Gaming Goodness
Posted at August 5, 2005 06:15 PM - Category: Stuff
I got myself a PSP this week, ordered from eBay with no games. So, in that short period, I had time to concentrate on the non-gaming aspects of the PSP. For those that don't know, the PSP also has functions for photo viewing, music, and video playback. It runs these off of a Memory Card that plugs in the side. In addition, the upcoming 2.0 firmware update is going to add a web browser to the whole package. So, even though I was stuck with a 32MB Memory Stick (I've gotten a 1GB one now) and no games, there was still an interesting amount of stuff to fiddle with.
Unfortunately, I messed up my chances at doing the cool stuff: homebrew.
No, the PSP doesn't make sweet tea, but it is capable of loading software off the memory stick. That means people have been porting games, emulators, and other software to the PSP. There's all kinds of good stuff out there. Unfortunately, it only works on the 1.0 and 1.5 version of the firmware. Not knowing any better, I upgraded the firmware first thing via the wireless facility (802.11b, baby!). So, I'm stuck at 1.52 with no way of going back down and no way of running any homebrewed software.
However, this has sparked my interest: how is the software written for the PSP and what is blocking it from loading? For the for first question, I was surprised to find out how Linux-like the PSP OS is. The IP stack on the wireless card identifies itself as NetBSD and looking through the firmware files reveals a very linux-like layout. While the OS isn't any sort of linux derivative, it's no secret that Sony likes Linux. This means that coding for the PSP can be really familiar for some users. There's even a PSP SDK to aid homebrewers. It's really interesting to see how fast stuff has been ported to the PSP.
To answer the 2nd question, it appears the PSP uses a wrapped file format for executables called a PBP. The file includes an "info" file about the archive, the executable, and some extra files for the PSP menu screen, such as icons and background images. In the 1.0 firmware, PBP's could easily be created and run on the PSP with no problem. When 1.5 came around, they added a digital signature check for the PBP's. This had always been supported, just not enforced. To get around this, the "kxploit" was found. There is a flaw in the PSP OS (that still exists!) that can be used to direct the OS from one PBP to another for execution. In 1.5, it was found that if this file was just a bare .elf, it would load just fine. Unfortunately, this was patched to need a signed .elf for 1.51 and 1.52.
So, we're stuck at this point with needing a way to get to an executable that will load on the system. Currently, it seems the only way to get in to the system will be through a buffer overflow in a save game loader. Some dumbass kid has been going around posting info about getting something to load on the 2.0 Japanese firmware. Basically, this kid got lucky, because if you read through his posts on forums and stuff, he clearly has no clue as to what is going on. Unfortunately, it's all in how you market it, and this kid got lucky there too.
In any case, I'm more than happy with the intended purposes for this device (games and video). However, it's definitely a fun project to try and get around the security checkpoints of the system. Who knows, maybe someone will figure it out eventually...
