R-Type clone on the PSP-3000

MaTiaZ and Freeplay released another homebrew game for the PSP-3000. This time bringing us a nice side scrolling shoot-em up R-Type clone. This homebrew game requires a USA copy of Gripshift and a PSP-3000 with firmware 5.02 or less! (Not to mention some patience!)

Related posts

• PSP-3000 Homebrew Enabler user & kernel mode (67)
• MaGiXieN on PSP-3000 HEN Hack. (114)
• First PSP-3000 Hack? GripShift Save Game Exploit (99)
• Yet another PSP bundle.. (6)
• Video Proof PSP-3000 TA 88v3 Hacked – Its fake! (12)

Remember the video we posted about a working PSP-3000 hack using gripshift? The hack creator MaGiXien answered some questions on just why the Hen PSP-3000 Hack isn’t online yet. And when we are likely to see a PSP-3000 Hack. Here’s what MaGiXien from PSPGen.com had to say:

You all have in mind our video showing a PSP 3000 able to run homebrews and ISOs. It seems that some people still don’t understand why this HEN is not online. Explanation.

Since the official firmware 5.03 was released, the Gripshift exploit has been patched. This has allowed for confusion to creep in some people’s head and we have seen a few posts demanding the release of Miriam’s HEN (Homebrew Enabler). Some very pushy, others less, all this post have this in common: the mix-up between the Gripshift exploit and the exploit allowing access to the Kernel Mode, which is essential in order to install what you have seen on the video.

Here are the characteristics of Miriam’s 5.02Hen-A:

Compatible up to firmware 5.02
Compatible with all homebrews
Compatible with ISOs, PSX
Compatible with plug-ins (at least all those that I have tried)
Activation of a recovery mode allowing access to common features (such as switching X and O) not to flash0 (see below)
Since the HEN bypasses flash0 using the MS instead, it is impossible to touch it on the hardware, but it is possible on the MS.
The HEN remains as long as the console isn’t turned off or rebooted.
You must keep the Memory Stick containing the flash files in the MS slot or to copy the files on all used MSs.
You must have the Gripshift UMD in order to launch the HEN.
You cannot update your firmware beyond 5.02

Most frequent comments:

« Because of you Sony has patched the Gripshift exploit with the firmware 5.03 »

Wrong. The Gripshft exploit was found and put online by Matiaz and exploited by Freeplay.
We only carried on with our adaptation for Gripshift Euro.
As soon as the exploit was online, it was granted that a new firmware would come and patch it. It has always been like this (GTA LCS, Lumines) and its release the day after we made our Binary Loader for Euro available is most likely a coincidence.

It’s good for the PSP3000, but is it the same for those with a PSP2000 TA88-v3?

Yes and no. In principal it is exactly the same than with the PSP3000 because their motherboard has the same characteristics. No difference there. Although, there is an alternative for those of you with some “DIY” skills. “All” you need to do is replace your motherboard with a TA88 (v1 or v2) found on the net.

What’s the difference between HEN and eLoader?

Hen is a Homebrew Enabler. It allows homebrews to launch whilst still on official firmware. Miriam’s used two exploits in order to be installed: Gripshift’s (public) and another one (private this time) that allows the activation of the kernel mode, therefore giving access to the flash’s functions.
The eLoader is a program that allows the launch of homebrews that only require user mode to start. It will be launched via the Gripshift exploit and will compatible with all PSPs with firmware up to 5.02. With the help of this program, it will be possible to launch all “user mode” homebrews already existing on PSPs that are not on Custom Firmware. This opens the door to a long list of games, emulators and other utilities. This eLoader will not allow you to launch programs requiring the Kernel Mode like flashers, utilities using the flash or the PSX emulator and ISO launcher. Its release was announced by Fanjita who didn’t specify on the date and asked not to be harassed about it to be able to work in peace.

Sony patched the exploit so give us the thing to launch the homebrews/ISOs (HEN)

This comment is the proof of a complete lack of knowledge on this subject. We’re going to try to be as clear as possible about this.

The Gripshift gamesave exploit allows the launch of a code that doesn’t have the Sony signature even if the PSP is still on Official Firmware. It is with this exploit that it is possible to launch homebrews via the binary loader for Euro or US and it is also it that will allow team Noobz’s future eLoader to launch, which itself will be used to launch homebrews in user mode (see above).
This exploit was patched in the firmware 5.03. As long as a PSP remains with a firmware prior to this one, this exploit will be active. So if you want to enjoy yourself do not update your PSP.
The exploit used by Miriam to access Kernel Mode and install the HEN (Homebrew Enabler) is an exploit qui can not be made public for various reasons. If the current version of the HEN was made available online, which is what a good few are expecting, the kernel exploit used to install it would be patched straight away, like the Gripshift’s one. This Kernel exploit is way more valuable than the Gripshift’s and if Sony was to patch it this could be the end to the VIP access that some underground devs, such as Dark_Alex, are using to hack the console.

Let’s be realistic, to this date about 30 million consoles support the installation of a Custom Firmware. So it’s easy to find a second hand one with that will satisfy your needs. PSP 3000 does not have any improvement sufficient to justify the loss of the exploit and it would be absurd to close the kernel’s door to the devs on the PSP3000, and even future one, for as long as another exploit has not been discovered, giving us an alternative. “Patience and time grant more than strength and anger.”

Why showing it if you don’t give it to us?

That’s the million dollar question. We sincerely only wanted to please you and give hope to those with a PSP3000. It is also clear that Miriam was happy with this success and wanting to share such an achievement is understandable, right? If you had succeeded in doing something everyone deemed impossible, wouldn’t you have wanted to let it know? We did.
Even if we technically couldn’t share with everyone, we wanted to inform you about it. This decision still doesn’t seem to us as a bad one even to this day, especially since it did bring-up the wonderful school ground atmosphere of the PSP underground world.

Your thing was a fake anyway, that’s why you’re not giving it to us.

This comment was made in the early days, especially on US forums. That’s because the ISO launched was similar to the UMD inserted in the UMD slot. The controversy that followed eventually was able to convince these “bad-speaking” people that this was true, otherwise it would never have happened. CQFD.

Will this HEN be released on day?

Possibly. The day it will be possible to put it online without compromising the access to Kernel Mode. Basically, the day we will be able to use another exploit than the one used by Miriam. As we already explained, no exploit is brought forward without another one being available so that we can carry on. Otherwise it would be suicidal, no?
So unless there isn’t any other… it should happen. When? Patience

Related posts

• PSP-3000 Homebrew: R-Type .02 Released (32)
• PSP-3000 Homebrew Enabler user & kernel mode (67)
• First PSP-3000 Hack? GripShift Save Game Exploit (99)
• Yet another PSP bundle.. (6)
• Video Proof PSP-3000 TA 88v3 Hacked – Its fake! (12)

Sony have released Official PSP Firmware 5.03,well we have no comments on exactly what this does. It seems there are no updates or added features other than to fix a security vulnerability found in the latest PSP system software revision? Hmmm that sounds like they have patched the Gripshift savegame exploit / hack for the PSP-3000. So if I was a PSP-3000 owner I wouldn’t jump on the bandwagon and download this.

Its available over the network update on your PSP or the direct link from Sony below:

• PSP Firmware 5.03

Related posts

• PSP-3000 Homebrew: R-Type .02 Released (32)
• PSP-3000 Homebrew Enabler user & kernel mode (67)
• PSP Firmware 6.00 has been released (39)
• PSP Firmware 6.00 Due this week? (32)
• PSP Firmware 5.50 released (28)

Translated from PSPGen:

Indeed, she found a way to activate the Kernel mode and, quite logically, to successfully install a HEN which allows the use of the advantages of a Custom Firmware without having to flash his console. Homebrew and launch games in ISO format.

For the rest visit PSPGen.com

Related posts

• PSP-3000 Homebrew: R-Type .02 Released (32)
• MaGiXieN on PSP-3000 HEN Hack. (114)
• First PSP-3000 Hack? GripShift Save Game Exploit (99)
• Yet another PSP bundle.. (6)
• Video Proof PSP-3000 TA 88v3 Hacked – Its fake! (12)

Need proof its real? Just check the video above and no, its not another fake. This time its legit!

GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running). The return address is located at offset 0xA9 in the file. In this poc it points to 0×08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file.

It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn’t [be bothered to] get Shine’s savegame tool working so it’s in plaintext form) is in the SDDATA.BIN form which Hellcat’s Savegame-Deemer produces (thanks to him, if the program didn’t exist I wouldn’t have bothered with this). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don’t forget to have Savegame-Deemer working, duh.

Source: Lan.st

Related posts

• PSP-3000 Homebrew: R-Type .02 Released (32)
• PSP-3000 Homebrew Enabler user & kernel mode (67)
• MaGiXieN on PSP-3000 HEN Hack. (114)
• Yet another PSP bundle.. (6)
• Video Proof PSP-3000 TA 88v3 Hacked – Its fake! (12)