Homebrew on Firmware 2.0+ Coming?

According to this post on the PS2 Dev forums, there is a possibility of Homebrew on Firmware 2.0, 2.01, 2.50 and maybe even 2.60

As you may know, EdisonCarter has made a trainer for GTA that uses a straightforward exploit in the game to execute arbitrary code. He chose not to reveal his techniques, but with the new savedata encryption and decryption routines at http://forums.ps2dev.org/viewtopic.php?t=4335, now anyone can run homebrew on 2.0, 2.01, 2.50, and probably 2.60:

1. Decrypt the GTA cheat device using the savedata/decrypt sample
2. Find and modify the code (look at offset 0xc4 for the offset of the start of MIPS code)
3. Reencrypt the save using the savedata/encrypt sample

Note that the syscalls may be changed from the 2.0 VSH mode, since a different set of modules is loaded. Hopefully it shouldn’t take long before someone clever like Fanjita can make a decent loader for us.

Speaking of Fanjita, he has mentioned via this thread that he is toying with the idea of some sort of loader using this but does not make any promises as he is not even sure it is possible.

I heard about this a day or two ago, but decided to hold out on posting until more information was available and I had seen a few forum discussions about it. It is definitely interesting and I admit to anticipating the results of this.


Fanjita has released his Hello World for GTA.


By Fanjita (www.fanjita.org/psp.html)

Based on work by Jim Paris, psp123 and EdisonCarter
Includes code from abu, toc2rta, groepaz and bitmap1

With support from QJ.NET. Be sure to check www.pspupdates.qj.net for future


This is a binary loader for the Grand Theft Auto: Liberty City Stories
savegame exploit, demonstrating a simple application being loaded.

It should be compatible with both EU and US copies of the game, and any
firmware version that can run GTA.


Make sure that you don’t have any important saves in the first slot of your
GTA savegames. If you do, then just start GTA, load the first slot, then save
in a new slot.

Then just copy the files from the archive to the following places on
your memory stick (the example assumes that your memory stick drive is “F:”):


For US copies of the game:

ULUS10041S0\DATA.BIN => F:\psp\savedata\ULUS10041S0\DATA.BIN
ULUS10041S0\PARAM.SFO => F:\psp\savedata\ULUS10041S0\PARAM.SFO
ULUS10041S0\PIC1.PNG => F:\psp\savedata\ULUS10041S0\PIC1.PNG
ULUS10041S0\icon0.png => F:\psp\savedata\ULUS10041S0\icon0.png

For EU copies of the game:

ULES00151S0\DATA.BIN => F:\psp\savedata\ULES00151S0\DATA.BIN
ULES00151S0\PARAM.SFO => F:\psp\savedata\ULES00151S0\PARAM.SFO
ULES00151S0\PIC1.PNG => F:\psp\savedata\ULES00151S0\PIC1.PNG
ULES00151S0\icon0.png => F:\psp\savedata\ULES00151S0\icon0.png

To Run

Just start up GTA, select “load game”, and load the ‘Hello World’ game save.
Shortly after loading starts, your screen should go white, then the Hello
World screen will show.

You can optionally dump debug information about the system state to your
memory card.

Using this loader for other programs

HW.BIN can be replaced with another program, so long as it obeys these

– Must be linked to load to address 0x09fc0000
– Entry point must be 0x09fc0000
– Your application is responsible for determining its own syscall IDs – the
standard NID stub method for linking with the system will not work.
– Maximum theoretical supported size of 64k – the real maximum may be
somewhat smaller.

Things are looking promising for the Homebrew scene!

1 Response to “Homebrew on Firmware 2.0+ Coming?”

  1. 1 Kiah

    Methinks this is exactly what the homebrew scene needs… Whether it proves to be useful or not, only time shall tell. Turn it into a working eboot loader, I want to use kernel-mode apps on my 2.0!

    My brothers robo-sapien won’t stand a chance…

Site Sponsors

Syndicate Me!

PGR has a number of RSS and Atom feeds so that you can quickly and easily keep up to date with the news posted here.


vgamin Advertise on the Blogads Gaming Network TechPodcasts