View Profile
View Forum Posts
View Blog Entries
Visit Homepage
View Articles
quote:
from every piece of informations I gathered, here is how the psp updater's elf work:
from 0 to 1% overwrites the IPL using the SCENAND API (The IPL is locates within the data.psp file for updates prior to 2.00 and within the data.psar file in the form of a file called kboot.bin in the updates after 2.00, for the debug units it's given separately with the psar file and it's called kbooti.bin)
Then the updater format the FAT12 flash0 drive to remove every current files on it and starts writting the flash0 files of the newer firmware using fat access thanks to the Scelo API .(that's from 2 to 98%) then from 99 to 100% it will create the new flash1 folders (if not existing) and update the system.dreg and ireg files.
finally it reboots the vshell.
All you need to create a nice 1.50 to 1.00 downgrader is to dump the 1.00 ipl, overwrite it in a 1.50 psp using the scenand API (don't forget to set scenandsetflag to 1 otherwise the nand will remain write protected) then use Scelo API to remove the 1.50 fw files, and then copying the 1.00 fw files from the MS to the flash0 drive, using fat access.
Don't touch the flash1 you wont need to, the fw will generate a new one from himself.
Here you know how to create a working 1.50 to 1.00 downgrader
Don't worry the official sony updater doesn't touch anything else than the IPL within the NAND non fat area (I checked every single opcodes in it and I didn't find anything that suggest me otherwise)
I hope I helped
BTW you can also extract the IPL from the 1.0bogus decrypted data.psp (it's a copyrighted file so I can't share it howevever you can decrypt it using a regular 1.00 psp (1.50 wont work as it doesn't have the keys to decrypt it)) then copy the fw files from the 1.00bogus and you will have the first retail psp to ever run this firmware
(the 1.00 psp were bricked using the untouched official 1.00bogus update from sony, because the updater didn't use scenand to overwrite the IPL as it was meant to be flashed in a debug unit psp and those use external kbooti.bin)
Don't every forget, to each fw version his IPL, do not mix up a fw version with another IPL otherwise the psp wont boot !
BTW Beware that this method still remain untested as you read those lines, however the chances for it not to work (according to the many analysis I have performed on most of the decrypted data.psp) is almost unexistant (there is still a few chances that I might be wrong or mistaken by some unknown factors and that my information wouldn't be 100% accurate but I highly doubt it)
Using an 1.50 psp of course, as you need kernel mode to use scenand
all I didn't know was how to format the flash0 fat12 partition so instead, I manually erased all the files using scelo and then copied every file using the same api form the ms to the flash0 drive (after overwritting the ipl).
Then I rebooted the psp, and tadaa! 1.00
in fact when you think about it, the way the official updater works is quite simple...but I had to be sure it didn't do anything such as changing the partition tables or modifying any other binaries within the non fat area before testing it on a psp to make sure it didn't brick.
News Source: PS2dev.org and Mathieulh
N.B please treat this as just a whacky theory only, no thorough testing has been conducted apart from on one PSP I am told.
