PSP签名新进展！

该用户已被禁言

这几天看PS3的消息都看吐了，终于PSP有点振奋人心的消息了！

http://wololo.net消息

First signed homebrew on the PSP
January 16, 2011 in psp dev, release, security | 32 comments
Developer kgsws (remember the MOHH exploit?) posted on/talk a few hours ago a homebrew that runs on a PSP without “any” hack. This is the results of days of experimenting with the PS3 Firmware, in which keys used for signing PSP applications were discovered by Mathieulh.

Here ‘s a video from psp-hacks.com (yes, I’m lazy)



This is only a proof of concept for now, we can’t be sure if a “sign your own homebrews” tool will be released any time soon, but this is a major breakthrough for the PSP scene, probably as ground-shaking as the Pandora batteries almost 4 years ago…

The homebrew has been confirmed to work on PSPs with Official Firmware, you can download it here to test.

Congrats to all the devs involved in this (I said it already, but I’ve never seen so many devs in one thread)! And please don’t post that “it works” in the programming thread, we will delete posts that are not directly related to development.

Thanks to everyone who sent me the tip, I was on holiday

来源：http://wololo.net/wagic/2011/01/ ... omebrew-on-the-psp/

a3374244

求翻译！！！！！！！！！！！！！！！！

该用户已被禁言

下载测试
论坛限制。分卷上传！

该用户已被禁言

回复 a3374244 的帖子

你竟然插队！~
呵呵，简单说就是自制程序可以在官方系统中运行了~

扩展来说，比如降级的程序签名以后，直接运行啦~
或者，自制系统的安装程序，直接运行啦~
在或者，看书软件直接运行啦~

最恨的，要输isoload直接运行啦~

该用户已被禁言

额 刚才忘说了，支持所有psp版本~
1000、2000、2000v3、3000、go等等

该用户已被禁言

原帖子：

Well ok, here it comes. Try this one.
tested on fat PSP with OFW 6.35

How?
Simple, notice it contains ~PSP header from demo game (UCES00206), it is exactly same header.
It is easy to craft last 16 bytes of encrypted data block to match header CMAC - yes, that's the trick

There are some strange thigs, it can't run homebrews with bigger executable block (data block does not matter), and because of ~PSP header, it has to match exact size of original game.

This trick might be possible on firmware kernel modules to get permanent HEN on non-pandrorable PSPs, i was not able to do it but i was not trying that much.

PS: i am not only one who found this trick

http://wololo.net/talk/viewtopic ... mp;start=150#p20309

该用户已被禁言

简单翻译：

恩，闪亮登场，试试吧。
PSP官方固件6.35已测试。

怎么样？ 注意它的内容~他的文件头来自来自“世界足球巡回赛 欧版DEMO ”(UCES00206)，游戏的文件头
。
这其实很容易，就是处理最后16字节的加密数据块，来符合文件头CMAC，-没错，这就是诀窍。

额，貌似有一些奇怪的问题，比如它不能运行可执行块较大的自制程序（数据大小无所谓），而且由于这个文件头，程序必须符合原游戏的大小。

这招，应该会用在获取固件内核模块上，当然是指不能用潘多拉电池的PSP。我没能做到这一点，但我并不想搞得太深入。

PS：我不是唯一一个发现这个窍门的人

该用户已被禁言

貌似自制软件的签名跟PS3的签名不一样，还不是“实际”真正意义上的签名，是以其他demo游戏的文件头来替换程序文件头，然后用算法算出校验码，hex修改校验码。类似PE文件的CRC校验。
这种方法，可以比喻成偷梁换柱。可以这么理解，程序的壳还是demo，但是内容换成自制程序了。
恩，看来还的等进一步发展~加油~~~~~~

wiky

lz真早，来支持下~

11155521

怎么使用啊！！！不解！！！！！！