后使用快捷导航没有帐号?
查看: 41703|回复: 331
新人欢迎积分2 阅读权限90积分9789精华6UID5027587帖子金钱22605 威望11
消失了的人
UID5027587帖子威望11 多玩草816 草信仰力0
使用有风险,同志需谨慎!
“Chronoswitch” Downgrader 5.0. Advanced 09g Support!
Chronoswitch这个词不知道该翻译成什么好,就叫他时间机器吧... 降级工具5.0版本。增加09g的支持。
(之所以这样讲,是因为D***EE的原本降级工具就是为了降级到6.20版本,而后来其他人在那基础上才增加了6.35降级的功能,原版是不支持09g的)
As an ongoing project, me and some1 have been enhancing this downgrader from birth on the 6.31/6.35 firmwares. This multi-firmware downgrader allows you to install a lower (or higher) firmware without any fuss. No complex flash0 sharing, just running the firmware update.
However, there comes restriction with PSP models and compatible firmware. For example, a PSPgo cannot run 1.50 as there are no drivers for the system and the IPL format is incompatible. Much like this, the PSP 3000 09g is unable to install firmwares & 6.30 which removes it's ability to appreciate the flexibility of permanent custom firmware.
作为一个正在进行中的项目,我(D***EE)和some1已经将此降级工具在原有的6.31/6.35固件的版本的基础上进行了优化。这个多系统版本的降级工具允许你没有任何麻烦地***一个低版本(或者高版本)的固件。没有复杂的F0问题,仅仅需要运行固件升级程序。然而,主板型号和固件之间是有限制的。比如,一台PSPgo是不能运行1.50系统的,因为它(1.50系统)没有这个机型对应的驱动,此外IPL的格式也是不兼容的。同理,09g的PSP3000是不能***小于6.30的固件的,它(高于6.30的固件)已经移除了***固化自制固件的功能(或者讲,***固化补丁利用到的相关漏洞已经被修正了)。
This is no longer the case.
但是,现在已经不是那样了。(这话说的,让人泪牛满面啊!)
It started off with rumours of 09g systems being “converted” to 04g systems with some sort of Sony equipment. I explored the firmware comparing 04g and 09g and there is little difference between the modules, so I looked into what makes a 04g and 09g different. I got various testers (named below) to give me information on their IDStorage and internal system data (baryon/tachyon). From this I can conclude that the only (effective) difference between a 04g and 09g is:
早有传闻说利用SONY的设备可以将09g的系统转换成04g的。我(D***EE)仔细比较了04g和09g,发现两个型号之间的区别很小,于是我研究了是什么造成04g和09g直接的差异的。我得到了测试者(名字列在后面)给我的他们的IDStorage和内部系统数据 (baryon/tachyon)的信息。由此我得出这样的结论,04g和09g之间(起作用的)差异只有:
Idstorage Certificates& &Idstorage ***
Baryon Version& &Baryon版本
名词解释:
Idstorage:
IDStorage is located after the IPL on the nand at 0xC0000, and is used to store low-level information on the PSP, such as the serial, MAC address, UMD, WLAN and region.
IDStorage 位于NAND的IPL中0xC0000后,用来储存PSP底层信息,如序列号、MAC地址、无线局域网、UMD和地区。
Baryon:PSP的Syscon(系统控制) 芯片
Nothing more.
没有其他的了。
下面开始介绍整个研究过程,我就不翻译了,今天好累啊!
Now, it was time to see what it did with these values. I looked up the Idstorage certificates, it’s used in Chkreg and used internally to generate a model number. I found out that 6.20 and 6.39 sets the model of 09g to 04g, lovely.
The big game was the value that is returned from sceKernelGetModel(). Where is this taken from? Well, rooting back from the IPL, there is some code used to determine the model. This code used some strange code which turned out to be syscon code to obtain the Baryon version! The model number is determined from the Baryon.
Here is a little explanation of the Baryon version. When shifted 16 bits to the left, the least significant byte is the data used to determine a model number. the most significant nybble contains the SKU (PHAT, SLIM/3000, GO) and the lower specifies the model of that SKU. However, it got me thinking… Sony don’t know how many revision they will produce in the future. Checking 6.39 firmware, Sony does this: [0x2C -& 0x2E] = 04g, [0x2E -& 0x30] = 09g. Rightfully so, the Baryon version from the 04g’s I had was 0x2C and the 09g had 0x2E. Then i though, if they didn’t know the future, then what does 6.20 IPL do? After analysing I found this: [0x2C -& 0x30] = 04g.
So, if for some reason you find your 09g on 6.20, the IPL is gonna think it is a 04g. Ok, we can work with that, Chkreg sets the certificate based model to 04g and the IPL sets Baryon based model to 04g. Now, lets get some 04g firmware in there!
After a bit of thought, I was sitting at the Downgrader source thinking “how can I install 6.20 on a 09g”. Obviously, run the update and spoof the model. However, changing sceKernelGetModel() did nothing. The model must be determined by some other way. So, 123 and I find Baryon code, yay. Once again, the 6.20 updater has the 09g Baryon as a 04g so if it could run on it’s own, it will flash 04g modules. But why did it error?
IDXFFFFFFFF. That’s the error, it’s to do with error opening INDEX.dat. Wait, a second, why is this happening? Oh wait, it thinks it’s a 04g, so it’s looking for index_04g.dat, doh!
Now, we got a new error. This is weird, it originates from a module called “sceChkuppkg”. Heh, cool. After a brief look at the internals a wild idstorage certificate check appeared. It checked a PSAR block against a list of data composing a PSCode. Easy fix, now the 6.20 could run. Once it had run, it rebooted.
Then it bricked.
Yes i fucked up. By only hooking the usermode version of “sceChkuppkg” caused the updater to validate the blocks until it started to do something important… like read the rest of the firmware after wiping flash clean. Everybody, thank “Gamefreeak100″ for the first brave and bold steps into a 09g permanent patch world, he sacrificed his PSP for it.
A lot of reading later, I identified the problem, fixed it and handed it to another brave tester. This time, it worked! 09g was running firmware 6.20 and for the last 12-ish hours it has been running fine. It retains the ability to update to &= 6.30 and seems very stable!
A word of advice though, this is still experimental. The idstorage certificates do NOT belong to a 04g PSP and upgrading and downgrading from &= 6.20 to another &= 6.20 will NOT WORK. It is possible to resign the idstorage with a compatible 04g donor so this is possible, but the effects are unknown.
This would not be possible without the combined efforts of:
没有以下人的共同努力下,这一切将不复存在:
some1Gamefreeak100Chris10LynsnailfaceXxGodOfWar2xXmintponso21RyoneROE-UR-BOATdiggory
原文详见:
下载见附件
版本5特性:增加09g主板降级到6.20支持
使用方法:将压缩包内PSP文件夹复制并覆盖记忆棒内同名文件夹。将SONY官方升级包放到PSP/GAME/UPDATE/EBOOT.PBP。
& && && && && && &运行降级程序,开始降级。
使用有风险,同志需谨慎!
[ 本帖最后由 sam.wang 于
23:52 编辑 ]
22:51:17 上传
下载次数: 758
(左键点击下载)
635.63 KB, 阅读权限: 40, 下载次数: 758
总评分:&金钱 + 200&
欲处理以下(最好请打包带走,价格自己说,合适就出):
PSP1000日版黑色无拆电池坏方向按键稍许不灵
PSP2000v2换壳主板无修按键正常有电池
PSP3000主板小破损无修无病按键正常有电池
充电器*1,2G原装卡*2,8G组卡*2,8G雷克沙*1,USB充电线*2,USB线*1
有兴趣PM我
新人欢迎积分5 阅读权限255积分61220精华5UID158825帖子金钱184655 威望13
从不挨打,只打人~
UID158825帖子威望13 多玩草3499 草信仰力0
09G主板的童鞋最好先观望一下~
新人欢迎积分1 阅读权限90积分8258精华2UID2629164帖子金钱13710 威望10
UID2629164帖子威望10 多玩草944 草信仰力0
沙发没了……
这个支持下,破解史上的又一件大事……
新人欢迎积分1 阅读权限60积分2941精华0UID帖子金钱8682 威望1
百合即世界。
Lv.6, 积分 2941, 距离下一级还需 2059 积分
UID帖子威望1 多玩草60 草信仰力0
支持!V3属于哪类主板?-_-!
新人欢迎积分1 阅读权限99积分41421精华4UID帖子金钱214526 威望65
论坛好友加?,勿?。
Lv.10, 积分 41421, 距离下一级还需 13579 积分
UID帖子威望65 多玩草9148 草信仰力0
新人欢迎积分1 阅读权限80积分11739精华3UID5464654帖子金钱137204 威望3
TAKAJO AKI
Lv.8, 积分 11739, 距离下一级还需 8261 积分
UID5464654帖子威望3 多玩草443 草信仰力0
回复 4# 的帖子
还是让1K和2KV2实验下可行性,毕竟有风险
夏日づ乌贼
新人欢迎积分1 阅读权限80积分10833精华1UID3717862帖子金钱5266 威望10
〓the road only one〓
Lv.8, 积分 10833, 距离下一级还需 9167 积分
UID3717862帖子威望10 多玩草12 草信仰力0
支持下,不知道风险如何~~有爱的用户可以试试
新人欢迎积分1 阅读权限90积分24691精华0UID3304683帖子金钱15974 威望20
I'm forever keeping my angel
Lv.9, 积分 24691, 距离下一级还需 10309 积分
UID3304683帖子威望20 多玩草1 草信仰力0
顶大鸟啊啊啊
新人欢迎积分0 阅读权限50积分1315精华0UID帖子金钱979 威望0
Lv.5, 积分 1315, 距离下一级还需 1185 积分
UID帖子威望0 多玩草0 草信仰力0
6.20 04g被我升级到6.39 后想降级回6.20不知道可以不可以~& && && && && & 有人知道嘛~知道的透露下- -不敢轻易尝试
[ 本帖最后由 淘气喵喵 于
00:05 编辑 ]
新人欢迎积分1 阅读权限40积分300精华0UID帖子金钱198 威望2
Lv.4, 积分 300, 距离下一级还需 700 积分
UID帖子威望2 多玩草0 草信仰力0
原帖由 黑羽快? 于
22:53 发表
还是让1K和2KV2实验下可行性,毕竟有风险
09G主板降6.20的,你让1K 2K试干嘛?难道1K 2K有09G主板?
新人欢迎积分0 阅读权限40积分395精华0UID帖子金钱83 威望0
Lv.4, 积分 395, 距离下一级还需 605 积分
UID帖子威望0 多玩草0 草信仰力0
看看 等小白鼠
新人欢迎积分1 阅读权限70积分8961精华0UID5929343帖子金钱28624 威望0
Lv.7, 积分 8961, 距离下一级还需 1039 积分
UID5929343帖子威望0 多玩草60 草信仰力0
前排支持,支持降级
新人欢迎积分0 阅读权限60积分2680精华0UID帖子金钱2189 威望0
Lv.6, 积分 2680, 距离下一级还需 2320 积分
UID帖子威望0 多玩草0 草信仰力0
原来09G是04G的基友啊,?
新人欢迎积分0 阅读权限60积分4290精华0UID5500851帖子金钱2943 威望0
Lv.6, 积分 4290, 距离下一级还需 710 积分
UID5500851帖子威望0 多玩草30 草信仰力0
前排支持,支持降级
新人欢迎积分0 阅读权限60积分4290精华0UID5500851帖子金钱2943 威望0
Lv.6, 积分 4290, 距离下一级还需 710 积分
UID5500851帖子威望0 多玩草30 草信仰力0
前排支持,坐等白老鼠。等不到就自己来当一回白老鼠。
原创先锋勋章
原创先锋勋章
Intel智能勋章
Intel智能勋章
攻略组勋章
攻略组勋章
噬神者勋章
噬神者勋章
MT荣誉勋章
MT论坛杰出会员专属勋章,以表彰其对MT论坛做出的巨大贡献
COC荣誉勋章
COC荣誉勋章
爱情守望者
爱情守望者
口袋妖怪勋章
口袋妖怪勋章
阳光热情勋章
阳光热情勋章
高达精英勋章
高达精英勋章
漂浮者勋章
漂浮者勋章
活动奖励勋章
活动奖励勋章
终极灌水标兵勋章
终极灌水标兵勋章
版主进步勋章
版主进步勋章
圣诞活动勋章
圣诞活动勋章
马年新春勋章
手机APP马年迎春,马上有钱!
需要金钱:1100
手机盒子客户端点击或扫描下载
Powered byPowered by
扫描二维码
下载 A9VG 客户端(iOS, Android)
