As usual, the PPSSPP folks are keeping up with their once every ~5 months release schedule and have just released PPSSPP 1.8. This update brings about much better Vulkan support to Android phones with a PowerVR GPU, such as the Nokia 3.1 Plus, some fixes relating to OpenGL rendering on Linux and many other compatibility/bug fixes!

What is PPSSPP?

PPSSPP is the best PSP emulator out there and it’s available on every major platform including Windows, macOS, Linux, Android, iOS and various others including the PlayStation Classic!

PPSSPP allows you to play awesome PSP titles such as Persona 3 Portable on your Android/iOS device! This way, you won’t have to deal with silly ads and countless IAPs

Other than emulating the vast majority of PSP games accurately and with good performance, it also has a great deal of other nice features including:

• The ability to render games at higher resolutions and apply screen filters like FXAA shading.
  • This could make your favourite PSP games appear like PS2 or early PS3 games if the game you’re playing takes kindly to such tweaks!
• Support for PSP homebrew so you can experience the glory days of PSP homebrew without having to own a working PSP or PSVita!
• Save states and the ability to use regular PSP save files so you can start games on your PSP and continue them on your PC.
• Numerous other features such as support for compressed PSP games in CSO format, different rendering backends and even online multiplayer support.

What does PPSSPP 1.8 bring along?

PPSSPP 1.8 isn’t really a major update but it brings about a barrage of fixes and smaller features which can improve your experience with it.

If you have a Helio P22 Android phone like the Nokia 3.1 Plus, you’ll be pleased to know that Vulkan support has been improved

This update includes:

• Support for Vulkan on Android devices sporting PowerVR GPUs has been greatly improved fixing many occurrences of broken display
  • These devices include those with a Helio X30, Helio X10, Helio P22 and some other MediaTek SoCs
  • Some phones include the Nokia 3.1 Plus, Meizu M8, Sony Xperia L3 and various other budget phones
• Workarounds around Vulkan-related driver bugs on Adreno 500-series GPUs
• PPSSPP doesn’t crash when loading on systems with bad AMD Vulkan drivers
• GLES support on Linux has been improved and some D3D11 fixes on Windows
• You can use custom Memory Stick storage paths on Android
• Compatibility fixes for many games including  Naruto Shippuden 3, Final Fantasy 4 and Formula 1 2006
• Many other small tweaks and bug fixes such as fixing X/Back button confusion in the UWP XBOX One version

Conclusion

To grab PPSSPP 1.8, simply follow the link below and choose the download for the platform of your choice. Now, you should go play some excellent PSP titles like Burnout Legends instead of IAP-filled games from the Play Store that are more frustrating than fun

PPSSPP 1.8 download link: https://ppsspp.org/downloads.html

PPSSPP 1.8 changelog (at bottom of page): https://ppsspp.org/index.html

The post PPSSPP 1.8 released – Vulkan support for Android devices with a PowerVR GPU greatly improved, Adreno 500-series Vulkan fixes, better GLES support on Linux and many game compatibility fixes! appeared first on Wololo.net.

PSVita and Grand Theft Auto fans rejoice because the day on which we have a GTA game running at native resolution on the PSVita is finally here! This means that TheFlow’s GTA native resolution patch is publicly released alongside a version of Adrenaline to support its resolution increasing techniques.

GTA Native Resolution Patch and Adrenaline 6.9 released!

Just a few days ago, TheFlow revealed more information about his efforts to get the PSP’s GTA games (Vice City Stories and Liberty City Stories) to run at the PSVita’s native resolution which created a fair amount of hype around his work.

If you want to play GTA on your PSVita, you can now play the PSP games at native resolution with dual analogue stick support Take that, Rockstar!

However, no ETA was given and the reason for this was probably because it wasn’t needed as TheFlow has already released his GTA Native Resolution to the public alongside an Adrenaline update to go along with it.

Before going forward and installing the native resolution patch (which many people are excited for), it’s important to note the following important bits of information about these two releases

• The GTA Native Resolution Patch works with both GTA Vice City Stories and GTA Liberty City Stories (PSP games) and it increases the games’ rendering resolution to 960×544 (the PSVita’s native resolution, with 4 times as much pixels as the PSP’s resolution)
  • Only version 3.0.0 (aka version 1.0.3) of the games is supported
  • US versions ONLY are supported at the moment
• The colour depth has been changed from 32-bit to 16-bit so there may minimal dithering but this won’t greatly affect visual quality
  • This is because the PSP only has 2MB Video RAM which isn’t enough to maintain a 32-bit colour space when rendering at 4 times the pixels.
• Performance takes a bit of a hit as frame rates with this plugin are in the ~20 FPS range rather than the ~30 FPS range but this still leaves the games playable.
  • From my short playing experience, I noticed a bit of lag in Vice City Stories while driving but it’s nothing that greatly affects the gaming experience!
• IMPORTANT: You must upgrade to Adrenaline 6.9 before using this plugin!
• The plugin is available for FREE on GitHub and isn’t a Patreon supporter exclusive which means that everyone can download it!

How do I install this plugin?

Installing this plugin is pretty easy and can be done in a few simple steps:

• Firstly, you need to update Adrenaline to version 6.9 by grabbing the VPK from this link.
  • You can either replace the modules (found in ux0:/app/PSPEMUCFW/sce_module) or install the VPK (if you install the VPK, you need to provide the PSP’s FW 6.61 PBP to install the PSP’s FW again)

    The GTA Native Resolution Plugin for the Vita is pretty exciting but don’t forget to install Adrenaline 6.9 as it won’t work without it

  • It comes without saying that you need a hacked PSVita/PSTV to use Adrenaline and this plugin
• Make sure the “Force high memory layout” option found in the Advanced->Advanced configuration section in the recovery menu is DISABLED (this isn’t enabled by default)
• Download the GTA Native Resolution patch from here
• Copy it (gta_native.prx) to ux0:/pspemu/seplugins via either USB or FTP (ux0 may be ur0 or uma0 depending on the memory stick location you’re using for Adrenaline)
• Add the following line “ms0:/seplugins/gta_native.prx 1” to the game.txt file in your SEPLUGINS folder.
• Enjoy playing the PSP GTA games on your PSVita at its native resolution!
  • You should also use GTA Remastered to get dual analogue stick support for the best playing experience

Conclusion

We can finally say that the PSVita has a quasi-native port of Grand Theft Auto thanks to efforts from the homebrew community as Rockstar decided to only do portable ports for iOS/Android which, in my opinion, provide an inferior gaming experience due to the lack of physical buttons on most smartphones/tablets.

In the future, more patches to increase the resolution of PSP games may be made but it must be noted that such patches are game-specific and require a great deal of work so don’t expect to be able to play all games at a higher resolution similar to what PPSSPP lets you do!

TheFlow’s Patreon (for donating a few bucks as a token of appreciation for his excellent work): https://www.patreon.com/TheOfficialFloW

TheFlow’s Twitter (further updates about his work): https://twitter.com/theflow0

NOTE: In the course of writing this article, an updated version of the plugin (v0.2) was released which fixes an issue in which the savedata menu wasn’t being shown. Please update to that version if you’re using version 0.1 of the plugin

The post PSVita: TheFlow’s GTA Native Resolution Patch released alongside Adrenaline 6.9 – You can now play the PSP’s GTA games at the native resolution (960×544) on your Vita/PSTV! appeared first on Wololo.net.

Undoubtedly, the Grand Theft Auto series is one of the most loved and well-known game series of all time and because of this, many are modding what they can out of it. The most recent development in GTA modding is that RealYoti is working on a GTA: CT perspective hack that actually works on the PSP/PSVita and in other news, z2442 has demonstrated an updated version of DaedalusX64 which brings better performance in some titles!

RealYoti working on a GTA: Chinatown Wars 3D perspective mod

If you aren’t a fan of the 2D perspective in GTA: CTW, you may be able to enjoy driving around in 3D in the future albeit with some graphical glitches

Contrary to what non-GTA fans might think, not all GTA games are 3D in nature and Grand Theft Auto: Chinatown Wars is one of them. Originally released for the Nintendo DS, the game has a 2D overhead perspective which was ideal considering the system’s technical limitations but then, it was also released on the PSP/iOS/Android which are all platforms that provide much more power. However, the game still retained the 2D perspective but with some tinkering, GTA fans managed to get the 3D chase perspective to be used whenever you got in a vehicle on the PSP port!

Unfortunately, this hack only works in a PSP emulator (namely PPSSPP) so getting the 3D perspective on the PSP/Vita was a no-go until recently. Now, RealYoti is working on a version of this hack that actually works on the PSP/PSVita thus allowing these consoles to roam around the GTA:CT map in 3D albeit with a few graphical issues. To demonstrate his work, RealYoti published a video (below) which can be seen below but he hasn’t set an ETA yet and the mod crashes the game when you drive a car into the water!

z2442 publishes DaedalusX64 preview video showing playable performance in Super Mario 64, Mario Kart 64, StarFox 64 and Zelda OoT

For quite a while, z2442 and TheMrIron2 along with a few others have been working on improving DaedalusX64, the only working Nintendo 64 emulator for the PSP and PSVita. As the Nintendo 64 is somewhat difficult to emulate and demands pretty high system requirements, it is quite surprising that the PSP manages to get playable framerates in some games but this is owed to the fact that the N64 and PSP use the same CPU architecture. Obviously, not all games exhibit good performance and many are quite slow but with recent improvements, more titles have become playable and many bugs have been fixed!

Thanks to the work going into the improved version of DaedalusX64, the PSP and Vita will eventually be able to emulate more N64 games (Zelda OoT in screenshot from video below)

To show off some progress on the upcoming DaedalusX64 1.1.7, a video was published (below) which shows playable performance in the following games:

• Super Mario 64
  • This game works pretty well in the last official release of DaedalusX64 too
• Zelda Ocarina of Time
  • Performance hovers around the 70-80% with a few stutters but the game is still quite playable
• StarFox64
• Zelda Majora’s Mask (there are some nasty stutters so it’s not exactly playable for now)
• Mario Kart 64
  • Official releases of DaedalusX64 emulate it with okay performance but any speed improvements are always welcome!

To learn a bit more about the upcoming DaedalusX64 release which should be coming this Friday and some optimal game settings, check out its Reddit thread.

Conclusion

While the stuff in this article isn’t yet released, you can still mess around with GTA on your PSVita with TheFlow’s native resolution hack (below). A link with information about the current version of the improved DaedalusX64 can also be found below if you want to try your favourite N64 games on the PSP/Vita right now!

TheFlow’s GTA Native Resolution Patch (info + download link): http://wololo.net/2019/03/16/psvita-theflows-gta-native-resolution-patch-released-alongside-adrenaline-6-9-you-can-now-play-the-psps-gta-games-at-the-native-resolution-960×544-on-your-vita-pstv/

DaedalusX64 1.1.6 info + download link: http://wololo.net/2019/02/26/psvita-releases-eduke32-1-5-1-with-mod-support-mgba-0-7-1-with-fix-for-the-vita-save-bug-3ds-menu-freezing-and-daedalusx64-1-1-6-with-more-stable-audio/

The post RealYoti working on GTA: Chinatown Wars 3D perspective mod and a preview video of DaedalusX64 (N64 emulator for PSP/Vita) 1.1.7 showing playable performance in Star Fox 64, Mario Kart 64, Super Mario 64 and Zelda:OoT gets published! appeared first on Wololo.net.

The Nintendo Switch is growing as the console of choice for tinkerers and homebrew enthusiasts. Developer m4xw has released a port of PPSSPP, the most popular PSP emulator out there.

Initially only available to the developer’s Patrons on Patreon, the PSP emulator has now been released publicly.

Early reports indicate that the emulator is getting very reasonable framerates for a first release. The developer in particular has shared a few days ago that Metal Gear Solid Peace Walker is running pretty much at fullspeed, depending on the parameters used in the emulator.

MGS appears to run fullspeed (locks at 20 fps), Audio works but it’s not recorded in the clip pic.twitter.com/URffFDcuoo

— m4xw (@m4xwdev) April 5, 2019

Download PPSSPP for the Nintendo Switch

You can download the PPSSPP emulator for switch here. Of course, you will need a hacked Nintendo Switch in order to run this emulator.

The sources can be found on the developer’s github here.

Keep in mind that this is a beta release, so expect some issues. For troubleshooting, please check the developer’s detailed releases notes on Patreon.

Source: m4xw on twitter

The post PPSSPP (PSP Emulator) now available on Nintendo Switch appeared first on Wololo.net.

Note from Wololo: scene member TheOct0 wanted to learn about how console hacking “works”. I suggested he started with “older” consoles such as the PSP in order to get the basic ideas without having to fight with all the modern security requiring more advanced techniques, and he offered to share his experience here on the blog. Although we can’t predict how far he’ll go (these things take a lot of effort and dedication), we both hope his writeup will help others who are interested in learning console security but never know where to start.

Introduction:

It’s no secret that exploits, hacks, and the whole homebrew scene is a very complex world.

Usually, most people will eagerly wait for their favourite console to get hacked, sometimes for months, or even years in the hope to get the most out of their hardware. Some people will maybe put some effort into trying some things out, like it usually is the case with gamesave exploits, but ultimately leave their findings somewhere on a forum in the hope that someone will be able to make something out of it. The third category, however, is made of the ones who keep the scene alive. The ones who take matters into their own hands. Those are the true heroes of the hacking scene. I could name a few of them, such as TheFlow, Rinnegatamante or SciresM, but there are plenty more out there that, those past few years, have accomplished a lot of things on a variety of different hardware.

So, you may be wondering why I wrote that paragraph of introduction. After all, you’re on Wololo, and you know why you’re here, right? Well, I have decided to switch categories for myself.

I, just like most of us, am of the people that wait eagerly for that new 3.70 Vita hack [Note from Wololo: the 3.70 hack was released after this article was initially written but before publication] , or this sweet new release of Atmosphère on the switch. And, just like most of us (I assume), I admire those who can reverse-engineer all those consoles and bend various security and firmware updates to their will. Ever since I used a flashcart for my Nintendo DS, ever since I hacked my old PSP back when it was the hottest console on the market, I’ve been wondering how those people do it. And today, I’ll do my best to get started with it, and I’ll bring you on the ride.

Getting started:

Now, I am aware that one does not simply find the next PS4 kernel exploit. I am also aware that most of the ones who do are computer science graduates, and that I’ve only programmed some things in my spare time, as a hobby. But it is my firm belief that, with enough research, diligence, and with the help of a comfortable desk chair, anyone can achieve some degree of success in what they start.

To be completely honest, I wasn’t so sure where to start with all of this. I’ve done some research, and, as far as I’m aware, there isn’t an easy way of getting started. Most of the writeups that are found online are written for people who already understand hacking to some extent, and that wouldn’t be my case. That led me to the conclusion that, since you need to “be the change you want to see in the world”, I could be the one to write this easy-to-access documentation on hacking.

As an early disclaimer, I don’t expect this to be fun, or easy. It’s going to be a learning experience, as I’ll be starting way back in the early days of hacking, and gradually making my way to the more recent stuff. I just hope that this whole adventure will make it easier for newcomers to get onto the scene, and that more people like me will be able to get started eventually.

Conclusion:

In the end, I hope this small introduction to this upcoming pseudo-series has piqued you interest. I am planning on primarily using Debian Linux for various reasons [Note: I quickly changed my mind, see part 2 for my reasoning], and I will be setting up a GitHub repository with everything I do here if people are interested and ask for it.

As a closing note, I feel like I should be giving you some sort of idea of who I am. I am not a teacher, or a computer science student. I am just a regular guy in front of a computer, who happens to be interested in video gaming consoles and the hacking scene. I will stumble, I won’t necessarily be the best learner (or teacher, for that matter), but I will do my best to transcribe what I learn here, in the hope that maybe, one day, someone will try and learn from what I wrote. And who knows, maybe some day I’ll even find some exploits of my own!

The post Hacking consoles: a learning journey (part 1) appeared first on Wololo.net.

Emulating other consoles is a primary reason why we hack our devices and hacked Nintendo Switch consoles have a wealth of emulators from ones for older consoles like the SNES to relatively recent consoles like the PSP, DS and Wii. In this article, we’ll be looking at the recently released standalone PPSSPP port for the Switch and recent developments relating to the JIT (Just-In-Time) Compiler of melonDS.

m4xw releases standalone version of PPSSPP for the Switch that has various advantages over RA core

For quite a while, emulating the PSP on the Nintendo Switch has been possible with m4xw’s RetroArch core for PPSSPP, which is the most well-known PSP emulator around.

Despite being a little under 15 years old, the PSP still has a significant following and as a result, emulating it has become a big deal! (Image Source)

This worked pretty well and let you play a lot of great PSP games including WipeOut Pure on the Switch even at higher rendering resolution. However, m4xw decided to take PSP emulation on the Switch a step further and has now released a standalone version of the PPSSPP emulator.

Obviously, the question on many peoples’ mind is what are the advantages of using this version of PPSSPP over the RetroArch core and this is answered here:

• A GLES2 version which greatly improves performance & reduces stutter in the PSP’s GTA games (Vice and Liberty City Stories) and some other titles

  Similar to the PSVita, the only way you can play 3D GTA games on the Switch with good performance is by playing the PSP titles. At least until the Android port comes out

• PPSSPP’s Homebrew Downloader can be used so that you can download PSP homebrew directly from the emulator itself
• The JIT (Just-In-Time) compiler has been re-worked thus removing the need for masking. This removes Switch-specific JIT issues
• A Browser applet in the main menu has been added
• The emulated Home Button in PPSSPP now works correctly
• Many other fixes and features which can be seen in the changelog below

If you have a hacked Switch and are interested in emulating one of the best portable consoles on it, check out this link to access the changelog and download link for m4xw’s standalone PPSSP build. The link leads to Patreon so you can also buy m4xw a few beers for his hard work! The download is publicly available for free.

melonDS and its interesting JIT-related prospects including an Android port

Nintendo DS emulation has been around for over a decade but there’s still interest in creating more emulators for the system that achieve better accuracy, performance and compatibility. One of the more recent emulators is Arisotura’s (Staple Butter) melonDS which has made great progress this year thanks to its OpenGL accelerated renderer.

melonDS has seen a significant amount of progress this year and perhaps, an Android port offering good performance might eventually surface!

Yesterday, its main developer shared some information on a pull request, by RSDuck, made on July 14th and the status of an upcoming melonDS 0.8.3 release. The pull request is related to the JIT recompiler (an x86-64 one to be more specific), a feature of the emulator which isn’t yet fully ready for use. Arisotura stated that when implemented, the JIT recompiler could give performance boosts of 30-100% which would greatly playbility in some games. Furthermore, RSDuck said that it shouldn’t be too difficult to port the JIT recompiler to ARM which might result in a nicely-performing Nintendo Switch port, more progress on the PSVita port and even an Android port!

On the other hand, work is still being done on melonDS 0.8.3 and it will be released once an issue with the audio output code is fixed. Furthermore, beta builds of the JIT and DSi branches of the emulator will be made available eventually so that’s something else to tinker around with!

Conclusion

If you’re interested in more emulation-related stuff, you can check out the recent release of Mesen-S 0.2 which is a SNES emulator or joncampbell123’s ideas for his DosBox-X emulator. Furthermore, frangar has clarified some more things on the HW acceleration on RetroArch for the PSVita bounty/feature request which you may be interested to read by following this link.

The post Emulation News: The Switch gets a standalone PPSSPP port with better GTA performance, Homebrew Downloader and JIT improvements; melonDS potentially getting ARM JIT recompiler and Android port in the future appeared first on Wololo.net.

Introduction:

Hello, and welcome to this second (or first, depending on how you’re keeping count) installment of my learning journey. Don’t worry, this name is temporary, and I will be talking suggestions until I find a more fitting one.

In my introduction post, I… well, introduced you to what this series was going to be, and wrapped up by telling you that I was planning on using a Debian Linux distribution to do most of the hacking. I quickly ran into some issues that I will explain here, and had to switch to Windows, so that made me reconsider things a little. I will henceforth be switching from OS to OS depending on what works best. As a disclaimer though, if you can get anything I do to work on another platform, please do as you prefer, since there won’t be much difference apart from installation procedures.

Today’s summary:

Something I think I will be doing often in this series is a summary of the day, for the reader to have an idea of the topics that the current post holds.

For a first post, I thought going simple was the best decision. Getting started with such a technical field isn’t an easy task, so focusing on one “simple” concept at a time, especially in the beginning, seems more fitting.

For all those reasons, today’s topic will be PSP gamesave exploits. The PSP is already relatively old, which means two things: first, accessing exploits and writeups will be very much easier than on more recent consoles. This is good, since our goal is to understand hacking, and not to make any breakthrough discovery. The other thing that we can deduce isn’t that good for us, however. Since the PSP scene isn’t active anymore, the tools that we will need to get started most likely won’t be actively maintained, which means that we could have issues with using them on a recent OS.

Getting started:

If we follow Wololo’s 2009 guide on gamesave exploits for the PSP, we can establish a list of tools that will be needed:

• The Savegame Deemer plugin
• PSPLink
• A PSP with its USB cable
• A hexadecimal editor
• A brain

So far, everyone who wants to follow along should at least have the PSP and cable. Apart from that, we will start working on getting PSPLink to work, installing Savegame Deemer, and maybe get myself a brain if I have some time left.

When I initially got into writing this article, I was very eager to get going, and started by installing PSPLink and the tools that go along with it. I spend way too long trying to get everything working on Debian and in VirtualBox, since I was working with a broken website (ps2dev.com, home of the PSPSDK and psptoolchain projects, has been down for a long time [Note from wololo: this was such a great resource for all console enthusiasts out there. The internet archive has a snapshot from 2008]) and couldn’t get anything to work by compiling the projects from source.

After spending a whole week trying to get the separate tools working on Debian, I gave up and installed the Minimalist PSPSDK on Windows. That, thankfully, worked almost right out of the box, so this will be our solution of choice here. Here’s the link. The plugins needed for psplink to work are all under the “C:\pspsdk\psplink“ folder on your hard drive after installing this software.

The savegame deemer was very easy to install on the PSP, since it was just some .prx file to put in the PSP’s seplugins folder and to activate. I found a cool Wololo easter egg hunt code on the download page, which was funny, but this was otherwise done very quickly.

A quick word on getting plugins to work: you need to put the various .prx files in the “seplugins” folder of your PSP, and to add a line with their filename followed by a space and a “1” in two files called “game.txt” and “vsh.txt”.

I also installed HxD on my computer as a hexadecimal editor, but as for the brain, however, I still can’t get my hands on one. I guess we’ll just have to work without it for the time being.

The hacking:

And, finally, we arrive at the actual hacking part. This is where I will regularly do my best to follow in the scene’s footsteps, in order to explain my learning process, my hurdles, and all in all my experience with the matter at hand.

The first thing that must be done is to get our hands on a vulnerable game, which would here be the Japanese demo of Phantasy Star Portable. Surprisingly, I had a Japanese UMD of this game lying around, so I will be able to work with the full version. Remember kids, downloading ROMs of games you don’t already own is illegal, and shouldn’t be done under any circumstances.

I should also establish that some knowledge of programming is preferable to have since I will not explain any code I use here, except from the part specific to hacking. Now, let us get on with the hacking.

For starters, you need to link your PSP to your PC using a USB to Mini-USB cable. Windows will not recognize your console as a device, however, until you install a thing called the “Type B PSP drivers”. But that wouldn’t be any fun if it was easy and straightforward to do, so let’s get on with it.

Since Microsoft is very big on security when it comes to their Windows platform, installing arbitrary unsigned drivers isn’t the easiest thing to do. You need to boot into a specific mode, and then use a tool called libusb-win32 to get the job done. The easiest way to do the first part is to click “Reboot” in the start menu while holding your SHIFT key, until a special screen comes on and gives you a bunch of options. You need to navigate under “Troubleshoot”, then “Advanced options” and finally “Start-up settings”, which sometimes is hidden under the little “More options” text under the first few choices. What’s then left to do is to press the F7 key, and Windows will reboot without those pesky safety measures.

Once you have signed into your session again, you will need to use a little piece of software called libusb-win32, which will enable driver installation for any device connected to your PC. In this software, all that’s needed is to launch the file called “inf-wizard.exe” in the “bin” folder, press “next” once and select the Type-B PSP driver that shows up (you need to be anywhere on your PSP except from the USB mode, otherwise Type A will show up instead). You then need to save some files someplace of your choosing, and let the program do its job. If some warning message shows up about the unsigned driver, confirm that you know what you’re doing and go on with the process.

And now that all of this is out of the way, you should hear a satisfying Windows USB sound every time you start up your PSP while it is plugged in. If that isn’t the case, make sure you did everything right, and if nothing works, try using the RemoteJoy plugin on your PSP to force it into trying to interact via USB, and then redo the libusb-win32 stuff. If everything worked as intended, just launch “usbhostfs_pc.exe” as administrator and “pspsh.exe” as a regular user in the “C:\pspsdk\bin” folder, and if your PSP is plugged in, you should have a nice console waiting for your input in pspsh.exe.

Now it may not seem like it, but we are relatively close to being able to exploit something on our console. You see, as Wololo explains, there are sometimes things that are overlooked during game development, and buffer overflows are one of them. You see how, when you name your character in any game, you have a character limit? Well, if you somehow manage to write a longer name than the maximum allowed, the end of your name ends up somewhere in the game’s save memory that wasn’t designed for this, and that will maybe be read some other time during the game’s execution. If the game doesn’t prevent names that are too long for its own good from being read, we will then be able to write anything we want where we shouldn’t be able to write anything.

In this game, you need to create a character, and name it something recognizable. Since this is a Japanese game, most of you will not be able to read what is written, and I will guide you through the few menus we need to navigate. First, press the START button, then the O button on “new game” on the title screen. You will then be presented with a character on the right, and a few options on the left. The only one you don’t want to use is 戻る (modoru), which, as TheFloW taught us, means “To go back”. Instead, you want to choose 次の設定へ (tsugi no settei e), which means “To the next setting”. Remember, on Japanese PlayStation consoles, O is used to confirm, and X to cancel. There will eventually be a setting called “名前” (namae), which means “Name”; you need to write something that you will remember in a few minutes. For this example, I will use “wololorocks!” as a character name, and then go to the next menu by clicking the next settings button. You will need to enter another name, which needs not to be the same as the last one. I will use “あ”, which means “a”. You will need to press O a few more times until a cutscene starts playing, at which point you can shut the game down and go back to the PSP’s main menu. Your save file will be located under “PSP/SAVEPLAIN/ULJM0530900” in your PSP’s filesystem.

Once we open the larger file of the three in HxD, we notice that under “Decoded text”, the first line reads “WÿOÿLÿOÿLÿOÿRÿOÿCÿKÿSÿ.ÿ”. This, even that messed up, might remind you of something we wrote not long ago. Now, if we try and overwrite the data with some random text after where our name is written, we should be able to make the game crash upon loading the file, which is the starting point for a gamesave exploit. If we fill, say, the following 10 lines with the letter “a” under “Decoded text” in HxD and load the savefile, some interesting results could happen. Thankfully, when we start up the game and choose the “Continue” option, we see that our name changed from “wololorocks!” to “wololorocksN___________________” (that’s 20 underscores), and that we now are level 97. If we try and load the save… Well, nothing special happens, much to my disappointment.

Sadly, the game seems to only crash in the demo version of the Japanese game, so my convenient full UMD will not do the trick today. We can, however, change games in favour of Gripshift, which is an established way to get a gamesave exploit going, and isn’t written in Japanese! That, however, will be coming in the next post of this series, since I want to keep this in bite-size chunks in order not to write a three-book novel each article.

Conclusion:

We got the PSP driver and PSPLink to work nicely, and even though we didn’t get any exploit going this time, we learnt that vulnerabilities aren’t found easily, and that even the easier methods such as a gamesave crash aren’t often useful in hacking. Next time however, we will be reproducing the famous Gripshift exploit, which should be much more fulfilling, and more functional for our purpose. I hope to have you here for my next post, so until next time, farewell.

The post Hacking consoles: a learning journey (part 2) appeared first on Wololo.net.

(Previous post in this series: Hacking consoles: a learning journey, part 2)

Introduction:

Hello, and welcome to this new Learning Journey post! We have a lot of things to discuss today, so strap in for a bumpy ride.

I’d like to start off this installment by talking about all of the things that happened that won’t be included in today’s writeup. Remember when I ended my last post by saying that we would reenact the famous Gripshift exploit? Yeah, that turned out to be impossible. The expoit itself really happened, but it can’t be done again under today’s conditions. Believe me, I’ve tried. At the time, the exploit was found and used on the PSP 5.02 firmware, but on January 19, 2009, Sony released the 5.03 update, which patched it. Being on the 6.61 firmware myself, there is no way I could have possibly done it without downgrading all the way to the 3rd ever firmware available to the PSP 3000, which would have taken far longer than to find another savegame exploit.

So, I after trying to downgrade for a little bit, I quickly switched to hunting for an unpatched exploit that I could do myself. It took me a little time, but I found that Patapon 2 had one, which was historically used as an entry point for the Half-Byte Loader (HBL) by Wololo himself (I might be wrong on this one, but this is what I’ve gathered) [Note from Wololo: the release of that hack itself was an interesting story of betrayal]. So, without further ado, I am sorry for the wait, and let’s get started with hacking into the PSP.

Today’s summary:

All in all, today’s plan is to get something working using Patapon 2. Since it took me a whole week and three days to even  have enough material to get started on this post, I won’t get too greedy and will just get the simplest exploit going.

Getting started:

First of all, you need to get your hands on the game Patapon 2. During the last post we covered the setting up of the whole operation (using PSPLink, savegame deemer, and so on), so that won’t be necessary today. I will be using the exact same setup, so if you missed it, you can go and read it right now.

For those who want to follow along, you’ll need to be up-to-date with this aforementioned last post, the only difference being that we’ll be working on Patapon 2 instead of Phantasy Star Portable.

The hacking:

I’ll admit, without having to set everything up like last time, when it came to hacking (meaning, when I was done with hunting for the right thing to use), the whole thing was surprisingly easy. When you start up the game, the only thing to do is to create a new game, make your way through the unskippable first level, and save your game by hitting select in the hub area of the game. You can give yourself whatever name you want, as long as you can remember it for later.

The opening sequence is about 5 minutes long and you actually have to play it, but it’s a fun experience.

If you read my post last week, you know that it’s time to get into our hex editor and get hacking.

If you installed the Savegame Deemer plugin correctly on your PSP, you should have your decrypted save on your PSP, in the /PSP/SAVEPLAIN/UCUS98732_DATA01 folder of you memory stick. Once you’ve found it, open SDDATA.BIN in your favorite hexadecimal editor, and get ready to look for the name you’ve entered earlier.

For that, you just have to press CTRL+F, enter your character’s name in the search bar, press enter, and…

Wait, what?

Wait, what? “Can’t find `oct0`”? Well, I must have entered the wrong name, let me check…

The truth is, every game has its own way of storing information. Oftentimes, like it’s the case here, your name won’t just be saved as-is, and you’ll have to do some digging around in order to find where it was really saved. For this, you have two options: get creative, or comb the file to find what you’re looking for. I’m pretty lazy, so I started entering some random things, like a space between each letter and so on, until I found it. In a Patapon 2 save file, your name is actually saved as-is, but each character is encoded using 4 bytes when they only need 2.

That means that there is an empty space (a null byte) between each letter that you’ve entered. For this kind of scenario, you’ll have to search for the hexadecimal directly. You’ll first need to convert your plain-text name into hexadecimal (in my case, oct0 is 6F 63 74 30), and then edit it as you need. This time, we’ll have to search for 6F 00 63 00 74 00 30 00. Be careful to search for hexadecimal and not text, otherwise you won’t find it even then.

Yeah, that’s more like it.

Alright, now that we’ve found our name in the save file, the real fun can begin. We could very well fill the whole area with a single character to make it easy, but one thing I’ve though of is that we’ll need to find exactly where in the file we need to insert the technical stuff, and that won’t be possible if every byte is identical to the other ones. Hence, I can only suggest you to do as I did:  fill several lines with growing numbers.

If every byte is the same, how can we find which one is interesting?

Alright then, the next thing we need to do is fire up usbhostfs_pc and psplink as we did last time, and load our game save.

Once we’ve loaded the save, the only thing we need to do is press “R” when presented with the hub, since we need our name to be displayed on screen in order for the game to crash.

Great! And now, since we didn’t fill the whole thing with one character, we know exactly where to strike.

Great, it worked! And now, there is only one thing to do, and that is to get exploiting. But this, ladies and gentlemen, will be saved for another time, since I haven’t even gotten started on it.

Conclusion:

We finally got to an interesting result! Even if we didn’t use the gripshift exploit in itself, we are exatcly on the same path, and we will most likely be able to make some kind of breakthrough next time. Don’t hesitate to go bug me on Twitter at @theoct0 about this post, and until then, farewell.

The post Hacking consoles: a learning journey (part 3) appeared first on Wololo.net.

(Previous post in this series: Hacking consoles: a learning journey, part 3)

Introduction:

Hello and welcome to my Learning Journey! Last week, we ended up being able to crash Patapon 2 the way we wanted, using a forged player name in our save file. This might have not seemed like much at the time, but this was in fact the first step towards actually achieving something.

Now, before even starting today’s post, I’d like to fix a mistake in the last one: as an anonymous user pointed out in the comments, I messed up my bits and bytes when talking about the name in the savefile. You see, hexadecimal notation is useful because, in binary, a byte is made of 8 bits, and we can shorten that by a factor of 4 in hexadecimal. That’s to say, FF in hex is 1111 1111 in binary, and A1 will be 1010 0001. So this means that two hexadecimal digits make a byte, and four make two bytes. Hence, if each letter in the save takes up 4 hexadecimal digits instead of 2, they use 2 bytes instead of 1, not 4 instead of 2 like I said.

Today’s summary:

Well, I have something very exciting to present to you today. I managed to get one step further on our hacking path, as I managed to turn our Patapon 2 crash into something bigger. For now, I only made it so that the game exits, but that means that I virtually have control over what is executed in the game, which means that I can load whatever binary program I want now.

I am planning on dividing this in two parts, though. Today, we will be actually calling that exit function without explaining much of the assembly code behind it, and next time, I will dedicate the whole post to diving deeper into the code itself. Thanks to that, people that are here to be entertained will be able to have the simpler version here, and people willing to actually learn the subject will have a little course next time.

Getting started:

Today, we will need a few more tools than we did last time. First of all, you will need a way to do some very simple hexadecimal calculations (Windows’ calculator does that, for instance). You’ll also need the minimal PSP SDK, which we installed a while ago, as well as a code editor (I’ll be using Atom) and our trusty Hexadecimal Editor (HxD for me).

The last thing you’ll need is PRXDecrypter in order to decrypt Patapon 2’s EBOOT. You’ll need to put the content of this file in the /PSP/GAME folder of your memory stick in order for it to be an app on your console.

I will also be following Wololo’s post on writing a binary loader for the PSP, so head there in order to follow along too.

And, lastly, the file(s) I’ll be talking about here will be available on my newly created GitHub repository.

The hacking:

Well, well, well… To be completely honest with you, I don’t really know how to arrange this post. We’ll be covering a lot of things here, a lot of which will be relatively technical (especially to someone new to hacking or low-level programming), so this will be a dense post.

As I mentioned above, I am planning on only explaining the processes in this post, and to explain the actual assembly in a next one, in order to keep things interesting for anyone that isn’t interested in the technical stuff. I will still be explaining things a little though, so bear with me.

To start it all off, let’s just understand why what we achieved last time was interesting. You see, when a program is made (Patapon 2, for instance), it all becomes a complex series of instructions executed by the console’s processor. Add this and that, turn this pixel yellow, and so on… And in order to know what to do, and when to do it, there are some variables in that processor. The variable named $ra, for example, tells the program where to go next in its set of instructions (somewhere in the memory).

You can think of it as a very complex role-playing book. “If you decided to attack this person, go to page 18”, for example. Well, this 18 would have been stored in the $ra variable if it was a program running on a computer. That means that, if we can take control of this variable, we can make the program go anywhere we want, and even someplace where we wrote our very own piece of code.

What’s very interesting is that, when we wrote our thing in place of our player’s name in the Patapon 2 savefile, we actually took control of this $ra variable. The direct consequence of that is that we can now write some code in the savefile itself, redirect the processor to that code using the $ra variable we now control, and then make the game run our code. Cool, isn’t it?

You see, what’s great is that when a game interacts with its game save, the game save is (at least partially) loaded as-is in the memory. And, if you remember our thing with $ra, the memory is exactly where the processor finds what to do next. Knowing that, if we can put something for the processor to do in our game save, find the exact memory address (think page 18 from earlier) where this stuff ends up, and then point the game to it using $ra, the processor will be reading our stuff unknowingly.

Wait, what?

Eh… In short: we can write useful stuff, and then we can point the program to it in order to run the cool stuff. Did I make things clearer?

Now, understanding the whole thing is one part of it, actually being able to pull it off is another. For now, the only thing we know for sure is that we have control over $ra, The next step, after that, is to find where the savefile is loaded in the game’s memory, and from that, to find where to put our code in the savefile in order to find it in the memory afterwards.

To move in that direction, the first thing we can do is to get a reading of the game’s memory. When we have that, we’ll be able to find our savefile’s contents inside of it.

For that, we just have to fire up PSPLink, crash our game like we did last time, and once we’re there, we can write this command:

savemem 0x08800000 200000000 memdump.bin

This will create a memdump.bin file in the same folder as PSPLink, so go find it and open it up in your favourite hexadecimal editor. Since you’re there, you should also load the Patapon 2 savefile we worked on in the last post. If you take some part of the savefile and search for it in the memdump file, you should be able to find it pretty easily.

You should be able to find places that are identical pretty easily.

Are you beginning to see the plan here? If we can find parts of the savefile in the actual game’s memory, that means that whatever we in the save here will actually be found in the memory too, and that it has an address as well.

Speaking of address, you are going to want to take note of the offset your pattern begins at, because we need to know what to put in $ra in order to point the processor there. In my case, the pattern I’ve found starts at offset 0x00519720 in the memdump. Since our savemem command we did earlier told PSPLink to gather anything after address 0x08800000 in the memory, that means that we need to do a small addition in order to find the real place our pattern will be located in memory. In our case, 0x08800000 + 0x00519720 = 0x08D19720.

Now, I encourage you to take a break and look back on what we did today, since that’s already a good  amount of information. We learned that taking control of $ra in a game crash was the key to arbitrary code execution, which we are coming to, and that a big chunk of the game’s savefile was found in the game’s memory. We also found this chunk’s actual address in the memory.

Putting all this information together gives us this: we can overwrite this chunk in the savefile with whatever we want, and since we know the address of it, we can use the control that we have over $ra to point the PSP to this pattern we just overwrote, and it’ll execute whatever is in there. Does things make a little more sense?

If they do, great! We can now get to things that will make even less sense!

First of all, you’ll need to grab an ISO of your game. If you already have it, that’s one thing you don’t have to do, but if you’re playing on an UMD, you just have to switch your custom firmware’s USB option from “Memory Stick” to “UMD”. That way, you’ll have access to the ISO file that’s present on it.

When you have that on your computer somewhere, you’ll just need to open this file with your favorite archive manager (I personally use 7-ZIP) and navigate to the SYSDIR folder inside the PSP_GAME folder. Once you’re there, grab the EBOOT.BIN file and save it somewhere nice on your computer.

Your EBOOT.BIN file will most likely be encrypted, so you’ll need to create a folder named “enc” on your PSP’s memory stick, and then put the EBOOT in there. You can now fire up PRXDecrypter, tell it to decrypt the file, and then get it back in the “dec” folder of your PSP. If PRXDecrypter tells you that your file is already decrypted, then good news, you can already work on it as-is.

If you installed the Minimal PSP SDK on your computer like you should have a long time ago, you can now use a nice little thing called prxtool, which we will use to tell us what the function imports of the game are.

I’ll be honest with you, this one took me a long time to understand, and even now I’m not entirely comfortable with it. This is why no explanation will be given here, only the rough process, so if you want to learn exactly how and why we do what we are about to do, everything will be explained in the next post.

In order to manipulate the game with whatever we’re going to overwrite the pattern in the savefile with, we need to know how to call the various functions that the game uses in the first place, since we won’t have access to anything more than that. For this purpose, we can use this command:

prxtool -f EBOOT.BIN

This command will give us the list of function imports sorted by library, but they won’t be of any use until we can translate them to actual function names. That’s where the psplibdoc_660.xml file located in my GitHub repository will be useful:

prxtool -f -n psplibdoc_660.xml EBOOT.BIN

The output of this function will be the same as the one before, but with the actual names of the functions instead of something we can’t use.

Unfortunately, I can’t explain the next part without diving into assembly code, and since that’s planned for the next post in the series…

Basically, the next step is to make the thing that we put in the savefile. In other words, we craft the instructions we want the game to execute, and then put them in the savefile in place of the pattern we chose earlier. The very last step is to set $ra to the address we got earlier, and voilà! What I did was call the function that exits the game in order to see if that worked, and it did.

Conclusion:

Today was quite a heavy day, wasn’t it? We found how to control where the console was going to read the next instructions, and through a whole process of digging into the game’s data, I was able to call the function that quits the game. That might not sound that different from what we did last time, but it really is: now, instead of just crashing the game, we actually have control over how the game behaves, and that’s going to enable a lot of things to happen.

If you want to understand the technicalities of whatever happened today, tune in to part 4.5 to hear me do my best to explain something I don’t fully understand myself. Until then, farewell!

P.S.:

Today was a very, very heavy post for me. I know I’m not the best teacher, and the wall of text above certainly isn’t clear enough, so please come and ask questions, have conversations, and overall help me improve the series on my Twitter account, @theoct0. I’m improving in hacking, but I also need to better myself in teaching, explaining and a lot of stuff, so any help and tips would be much appreciated.

The post Hacking consoles: a learning journey (part 4) appeared first on Wololo.net.

The last few weeks were pretty kind to the Nintendo 3DS & PlayStation Vita and the stream of exciting news is still flowing. In this article, we’ll be looking at some promising news regarding native resolution PSP games on the Vita and Widescreen DS games on the 3DS!

PSVita: Developer ‘robots’ takes on ‘Native Resolution PSP games for the PSVita’ bounty

In the beginning of this month, Reddit User ‘EpicEpsilon1033’ decided to create a bounty for native resolution PSP games on the PSVita. This bounty, which forms part of Rinnegatamante’s recently created VitaNuova community, aims to achieve native resolution (960×544) on PSP games when run on the PSVita by making clever use of the PSP hardware inside the Vita and the console’s own graphics hardware. Following this article, many people shared the bounty online and it’s currently valued at $500 which is a huge increase from the $75 it was at a week ago!

Native resolution for all PSP games on the PSVita is a pretty awesome proposal but only time will tell if we’ll actually get it!

Now, a developer called Michal (nickname: ‘robots‘) has started working on making the bounty come to life. He said that one shouldn’t expect quick progress and went on to provide a rough timeline for his work which includes:

1. Figure out how to patch the PSP’s graphics module in order to make it redirect Texture/DrawList memory to the Vita’s shared memory rather than the GE’s memory space
2. Port PPSSPP’s GE to the PSVita – scaling won’t be included at this point
3. Add scaling capabilities to the above so that native PSVita resolution could be achieved
   • These steps are in chronological order. While they might sound simple, it’s important to keep in mind that they require a tremendous amount of work so don’t expect to see much any time soon unless he pulls a Xerpi

Going through the guy’s GitHub repository list, it seems that he’s dabbled a bit with PSVita-related development in the past but hasn’t made an awful lot of work public. That being said, only time will tell if he manages to get anywhere and we at Wololo wish him the best of luck!

Nintendo 3DS: Widescreen mode finally usable & Twilight Menu++ 9.0.4 released!

Contrary to the PSVita, the 3DS’ homebrew haydays have been over for a pretty long time but noteworthy releases still drop from time to time. One of these releases was Twilight Menu++ 9.0.0 some days ago which came with Widescreen support (lets you play DS games in Widescreen (16:10) thus filling up the 3DS’ upper screen).

Unfortunately, this feature wasn’t useable since TWL Patcher was required and that wasn’t out then. That finally changed on Sunday as Sono released his patcher which can enable Widescreen mode by following a short tutorial on a 64-Bit Windows PC. You can grab TWLPatcher from this link and follow the instructions found here to use it on your console!

Many DS games are a lot of fun but playing them in Widescreen on your 3DS makes them even better!

On the other hand, TWiLight Menu++ received an update to version 9.0.4 yesterday and this brings along:

• Support for 202 Widescreen Mode games
  • Combined with version 9.0.3, titles like Final Fantasy IV, Pokemon Platinum and Assassin’s Creed II – Discovery are now supported
• Sanity checks relating to Widescreen mode have been added which make sure that a working copy of ‘TwlBg.cxi’ is present in “sd:/luma/sysmodule” and whether it’s backed up
• Some small bug fixes having to do with file copying

To grab TWiLight Menu++ 9.0.4 and enjoy DS games in Widescreen, check out this link to grab and install it. Do note that updating via TWiLight Updater doesn’t work as of right now so you must update your binaries manually!

Conclusion

On a concluding note, you might be interested in checking out this article about a significant update to one of the best original PSVita homebrew games called Pingo. Furthermore, there’s also been some nice progress relating to RPCS3 with Demon’s Souls now being playable at 60FPS @ 4K provided you have powerful enough hardware.

The post News: Developer starts to work on native resolution PSP games on PSVita and TwiLight Menu++’s widescreen mode for the 3DS finally available with 202 compatibile DS games! appeared first on Wololo.net.

(This is an explanatory post about Hacking consoles: a learning journey, part 4)

Introduction:

Hi, and welcome to this first “bonus” entry in my Learning Journey. Last time, we were able to take control of Patapon 2 and run the game exit instruction, but I didn’t explain much of it. Well, if what you want are explanations, you’re in the right place! Today, we will be covering the exploit from the ground up, but instead of detailing how we did it, we’ll see why it worked.

Part 1, the crash:

Let’s start things off at the beginning, shall we? The very first thing we did in order to get this exploit going was to crash the game using a forged save file. But why did that work, and why did we do it? Well, one example I like to use when explaining this is that of a roleplay book.

Technically, what made the game crash is called a “buffer overflow”. This kind of problem happens when a program expects a list of elements to be a certain size, so anything written that goes beyond that size ends up somewhere unwanted.

For this example, let’s use a made-up game: The Call of Patapon.

When you open this roleplay book, you are greeted with a question: What is your name, adventurer?

The answer slot is a certain size, and you can only write so much in it, but what would happen if you wrote too much? Where would it end up?

That’s what a normal use would look like.

And that’s what it would look like if just wrote too much, like we did with the actual game.

Well, if you write too much, the book becomes unreadable, and you just can’t go on. But, if you take a closer look, you can see that our uppercase Q (in blue) just overwrote what page the reader should jump to afterwards… I wonder if we could make something out of that? If the reader is stupid enough to go to whatever page we write over “2”, then maybe we can do something out of that?

Part 2, manipulating the console:

After crashing the game and realising we actually have control over where the games goes next, we had to do something out of that. Sadly, since we can’t just modify the game’s code like that, we need to find somewhere to write our instructions. There must be a way in, right?

Well, you see, whenever a game saves data, it writes it in an external file. The thing is, the game needs to load that file again in order to read everything that’s in it. The great thing in all of that is that the save file is something we have control over, to some extent.

Granted we can decrypt the file (we used Savegame Deemer to do that) and then re-encrypt it, we can make the game load anything in its memory. Normally, it wouldn’t be an issue, since the game never goes there to read instructions, but there’s a difference: we’re now telling the game what part of its memory to execute next.

Using PSPLink in the last post, we could get a reading of the game’s memory as it was at the time of the crash. Searching through it, we found that our savegame was loaded as-is somewhere in it, which meant that whatever we could write in it would be loaded too. In order to know where to point the game, we needed to know the exact address where what we wrote would end up in the memory.

So, to sum up: since the save file goes in the memory, we need to write something in it, find its exact address, and then put that address in the right place of the initial buffer overflow.

In more technical terms, we are manipulating the $ra (Return Address) variable of the processor in order to get it to execute unsigned code, which it normally wouldn’t do. That $ra variable would be the page number, in our roleplay book example. In itself, the $ra variable is what tells the program where to read stuff when it’s done with whatever it’s doing in the moment. If we control it, we can point the execution to anywhere instead of the intended return point.

Now, you may be asking yourself: what do we write now? What can we put in the savefile that will be understood and executed by the processor?

You see, when you make a program, you have to write the code for it, and then compile it. Compiling a program is done automatically, and one of the things it does is to import functions.

In a program, functions are bits of code that will be used again, sometimes very rarely, but sometimes almost ubiquitously. One function, for example, will output whatever text you give to it (this function, in C for example, is called cout).

But writing this time and time again every time you create a program would be endless. And so would be writing it once per program and calling it every time you use it. In fact, when you write a program, you will want to import functions from various libraries (collections of useful function that you can call without having to write again).

If you want a real world counterpart, take a car. You can make a car by yourself, create four wheels, an engine, blinkers, electronics and all of this, but the easier solution would be to order the tires and engine from someone, maybe take some spare lightbulbs for the blinkers and do the electronic yourself. Well, you can think of the tire and engine shops as libraries, from which you call the tire and engine functions to include in your program. This is the concept behind function imports.

Now, the reason why I am talking about compilers and function imports is because that’s essential for us: since we can’t really do what we want because we’re still trapped inside Patapon 2, we can only use the function that this game imported when it was compiled. The PSP has much more to offer, but we’re limited to those ones. The way to know which functions are imported and where they are located is a little tool called prxtool. If we use it as-is, however, we won’t know the functions’ names exactly, but only what libraries they belong to; that’s where the xml file comes into play, since it’s the translator we need to identify specific functions.

Part 3, writing the code to run:

And now, we dive (a little) into Assembly. Last time, I ended the post by saying that I could call the function to close the game (which is not the same as a crash, since I exited properly), and I didn’t explain it then. Well, now’s the occasion!

It might be underwhelming to some, and very expected for people who know Assembly, but we are not going to write 1’s and 0’s ourselves. Assembly is more or less the lowest you can go when programming since it’s closest to the machine, but it still has a syntax, and is still very readable to us.

Assembly has got a relatively small list of possible instructions, since it’s so low-level, but we won’t need much there. Since we already have the address for a lot of functions that Patapon 2 use, we can try calling one as a proof-of-concept. The clearest one to see, and the one I chose, is called sceKernelExitGame, and is located at address 0x08A884D4 in the game’s memory. Hence, if we can tell the game to jump there, this function will be called.

Fortunately, we won’t have to do any weird hexadecimal save file editing to get the program to jump to the address, since we already have control over what is executed. We just have to use the “jal 0x08A884D4” instruction to make the game exit.

What jal does is that it tells the machine to go execute whatever is there, and when it’s done, come back to the instruction right after that jal one. Funnily enough, we’re using exactly what we exploited earlier: here, the $ra variable is where the instruction right after jal is stored.

So, when we say “jal 0x08A884D4”, what we really say is “go to that place, read some code, and come back here afterwards”. It’s just that the code itself is the game exit routine.

(I’ve been told to put “.set noat” and “.set noreorder” before my code, but I don’t know what it does. Feel free to enlighten me.)

Part 4, compiling the code, and planting it:

Great, now we have a bit of code to play with. The only issue, though, is that we need to put it in the save file. We could put it like this, but the machine wouldn’t be able to read it as code, and we’d just end up with the same crash we had before.

If we want the machine to be able to read our code, we need to compile it. Compiling is, in short, the act of translating code into machine language, in binary. The commands for that are very simple, and use tools present in the Minimalist PSP SDK:

psp-as loader.s
psp-objcopy -O binary a.out a.bin

Now, we’re left with a little file named “a.binary”. This is our machine-ready code, and if we just open it in our favourite hex editor alongside with the decrypted savefile, we can work some magic.

We need to put the contents of a.bin right in place of the pattern we chose in the save file. Be careful to overwrite what’s there, and not to insert anything before it, because we don’t want the file’s size to change, or the contents to be displaced. Whenever this is all done, what’s left is to start up Patapon 2, get our name to show up on screen as usual, and savour the fact that instead of a frozen screen, the game actually nicely closes.

Conclusion:

Well, that was hard to explain. I’m glad I got everything to work out, and if you have any question, feel free to shoot a message towards @theoct0 as always. I’d love to receive any and every criticism you might have, any tips and tricks, all in all anything you’d like to shoot my way. But for now, until the next post, farewell!

The post Hacking consoles: a learning journey (part 4.5) appeared first on Wololo.net.

To curb hacking the PSVita via the Trinity Exploit, Sony surprisingly released FW 3.71 about a month ago (or 2.5 months after the TheFlow released the Trinity Exploit chain which can be used to hack FW 3.69/3.70). As a result, the latest PSVita firmware is unhackable and for those stuck there, CBPS Team have come up with a solution letting you play PSP games called Chovy Sign. Other than that, we’ll also be looking at the efforts done by Reddit user ‘JimiHeff’ to port MorrowindUnity to the device!

Chovy Sign Public Beta released – You can play PSP ISOs (backups) on PSVita FW 3.71 if you can figure out how

As Sony decided to bundle the PSP’s GPU and CPU inside the PSVita’s motherboard, it can emulate every PSP game out there perfectly but since it can’t accept UMDs, only PSP games available on PSN are officially playable.

Chovy Sign lets you play any PSP backup on FW 3.71 but make sure to check out the linked video to use it as it comes with no instructions!

However, through hacks, you can play any PSP game you want on your PSVita provided you have an ISO and even use XMB/plugins/themes if the ePSP solution you’re using provides such features. On firmwares below FW 3.71, the best piece of software to use for PSP emulation is TheFlow’s Adrenaline which not only lets you play PSP games but also lets you run homebrew that requires 64MB RAM, do savestates and use screen filters among other things.

However, as mentioned above, FW 3.71 doesn’t have the luxury of a native hack so CBPS Team decided to release Chovy Sign (which is the first release in Project Chovy, a toolkit for PSP stuff on the Vita), to allow folks with a PSVita on FW 3.71 some PSP action! From its somewhat poorly written README and release page, all you need is the following to run any PSP game on FW 3.71:

• Any working PSP game installed from PSN, even demos such as “LocoRoco Midnight Carnival” and “Petz Saddle Club” work if you don’t want to spend a dime
  • Apparently, Chovy Sign works by exploiting the PSP bubble cloning issue which means that if you delete the base game, the “license.rif” (required for PSP games to function on the PSVita) used by clone bubbles is erased and you have to reinstall the base game again
• A good quality ISO dump of the PSP game you want to play since poor dumps may not work properly
• A Windows computer to use the tools provided below
• As there are no properly written instructions on what to do, it’s highly recommended you follow this video by Nagato which details the process in a step-by-step fashion.

To grab the binaries and check out its release page, check out this link. Main credits go to Dots_tb, SilicaAndPina and Motoharu with various individuals including Knofbath, Julio Sueiras and NanospeedGamer helping with testing.

MorrowUnity (TESUnity) being ported to the PSVita

Eventually, you might be able to enjoy Morrowind’s map on the PSVita but don’t expect the full Morrowind experience as TESUnity is a map viewer not a game engine!

While Chovy Sign is pretty exciting for those stuck on FW 3.71, those who aren’t are probably more interested in native homebrew developments for the console with the latest news being a potential port of MorrowindUnity to the Vita. News about it emerged a few hours ago on Reddit when user ‘JimiHeff’ shared a YouTube video of a partially functional port of MorrowindUnity (TES Unity) running on the PSVita which doesn’t get past the initial screen. MorrowindUnity/TESUnity isn’t an engine for Elder Scrolls: Morrowind but it’s a world viewer so with it, you’ll be able to explore Morrowind’s world but don’t expect to be able to enjoy the game in its full capacity.

From the video, it seems that the application can’t access the data folder being passed on to it and refuses to continue further with an error reading ‘The path is not valid’. Now, the scene member behind the port has promised to ask around on the VitaNuova (Rinnegatamante’s community for PSVita homebrew development and bounty creation) Discord for help which may mean that you’ll eventually be able to explore Morrowind’s world on the PSVita!

Conclusion

Obviously, it’s no use to be able to play PSP games on your PSVita without knowing what to play so if you want some recommendations, check out this article about some great PSP titles to play. On the other hand, if you’re interested in more Unity stuff on the PSVita, you should check out this Reddit thread about Unity’s Adventure Demo being ported to it.

The post PSVita News: You can now play PSP ISOs (games) on FW 3.71 with Chovy Sign and MorrowindUnity (TESUnity) being ported to the console! appeared first on Wololo.net.

Without a doubt, the thing that makes it worthwhile to hack consoles is the slew of mods/tools/homebrew available for them and almost every day, something interesting is released. In this article, we’ll be looking at the second public beta of Chovy Sign (a hack letting you play PSP backups on Vita FW 3.71), more 60FPS mods for the Switch and BStone Vita 0.3!

PSVita: Chovy Sign Public Beta 2 & BStone Vita 0.3 Released

A few days ago, CBPS Team released Chovy Sign which is a hacking tool that allows you to run any PSP backup of your choice on PSVita FW 3.71.

If you’re an unlucky soul with a PSVita on FW 3.71, you’ll be pleased to know that you can play any PSP game you want on it with Chovy Sign!

This release, which is part of Project Chovy, was pretty significant as this firmware has no native hacks available for it (i.e HENkaku) since it fully patched TheFlow’s Trinity Exploit chain. Using it isn’t too difficult provided you follow a guide (such as this one) but it requires you to have a functional Windows PC with QCMA installed so make sure you get stuff ready before loading on a bunch of PSP games on your FW 3.71 PSVita or PSTV!

Now, it has been updated to Pubic Beta 2 and this comes with the following changes:

• The binaries now work on 32-bit installations of Windows so if your only Windows PC is pretty ancient, you’re in luck!
• ISOs for Minis now show the Minis bootscreen
• Improved exception handling (i.e less crashes and a more robust application overall)

To grab Chovy Sign Public Beta 2, check out this link and grab the latest ZIP file.

On other news, the PSVita’s port of the Blake Stone: Aliens of Gold engine (BStone Vita) has received a pretty beefy update which fixes a long list of minor yet noticeable issues. If you don’t know what Blake Stone is, it’s a FPS game released in 1993 based on Wolfenstein 3D’s engine with some enhancements like interactive map elements and textured floors/ceilings.

If you’re a fan of Wolfenstein 3D then Blake Stone: Aliens Of Gold is a title you should probably check out even more so that the Vita port received an update full of fixes and extra polish!

In it, you play as a British intelligence agent that’s trying to stop Dr. Pyrus Goldfire from taking over the world using genetically-engineered aliens, humans and mutants.

The aforementioned beefy update, with version number 0.3, brings about the following:

• Functionality to choose between previous/next weapon was added and could be triggered by touching the touchscreen’s top area and hitting ‘O’ (circle button)
• Joystick sensitivity can now be adjusted in-game
• The X/O buttons now function as expected in menus and the sound volume menu got a cosmetic fix
• Some crashes and out of memory errors were fixed
• Fadein tearing no longer occurs and the game’s engine was updated to version 1.1.13 (the upstream version of BStone)
• The save format changed so previous saves aren’t compatible!

To download BStone 0.3, follow this link to download the VPK or wait till it’s uploaded to VitaDB. You need to supply your own game files to “ux0:/data/bstone” as instructed by the README

Switch News: Masagrator releases 4 more 60FPS mods for commercial Switch games

As discussed in this article, some games on the Nintendo Switch are locked to render at a framerate lower than that which the Switch can achieve either due to thermals/battery life reasons or because overclocking the Switch’s CPU is needed to achieve a constant 60FPS.

Thanks to Masagrator’s work, you can play the just-released demo of Dragon Quest XI S at 60FPS if you don’t mind overclocking your Switch to the max (Source)

Due to this, Masagrator decided to create a bunch of 60FPS mods so that people who don’t care much about thermals/battery life can enjoy games looking as best they can on their Switch. Now, he and his colleague ‘Kirby567fan‘ released 4 more mods for retail Switch games which include:

• Lost Sphear – Compatible with version 1.3.1
• I am Setsuna – Compatible with version 1.1.0
• Fe – Compatible with base game (i.e won’t work if you install any updates)
• American Fugitive – Compatible with version 1.0.5
• The demo of Dragon Quest XI S (it’s a guide on how to patch it yourself as its config files haven’t been unpacked as of now)
• For best results, make sure you follow the overclocking profiles described in the links above as all 5 games require a slight/moderate overclock to maintain a constant 60FPS

Other than the above releases, there’s also some good news for these 60FPS mods as it’s been discovered how to get 60FPS in Unity games (American Fugitive is one of them) which took masagrator a few weeks to figure out. If the games you want to play aren’t in that list, there’s still hope as masagrator promised that he’ll release more patches next Friday (30th August)!

Conclusion

The last few days also saw the release of a port of Pingo (by Grzybojad) for Windows, Linux, macOS and Android thanks to Nikita Krapivin’s GMS2 port of the game so make sure to check that out if you like cool puzzle games to kill a bit of time!

The post News: Chovy Sign (PSP backups on Vita FW 3.71) Public Beta 2 Released With 32-Bit Windows Support + Bug Fixes, 4 new 60FPS patches for the Switch and BStone Vita updated to version 0.3 with numerous fixes! appeared first on Wololo.net.

This week was pretty hectic with the release of h-encore², PSVita FW 3.72 and PS3 FW 4.85 but other stuff got released as well. In this article, we’ll be looking at some noteworthy homebrew/tools released in the last few days which includes SEN Enabler 6.2.3, StepMania for the Switch and Chovy GM!

PS3 Release: SEN Enabler 6.2.3 with FW 4.85 spoofing support

SEN Enabler is back again with support for spoofing OFW 4.85 this time!

As the PlayStation 3’s online gaming servers are still up and running, one of the first orders of business when a new firmware is out is an update to SEN Enabler. SEN Enabler is a homebrew utility for hacked PlayStation 3 consoles running a CFW that lets you spoof your firmware version, disable CFW syscalls and patch your MAC address among other things.

Following FW 4.85’s release a few days ago, SEN Enabler 6.2.3 got released and it comes with the following features:

• Ability to set the spoofed version to 4.85
• Support for Cobra 4.85 CEX
• Spoof and hash fix support for 4.85 CFW Cobra CEX

As usual, it’s important to note that using SEN Enabler will not reduce your chance of getting banned to 0% but it can drastically reduce the chances of it happening if used properly.

To grab SEN Enabler 6.2.3, check out this link and choose your preferred mirror.

Switch & PSP Releases: StepMania port for the Switch and Chovy GM for the PSP

The Nintendo Switch is no stranger to rhythm games and has quite a few official titles ranging from Just Dance 2019 to VOEZ but it also has some homebrew entries including McOsu NX (OSU! port) and now, it gained a StepMania 5.1 port!

StepMania is a pretty popular rhythm game that just found its way on the Switch! (Image Source)

As suggested by the above, StepMania is a pretty popular rhythm game that’s open-source. It’s available on a wide range of platforms including Windows, Mac, Linux, PSP and Nintendo DS and one can easily create dance patterns for MP3/OGG tracks.

Now, it’s also been ported to the Switch thanks to developer p-sam, who’s created a Super Mario War port for the console, and this port is to be run via hbmenu using hbl. Furthermore, according to natinusala (a veteran developer in the Switch scene), USB pads can also be used so you can have a more authentic rhythm gaming experience especially if you flip out your Switch’s kickstand to play in tabletop mode!

To grab StepMania for the Switch, check out this link and consult the README for an overview of the control scheme.

With Chovy GM, you can try forcing some GameMaker games on your PSP but do note that the runner is considered to be experimental (Image Source)

In other news, the PSP (and PSVita, by extension) also saw some love a few hours ago as Chovy GM got released which is a tool letting you port over GameMaker 8.1/8/7 games to the PSP by simply specifying a StandAlone Executable file and building an ISO. According to its GitHub release page, it makes use of the GameMaker Runner found in Karoshi’s PSP port which is a highly experimental build never released to the general public for standard development.

To download Chovy GM and give some old GameMaker projects a go on the PSP, download Chovy GM from this link but do keep in mind the PSP’s limited hardware and small amount of RAM!

Conclusion

While the last few days saw quite a few homebrew releases, interesting stuff was also going on in the emulation scene as the unreleased GameBoy Printer Color got reverse engineered, 3 Japan-only rare Famicom games by Konami were dumped and RetroArch 1.7.8 was released with some cool features like the RetroArch AI service which includes text-to-speech functionality for on-screen text and the ability to translate on-screen text to another language (Japanese to English for example) using online/local services.

The post PS3/Switch/PSP News: SEN Enabler 6.2.3 released with FW 4.85 spoofing, StepMania ported to the Switch and Chovy-GM is out letting you run GameMaker 8.1 games on the PSP appeared first on Wololo.net.

Quiet days in the emulation scene are far and few between and today was no exception as two significant things dropped just a few hours ago. In this article, we’ll be looking at the release of PPSSPP 1.9 and the advent of full speed PS1 emulation on the New 3DS!

PPSSPP 1.9 Released: Numerous accuracy/bug fixes, Vulkan optimisations and the end of Windows XP Support

As its name suggests, PPSSPP is an emulator for the PlayStation Portable and the go-to emulator at that. This emulator, whose original author is Henrik Rydgård, does not only emulate games pretty accurately with good performance but is also available on a wide variety of platforms including iOS, Android, Windows, Linux, macOS and the Switch among others.

PPSSPP is a very capable PSP emulator that’s able to make games look much better thanks to shaders like FXAA and resolution upscaling to resolution like 1080p and 4K!

Furthermore, it also boasts an impressive arsenal of features including save state support, a homebrew downloader, translations in tens of languages and the ability to render games at higher resolutions among others.

Now, PPSSPP 1.9 has been released which comes with:

• Various game issues have been fixed including:
  • Flickering issues in GoW games that occurred with newer Mali GPU drivers
  • The Tekken 6 leg shaking problem
  • Disappearing officers in Warriors Orochi and issues in Tomb Raider on ARM64 devices
  • Hanging in Bleach and Armoured Core games
  • Audio glitches in FF Tactics
  • The camera display in Invizimals
  • Strange vehicle behaviour in MGS:PW
  • Audio in Motorstorm: Arctic Edge
• Performance of GoW on Vulkan has been improved and Vulkan is now default on Android phone running Android 9.0 (Pie) or above along some optimisations to this rendering backend
• The homebrew store and UWP build received numerous fixes
• Hotkeys for dumping and replacing textures have been added
• Right analogue stick support for touch controls
• Mouse control on Windows has been improved
• Windows XP support has been dropped
• Numerous other minor fixes and improvements which can be found in the change log below

To grab PPSSPP 1.9, check out this link and select the download for the platform of your choice; for viewing its change log, go here.

PS1 emulation on the New 3DS is now running at full speed thanks to recent developments!

While the Nintendo 3DS isn’t a powerhouse by any definition of the word, it can still output some pretty decent graphics and do some pretty impressive things especially in regards to emulation. Now, its emulation capabilities have been expanded even further thanks to the folks at libretro provided your device is a New 3DS/2DS (XL) model.

The New Nintendo 3DS didn’t get many exclusive titles but the homebrew community used its improved capabilities to deliver good performance in PS1 and Commodore 64 titles (Vice3DS) – Image from linked blog post

According to a blog post on the libretro blog by Justin Weiss, some recent developments relating to PS1 emulation on the 3DS have pushed numerous original PlayStation games to playable territory on New 3DS/2DS consoles and these include:

• PCSX4ALL’s Unai renderer is now used in the 3DS builds of PCSX ReARMed which provides boosts of 10-20FPS over the previous P.E.Op.S. renderer that was being used
  • This change comes at the cost of some accuracy but an enjoyable game is probably better than a more accurately rendered one!
• Support for the CHD format in the 3DS port which is a compression format best suited for disc images.
  • This format reduces the file size of games and also improves their loading times. Framerate dips during FMVs and loading zones also get reduced

Furthermore, full speed cores (dynarec-enabled ones) can be launched from the homebrew menu through ‘3dsx’ files negating the need to litter your 3DS Menu with cores installed from CIA files to get the best experience.

To make use of the improvements mentioned above and play many PS1 games on your New 2/3DS console, follow this link to grab the latest Nightly builds. The next official release of RetroArch will implement the aforementioned improvements.

Conclusion

For more stuff relating to emulation, you may be interested in the release of MAME 0.214 which took place a few hours ago, a recently published blog post about Beetle PSX’s WIP dynarec and a video by ‘byuu’ (bsnes’ creator) explaining how HD Mode 7 works.

The post Emulation News: PPSSPP 1.9 released with numerous fixes & drops Win XP support; PS1 emulation on New 3DS consoles now runs at full speed for most games thanks to new renderer! appeared first on Wololo.net.

(Previous post in this series: Hacking consoles: a learning journey, part 4)

Introduction:

Well, how do I put it…

Simply, I failed. When I started this series, I envisioned it as a weekly thing, but I knew very well that there would be some hardships I wouldn’t be able to overcome in a week. I don’t like to admit it, but I failed.

I know that failure is a part of the learning process, but it’s always hard to swallow, isn’t it? I knew I wasn’t good at coding in C or MIPS from the get-go, but I didn’t think it would become such an issue so early on in this journey.

I’d like to apologise for writing this over a month after it should have been published. The worst part is, I don’t even have anything interesting to write now! If only I could have gotten something to work, it would have been a glorious way to explain my late post, but no.

Today’s summary:

Today’s post will be a short one, sadly. I can only spend so much time explaining why I couldn’t get anything to work before the whole thing becomes boring.

The (hacking) failure:

The plan for today was to finalise a binary loader for the Patapon exploit, and to write something to actually load with it. As you might have read in my last post, I could get something to work from the crash we’d gotten, but I couldn’t go any further.

If you remember, the end result of last time’s post was that we could run the game’s exit instruction to get it to stop cleanly. That was quite an achievement for me, because I could finally control the game! So, I tried to write something that could load a file instead. After all, we can only write so much in the save file itself before we run out of space, so the next logical step would be to write a loader for a much bigger file that we’d have written separately

So, I did that. I followed various guides, writeups and explanatory posts to get there, but nothing did the trick. After trying to find out what the problem was, I got to a disheartening final conclusion… I’m the issue here. My lack of knowledge, expertise and experience in low-level programming finally bit me in the rear.

Now, I know you don’t know me personally, but I can tell you something about my way of thinking: I hate giving up. I hate admitting defeat, and even worse than that, I hate failing at something I started myself.

On the flip side, however, I try to learn from my mistakes instead of crying over them. I’m giving up on the binary loader now, but I’ll keep on pushing. And, when I’m ready, I’ll come back to it, and I’ll just achieve it bigger and better than I could have hoped to do it today. Here’s to a brighter future in hacking!

Conclusion:

I’m done with the PSP for now, but I’ll come back. With this series going on, I can’t afford to get stuck on something for too long. Plus, I haven’t really been interested in PSP hacking in my life, so maybe I just needed a subject with a better incentive to get started?

The next stop on this journey will be the PS Vita 3.60 exploit. It really does mean something to me, but I’ll be explaining that in the next post, so stay tuned! I promise that you’ll have this next post in a week. I’ll do my best to keep this interesting and on schedule!

I’m very sorry to drop such a short post so late, but I needed time not only to realise that I couldn’t overcome this hurdle right now, and to accept my defeat. I promise that, next time, you’ll have a report on what I tried and why it failed instead of a post complaining about how I couldn’t get it to work. Remember, I’m not just learning to hack, I’m also learning to manage and write this series as I’m going. Thank you very much for reading this entry, and until next time, farewell!

The post Hacking consoles: a learning journey (part 5) appeared first on Wololo.net.

Lately, things in the PlayStation Vita homebrew scene have been picking up again and this time, even the PSP got something! In this article, we’ll be looking at a Diablo I port for the Vita and an update to DaedalusX64 which is the only way to play N64 games on the device.

Diablo I ported to the Vita with DevilutionX

As many of us know, the PSVita didn’t get an entry in many major game series and the Diablo series is one of these. Up till now, the only way to play a Diablo game on the console was by emulating the PlayStation 1 port via Adrenaline but that’s just changed thanks to the work of developer ‘gokuhs‘ and his port of DevilutionX

Diablo I can now be played natively on the PSVita provided you can live with kinda awkward controls (Image Source)

DevilutionX is a open-source port of the Diablo I game engine that supports a wide variety of platforms including Windows, Linux, macOS and the Switch while also having some added features of its own such as upscaling and modding support.

The PSVita port is still in beta stage and from user reports on Reddit + its changelog, it’s at the current state:

• Overall, performance is pretty decent with the game hovering around the 40FPS mark in the city and the 20FPS mark in dungeons
• Controlling the game is a tad awkward because it uses the rear touchpad and most buttons are unassigned
  • Hopefully, gokuhs can take some cues in the controls department from Diablo NX which is a DevilutionX port for the Switch by MVG
•  There are a few minor issues such as tapping on the rear touchpad not working all the time and the mouse in menus being mapped incorrectly

To play some Diablo I natively on your PSVita, check out this link to grab DevilutionX’s VPK; viewing the README is also important to get the game running. You must provide Diablo I’s game files [diabdat.mpq] in ux0:/data/DVLX00001/data so you must own the game to play it legally; it can be bought for a few bucks off GOG (not affiliated).

DaedalusX64 1.1.8 released with performance improvements

Despite the Nintendo 64 being released in 1996, emulating it on lower-powered devices is still pretty difficult and the PSVita has no native emulator for it so DaedalusX64 is the only option to play some N64 games on the device!

Other than the Diablo I port, the PSVita and PSP have received an update to their only Nintendo 64 emulator which is DaedalusX64.

This emulator has been around for a pretty long time and it only exists because the PSP shares the same architecture as the Nintendo 64 (MIPS) and some developers had a tad too much on their hands. Up till mid-2018, the latest release was r1909 and it was thought that it would be the final version of the emulator but then z2442, with the help of others including TheMrIron2, decided to keep on updating and improving the emulator releasing multiple updated versions as a result.

Now, version 1.1.8 has been released and this brings along:

• Updates to the Asynchronous Audio function so that it now uses the PSP’s Media Engine to provide a more stable experience
• Performance improvements through a new speed hack and updates to the PSP’s Media Engine PRX
• Working PSVita detection
• The code now conforms to the C++ 11 standard
• Many other changes accumulated over the last 7 months which can be viewed in the commit history

To get DaedalusX64 1.1.8, check out this link

Conclusion

For more PSVita stuff, you might be interested in the release of mGBA 0.8 beta 1 which brings about many new features and a recent tutorial on how to get RetroArch running and looking nice on the console. This recently initiated bounty for HW context support to the GL1 driver in RetroArch might also be of note for owners of the 3DS, PSP and PSVita who frequently emulate stuff. Finally, somebody on r/vitahacks seems to have dug a post by Exophase (DraStic’s creator) stating that DraStic will become open-source in 2020 so the implications of that will be pretty interesting from a DS emulation on PSVita point of view!

The post PSVita News: Diablo I port making use of DevilutionX released and DaedalusX64 1.1.8 (N64 emulator) is out with performance improvements appeared first on Wololo.net.

Scottish developer Davee, known for his 5.03 ChickHEN and 6.xx Chronoswitch Downgrader, has teased an update for his Infinity software (initially released in February 2016).

The update adds support for the PSP E1000, fixes some older issues and provides various other improvements.

The PSP E1000, also known as PSP Street, was previously the only unsupported device, due to the older versions of Infinity depending on a flaw in firmware 6.31.

This limitation has been lifted in Infinity 2.0, due to Davee using kirk keys for Infinity 2.0, which makes it not depend on firmware 6.31’s flaw anymore, unlike the older versions of Infinity.

This change also improves Infinity’s stability and success rate, especially since flashing a hybrid 6.31/6.6x firmware is not necessary anymore, which in very very rare cases could lead to bricked devices.

Infinity 2:
6.60 support
6.61 support
PSP "E1000" street support
PSPgo pause/restore game fix
Theming fixes
Simpler and more risk free installation
Open source
10 years since ChickHEN

— Davee (@DaveeFTW) 29th October 2019

Davee also fixed some of the issues that the older versions of Infinity used to have, such as some PSPgo pause feature and XMB theme bugs. Infinity 2.0 will require PSP firmwares 6.60 or 6.61.

Additionally, since Infinity is not really its own custom firmware (more about it in our older Infinity article), you will be able to keep using your favourite custom firmware (either 6.6x ME/LME or 6.6x PRO), while Infinity 2.0 will do all the hard work under the hood to make the custom firmware permanent.

Neither the ME/LME, nor the PRO CFW will need to be updated to support Infinity 2.0; their most recent versions (6.6x ME/LME-2.3 and 6.6x PRO-C2) will work out of the box, but they will have to be reinstalled upon finishing the Infinity 2.0 installation.

Davee aims to release Infinity 2.0 within the next 2 weeks, which will finally conclude the permanent custom firmware chapter for the Playstation Portables. Truly the end of an era.

Source via Twitter.

The post Davee teases Infinity 2.0 – Adds PSP E1000 support, provides bug fixes and other improvements! appeared first on Wololo.net.

Well known developer Davee has finally released the long awaited update to Project Infinity, which provides various improvements, finally offers PSP E1000 support and fixes previous bugs.

But what does Infinity 2.0 actually improve, if compared to the older versions of Infinity? And how to install it?

Project Infinity 2.0:

First and foremost Infinity 2.0 finally supports the PSP E1000 (also known as PSP Street), which was previously unsupported due to technical reasons.

This makes Infinity 2.0 compatible with all PSP devices that exist, regardless of them being old or new. As long as it runs system software 6.60 or 6.61, it will be able to use Infinity 2.0!

Next, Infinity 2.0 does not flash a so called ‘hybrid firmware’ anymore, which makes the flashing process a lot faster, more secure and infinitely less likely to cause a brick.

Infinity 2.0 works similarly to the old 6.20 permanent patch, which means that only one flash file will be altered and Infinity 2.0 will be injected into the PSP’s boot chain.

Additionally, Infinity 2.0 also fixes a few issues that occured when using the older versions of Infinity v1.x, such as XMB theming issues and problems related to the PSPgo’s pause feature (the “unlock extra memory” option in the recovery menu needs to be disabled!).

Infinity 2.0 will also be open source, so if you’re interested in taking a look ‘under the hood’, you’ll be able to take a closer look at it.

Requirements & Necessary Files:

Infinity 2.0 requires your PSP to be running any variation of system software 6.60 or 6.61, regardless of these firmwares being official or custom firmware, except for older versions of Infinity.

If your PSP is running a system software that is older than 6.60 or 6.61, then you will have to update your PSP to firmware 6.60 or 6.61 before you’ll be able to install Infinity 2.0.

If your PSP is running an older version of Infinity, such as Infinity v1.0, then you will have to use the Chronoswitch Downgrader v7 to uninstall it and revert your device back to a clean system software 6.60 or 6.61.

Depending on your device, you will either have to download the regular firmware 6.61 (PSP X000 updater, for most PSPs), or the firmware 6.61 for the PSPgo.

All PSPs that have an UMD drive (1000, 2000, 3000, E1000) share one updater file, while the PSPgo has its very own updater.

You will also need the 6.61 custom firmware files for the CFW of your choice: Either 6.61 LME-2.3 or 6.61 PRO-C2. You should not use the ME CFW or PRO’s cIPL flasher, if you intend to use Infinity 2.0; stick to the LME CFW or PRO CFW without cIPL!

The remaining files you will need are provided by Davee himself. You will need the Infinity 2.0 installer and you might need the Chronoswitch Downgrader v7, if you’re currently running an older version of Infinity.

Updating your system software to 6.60 or 6.61 also requires the PSP’s battery to be charged. At least 50% are required for the firmware updaters to function!

Which file goes where?:

Depending on your PSP currently running an older version of Infinity or just running a regular 6.60/6.61 firmware, the steps you will have to follow differ slightly.

If you’re running a temporary 6.60/6.61 CFW, then you can simply install Infinity 2.0 directly and that’s it! Otherwise you might want to continue reading:

In the following I am going to explain how to install a clean firmware 6.61, which updates the PSP from whatever firmware it currently runs to Sony’s version of the system software 6.61.

These instructions can be used to uninstall an older version of Infinity, to update your PSP from a lower (custom) firmware to version 6.61 or to simply launch with a fresh & clean firmware.

You will have to copy the firmware 6.61’s PSP folder into the root of your PSP’s memory stick and you will have to copy the Chronoswitch folder into the /PSP/GAME/ directory of your PSP’s memory stick.

Additionally you will have to either copy the LME’s or the PRO’s PSP folder into the root of your PSP’s memory stick, which will then copy the respective CFW’s files onto your PSP.

If you did everything properly, your PSP’s memory stick should look like this:

/PSP/GAME/UPDATE/ – This directory contains an EBOOT.PBP file, which is the firmware 6.61 updater.
/PSP/GAME/CHRONOSWITCH/ – This directory contains an EBOOT.PBP file, which is the chronoswitch downgrader.

Either: /PSP/GAME/661lme_installer/ & /PSP/GAME/661lme_launcher/ – These directories contain an EBOOT.PBP file each, which are the LME CFW’s installer & launcher files.
Or: /PSP/GAME/661PROUPDATE/ & /PSP/GAME/661FastRecovery/ – These directories contain an EBOOT.PBP file each, which are the PRO CFW’s installer & launcher files.

Installing firmware 6.61 (OFW/CFW):

Assuming every file is where it should be and the PSP’s battery is sufficiently charged, we can simply use our PSP and look for the Chronoswitch Downgrader program, which we are going to launch.

Just follow the on-screen instructions and the downgrader will automatically launch the 6.61 firmware updater, which will then install a clean firmware 6.61 for you.

This updates the PSP to firmware 6.61 and uninstalls all previously installed custom firmwares and older versions of Infinity. Don’t worry, we intend to do this!

Next, the PSP will reboot and you can simply launch the respective custom firmware’s installer program (either LME or PRO installer).

Follow the on-screen instructions for installing the CFW and then your PSP will reboot once again.

Next, launch the respective CFW’s launcher program (either LME launcher or PRO fast recovery).

This will boot your PSP into the LME or PRO custom firmware, which we will use to finally install Infinity 2.0!

Installing Infinity 2.0:

Since Infinity 2.0 requires the same folder that the 6.61 firmware update occupies, we will have to connect our PSP once again with our PC and navigate into the /PSP/GAME/ directory and delete the “UPDATE” folder.

Next, we will open the Infinity 2.0 archive and select the required file for our device (use the PSPgo file for a PSPgo, use the standard/X000 file for any other PSP).

Simple copy the required EBOOT.PBP file to your PSP’s /PSP/GAME/UPDATE/ directory and override the previous file. You should end up with the same folder structure as before, except that this time the /PSP/GAME/UPDATE/ directory contains Infinity 2.0’s EBOOT.PBP file instead of the regular firmware 6.61 updater.

If this was done correctly, the PSP should now show an Infinity 2 program alongside the other things we’ve previously copied onto our PSP, go ahead and launch it.

Just follow the on-screen instructions and install Infinity 2.0. This shouldn’t take longer than a few seconds. Press X to reboot.

Next, the PSP reboots and we will have to launch the Infinity 2.0 program once again, to select a CFW which Infinity is going to auto-launch upon reboot/shutdown.

Within the Infinity 2.0 program you will now be able to press LEFT to select your custom firmware (either PRO or [L]ME). Choose the one you’ve previously installed!

After this is done, a little asterisk should appear next to the custom firmware’s name. This means the CFW is now permanent (this can be tested by fully rebooting the PSP)!

Final Words:

The long awaited update to Infinity finally brings the best possible custom firmware experience to every PSP owner!

Gone are the days of “hackable” versus “unhackable” PSPs, the good old Half Byte Loader & exploit games, and the permanent patch only being available for certain devices.

Davee brought the permanent patch to the latest official system software, compatible with the latest versions of the two best PSP custom firmwares ever created and of course to all the different PSP models that are available.

We at Wololo’s would like to thank all of you for all the great years in the PSP hacking scene, and we also would like to thank Davee for all the things he has provided for the scene, ChickHEN, Infinity and all his other creations.

And with this Infinity 2.0 concludes the permanent CFW chapter for the Playstation Portables. It is truly the end of an epic era.

Source via Twitter.

The post Release: Infinity 2.0 – Enables Permanent 6.6x Custom Firmware for all PSPs! appeared first on Wololo.net.

With the usual sources of news being fairly silent today, we’ll be taking a look at some PSP homebrew releases that happened over the last few months. In this article, we’ll be looking at the just-released CMFileManager PSP 3.20, a port of ‘Legend Of Sword And Fairy’, the release of S.T.A.L.K.E.R Portable and an update to CSPSP.

Homebrew Updates: CMFileManager PSP 3.20 and CSPSP 1.94

First off, we have an update to CMFileManager PSP which is a homebrew utility by Joel16 still getting updates every couple of months.

If you’re still using a PSP, then CMFileManager PSP is probably the best homebrew to use for any sort of file management!

As its name suggests, it’s a file manager themed around CyanogenMod (Lineage OS today) giving a similar appearance to other homebrew utilities by the same developer such as NX-Shell and 3DShell. Among its many features, we find basic file management operations, an image viewer, an audio player and  an FTP server together with various others such as an EBOOT loader and Dark Mode.

Yesterday, version 3.20 of CMFileManager PSP was released and this includes:

• An improved EBOOT launcher menu which lets you dump ICON0 and PIC0 data
• A change to the configuration system as it now uses JSON parsing with a ‘config.json’ file
• An access toggle has been added to guard dangerous partitions such as flash0-flash3 and disc0
• The drivers (audio_driver.prx/display_driver.prx) that come bundled with the utility have been cleaned up
• Some minor fixes and under-the-hood changes which improve performance and code consistency

To grab CMFileManager PSP 3.20 and install it on your PSP, you may download it from this link. From my testing, CMFileManager PSP 3.20 doesn’t work on Adrenaline 6.9 (PSVita)!

Moving on to another homebrew update, we have CSPSP 1.94 which was released this July and is the oldest item in this article.

Even though it’s old, CSPSP still has some dedicated fans which update it from time to time so that Singleplayer Mode becomes more fun!

CSPSP, or Counter Strike PSP, is a Counter Strike Remake that’s been around for many years and has seen sporadic development in the last few years by some dedicated fans. This continued development has seen the addition of PSVita support, 3DS cross-play and numerous changes/improvements.

The most recent update, by MasterMen, is numbered 1.94 (with 1.93 being released shortly before it) and it brings along:

• Changes to many weapon textures including the MP4, M4A1 and Knife
• Together with version 1.93, 4 new maps
• A button to reset settings in Singleplayer
• The ability to change the amount of bots present in the map (1.93)
• Addition of some new soundtracks
• Some bug fixes and minor improvements to further improve the game for those who want to keep on playing it in Singleplayer Mode

To read more about CSPSP 1.94 and download it for your console, follow this link to its Wololo /talk thread.

Homebrew Releases: Legend Of the Sword And Fairy Port and S.T.A.L.K.E.R Portable

Legend Of The Sword And Fairy receives yet another port for the PSP!

Moving onto fully-fledged releases, we first have a port of ‘Legend Of The Sword And Fairy’ by OPL3ChipFan. Like the PSVita homebrew port by usineur, it makes use of SDLPAL and it was released this July with the most recent update made public on November 1st. This title, which has an English translation, was already ported to the PSP in 2010 but this port uses the improved SDLPAL 2.0 engine which provides a better experience. When it comes to the plot, this well-received game revolves around Li Xiaoyao who’s looking for a cure for his sick aunt and ends up falling in love with a maiden along the way.

To grab this improved Legend Of The Sword And Fairy port for your PSP, follow this link. The port is also compatible with the PSVita but you should probably use the native port linked above for that.

Last but not least, the last few months have also seen a small group of Russian developers passionate about the PSP remake S.T.A.L.K.E.R for the console.

Ever since its release, the PSP has always been a platform that developers like pushing the boundaries of and S.T.A.L.K.E.R Portable certainly fits the bill! (image from GBATemp Thread)

This group, who goes by the name QTeam, is using a highly modified version of the Quake engine together with Half Life 1 conversions of S.T.A.L.K.E.R models in order to create S.T.A.L.K.E.R Portable. As of right now, the game is at the following stage:

• It includes detailed environments and models with maps that are being recreated in lowpoly mode
  • Currently, the team is working on map optimisations to make the game run better on real PSP hardware
• You can interact with NPCs
• It has a working inventory system and map
• Performance on the PSP won’t win any awards but numerous optimisations to the underlying ADQuake engine have been made to make the game playable
• Working Ambient music
• Working Medkits
• The ability to drive cars and do much more
• The last development update was early this month signalling that development is still on-going

To read about this ambitious project and download the Alpha build, check out its page on ModDB. Its thread on GBATemp is also worth reading since it includes many videos and information not on the ModDB page. Unfortunately, the game doesn’t seem to work on Adrenaline (PSVita)

Conculsion

Moving to the present-day, Stadia’s launch lineup has been increased by 10 titles, including high-profile title Metro Exodus, ahead of its launch tomorrow. To read more about Google Stadia and decide whether or not it’ll change your way of playing games, check out this article published in March.

The post Recent(ish) PSP Releases: CMFileManager PSP 3.20, Legend Of The Sword And Fairy Port, S.T.A.L.K.E.R Portable and CSPSP 1.94 appeared first on Wololo.net.