Update 3: Dark_AleX has released a PRXDecrypter Test For PSP 2.6 today, so it looks like we may be seeing a v2.6 DevHook soon, props go out to AleX for his fast work!

---

Update 2: Once again we have an update as to Fanjita\’s progress, and it looks like he will be going for a 1.0 approach to homebrew.

Fanjita has taken a moment to respond to some of the many questions being asked in our forums regarding the update above and his "source":

Rumour clear-up time : this was posted in the pspdev IRC, so that people who know what they\’re doing can play with it if they want. I don\’t mind it being spread around, but if you don\’t understand how sceKernelLoad* apply security checks, then it\’s probably not for you.

It\’s work-in-progress, it\’s not an eLoader beta, it\’s just a more convenient way of experimenting with the exploit (maybe), and also an effort to test some in-RAM hacks to remove some security checks.

It doesn\’t seem to work at the moment, and the main thing that needs to be done is to investigate why – presumably, there\’s a problem with the format of the ELFs being loaded.

Kernel.elf is just an arbitrary ELF – nothing I\’ve tried so far has worked, feel free to try your own.

The source that\’s given is just the source of the function that\’s attempting to do stuff with the exploit – it doesn\’t show any of the exploit code, and is not a complete app in its own right.

He also went on to say that the main focus right now is to replicate a "nokxploit functionality" making 2.50/2.60 PSP\’s behave the same way that 1.0 PSP\’s do in regards to homebrew. He says that a "kernel eLoader" would be possible but more cumbersome than a nokxploit approach.

---

UPDATE 1: Once again, right from PSPUpdates is some information on Fanjita\’s progress.

Fanjita has released the "source" of his work so far today on this newly discovered exploit. If you would like to take a look at it and continue investigating where he left off for today, have a look!
Only for v2.5 / v2.6.

Based on Proof of Concept code by Hitchhikr / Neural.

Function : Attempts to load ms0:/kernel.elf using sceLoadModule/sceStartModule when in kernel mode, after writing a NOP to 0×8801A5B4.

Diags: Writes a log of operations to ms0:/GTALOG.TXT.
If LoadModule fails, writes the error code to ms0:/failload.trc.
If StartModule fails, writes the error code to ms0:/failstart.trc.

---

UPDATE: We have some new reports on this startling development, and here they are, right from PSPUpdates talk w/ Fanjita:

"Speaking of eLoader, Fanjita is already working with hitchhikr on incorporating this new exploit into an easily executable means via eLoader. After a brief chat with Fanjita, he\’s told us that you can expect some generic application for developers to hopefully be released in the next 24 hours. It will take a bit longer before something useable for non-devs will be released.

The exploit takes advantage of an added security check in 2.50/2.60 Firmware for sceKernelLoadExec, which is responsible for loading EBOOTs, but Sony also accidentally added an overflow bug, which means this exploit will not work with 2.0 and 2.01 Firmware.

The article goes on to suggest people not to update their PSPs just yet, and frankly I agree, as we do not know how long it will take, if ever that this is implemented in a user form.

---

There has been what I would consider a HUGE development on the PSP scene today, as Hitchhikr has released a new app for the PSP, a Kernel Memory Dumper for v2.6.  Here\’s what the folks at ps2nfo had to say:

Quote:

"Essentially this program/exploit simply dumps the kernel memory when executed on a 2.6 FW PSP via the GTA EBOOT Loader. With the kernal memory dump, users may soon be able to deycrypt 2.6 and run it on DevHook. In addition, when this code is prefected and the GTA Loader is updated with the kernal mode code, users should be able to launch iSOs from a 2.6 PSP via the EBOOT Loader as well as other kernel-mode."