from Atmosphere code'.
4. ^'Prominent scene developers and a snippet of SX OS reverse engineered code'.
5. ^'CVE entry for Tegra bug'.
6. ^'Switchbrew list of public vulnerabilities'.
7. ^'FCC filing for hardware revision'.
8. ^'Non-A/B System Updates'.
9. ^Raja, Haroon Q. (May 19, 2011). 'Android Partitions Explained: boot, system, recovery, data, cache & misc'. Addictivetips.com. Archived from the original on September 22, 2012. Retrieved September 15, 2012.
10. ^https://developer.lge.com/resource/mobile/RetrieveBootloader.dev?categoryTypeCode=ANRS
11. ^https://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a
12. ^https://web.archive.org/web/20161231093315/https://oneplus.net/at/support/answer/will-rooting-or-unlocking-the-bootloader-void-my-warranty
13. ^'Factory Images for Nexus and Pixel Devices | Google APIs for Android'. Google Developers. Retrieved 2018-09-18.
14. ^https://developer.sony.com/develop/open-devices/get-started/unlock-bootloader/
15. ^How hackers are outsmarting smart TVs and why it matters to you
16. ^ ^abc'Custom Firmware Rocks!'. 2009-08-05. Retrieved 2009-08-13.
17. ^'Hardware Support'. LibreWRT.org. Archived from the original on 2015-04-23. Retrieved 2015-07-21.
18. ^Poulsen, Kevin (2009-01-12). 'Hardware Hacker Charged With Selling Cable Modems That Get Free Broadband — Update'. Wired. Condé Nast. Retrieved 2016-06-15.
19. ^Poulsen, Kevin (2004-02-05). 'Cable Modem Hackers Conquer the Co-Ax'. SecurityFocus.com. SecurityFocus. Retrieved 2016-06-16.
20. ^'SamyGO: replacing television firmware'. LWN.net. 2009-11-14. Retrieved 2009-12-11.