Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Psp2renga Vita

From GameBrew
Revision as of 02:56, 4 October 2023 by HydeWing (talk | contribs) (Created page with "{{Infobox Vita Homebrews |title=psp2renga |image=psp2rengavita.png |description=Custom lv0 framework for Playstation Vita/TV. |author=SKGleba |lastupdated=2019/12/23 |type=Developments |version=1.2 |license=MIT |download=https://dlhb.gamebrew.org/vitahomebrews/psp2rengavita.7z |website=https://github.com/SKGleba/psp2renga |source= |donation= }} {{#seo: |title=Vita Homebrew PC Tools (Developments) - GameBrew |title_mode=append |image=psp2rengavita.png |image_alt=psp2renga...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
psp2renga
Psp2rengavita.png
General
AuthorSKGleba
TypeDevelopments
Version1.2
LicenseMIT License
Last Updated2019/12/23
Links
Download
Website

Psp2renga is a custom lv0 framework for Playstation Vita/TV.

Usage (end-user)

  • Put psp2renga.skprx in ur0:tai/
  • Add a line to ux0: or ur0: /tai/config.txt under *KERNEL
    • ur0:tai/psp2renga.skprx
  • Reboot

For developers

psp2renga requires taihen.

Basic info

  • For all communication ARM<->FRAMEWORK the Camera SRAM (p: 0x1C000000 - 0x1C1FE000) or a custom-mapped phycont block is used.
    • In renga it is referred to as "commem" or "corridor".
  • There are two patches used:
    • run_sm::set_state(5) hook - After SM load, before jumping to it.
    • fcmd_handler() hook - After ARM command is received, before executing it.
  • At every sleep/resume the crypto processor is reset, commem is reset too.
  • The framework is injected by exploiting update_sm::0x50002
  • If logging is enabled, psp2renga creates a log in "ux0:data/0psp2renga.log".

Commem layout

  • 0x0-0x200: Framework config.
  • 0x200-0x500: Entry manager, run_sm hook jumps there.
  • 0x500-0xD0000: 12 0x10000 entry blocks, one additional smaller block.
  • 0xD0000-0xF0000: Reserved for any-time-run code, fcmd_handler hook jumps there.
  • 0xF0000-0x1FE000: Unused.

Usage

  • For kernel-exports check /Include/renga-funcs.h
  • For user-exports check /Include/renga_user-funcs.h
  • For important defines check /Include/renga-defs.h
  • You may use lv0_loader.vpk (/User/app/) to easily run your own MeP payloads.
  • You may use renga.suprx (/User/plugins/) to easily switch between Camera SRAM and the phycont block.
    • Add the _settings one to SceSettings, there will be a new entry in Settings->System
    • Add the _forcephy or _forcesram to target apps, either phycont or sram mode will be forced.

Changelog

v1.2

  • Changelog [NMF]:
    • Removed irq_handler hook, added fcmd_handler hook instead => stability++.
    • Added support for custom-paddr framework banks (phycont/cSRAM) => compatibility++.
    • Optimized code exec.
  • Changelog [NMP]:
    • Removed TaiHen requirements.
    • Added ussm caching (optional) => stability++.
    • Added support for custom-paddr commem => compatibility++.
    • Moved the setup payloads to venezia SPRAM.
    • Optimized the exploit/code exec.
  • Changelog [RENGA]:
    • Added renga_xet_bank for phycont/sram switching
    • Added renga_mepcpy
    • Now renga runs by default on PhyCont (add the _forcesram plugin to SceShell if you want all-time SRAM)
    • Added 3 user plugins: _settings; _forcephy; and _forcesram.
    • Updated the lv0loader

v1.0

  • First Release.

Credits

  • Team Molecule for the update_sm 0x50002 exploit and help over discord
  • Team Molecule for HenKaku, TaiHen and Enso
  • xerpi for the vita-baremetal-loader
  • CelesteBlue for the ssmgr-resume hook

External links

Advertising: