[fake] Downgrade Du Firmware 2.0

[as00]

voila j'ai vu ca sur le forum de jeuxvideo.com

http://www.jeuxvideo.com/forums/1-42-352324-1-0-1-0-0.htm

PSP DOWNGRADE

I " accidentally" went to firmware 2.00.

So, I thought I´d just write a bit about what I did when I had 1.51, for reference to others perhaps giving them some ideas.

Of course there´s the possibility that the techniques will vary if you´re using something other than 1.51.

-------------------

First, let´s prepare some software that you will need to do your analysis ( if you want to call it that).

Warning: We can´t get anywhere if you don´t have the necessary update files ( 1.50, 1.52). If you don´t have them, get them from someone else. Don´t ask me for them, because I can´t help you.

1. Necessary software

Stirling: http://www.vector.co.jp/s[...]/util/se079072.html

PBP Unpacker: http://pdc.me.uk/pbp/

2. Begin downgrade method analysis!

Before we being, I suggest you make a backup copy of the update files in case something goes wrong; you´ll have a " way out."

Based on the knowledge of our predecessors, we´ll first try it just using two Memory Sticks ( hereafter: MS). Or that´s what I thought, because other people have already tried this. Anyway, we´ll give it a shot.

Put the 1.52 update on one MS, and the 1.50 on the other MS.

Insert the MS with version 1.52 on it, and launch the update. While the PSP logo is showing, quickly swap the MS. And...

It will get to the update screen, but then it will show " a newer version is already installed."

So that didn´t work. Here, we see that the version check is actually done twice.

Hows about we just try and change the version number, then?

We´ll use PBP Unpacker. Use " Open" to open the 1.52 update file. Then, designate an " Extract" folder. Four files in the list will be output to that directory. Open up PARAM.SFO. And you´ll say to yourself, " holy hell it´s an update!"

Here you´ll want to double-click on the area that says UPDATER_VER. And change 1.52 to 1.50. If you feel like it, you may also want to change the TITLE portion ( if that´s what it was called, don´t remember exactly).

Choose Save to File from Basic Options and push Save. After a bunch of crap comes up, the PARAM.SFO save dialog will appear. Save it to wherever you want.

Next, choose " New." Choose the files we created earlier, at the beginning of all this. Then, choose the PARAM.SFO that we " fixed." Leave everything else the same.

Choose Save and save the file. We´re now done with our " imposter" ( a 1.52 update file disguised as a 1.50 update).

Put this imposter on your MS. You´re able to run it without any problems, single-MS style. But then...problems.

From this result, we can see that the initial check only looks at one thing: the numerical value of the version that is contained in the information of the update file. What prevents the update from starting is the version information that was read from the actual data portion of the file, during the " second check."

The question that we can ask ourselves, then, is why not do the swap after the second check is carried out? That´s what I tried -- I launched the 1.52 update, and when I got as far as the update screen, I tried swapping the MS. The instant I pulled the card out, it got pissed off at me.

Let´s use Stirling.

Of the four outputted files, open up DATA.PSP. Output the same four files from the v1.50 update, and open up its DATA.PSP file as well.

From the Window Menu, choose Cascade Vertically. Then from the Search/Move menu, choose Compare.

You´ll get warned about the sizes being different, but don´t worry about that. When you push the OK button, the results will be displayed.

Put checks in " Stress" and " Synchro-scroll." Scroll through the page and take a look, without closing the discrepancy point summary. It is red for the most part, but where there are white areas, you can see that the data is the same.

There´s something mysterious about this. Seems like there´s some sort of hint here...

But this is as far as I have gotten. In closing, I´ll leave you with a thought ( since actually executing it would be quite difficult).

From these results, it appears that there is some sort of hole in the MS swap method. And there´s some sort of switch that detects when you remove a MS.

Because of this, if you were able to create some sort of external device that could switch between two MSs, when the update has gotten as far as the update screen, would you not be able to run the old update from the swapped stick?

Update August 18, 2005

I made a new discovery.

It doesn´t matter if other people already know this or not. To each his own.

So I´m just going to write about it. I may also add stuff in the future.

Inside the DATA.PSP file that you end up with after splitting the update with PBP Unpacker, I´ve found a part that is the same between the two files.

Even saying " a part" is a too generous. But even such a small piece is good. If everyone finds their own parts, then if a lot of people do it, something will come out of it.

On to it. Here´s part of the the v2.00 DATA.PSP file.

Take a look at the places where the colors are inverted. 50 and A0. First we subtract A0 from 50.

Of course, you´ll need to pull out your calculator and choose base-16. The result is 50.

Next, try subtracting the same portions from the other update files. The result is 50.

So? " Just the 1.50 update is different," you say? Look closely. How about its last two digits? 50.

It´s trivial, but files that look different at first glance do in fact have similar portions. And now we´re a step closer ( ok, kidding).

I guess there are some people that just think " you´re just pushing it with the 1.50," but that´s not true at all. If you change your calculator to base-16, it´s easy to make the calculations, so the common areas should be easily recognizable.

You´ve read this far, but the result was a bit gloomy. Analysis is difficult, even for those who aren´t amateurs.

In other news, I´ve had all sorts of freezes since going to 2.00 -- is this how it´s supposed to be?

alors un fake de plus? ou la solution miracle a 10 jour de la sortie europeene?

Modifié 19 août 2005 par as00

[Yoshihiro]

Salut pas de psp sous la main pour test mais je l'ai deja fait y a au moins 3 mois sans resultas donc je peut dire fake Direct . je vois quil y a toujours autant de mitho sur JV point com . pour ceux quil veul test je bien preparés les fichier mdr mais ça ne sert a rien voila Ma reponse .

Maintenant pourquoi J'y crois pas du tout

ça c'est ce que j'ai fait y a un baille quand j'avais encore la 1.51

Explication : pour ceux qui y croive toujours lol .

1: L'os psp verifie la version de update dans le param.sfo du pbp quand on veut le lancé la donc la on met une update plus recente et on le lance arrivé a la fin de ecrans blanc psp on met update 1.50 . update ce lance ce charge attend quelque 10 secondes vous donne une erreur comme quoi la psp a deja une version superieur a l'update deja installer cart c'est une des nombreuse verification de update . parcequel a deja une version de firmware maximal a pouvoir updater deja embarqué dans executable et verifie celui de la psp avec DevKitVersion(); et a la valeur de la version en retour deja ça ok .

2 : Si on fait la meme manipulation et on modifie le param.sfo de update 1.50 en modifient UPDATE_VER 1.50 part la version de update plus recente lancé avans le swap . vous allez avoir un resultas bidon mdr!!! :lol: vous aurez un ecran noir la led de la ms vas clignoter moin longtemp par rapport a la version avec le param.sfo non modifier et vous donnez un message du style "La console ne peut etre mise a jour car le fichier est corompue " . Voila

..::Amicalement Yoshihiro::..

[as00]

ok merci de la reponse rapide

[Yoshihiro]

Pas de problem c'est normale ^_^ . voila ce quil peuve faire avec cette info sur jeuxVideo.com .

[MeteK]

Explication : pour ceux qui y croive toujours lol .

En même temps si ils y croivent c'est k'ils voyent rien

Mais qu'est ce que vous faisez les gars ???

Modifié 20 août 2005 par MeteK

[Nico181]

ba jeuxvideos.com ....