After purchasing my own PSP and done some modification to it's firmware special thanks to D.A , i figure out that dumping the firmware output ought should be easy rite? Heck it won't be easy but somehow i managed to get a string of bloated binary which is in imperfect forms.
I haven't archive anything yet since the whole chunk of bits and bytes need to be decrypted in order to understand what`s happening.
Firmware dumping can be archive in two ways. either we use the JTAG cable and short it out base on our chip specification or dump it out using specifc syscall software.
Fortunely i`m not going to mess up my PSP too much (since i only have one box of it). So i choose he second method.
The quickest method is just by hooking up flash0 into the usb port.. But instead of auto mounting it..
we use dd to extract the information ..
dd if=/dev/sda | gzip > ~/psp/firmware/image.gz
next step we need is to untar the image.gz (be prepare for it`s bout to extract large of files>
Now came the hardest part is to understand all the bloated 1010101
1010100100001100000000101000*000101001###11101111011111111110000001011011100
1010100111000001100101100#110100101001000011000000111010000100101001111111
0011101100010011000100000#000000000##.. and so so
Note the parts that are hashes are some sort of parity error or our dumping method cannot determine either it's an 0 or 1.. So what can we do with it.. Yeah we have three choice.. ignore it and see what happens.. or switch it to 1 or switch it to
Well gonna stop now since anything i post after tis may make my post like a piracy issue. Feel free to spam my inbox in case you are interested .
3 comments:
You read binary..? I thought human read binary in the converted, hexadecimal form.
It`s true brother tawel. However in binary extracting mode , the process is like dumping an output on an oscilloscope
The difference th oscilloscope will produce some graph signal either 1 or 0 rapidly , sequently or unsequently.. depends on the filter applied to it
Simmiliar to firmware dumping extracting takes out all the 1 and 0 and # state. And then we start doing binary analysis by tracing call address converting to hex etcx3.
Haha, TQ for your explanation. However truth be told I hardly understand half of it!
Post a Comment