Three days after hitchhikr released PSPTex v1.03, he came up with the updated version: PSPTex v1.04.

We already mentioned the details on the first version of the application, PSPTex v1.01, but for the sake of those who haven't been acquainted, we'll brush up on a little info here. hitchhikr's app is basically a save plugin for GIMP 2.2.x and 2.3.x that allows anyone to create textures on the PSP. The program, apart from being able to save RGBA, indexed textures, and DXTC compressed ones, can also support swizzle mode. It actually has a handful of other features, too, such as generating mipmaps, color key feature, and gray scale to alpha channel texture conversion.

With the updated version in PSPTex v1.04, hitchhkr was able to fix the DXT1 compression and DXT3 fetching issues. Also, the developer added an option to save picture data and palettes as source codes in this version.

Download: [PSPTex v1.04]

0okm has just released instructions enabling developers to make kernel mode applications in Firmwares 2.5/6 which would run using the eLoader. In case anyone's wondering, we did have kernel mode access on those firmwares, but it could only be done using HitchHikr's exploit in the GTA game.

Although the instructions themselves are nothing more than a small piece of code, it's very obvious that it's very useful for all the people in the community. Firstly, you don't need to wait for GTA to load up. Secondly, this is a big boon for all those who're stuck with a patched UMD, or do not have one.

Surprisingly, the instructions are very easy for even the most "noobiest" of programmers:

main.c
add line extern void kernel_ent(u32 Temp);
and write Kernel access in a function
use kernel_ent((u32) &your_function) to call it

Makefile
in line OBJS add kernel_ex.o
in line LIBS add -lpspvshbridge

0okm has also ported the original proof-of-concept which demonstrated kernel mode access on the 2.5/6 GTA exploit. Further, he has also bundled the source, so that all you budding programmers can have a look at it. Also thanks to Jordan in #noobzOT for the heads-up!

Download Link: [Firmware 2.5/6 Kernel mode access through VSH proof-of-concept]

Train2335 has released 2.6 Train-UMD Loader (or TrUmd Loader, for short)for PSP. The application, which is based on a previous work by 0okm, hitchhikr and Humma Kavula, loads the UMD disc on a fw2.6 through eloader via GTA. As of Train2335's version, the 2.6 TrUmd Loader is incapable of loading isos but the team is working on fixing that.

Train2335 says he's not sure if you can swap UMDs since he only has GTA, so may be one of you guys can try that and give him your feedback at the QJ Forum release thread or comments below. Please go through the readme text before installing the application.

To install:

• Place the TrUmd folder in PSP/GAME/
• Load Grand Theft Auto
• Run Eloader
• Select TrUmd and run it
• Press X and load UMD

Finally, Train2335 would like to thank Dark_Alex, Humma Kavula, hitchhikr, SonyXteam, Fanjita, Ditlew, PSPDEV, and everyone else that made this possible! Special thanks to Mathieulh and 0okm!

Download: [2.6 Train-UMD Loader]
Discuss: [Forum Release Thread]

The homebrew community has been showing their care and concern for the hapless PSP gamers who have the unenviable experience of using a PSP with a TA-082 motherboard. That's why those who are blessed with the talents and knowledge to do something about it is actually doing something concrete. Recently, homebrew developer SodR, through our forums, released Flash-Me 0.01 which is a simple flash modification tool for fw2.60 PSPs.

Coded in C and working on PSP firmware 2.60, this software is actually a simple flashmod for 2.6 PSP's for those who wish not to downgrade and/or have a TA-082 motherboard (since people with TA-082 motherboards can't downgrade to 1.5) - this app is made especially for those unlucky people. You ask what it can do. Well, first off, it can flash wallpaper, font, gameboot, and boot sound. It also has a "restore to default" option and exits if it's unable to flash the file.

How to use this one? You first install it the same way you install your homebrew -- simply place the Flash-Me folder int PSP/GAME/ folder like any other homebrew and then put your custom files in the custom folder inside PSP/GAME/Flash-Me/.

- If you want custom BG and just have one image, name it to BG.bmp. If you got more then one, name them
01.bmp to 12.bmp.
- For font, copy all the 16 ltn0.pgf - ltn15.pgf to the custom folder.
- For gameboot, simply copy a .pmf file (files over 1MB not recommended) to the custom folder and rename them
to gameboot.pmf
- For bootsound simply copy your opening_plugin.rco to the custom folder

Then boot up eLoader and select a thing you want to flash and hit 'X' to install your custom files or hit 'O' to restore the default XMB. After you have pushed either X or O, the screen will go black...but don't worry, this is normal. This is when the actual flashing is being done. Wait some time and the PSP will automatically reboot the same way as the downgrader, meaning that your PSP will display the "Disc could not be read" -error. Just Restart your PSP once again and it should work fine.

The good developer has personally tested this when emulating the 2.60fw using DevHook, and it operated without a glitch. But when it comes to things like this, you should be aware that there is never any 100% guarantee that it would work fine. So, use it at your own risk since the developer cannot be held accountable for a bricked PSP.

And as parting words, SodR would like to thank hitchhikr for the kernel exploit and the devs of the downgrader (he borrowed the restart function from it). He also would like to thank slasher for the gameboot installer. And as always, your constructive criticisms, opinions, insights and other what-nots are most welcome in the comments section, so feel free to speak up people!

Download: [Flash-Me 0.01]
Discuss: [Forum Release Thread]

Dark Alex with help from Mathieulh and Yoshihiro from SonyXTeam have released the final version of their Sony PSP 2.5/2.6 firmware downgrader tool. The first public version of this tool (version 5 beta) came just a few days after the announcement of Kernel mode being unlocked and allowed many 2.5/2.6 users to downgrade their PSPs to the homebrew-happy firmware version 1.5.

We would all like to give our thanks to Hitchhikr and Team Neural for discovering the original exploit that made this all possible. We have seen several working and non-working betas over the past few days, and this final version of the downgrader makes it pretty much perfect and noob-proof. Many of our users have reported success in using the 2.5/2.6 downgrader called the 'downdater', including QJ's own Pranav T who downgraded his PSP from firmware 2.60 to 1.5, then upgraded to 2.0 before downgrading back to 1.5 again, just to test it out. The success rate for the beta downgrader was 93% according to our forum users which is a pretty high considering many people would have probably messed up the installation which caused the downgrader to be unstable. Although there is a risk of bricking, If you follow QJ's step-by-step procedure word for word your PSP should turn out fine on firmware 1.5.

The basic coding for this version hasn't changed since the v5 beta (as Dark_alex said, Don't fix something that isn't broken), and comes packaged in a fool proof single EBOOT that will detect which firmware version you are on (kindly done by Yoshihiro) and will automatically install the dumped firmware files which you must retrieve from someone with a 1.5 PSP. For legal reasons we cannot host the files here.

Before downgrading, make sure you meet the following requirements -
Your PSP is not a TA-082. This downgrader has you to be tested on a PSP with this type of motherboard. (If you do have this PSP version, it may result in a brick). [Find out if you have one!]

1.50 User Instructions

1. Copy the folders downhelper and downhelper% from the folder 1.50 HELPER folder to /PSP/GAME/ in your memstick.
2. Obtain the 1.50 update EBOOT and put it in /PSP/GAME/UPDATE in your memstick. You may find the 1.50 update in our download site here.
3. Init the downhelper program.
4. It will dump your flash and some files from the updater eboot to the memstick. (These files are illegal under US copyright laws, so please do not distribute them in the comments or on our forums)
5. After that, the program will exit. You can now delete the updater from /PSP/GAME/UPDATE
6. You'll notice that you have a new folder in the root of your memstick called "DOWNDATER".
7. That's the folder you'll have to send to a 2.50/2.60 to let him test the downgrade.
   

2.50/2.60 User Instructions

1. Copy the folder the DOWNGRADER/2.50/DOWNDATERTEST if you have 2.50 or DOWNGRADER/2.60/DOWNDATERTEST if you have 2.60 to /PSP/GAME/ in your memstick
2. Wait someone with 1.50 to pass you a folder called DOWNDATER and copy it to the root of your memstick.
3. Init GTA and the eLoader
4. Connect your psp to the AC adaptor
5. In the eLoader menu, choose the downdater test. WARNING: the program won't output any display and any warnings, it will init the downgrader process immediately.
6. You'll see the your memstick flashing. That means that your psp is being flashed from the memstick.
7. You won't see any type of output in the screen (this is for safety). When the memstick finishes flashing, the psp should reinit and you'll have probably a 1.50.
8. It will probably say you "Cannot read disc". Don't worry about that, this is because the UMD device has not been reset properly. Simply restart the psp manually or take and the battery for 5-10 minutes and the problem will be solved.
9. That's all. If all went right, you'll have 1.50. If it went less good, you'll still have 2.50/2.60. If all went wrong, you'll have a bricked psp (except in the case you have the modchip) Remember that you have accepted that risk.
10. If your PSP is showing up as v2.01, this is fine. Just use Wab Version Changer and change it to v1.50.

Thanks go to Fluff/Naoneo for the exclusive banner, and everyone who has bricked their PSP in trying out the earlier beta versions of this downgrader.

Password for the download (when you extract) is: I_Use_It_At_My_Own_Risk

Download: [2.5/2.6 Downdater (Downgrader) Auto Final]
Download: [1.50 Downgrader Helper tool]
Download: [North American 1.50 Firmware EBOOT Update]
Discuss: [Forum Release Thread]
Digg the Downgrader? Click here!

Latest Update: 6/29, 2:45pm EST

Yesterday we got the breaking news that Kernel mode in 2.5 and 2.6 had been unlocked by hitchhikr of "hitchhikr SoftWorks" and demo scene group Neural. This was a incredible accomplishment that was previously thought impossible. Fanjita and many other members of the PSP homebrew community have come together and been testing the functionality of the proposed exploit.

So far a few interesting things have surfaced. Fanjita has shown his progress with the newly found exploit and today we bring you another. Dark_Alex from our forums has released a "Downgrader Test" for 2.50 / 2.60 PSP's. We have been watching carefully over this downgrader since its release and have got the entire scoop for you.

Dark_Alex's Downgrader Test for 2.50 / 2.60 version firmware requires a few very specific steps to be taken in order to get a glimpse at the doorway to success. As listed in the title this is TEST software and by no way 100% functional on all PSP's. With that said, we have heard a number of test reports on this Downgrader and have the brick count results after the jump.

---

Update #1: A new update has been released. This fixes a problem with the downdater not creating directorys. The creation of directorys is now fixed, however the iomanager check still needs to be handled for further progress.

---

Update #2: Dark_Alex has released the source code for his latest progress on the 2.50/2.60 Downgrader. This release is meant only for developers to analyze and possibly take it further so it is a functional process.
The downdater is mostly confirmed not to work. I update a slightly modified source code. It should be relatively more secure. I don’t provide the binaries.

I found two glitches in the code:

1) The restart function… Originally it was intended for a restart, but it did nothing, making possible that if some premature error before doing the real thing failed to continue the real downdate process. Now it will cause an on-purpose exception (this only will happen either at the begginiing before the unsecure code begins or at the end, when all is finished)

2) Now I’ve re-assigned the flash device after the logical format. Probably more secure.

---

Update #3: Dark_Alex has released v0.4 of his source code, containing the following changes:

1) Removed display: pspDebugScreen functions can freeze the psp 2.XX in kernel mode in any random moment.

2) A little bugfix. Tthe first file couldn't be correctly created because the first directory was not created.

3) Removed the check for the AC adaptor. It will be added later again.

Current bugs: if the ioassign fails, it will result in a brick, because the flash was previously formatted.

Forum Release Thread: [ Downgrader Test 2.50 / 2.60 ]
Download: [2.60 Downgrade Test v0.4 - Source Code]

Note: In the current state this 2.6 to 1.5 Downgrader WILL brick your PSP. Do not try it unless you would like to have a PSP for a paper weight. While the prospect sounds quite attractive, we urge you to wait until a final version is completed so you can play it as well.

Read the Full Article for more details!

This post has been updated as of Wednesday, 10:50am EST

Break out your calendars folks, because this may be a day that you want to mark as a pivotal day in the history of PSP homebrew. A developer known as hitchhikr of "hitchhikr SoftWorks" and demo scene group Neural have come out with a Proof of Concept of a 2.50/2.60 Firmware Exploit! Once implemented and fine tuned for "normal user" use, this will bring 2.50 and 2.60 Firmware up to the same homebrew capability that 1.50 PSP owners enjoy with FULL kernel mode access - although Grand Theft Auto: Liberty City Stories will still be required, just like with eLoader.

Speaking of eLoader, Fanjita is already working with hitchhikr on incorporating this new exploit into an easily executable means via eLoader. After a brief chat with Fanjita, he's told us that you can expect some generic application for developers to hopefully be released in the next 24 hours. It will take a bit longer before something useable for non-devs will be released.

The exploit takes advantage of an added security check in 2.50/2.60 Firmware for sceKernelLoadExec, which is responsible for loading EBOOTs, but Sony also accidentally added an overflow bug, which means this exploit will not work with 2.0 and 2.01 Firmware.

Below you will find a download of hitchhikr's & Neural's Proof of Concept - this is not intended for the casual user. It creates dump files containing kernel memory dumps in the root of the memstick (boot.bin, kmem.bin, klib.bin). It also creates writeaccess.bin which contains just the hex (12 34 56 78) to prove that kmem CAN be written to.

But don't start upgrading those PSP's yet until a viable means of implementation is released! Also, this breakthrough does not open up the possibility of a downgrader due to the protection in the IPL in 2.50+ firmware. Although speculation has already begun that this will open the door to the decrypting of 2.70+ Firmware, allowing it to be emulated a la Devhook.

We will stay on top of this breaking news all day long and be constantly updating this news post with information as soon as we get it! Stay with QJ.NET and PSPUpdates for all the latest!

Download: [2.60 Firmware Exploit - Proof of Concept]
Read: [QJ.NET Forum Discussion Thread]

---

UPDATE #1: Fanjita has released the "source" of his work so far today on this newly discovered exploit. If you would like to take a look at it and continue investigating where he left off for today, have a look!

Only for v2.5 / v2.6.

Based on Proof of Concept code by Hitchhikr / Neural.

Function : Attempts to load ms0:/kernel.elf using sceLoadModule/sceStartModule when in kernel mode, after writing a NOP to 0x8801A5B4.

Diags: Writes a log of operations to ms0:/GTALOG.TXT.
If LoadModule fails, writes the error code to ms0:/failload.trc.
If StartModule fails, writes the error code to ms0:/failstart.trc.

Check out the included readme for more info! (Thanks for the tip, gangsta_psp!)

Download: [Fanjita's Exploit Source - Day 1]

---

Update #2: Fanjita has taken a moment to respond to some of the many questions being asked in our forums regarding the update above and his "source":

Rumour clear-up time : this was posted in the pspdev IRC, so that people who know what they're doing can play with it if they want. I don't mind it being spread around, but if you don't understand how sceKernelLoad* apply security checks, then it's probably not for you.

It's work-in-progress, it's not an eLoader beta, it's just a more convenient way of experimenting with the exploit (maybe), and also an effort to test some in-RAM hacks to remove some security checks.

It doesn't seem to work at the moment, and the main thing that needs to be done is to investigate why - presumably, there's a problem with the format of the ELFs being loaded.

Kernel.elf is just an arbitrary ELF - nothing I've tried so far has worked, feel free to try your own.

The source that's given is just the source of the function that's attempting to do stuff with the exploit - it doesn't show any of the exploit code, and is not a complete app in its own right.

He also went on to say that the main focus right now is to replicate a "nokxploit functionality" making 2.50/2.60 PSP's behave the same way that 1.0 PSP's do in regards to homebrew. He says that a "kernel eLoader" would be possible but more cumbersome than a nokxploit approach.

---

Note: This news post will stay at the top of the page for most of the day to ensure everyone gets a chance to see this breaking story unfold. Scroll down for more up to the minute news from QJ.NET!

If you want to help spread the word about this breakthrough, CLICK HERE to Digg It!! (Note: An alternate URL has been used because QJ.NET is banned from Digg. If this outrages you as much as it does us, email Digg and tell them to take QJ.NET and PSPUpdates off the ban list!)

---

Digg Update: It appears Digg is still taking potshots at QJ.NET. As of this morning, Digg has "buried" this news post. This means that they have taken a Digg story with 1000+ Diggs and removed it from their index. It still exists and can be seen by clicking the direct link above, but you cannot find the story in their main listing, nor will it come up in a search. Its becoming ever more apparent that QJ.NET is being specifically targetted by Digg editors for one reason or another and we are not being treated fairly. So much for users deciding what end up on their site - turns out biased editors still have the final say.

We apologize for distracting everyone and stealing focus from this groundbreaking exploit, but enough is enough. (If any Digg staff are reading this, please Contact Us - as we've tried to do with you dozens of times already)

Hitchhikr from Hitchhiker softworks, has  released a small application to create textures for the PSP as a plugin to popular image manipulation software GIMP. This plugin comes from the same legendary developer that made history today by finding an exploit in firmwares 2.5 and 2.6 that allows full kernel mode access. Although this simple plugin is not as ground-breaking as his kernel mode access discovery, this little plugin is useful for those wanting to create PSP optimized textures. This guy is the next MPH, the next Fanjita and the next Kxpliot team all rolled into one, so this plugin has gotta be worth a try if you use GIMP.

Here's what Hitchhikr said:

"PSPTex is a save plugin for GIMP 2.2.x & 2.3.x allowing to create textures for the PlayStation Portable.

It can save raw RGBA (5650, 5551, 4444 or 8888) & indexed (T4, T8) textures (with 5650, 5551, 4444 or 8888 palette modes support) as well as DXTC (DXT1, DXT3, DXT5) compressed ones, it supports the PSP textures swizzle mode and can generate mipmaps, it also have a color key feature to handle transparency and can convert grayscale pictures into alpha channel only textures."

The source code for this GIMP plugin is included, so if you fancy trying your hand at creating your own GIMP plugin, give it a try! After installing, if if the plugin doesn't work you'll need to copy the gimp dlls files from the GIMP root directory into the system directory.

Now, lets get back to that exploit!

Download: [PSPTex v1.01]