POC: Permanent CFW/HEN is Possible


Submitted by greg; March 07, 2011
In a recent experiment kgsws set out to find permanence for CFW installs... And the result: success! Winning like Chuck Sheen, kgsws has shared a proof-of-concept; however, I'd only attempt this on a FAT PSP-1000 handheld until further notice. How to:
  1. install OFW 6.20
  2. use HEN to run PSP filer
  3. obtain original lfatfs.prx
  4. decrypt original lfatfs.prx, also get kirk header for later fake encryption
  5. compile fake lfatfs.prx (attached below)
  6. append zeros to fake lfatfs.prx to make it as big as original, uncompressed lfatfs.prx
  7. gzip fake lfatfs.prx, it has to be at least 16 bytes smaller than original lfatfs.prx gzipped
  8. use any fake encrypter to encrypt your fake lfatfs.prx, keep original lfatfs.prx ~PSP hader and kirk header
  9. copy fake lfatfs.prx to flash0:/kd/, overwrite original
  10. restart your PSP and watch
Again: PSP-1000 only ... because kgsws has written IPL drivers specific to the TA-079 board, most commonly found in PSP-1000 models. It's a safe bet this'll lead to other models being hacked the same way. So unless you really know what you're doing I wouldn't test this on anything else. Notes:
  • you must append zeros to make it as big as original
  • you must gzip it
  • you must use original lfatfs.prx ~PSP and kirk headers
  • every PRX in flash contains signcheck = your PRX is bound to your PSP
  • this won't allow you to enter OFW anymore, you will have to use pandora to flash it again
  • this trick will likely work on new PSPs, but this small LCD driver not, and your PSP will become useless anyway (so wait for CFW)
kgsws' idea for custom firmware: "Use fake lfatfs.prx as CFW "SystemControl" module, and instead only patching also load original lfatfs.prx (which will be renamed)." Awwwesome! Cheers to kgsws with thanks to Boosters IPL SDK. Download: fake lfatfs.prx (source code) - source: wololo/talk


Tags: CFW, kgsws, Permanent, Proof of concept, PSP Custom Firmware, PSP Exploits



Related Stories:




Become a Member of Dashhacks!

If you want your comments to go live without waiting for moderation, you need to be logged in. Being logged in has its benefits:
  • Logged in members do not wait for their comments to be approved.
  • Logged in members can sign up for nightly updates.
  • Logged in members can create Profiles to be seen by other users.
So why wait? Create an account or login now! It's easy, quick, and free.

To get started, use the LOGIN boxes, or the REGISTER link at the top right!

Comments 


 
# Brandon Cooper 2011-03-07 13:23
Wow, I'm excited for my go now. I mean, HEN isn't even bad because my PSP never dies or crashes, so I almost never have to rerun HEN, but just having a PermaCFW would be awesome. No more worrying about crashing or turning off. This POC makes me a little giddy lol I'm stoked.

Reply
 

 
# Zombi3Assa22in 2011-03-07 13:38
I HATE 6.20!
I wish that people could make one for OFW 6.37!
oh well.......

Reply
 

 
# Gustav 2011-03-07 13:47
actually, I enjoy my psp more with a runnable HEN.. when a get sick of all my active plugins or custom theme, I just reset the psp.. need cfw? run HEN again and magic!

Reply
 

 
# Lane Parker 2011-03-07 15:00
Ohhhh Now this is gonna make things interesting...

Reply
 

 
# HxCxBassist 2011-03-07 16:10
This.looks.AWESOME. they just need a program that reverses this, but yeah. EPIC

Reply
 

 
# n00b king408 2011-03-07 16:14
and now were one step closer
mwhahaha

Reply
 

 
# n00b king408 2011-03-07 16:15
you know you can turn off the plugins right >_>

Reply
 

 
# ValerianKnight 2011-03-07 16:26
Wow! that's what you call talent! Nice Work kgsws!
The PSP Scene is brighter than ever!

Reply
 

 
# Christian Charity 2011-03-07 16:39
Has someone tried this on the PSP Go yet?

Reply
 

 
# Andrew Lorenzo 2011-03-07 16:53
did anyone try this on the psp 3000 please let me know

Reply
 

 
# Alex Beyer 2011-03-07 18:27
They kind of do, sure it's limited to devices that allow easy access to the system's flash. You first make a back up (untouched of course) and then reflash it when you want to revert it back to normal.

Reply
 

 
# Brent Saunders 2011-03-07 18:35
Well it works on the psp1000 ..

Reply
 

 
# Schizoprenic 2011-03-07 19:38
Stuck now are you? (:

Reply
 

 
# Ankin M Patil 2011-03-07 21:05
will this available for psp 3000 later ?? please reply guys .im running 5.03 gen c (downgraded) for 6.20 tn hen c

Reply
 

 
# Chris Mathew 2011-03-07 21:16
do u knoe how to downgrade ofw 6.20 to 5.03 gen c with psp 3000

Reply
 

 
# Levi Williams 2011-03-07 22:38
If he's stuck, he can downgrade...

Reply
 

 
# James Donaldson 2011-03-08 00:16
come on we need the psp 2000 hacks not 1000.....
but thats a really great start, it means all shall be hackable again with full cfw :P

Reply
 

 
# Adam Nunez 2011-03-08 00:46
works on my go

Reply
 

 
# Ankin M Patil 2011-03-08 03:50
yeah of coures that is what i did

Reply
 

 
# Amrit Sandhu 2011-03-08 05:37
can someone post cfw 6.37 for 3004?

Reply
 

 
# Nick Manders 2011-03-08 05:57
seriously if so im going to try?

Reply
 

 
# James Dalpiaz 2011-03-08 06:39
There is none.

Reply
 

 
# Albert Abucay 2011-03-08 07:12
this is the kind of news i've been waiting.
>:)))

Reply
 

 
# Keith Baker 2011-03-08 08:10
now how u do that?

Reply
 

 
# Yawa Konoko 2011-03-08 12:35
its more like he doesn't know whats his talking??
Is it possible to downgrade from 6.20 to 5.03?? with psp 3000??

Reply
 

 
# Darth_ReX 2011-03-08 13:26
What about the TA-086 motherboard? Will it work? It's mounted in PSP 1004.

Reply
 

 
# Chris Perrera ? 2011-03-08 20:49
People need to read or Google things. Stop asking fucking questions like "does it work on the 3,000 model ???????". look at this --> "Again: PSP-1000 only … because kgsws has written IPL drivers specific to the TA-079 board, most commonly found in PSP-1000 models. It’s a safe bet this’ll lead to other models being hacked the same way. So unless you really know what you’re doing I wouldn’t test this on anything else." Now look at how stupid you are... look at this --> "Again: PSP-1000 only … because kgsws has written IPL drivers specific to the TA-079 board, most commonly found in PSP-1000 models. It’s a safe bet this’ll lead to other models being hacked the same way. So unless you really know what you’re doing I wouldn’t test this on anything else." and look at how stupid you are.

Reply
 

 
# T.j Edward Kannon 2011-03-08 22:05
Wrong. We need 3000 hacks. The 2000 has been hacked enough. We need people to work on 3000.

Reply
 

 
# mr_crazy 2011-03-09 03:47
search on google nutcracker

Reply
 

 
# Dustin McFadden 2011-03-09 04:29
Just need to wait for this 1000 trick to happily skip to the 2000, then discover the secrets of the 3000, and finally land on the Go (though some people below have said it works on the Go). What's really awesome is how much the Homebrew scene is going to advance once the NGP comes out and Sony's attention will be on keeping all the scary homebrew off their new device while the PSP gets transformed into the amazing beast it's meant to be, and then the Homebrew that the NGP is gonna be capable of, holy crap, man :o

Reply
 

 
# Ankin M Patil 2011-03-09 06:23
man i have proof kei type it on youtub and if u do it right i wont semi brick ur psp enjoy it is real

Reply
 

 
# Brian Tracy San Andres 2011-03-10 01:43
I am for PSP 1000 users that they have a permanen cfw or 6.xx but I am a PSP 2000 w/ v2 user so there is a PSP cfw 6.37 me-6... :)

Reply
 

 
# Brian Tracy San Andres 2011-03-10 01:44
there is already a cw for psp 2000...
It is the PSP 6.37 me-6

Reply
 

 
# Connor Ty Richardson 2011-03-10 18:59
to much effort lol

Reply
 

 
# Neil Alfonso 2011-03-12 04:28
how can i downgrade my psp 30046.20to 5.03help guys

Reply
 

 
# Shonn Banks 2011-03-12 13:10
Do tell how. PSP 3001

Reply
 

 
# Mateo Godlike 2011-03-14 00:02
6.35PRO-B3 is the latest. You shouldnt have been so quick to update to 6.37...

Reply
 

 
# Zepheral 2011-03-14 17:12
you upgraded on your own free will! This time your decision kick you in the ass in the end.

Reply
 

 
# Decius 2011-03-14 21:05
You can only downgrade in 6.35, no 6.37 Downgrader Sorry.

Reply
 

 
# Naruret Limsathapornpong 2011-03-15 02:32
shit

Reply
 

 
# Mani Batra 2011-03-15 10:57
i"m stuck too.......:( any idea when will d downgrade or the cfw be ready.....

Reply
 

 
# Haroonabu Nazir 2011-03-17 05:18
6.20 is good or not ?

Reply
 

 
# Haroonabu Nazir 2011-03-17 05:19
i am using psp 3004 5.03 prometheus.i have to update to 6.20

Reply
 

 
# seongfeel 2011-03-17 23:55
Please help me!!
I have a pspgo 6.37 firmware
I wish that my psp execute isofile

Reply
 

 
# seongfeel 2011-03-18 00:05
I'm a korean
So, I don't speaking English very well.
I want to help something.
I have pspgo of 6.37
I wish that mypspgo execute any isofile
Since today , Is't it developed firmware?

Reply
 

 
# Ishan Srivastava 2011-03-21 12:52
MAN is there even a single CFW for version 6.35 that is permanent is pro-B3 permanent?

Reply
 

 
# Marcos Herkenhoff 2011-03-24 21:48
I guess there isn't any hacks for your firmware version, but there´s a program that you can use to play iso's on your psp.It' s name is ISO2Eboot. Search on the internet and you'll find it!

Reply
 

 
# Eman007 2011-03-28 04:14
Am I missing something here? I thought CFW was permanent...? meaning I power off and power on, and the CFW is still on my psp?

Reply
 

 
# LOL907 2011-04-02 10:53
i have a 6.35 n trying to downgrade it n hack it "without a pandora battry"

Reply
 

 
# Camron Mclean 2011-04-02 20:44
AGREED!!! needed by many ppl please come through!

Reply
 

 
# Nick Melinich 2011-04-05 12:12
i think somebody should do a youtube video on how to do this :D

Reply
 

 
# geronimo espinoza 2011-04-08 17:24
it is possible to downgrede a 6.37 with a pandora and a mms

Reply
 

 
# Justin Fuller Drobey 2011-04-18 12:14
Yeah, but that's not what is meant here. The way I gather it, a main PRX has been patched to act as custom firmware (ie no signing homebrews, ISO loading, etc). What makes this Permanent is that this PRX is never re-patched: it is needed by the PSP to work (tells the firmware how to access flash memory, physical location of ms, etc).

Hacking this PRX will allow you to use the Official PSP Updater to get the latest OFW from Sony, while keeping the PRX allowing homebrew. Therefore, this is permanent, because it allows all CFW features in OFW (without chickHEN).

(saying this is a hypothesis, I haven't read the source code or anything, just what should logically happen)

Reply
 

 
# Ojasvi Bhargava 2011-04-24 03:27
Dude if u have psp 1000 or 3000 no need to worry. becauz 6.37 me is there.
But is you have a go or 3000.Then just wait for the hack.


Reply
 

 
# Christian 2E0HST 2011-04-26 18:12
Sounds complicated but easy for some people. But still a permenant patch would be good for those who want to keep it as a perm.....

Reply
 

 
# Shubham Pawar 2011-06-15 06:16
is there any pcfw (permanent custom firmware) for psp 09g module???

Reply
 

 
# Shubham Pawar 2011-06-30 08:02
hey it worked on my psp 3000 with 09g module
6.39

Reply
 

Add comment

Security code
Refresh




 
CREATE ACCOUNT NOW TO POST COMMENTS!

Why create an account on the Dashhacks network? Because being logged in has its privileges!

• COMMENTS! Only logged in users comments go live without waiting for moderator approval!
• No video! The video ad in the upper right doesn't interrupt you on all pages!
• Customize your profile! Flaunt your xBox Live & PSN gamertags!
• It's FREE and it's EASY! And one login works for all of the Dashhacks review sites!

So what are you waiting for?

Go to the TOP RIGHT of the page and LOGIN or click REGISTER!