POC: Permanent CFW/HEN is Possible

**DarkFoxSniper** · 03-09-2011, 02:33 PM

Source:PSP-Hacks

In a recent experiment kgsws set out to find permanence for CFW installs… And the result: success! Winning like Chuck Sheen, kgsws has shared a proof-of-concept; however, I’d only attempt this on a FAT PSP-1000 handheld until further notice.
How to:

install OFW 6.20
use HEN to run PSP filer
obtain original lfatfs.prx
decrypt original lfatfs.prx, also get kirk header for later fake encryption
compile fake lfatfs.prx (attached below)
append zeros to fake lfatfs.prx to make it as big as original, uncompressed lfatfs.prx
gzip fake lfatfs.prx, it has to be at least 16 bytes smaller than original lfatfs.prx gzipped
use any fake encrypter to encrypt your fake lfatfs.prx, keep original lfatfs.prx ~PSP hader and kirk header
copy fake lfatfs.prx to flash0:/kd/, overwrite original
restart your PSP and watch

Again: PSP-1000 only … because kgsws has written IPL drivers specific to the TA-079 board, most commonly found in PSP-1000 models. It’s a safe bet this’ll lead to other models being hacked the same way. So unless you really know what you’re doing I wouldn’t test this on anything else.
Notes:

you must append zeros to make it as big as original
you must gzip it
you must use original lfatfs.prx ~PSP and kirk headers
every PRX in flash contains signcheck = your PRX is bound to your PSP
this won’t allow you to enter OFW anymore, you will have to use pandora to flash it again
this trick will likely work on new PSPs, but this small LCD driver not, and your PSP will become useless anyway (so wait for CFW)

kgsws’ idea for custom firmware: “Use fake lfatfs.prx as CFW “SystemControl” module, and instead only patching also load original lfatfs.prx (which will be renamed).”
Awwwesome! Cheers to kgsws with thanks to Boosters IPL SDK.
Download: fake lfats.prx (Source Code)
- source: wololo/talk

I thought this was pretty cool and am testing it out as we speak..so shall let you all know the results.