Can we install a Custom Firmware on PSP 3000? What a HEN? an IPL? a préIPL? We wanted to start this month of February with a small interview with our friend MathieuLH (sonyXteam, Prometheus, M33) on the thorny subject of a hack for the PSP 3000.
MaGiXieN therefore asked MathieuLh to answer a few questions that come too often in the forums or e-mails now. With this interview, you will probably understand the difficulties encountered to hack the PSP 3000.
MaGiXieN: Math Hi, since your departure from the M33 team, how is life MathieuLH?
MathieuLH: Rather well, I concentrate on my studies now and the playstation 3. The study said that as a priority
--
MaGiXieN: Much has been said about HEN recently. Could you clarify the differences with a Custom Firmware?
MathieuLH: The HEN is not a custom firmware, strictly speaking, a HEN kernel uses a loophole to launch code to the kernel boot the psp while including applicant patches on the fly. A custom firmware launches him, starting the console without any manipulation by the user and also allows him to patch (usually ram) the kernel of the psp.
Simply put, when a HEN require the intervention of a user (on an official firmware) to perform a loophole allowing the kernel to boot the psp with multiple patches to begin by following its own code his homebrews or even in most cases, the isos. A custom firmware to start at boot the PSP without any intervention from the user and allows the direct use of homebrews upon ignition.
--
MaGiXieN: We talked often of pre-IPL and IPL since the PSP 3000. For us mere mortals, we can explain what a pre-IPL and IPL?
MathieuLH: Pre-IPL is a code implemented within the processor of the PSP (it is in plain text in a mask ROM 4KB) it is the first code executed by the psp, it is not updatable and is thus dependent on the version of the processor. This one at the expense of verifying the authenticity of the IPL (Initial Program Load), IPL itself is something of a micro kernel containing most of the drivers to run the hardware of the psp (the nand, the ram etc etc) it is the first link in the startup (boot chain) of the psp, this one checks the authentication sysmem and loadcore and performing loadcore will then authenticate the rest modules (up init.prx and execute)
In the case of PSP-1000 and 2000, we (The Prometheus Project - alias c + d) have found a loophole (in reality a multitude of faults) in the pre-ipl and kirk engine (hardware used to make cryptographic operations in the PSP) which has helped to launch our own IPL.
Unfortunately the flaw found in the pre-ipl was patched by sony in processors used with the PSP-3000.
--
MaGiXieN: Do you think the PSP-3000 could spend a day in Custom Firmware?
MathieuLH: For the moment a custom firmware on PSP-3000 is not an option, of course this could change in the future with the possibility of discovering another flaw in the pre-ipl although it may be difficult when one considers that the pre-ipl is one of the most difficult to dump and that he did not yet.
We can also consider a flaw in the chain start (boot chain) as was the case with the old custom firmwares where we used the kernel of 1.50 (which itself had several flaws in its chain boot) to to run the core of a devhook that reboot (so imperceptible) the kernel of the PSP and could start on a patched firmware.
--
MaGiXieN: Clearly, a HEN quasiement will be the only possible solution for 3000 and probably the following, correct?
MathieuLH: Yes and no, as explained above other flaws may be discovered one day (although this seems unlikely at a time when Sony has already patched the biggest gaps are at the starting line and if the pre-ipl were properly adjusted it should not include other faults.
Moreover, the HEN is not required to run homebrews, most homebrews are coded to run in usermode and in this case a fault kernel is not mandatory. A simple user fault as the fault GripShift enough.
--
MaGiXieN: Many people confuse the fault and the kernel of GripShift. Without the controversy, do you think the choice not the releaser HEN Miriam, using kernel vulnerability, is a good choice? The reason is that it would be patched by Sony and prevent further research via this vulnerability. What you think? Could this be the last known exploitable vulnerability?
MathieuLH: I do not think the releaser HEN is a good choice, there is not an infinite number of vulnerabilities in the kernel and developers may need it sooner or later. There are several million against PSPs already asleep and usable, if someone really wants to run homebrews on psp it is not the opportunity that he missed.
Whether it is the last known exploitable vulnerability, I prefer not to speak on the topic
--
MaGiXieN: Otherwise, before you leave, what do you think the future of the PSP scene?
MathieuLH: The PSP scene is aging, and aging badly, people are starting to tire, the PSP comes from an old technology at least 3 years if not more, on which Sony has made several minor revisions ( PSP lighter, thinner, add a microphone, screen ...) to justify the maintenance of a widely raised prices on old technology over 3 years (the price of the PSP will have to final, less than 50 euros for 3 years from 249 to 199 euros in France)
The PSP also sorely lacking games and trade policy, Sony does not help matters. Result? The psp is one of the biggest commercial flops (can be outside of Japan) that Sony has ever known, and unfortunately the Playstation 3 is about to suffer the same fate as Sony has failed to waiting for the players, or that of developers.
I hope that this sad reality does not ring the death knell console whose capabilities would allow the emergence of games of exceptions, notably as regards the playstation 3.
There is no point to move forward however, only time will tell.