More actions
| psp2spl | |
|---|---|
 | |
| General | |
| Author | SKGleba |
| Type | Developments |
| Version | 1.0 |
| License | MIT License |
| Last Updated | 2020/05/17 |
| Links | |
| Download | |
| Website | |
| Source | |
Psp2spl is a custom tiny lv0 framework for Playstation Vita.
Installation
Put psp2spl.skprx in ux0(ur0):tai/.
Add a line to ux0(ur0):tai/config.txt under *KERNEL
*KERNEL ur0:tai/psp2spl.skprx
Reboot the console.
User guide
This framework's only task is to run lv0 code when requested: check [spl_exec_code] in main.c.
For any more advanced tasks use psp2renga Vita.
- For all communication ARM<->FRAMEWORK the secure kernel enc addr in Venezia SPRAM is used.
- In spl it is referred to as "commem" or "corridor", spl uses only first 32 bytes of it for config.
- There is one patch used: fcmd_handler() hook - After ARM command is received, before executing it.
- At every sleep/resume the crypto processor is reset, commem is reset too.
- The framework is injected by exploiting update_sm::0x50002 and is stored @0x00809e00
Changelog
v1.0
- First Release.
Credits
- Team Molecule for the update_sm 0x50002 exploit and help over discord.
- Team Molecule for HenKaku, TaiHen and Enso.
- TheFlow0 for help with the sleep-resume stuff.
External links
- GitHub - https://github.com/SKGleba/psp2spl