Psp2renga Vita

Psp2renga is a custom lv0 framework for Playstation Vita/TV.

Usage (end-user)

Put psp2renga.skprx in ur0:tai/
Add a line to ux0: or ur0: /tai/config.txt under *KERNEL
- ur0:tai/psp2renga.skprx
Reboot

psp2renga requires taihen.

For all communication ARM<->FRAMEWORK the Camera SRAM (p: 0x1C000000 - 0x1C1FE000) or a custom-mapped phycont block is used.
- In renga it is referred to as "commem" or "corridor".
There are two patches used:
- run_sm::set_state(5) hook - After SM load, before jumping to it.
- fcmd_handler() hook - After ARM command is received, before executing it.
At every sleep/resume the crypto processor is reset, commem is reset too.
The framework is injected by exploiting update_sm::0x50002
If logging is enabled, psp2renga creates a log in "ux0:data/0psp2renga.log".

For kernel-exports check /Include/renga-funcs.h
For user-exports check /Include/renga_user-funcs.h
For important defines check /Include/renga-defs.h
You may use lv0_loader.vpk (/User/app/) to easily run your own MeP payloads.
You may use renga.suprx (/User/plugins/) to easily switch between Camera SRAM and the phycont block.
- Add the _settings one to SceSettings, there will be a new entry in Settings->System
- Add the _forcephy or _forcesram to target apps, either phycont or sram mode will be forced.

v1.2

Changelog [NMF]:
- Removed irq_handler hook, added fcmd_handler hook instead => stability++.
- Added support for custom-paddr framework banks (phycont/cSRAM) => compatibility++.
- Optimized code exec.
Changelog [NMP]:
- Removed TaiHen requirements.
- Added ussm caching (optional) => stability++.
- Added support for custom-paddr commem => compatibility++.
- Moved the setup payloads to venezia SPRAM.
- Optimized the exploit/code exec.
Changelog [RENGA]:
- Added renga_xet_bank for phycont/sram switching
- Added renga_mepcpy
- Now renga runs by default on PhyCont (add the _forcesram plugin to SceShell if you want all-time SRAM)
- Added 3 user plugins: _settings; _forcephy; and _forcesram.
- Updated the lv0loader

v1.0