psp:exploit_faq [psDevWiki]

Q: How do I run homebrew on the PSP?

A:

Check your PSP firmware version and choose an unfixed exploit from the patch-list below. Download a Homebrew ENabler (e.g. ChickHEN) for the selected exploit on the internet.
Keep in mind some allow kernel mode (do anything), some only user mode (homebrew only). When doing a save game exploit, you may need to upgrade the firmware first.

1) Firmware versions 1.0 and 1.5

Due to a bug in the 1.0 firmware, it will load and run any valid PBP file, signed or not. Nothing needs to be done to run code on 1.0 PSPs.

Firmware 1.5 is slightly more complex, requiring the “KXploit” method, which is primarily a trivial filename hack. A side effect of the kxploit method is a “Corrupted Data” folder for every game folder on the psp. There is yet another filename hack that can be performed to remove these entries from the list (but they remain on the memory stick).

It is possible to hide these corrupt data icons. The VSH will not display a folder with a name that starts with __SCE__. Therefore, the folder with the executable should be prefixed with __SCE__ to make it disappear, and the folder with the empty eboot with %__SCE__ so that it will still redirect to the actual folder, but also be displayed. For example, mygame/ and mygame%/ should be changed to __SCE__mygame/ and %__SCE__mygame/ respectively. The SDK can do this for you automatically using 'make SCEkxploit'.

2) Firmware versions 1.51-2.0

There is currently no known way to execute all EBOOT files under these firmware revisions without having them signed by Sony. However, it is possible to execute code using an exploit in libtiff. This exploit has been used to write downgraders which bring the firmware revision back down to 1.5, permitting the running of homebrew code.

For user mode EBOOT files you can use Fanjita's EBOOT loader, which executes EBOOT files on firmware 2.00. A special version of Lua Player, without USB support, is included in the loader.

3) Firmware version 2.01 and above

2.01 was released soon after the libtiff exploit was discovered. It fixed the buffer overflow, making downgrading through the current method impossible. The only known way to run EBOOT files on these firmwares is to use a savegame exploit found in the Grand Theft Auto Liberty City Stories game. A version of the EBOOT loader is also available to make use of this exploit: Fanjita and Ditlew's eLoader.

4) Firmware version 2.80

Fixes the sceKernelLoadExec exploit.

5) Firmware version 2.81

Fixes the second TIFF exploit.

6) Firmware version 3.10

Fixes the sceRegOpenRegistry exploit and “Grand Theft Auto: Liberty City Stories” save game exploit.

7) Firmware version 3.51

Fixes the “Illuminati” save game exploit.

8) Firmware version 5.03

Fixes the “Gripshift” save game exploit.

9) Firmware version 5.50

Fixes the third TIFF exploit.

10) Firmware version 5.51

Fixes the Need for Speed Underground (US) and Monster Hunter Freedom (JPN) save game exploit.

11) Firmware version 6.20

Fixes the “Archer MaClean’s Mercury” save game exploit.

12) Firmware version 6.30

Fixes the “Patapon 2”save game exploit.

13) Firmware version 6.35

Fixes the “Hot Shots Golf” save game exploit.

PSP system software overview containing (exploit) fixes.