So you think your pretty unfortunate since you are just blessed with a PSP 2.6, since you're being left out from all the fun that the 1.5ers are getting? Well, since the 2.50/260 downgrader is already here, that shouldn't be the case anymore. Unless you are afraid that you will mess up the instructions and brick your PSP. Well, that's your call.

Anyways, just to say that the 1.5 owners don't get all the fun (actually they do, since the release of the latest devhook), homebrew developer, Slasher, concocted a simple gameboot.pmf flasher for 2.60 FW. This app was based on the work of hitchikr, neural, DarK_AleX, Yoshihiro, and Mathieulh.

According to Slasher, all you have to do is "simply put the gameboot.pmf in the root of your memorystick, run the program, and it'll flash it directly to your flash0:/vsh/resources/ folder." With that you're all good!

Also, the good developer informed us about some security checks and other info about this app. Security checks include the following:

- Checks if AC adapter is plugged in
- Checks if gameboot.pmf is actually placed in the right location
- Avoids flashing if something goes wrong

* After running the program; if there's an error, it will return to eloader; if it's successful, your psp will be restarted.
* If disc read error pops up, all you need to do is turn off your psp, then turn it back on. If that doesn't work, then take battery out for 5 mins then put it back in.
* Works on TA-082 PSP mother boards

He also would like to convey that there's always a risk of bricking your psp while flashing something. Although this has been tested and confirmed working remember that you are using this at your own risk. QJ.net and the developer won't be held responsible if your brick your PSP with this software.

He also says that the MAX gameboot.pmf size is 1mb, although he isn't 100% sure with that. But he asks you to please avoid flashing gameboots that are any larger. If you flash anything larger than 1 mb, you may end up with a brick.

And as a sign of a good developer, he wishes to extend his thanks to those who helped him along the way: to TMK (TheMarioKarters) for the idea, and for helping him test the app. As always, your constructive criticisms, opinions, and suggestions will be very much appreciated so let 'em flow through your comments.

Download: [Gameboot Flasher for 2.6]
Discuss: [Forum Release Thread]

This post has been updated as of Wednesday, 10:50am EST

Break out your calendars folks, because this may be a day that you want to mark as a pivotal day in the history of PSP homebrew. A developer known as hitchhikr of "hitchhikr SoftWorks" and demo scene group Neural have come out with a Proof of Concept of a 2.50/2.60 Firmware Exploit! Once implemented and fine tuned for "normal user" use, this will bring 2.50 and 2.60 Firmware up to the same homebrew capability that 1.50 PSP owners enjoy with FULL kernel mode access - although Grand Theft Auto: Liberty City Stories will still be required, just like with eLoader.

Speaking of eLoader, Fanjita is already working with hitchhikr on incorporating this new exploit into an easily executable means via eLoader. After a brief chat with Fanjita, he's told us that you can expect some generic application for developers to hopefully be released in the next 24 hours. It will take a bit longer before something useable for non-devs will be released.

The exploit takes advantage of an added security check in 2.50/2.60 Firmware for sceKernelLoadExec, which is responsible for loading EBOOTs, but Sony also accidentally added an overflow bug, which means this exploit will not work with 2.0 and 2.01 Firmware.

Below you will find a download of hitchhikr's & Neural's Proof of Concept - this is not intended for the casual user. It creates dump files containing kernel memory dumps in the root of the memstick (boot.bin, kmem.bin, klib.bin). It also creates writeaccess.bin which contains just the hex (12 34 56 78) to prove that kmem CAN be written to.

But don't start upgrading those PSP's yet until a viable means of implementation is released! Also, this breakthrough does not open up the possibility of a downgrader due to the protection in the IPL in 2.50+ firmware. Although speculation has already begun that this will open the door to the decrypting of 2.70+ Firmware, allowing it to be emulated a la Devhook.

We will stay on top of this breaking news all day long and be constantly updating this news post with information as soon as we get it! Stay with QJ.NET and PSPUpdates for all the latest!

Download: [2.60 Firmware Exploit - Proof of Concept]
Read: [QJ.NET Forum Discussion Thread]

---

UPDATE #1: Fanjita has released the "source" of his work so far today on this newly discovered exploit. If you would like to take a look at it and continue investigating where he left off for today, have a look!

Only for v2.5 / v2.6.

Based on Proof of Concept code by Hitchhikr / Neural.

Function : Attempts to load ms0:/kernel.elf using sceLoadModule/sceStartModule when in kernel mode, after writing a NOP to 0x8801A5B4.

Diags: Writes a log of operations to ms0:/GTALOG.TXT.
If LoadModule fails, writes the error code to ms0:/failload.trc.
If StartModule fails, writes the error code to ms0:/failstart.trc.

Check out the included readme for more info! (Thanks for the tip, gangsta_psp!)

Download: [Fanjita's Exploit Source - Day 1]

---

Update #2: Fanjita has taken a moment to respond to some of the many questions being asked in our forums regarding the update above and his "source":

Rumour clear-up time : this was posted in the pspdev IRC, so that people who know what they're doing can play with it if they want. I don't mind it being spread around, but if you don't understand how sceKernelLoad* apply security checks, then it's probably not for you.

It's work-in-progress, it's not an eLoader beta, it's just a more convenient way of experimenting with the exploit (maybe), and also an effort to test some in-RAM hacks to remove some security checks.

It doesn't seem to work at the moment, and the main thing that needs to be done is to investigate why - presumably, there's a problem with the format of the ELFs being loaded.

Kernel.elf is just an arbitrary ELF - nothing I've tried so far has worked, feel free to try your own.

The source that's given is just the source of the function that's attempting to do stuff with the exploit - it doesn't show any of the exploit code, and is not a complete app in its own right.

He also went on to say that the main focus right now is to replicate a "nokxploit functionality" making 2.50/2.60 PSP's behave the same way that 1.0 PSP's do in regards to homebrew. He says that a "kernel eLoader" would be possible but more cumbersome than a nokxploit approach.

---

Note: This news post will stay at the top of the page for most of the day to ensure everyone gets a chance to see this breaking story unfold. Scroll down for more up to the minute news from QJ.NET!

If you want to help spread the word about this breakthrough, CLICK HERE to Digg It!! (Note: An alternate URL has been used because QJ.NET is banned from Digg. If this outrages you as much as it does us, email Digg and tell them to take QJ.NET and PSPUpdates off the ban list!)

---

Digg Update: It appears Digg is still taking potshots at QJ.NET. As of this morning, Digg has "buried" this news post. This means that they have taken a Digg story with 1000+ Diggs and removed it from their index. It still exists and can be seen by clicking the direct link above, but you cannot find the story in their main listing, nor will it come up in a search. Its becoming ever more apparent that QJ.NET is being specifically targetted by Digg editors for one reason or another and we are not being treated fairly. So much for users deciding what end up on their site - turns out biased editors still have the final say.

We apologize for distracting everyone and stealing focus from this groundbreaking exploit, but enough is enough. (If any Digg staff are reading this, please Contact Us - as we've tried to do with you dozens of times already)