Skip to content
/ psp2spl Public

A custom tiny lv0 framework for Playstation Vita

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SKGleba/psp2spl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
cp_payload
cp_payload
 
 
framework
framework
 
 
samples
samples
 
 
stubs
stubs
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
main.c
main.c
 
 
psp2spl.yml
psp2spl.yml
 
 
spl-defs.h
spl-defs.h
 
 
types.h
types.h
 
 

Repository files navigation

psp2spl

Custom tiny lv0 framework for Playstation Vita/TV

Usage

  1. Put psp2spl.skprx in ur0:tai/
  2. Add a line to ux0: or ur0: /tai/config.txt under *KERNEL
    • ur0:tai/psp2spl.skprx
  3. Reboot

Basic info for developers

This framework's only task is to run lv0 code when requested: check [spl_exec_code] in main.c

For any more advanced tasks use psp2renga - https://github.com/SKGleba/psp2renga

- For all communication ARM<->FRAMEWORK the secure kernel enc addr in Venezia SPRAM is used.
	- In spl it is referred to as "commem" or "corridor", spl uses only first 32 bytes of it for config.
- There is one patch used: fcmd_handler() hook - After ARM command is received, before executing it.
- At every sleep/resume the crypto processor is reset, commem is reset too.
- The framework is injected by exploiting update_sm::0x50002 and is stored @0x00809e00

Credits

- Team Molecule for the update_sm 0x50002 exploit and help over discord
- Team Molecule for HenKaku, TaiHen and Enso
- TheFlow0 for help with the sleep-resume stuff

About

A custom tiny lv0 framework for Playstation Vita

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 1

v1.0 Latest
May 17, 2020

Packages

No packages published

Languages