Custom Firmware For the PSP-3000 Released

Busshy writes "Today, owners of PSP-3000 consoles, and those on PSP-2000s with boards that were previously incompatible, have now joined all those who have been enjoying PSP homebrew for years with the release of a new custom firmware that brings emulation and much more to those systems. You will need the recent Chickhen homebrew enabler installed for it to work."

Uses

[Toonol]

Emulation is great, and I would crack my PSP just for that, if I had one.

But it is just a bit disingenuous of the summary to not mention game piracy. It is one of the main reasons people install the new firmware; I suspect it's by far the primary driving force. It's also the main reason Sony is constantly plugging the holes and making revisions. It's not to combat emulation and homebrew.

I have no problem with modifying things you own; but the actual reasons that most people are interested in it shouldn't be just ignored. That's not intellectually honest.

Re:Uses

Why don't they allow homebrew then? They let people install Linux on their PS3. Why not let them do the same on their PSP? It's not only that they don't want people copying games.

Re:Uses

[somersault]

Games for the PSP are very cheap. I was considering cracking mine before just to get simple stuff like a better media player front end and an alarm clock. Emulators would be cool too but I didn't get the device just for gaming.

Re:Uses

[Daemonax]

Sorry, are you really that incapable of clear thinking? This is not about copyright infringement, nor would your hypothetical situation be. If I purchased cisco hardware, I think I should absolutely have the right to run alternative firmware on it. I run OpenWRT on my Linksys WRT54GL, which I'm fairly certain is legal, but even if it weren't legal it would be the law that is the problem, not the people who were illegally running OpenWRT on hardware that they owned.

Now this unofficial PSP firmware may largely be used by people intent on violating copyright law. Whether they're right or wrong to do this though, it is a separate issue from being allowed to run unofficial firmware on your own property.

You might argue that the firmware they're running is a modified official version, which is under a restrictive copyright license. That probably is the case in this specific instance. But you're not thinking clearly if you think that people who run unofficial firmware on their own hardware, are also committing copyright violations.

Re:Uses

What if your alternative firmware was intended to allow your router to flout FCC regulations?

Re:Uses

[V50]

I don't doubt you, but I would wager that the people you know aren't particularly representative of the gaming community as a whole. (Not that I or any of us really have a great cross-section of anything known to us.)

My experience, with people from my work (Canadian Army) is that every single person who has run custom firmware on the PSP/DS has done so with the intention of running pirated games.

Anyway, in general, people can say what they want about rights to run stuff on their own hardware, etc. As a PSP and DS lover, with around 30+ games for each, I hate custom firmware, and wish Sony and Nintendo the best in locking down the systems.

People can argue all they want that people pirating DS/PSP games don't result in lost sales (I don't buy that, but whatever), but the presence of much PSP/DS piracy appears to be scaring developers away, resulting in less handheld games, particularly for the PSP. :(

Among (several) other reasons, massive piracy is one major cause, IMO, for the large shift away from PC gaming, towards consoles. I don't want to see the same happen to the handhelds.

Re:Uses

[lordofthechia]

I own a PSP (got it as a gift) and enjoy the ability to play games I own in physical form (Genesis, SNES, NES cartridges) in an easy and portable format. It's like having a Sega Nomad with awesome battery life and the ability to play games from many other consoles.

If people are going to generalize and say that hacked PSPs are only used for piracy then you might as well lump in ipods and any other mp3 player that allows you to play non-drm'd media since after all, *nobody* uses those to play their backed up CDs... Those same people may as well support the position that it's wrong to use snippets of music from your own collection as ringtones, and that you must pay to use your music on each device you own.

Of course, by trying to re-patch PSPs with firmware downloads from new games, Sony has ensured that I won't buy any games for it. Oh and about the DS flashcard I've considered getting one for my wife, it would allow her to keep several games in her DS while the originals are safe at home.

I've always thought that these companies should get their heads out of their asses, help develop emulators and open their own ROM app store. Sell old game ROMS for .99 ea or bundles that are $4.95 which include 5-10 games. This would allow them to sell games for *EVERY SYSTEM* that has an emulator! If it works for music, it should work with classic games.

This would include PSPs, Wii's, Game Parks, Mac, Windows, Linux, XBOXs, etc, etc! They could even include ROMS for games as promotional items included with whatever their newest game is!

Re:Uses

[marcansoft]

As a prior Wii homebrew developer, I have absolutely no doubt that 99% of its users are just doing it to run crappy piracy tools. It's one of the reasons why I gave up on console homebrew and Wii homebrew in particular.

Then there's the thing where the main Wii homebrew library largely consists of code ripped straight out of the Nintendo SDK (most of the drivers and frameworks have the same API with the same code, just manually translated line by line from assembler to C - the only decent documentation for the "homebrew" graphics API is the SDK documentation itself). Nobody knew at first, since the guy responsible conveniently forgot to tell anyone. Now everyone just pretends the problem doesn't exist. No one dares to work on an alternative - even people who otherwise hate the library due to its failures. So in the end just about every homebrew binary for the Wii is a big SDK copyright violation. Kind of like the Xbox 1 situation where everyone used the SDK, except people there knew it was illegal and distributed the binaries underground, whereas here everyone just plugs their ears when the libogc issue is mentioned.

And people wonder why console homebrew has so much trouble attracting sane good developers.

Re:Uses

presence of much PSP/DS piracy appears to be scaring developers away, resulting in less handheld games, particularly for the PSP. :(

The DS has a ton of games in the pipe. Most of them are shovelware, but that kind of refutes your point.

As for the PSP, the reason no one releases games for it is:

1. The PSP market is ridiculously small. There's a reason the DS section is two whole rows and the PSP section is stuck in with the half-row PS3 section in most stores. And when you realize half of THAT is UMD movies...

2. Sony is killing the UMD in future PSP models. Why develop for something that will be gone?

Re:Uses

[marcansoft]

None of those tools is useful in and of itself; they all enable other things to run or work. Twilight Hack is an exploit, PatchMii is a system patcher, DVDX is a DVD-Video mode enable hack that doesn't require patching. But even so:

Since most users of "homebrew-enabled" Wiis are using it to pirate games, and the Twilight Hack is the most popular game exploit entry point and, until recently, the only one, most of its users are certainly using it with the end goal of piracy in mind.

PatchMii was some code developed to download an IOS from nintendo's update servers, patch it on the fly, and install it (enabling legal IOS patching). Its original use is also practically obsolete - originally it was released as a platform to experiment with IOS patches, and then it was used to enable DVD-Video mode on users with modchips (ironically, good modchips tend to actually break the use of DVDs for homebrew because they make them appear as game discs, which are subject to heavier restrictions). This restriction is now circumvented and PatchMii is no longer necessary (or supported for current DVDX versions). The only real improvement to homebrew from patched IOSes is the USB 2.0 driver, which, guess what, was actually developed for piracy, and is also obsolete or should become such for homebrew, since MINI (a true homebrew replacement for IOS which enables a truly 100% nintendo-free environment) plus Linux yields ridiculously higher performance than the crappy IOS-based USB EHCI driver (the latter doesn't even use IRQs). Given that PatchMii serves a limited purpose for homebrew these days, and that it is, on the other hand, the base for all of the warez-enabled modified IOS installers, we can also certainly say that most of the users of the PatchMii codebase are also using it with the end goal of piracy in mind.

Finally, even though DVDX serves a very specific purpose (trick IOS into turning on DVD mode for the user without having to patch it, so homebrew can read from DVDVideo or DVDR discs for data), and even though it's quite simple code, and even though warez loaders need to patch IOS anyway (since pure DVD mode isn't compatible with games), the very first DVD warez loader (which, by the way, sucked very badly) used it because the developer was too incompetent to figure out what bit to flip inside the IOS that he was already patching. So even DVDX, a tool that couldn't possibly be useful for piracy, indeed was used for that, although we can't speak of a majority of users here (the guy eventually figured out what he had to patch and it is no longer required).

We can't have nice things - anything and everything that homebrew developers make will be abused by much larger numbers of warez users. I say this as a former developer of all three of the tools mentioned. It's rather depressing that, say, the software installation interface that I reverse engineered and then added support for in libogc (originally used to install The Homebrew Channel, DVDX, etc) is now mostly used to install warez-patched IOSes and VC/WiIWare warez, and that even the libogc library that I developed it for turned out to contain a large steaming pile of code copied straight from the Nintendo SDK.

Glossary for those not familiar with Wii homebrew stuff:
IOS - an OS that runs on the Wii's "Starlet" ARM sub-CPU that contains security features and drivers for most wii-exclusive functionality that wasn't present in the GameCube. Unrelated to Cisco IOS.
Twilight Hack - exploit in Zelda: Twilight Princess that lets you run a homebrew executable. Recently open-sourced.
PatchMii - downloads and patches an IOS from Nintendo's servers and installs it, all on the fly and automatically. Originally released as an open-source platform for IOS experimentation.
DVDX - a trick using a hidden channel and some context save code. Basically it has a flag set that makes the Wii consider it the "DVD Player Channel", for which support officially exists and for which there's a special DVD drive mode, even tho

Re:Uses

[Weedhopper]

Just to make a point of this and to the GP post, I have run CFW on my PSP fat for years. I have not pirated a single game during this time.

I've written posts about this before when people start with this nonsense but here are the reasons why I run CFW:

I go on overseas assignments that run ~9 months. I like my game library with me and that's about 30-40 games. 30 UMDs in even the most space efficient case is still a lot of space for me since I live out of a backpack and a duffel bag. I rip every UMD and carry my entire PSP game library on either my laptop and/or external HD. Running off of the MS PD gives me several advantages on top of the space savings:

- Less power consumption, longer batter time (though not as much as some claim) which is a double plus because I often don't have access to consistent electricity.
- Less load time on most titles (some take about the same amount of time UMD vs MS)
- Originals are at home, where they stand less of a chance of being stolen.
- Often, I work in extremely dusty environments. UMDs and dust don't mix.

When I'm at home in the US, Europe or Korea, I don't play many games on my PSP and usually it runs as a secondary display on my XP machine. This is the only homebrew I run on a regular basis. Sometimes, I tinker with uClinux. If I had the patience and the same technical bent I had back in college, I'd probably be trying to shoehorn NetBSD on somehow.

So there. You now know at least one person who does not and has never pirated a single PSP game, yet runs CFW for a number of purposes.

If you knew my brother (also US Army), you'd know two guys who don't pirate games and run CFW. Though he runs emulators. He's one of those guys who still has every NES/SNES cartridge he ever owned so you can't even accuse him of pirating ROMs.

Re:Uses

[marcansoft]

The Twilight Hack is an entry vector - a way of loading your own code on the system to begin with. You need one of those to run the tools necessary to set up, install, and run copied games. Therefore, and taking into account that many more people using homebrew applications to run warez than not, and that the Twilight Hack is one of two available ones at this time and clearly the all-time most popular one to date (since the newer one, bannerbomb, is very recent), most users of the Twilight Hack have used it with the ultimate goal of running warezed games.

Re:Uses

[marcansoft]

Warezed games can be run from DVD-Rs and USB drives. Sure, you run the loader from an SD card, but that's a few kilobytes. My point is that the only way to run Wii warez without a modchip is via loaders installed using/via homebrew, and the most popular way of launching homebrew to date is the Twilight Hack. Every single person out there who pirates Wii games without a modchip (a number much larger than the people purely using homebrew for legal purposes) has used either the Twilight Hack or Bannerbomb.

What really sucks...

[Daemonax]

What really sucks with regards to this whole area of tinkering is the DMCA and other laws that make it illegal to tinker with your own property. Companies can do all the want to try to hinder it if they want to waste time and money on that, it certainly provides a nice challenge for the people that like trying to crack these things. But when the law just makes it illegal, that's bullshit. It ends up making the most curious and intelligent of us, into criminals.

Piracy, Shmiracy

[Sick+Boy]

Yes, you can use this to pirate. Whoopdodoo. There are lots of other benefits you're overlooking.

- Running games off the memstick is much faster than waiting for the UMD to load
- You can fit several games on the memstick (some may be pirated, if you're a dishonest prick who wants the platform to fail). That means you don't need to lug a ton of fragile disks around when you travel.
- Not using the UMD means extended battery life.

This is really spiffy, don't get me wrong. But what I'd really like is an update to 5.50 firmware so the copy of Final Fantasy VII I just BOUGHT will play on my hacked PSP. I think all the PS1 re-releases from E3 require updated firmware, and that blows.

Re:Piracy, Shmiracy

If you paid for it and it doesn't work, then downloading a copy that does is 100 per cent reasonable.

Re:Piracy, Shmiracy

[skreeech]

you can run FFVII on CFW
you need to use the recovery menu to select "use version.txt" then usb toggle flash0 find version.txt and change all 5.00 or 500 to 5.50/550

I have not gotten FFVII but it worked for Fire pro wrestling G off the japanese store.

Re:Piracy, Shmiracy

[crossmr]

some may be pirated, if you're a dishonest prick who wants the platform to fail

The PSP has been a known pirate haven for years and has been running on almost nothing but. Most early news reports suggested piracy was what kept the console alive.

Re:Hurray!

I'm sure the remaining 50,000,000 PSP owners are thrilled!

Fixed that for you.

Pandora

[EEPROMS]

You can go save your self some time and buy a Pandora with hardware specs 2-3 times better and totally open for hacking.

Re:Pandora

[EEPROMS]

sorry link didnt work, the Pandora wiki can be found here

Re:Pandora

For twice the price, and without the PSP's great library of commercial games. Not to mention that waiting months for a piece of hardware to be released is hardly what I'd consider saving time.

It's Not Really "Custom Firmware"

[rsmith-mac]

Custom Firmware is a bit of a misnomer. For the PSP-3000 (and last sub-model of the 2000, T88v3) it's not possible to replace the built-in firmware with a truly custom firmware, as Sony does signature checking that would keep the PSP from loading unsigned firmware. This is different from the early PSPs, where it was possible to fake out the device and make it accept any firmware.

Anyhow, this isn't a custom firmware in the traditional sense, rather it's more of a injection attack of the PSP's operating system. Normally unsigned code is blocked by the OS, but there's a vulnerability in the TIFF decoder that allows for executing such code. Using the ChickHEN tool (a compromised TIFF file and a payload) the OS's signature checks can be compromised by injecting replacement files in to the running OS, which the PSP happily complies with. With the check disabled, the PSP will run unsigned code for homebrew, but it lacks the drivers necessary to run backup/pirated games. This is an important distinction, because the ChickHEN tool has been around for a few weeks now and is not what TFA is talking about.

This latest hack (5.03 GEN-A) finally takes it one step further and uses the ability to run unsigned code to inject the additional drivers needed to make the PSP treat ISOs on a Memory Stick as a UMD game. This hack isn't necessary to run homebrew, it's solely for running commercial games. Notably it's still entirely a runtime attack, and if the PSP cold boots it will return to normal operation.

This is to Sony's advantage (what little good news there is, at least), because the hardware has not been compromised in any way. As PSPs can not be flashed with earlier firmware versions, all PSPs running firmware versions later than 5.03 can not be attacked as the TIFF vulnerability was fixed. This limits the number of vulnerable units to old units that haven't been upgraded, as new units will come with the fixed firmware. Of course this doesn't preclude another software vulnerability being found in the OS or a hardware attack, but usable software vulnerabilities are very rare, and a hardware attack would be the equivalent of the Holy Grail at this point.

Anyhow, since it's not a real custom firmware, it's not necessarily a viable long-term hack. Users will never be able to upgrade their firmware, so any software that requires a later firmware version (and can't be trivially bypassed by lying to it) would be unusable in hacked PSPs. Sony no doubt will be working to isolate hacked PSPs in this manner.

Get the PSP 300 now!

[ZirconCode]

Or you could simply buy a PSP 1000 (phat) for half the price and get a proper CFW on it, not just an eggsploit which disappears whenever you perform a hard-reset.

I think buying a new PSP is a waste of money, especially when Sony was so nice as to make everything 100% backwards compatible. The only advantages of the PSP 3000 towards the 1000 is it weighs less, comes in all kinds of ugly colors, and has a terribly cheap microphone embeded in it.

Difference between PSP and PS3

[tepples]

Why don't they allow homebrew then? They let people install Linux on their PS3.

Because Linux for PLAYSTATION 3 has no access to the NVIDIA RSX GPU apart from a dumb frame buffer, it is less powerful than a PC for 3D games. The big draws of a PS3 over a PC are 1. you get to use most of the Cell CPU's DSP cores (except for one that the hypervisor reserves), and 2. the PS3 can display on an older, pre-HD television without needing a $40 box to convert VGA to S-Video. So it's better than a PC for high-performance computing, but the PC is better for homebrew gaming.

I'm guessing that Sony put Linux on the PS3 because Sony wanted to train developers to write the firmware for other products using a Cell CPU. A PSP, on the other hand, has a fairly traditional architecture. In addition, the PS3 had pressure from another platform: if you can homebrew on a PC running Windows (using tools such as MinGW or Python), you're more likely to buy games for the PC. I haven't seen a lot of PDAs with 3D graphics or traditional gaming controls yet.

Re:Emulation and much more

[Chaos+Incarnate]

Because of course no legitimate customer would ever want to have the ability to carry all of their games on one memory card, instead of a stack of discs

Hey now

[HalAtWork]

It's a bit disingenuous to say that people only/mostly install CFW to play pirated games. The PSP didn't start out having very good games, and people still say its library is pretty slim. Most people I know who own a PSP only use it to play homebrew, and not PSP games at all. I don't think the PSP would have risen to such popularity if it wasn't for the homebrew scene.

As an actual games machine, it's cumbersome. The load times are long, UMDs suck up your battery, the games are too involving, and the amount/type of buttons on the PSP is not suited for the type of experiences that officially licensed developers are trying to cram in there. Homebrew games are perfect, and with emulators you have save states.

People don't like putting their PSPs to sleep because the battery still gets drained rather quickly, and you can't switch out games and resume quite as quickly as you can switch ROMs and load up a save state. If you play in short bursts you tend to forget where you are in a lengthier PSP game. So homebrew is much more attractive. For official games, dumping your UMDs on a memory stick is also a lot handier than carrying around a bunch of discs; They load faster, and use less battery.

While piracy is a problem on the PSP, it is not its biggest problem. The games just don't deliver what consumers want.

Re:Graphics card? There is no card.

[Sj0]

That brings another thing to mind: The PS3 and Xbox 360 are strongly designed with HD in mind. Some games are unplayable on a standard television because the text is so high resolution.

If you own a decent HDTV, it will have a VGA or DVI input.