Editing Security Updates

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
The PSP had many revisions to its security through firmware upgrades. Many of these were silently added and the rest were simply labeled as "'''Revisions to strengthen security'''" by the update. This page will document on a technical level the security updates made by each firmware.
The PSP had many revisions to its security through firmware upgrades. Many of these were silently added and the rest were simply labeled as "'''Revisions to strengthen security'''" by the update. This page will document on a technical level the security updates made by each firmware.
=== 0.30 (Pre-Release) ===
=== 0.31 (Pre-Release) ===
=== 0.40 (Pre-Release) ===
=== 0.50 (Pre-Release) ===
=== 0.60 (Pre-Release) ===
=== 0.65 (Pre-Release) ===
=== 0.70 (Pre-Release) ===
=== 0.80 (Pre-Release) ===
* Restructured the ~PSP header and added more information to it.
* Blocks unsigned kernel/VSH modules (PRX)
=== 0.90 (Pre-Release) ===
* Boot config files are now encrypted and unsigned versions are also blocked
* Blocks unsigned user modules (PRX)
=== 1.00 (Pre-Release) ===
=== 1.01 (Pre-Release) ===
=== 1.02 (Pre-Release) ===


=== 1.03 ===
=== 1.03 ===
Line 28: Line 8:
=== 1.50 ===
=== 1.50 ===
* Introduced a bug in returning size of unsigned ELF, blocking normal EBOOTs, but can still be launched with Swapsploit/KXploit workaround.
* Introduced a bug in returning size of unsigned ELF, blocking normal EBOOTs, but can still be launched with Swapsploit/KXploit workaround.
* Introduced another bug where no encrypted PRX executable compressed with gzip will run, only modules may be gzipped. This bug persists in 1.51/1.52 and was fixed in 2.00.
* Introduced another bug where no encrypted PRX executable compressed with gzip will run, only modules may be gzipped.
** ''This bug may be why official updates were never gzipped despite games and demos eventually doing so, to ensure the updates can be run from all firmwares.''
** ''This bug may be why official updates were never gzipped despite games and demos eventually doing so, to ensure the updates can be run from all firmwares.''
* Reboot code has been moved out of '''reboot.prx''' and is now hidden within '''loadexec.prx'''.


=== 1.51 ===
=== 1.51 ===
Line 42: Line 21:
* Properly blocks kernel ELF by restructuring the kernel. Also blocks unsigned ELF in proper. This is why the only way to run kernel ELF in newer firmwares requires the 1.XX kernel.
* Properly blocks kernel ELF by restructuring the kernel. Also blocks unsigned ELF in proper. This is why the only way to run kernel ELF in newer firmwares requires the 1.XX kernel.
* Introduced signchecking on PRX files to tie them per-system. This was in response to people physically dumping their NANDs and being able to flash them to downgrade.
* Introduced signchecking on PRX files to tie them per-system. This was in response to people physically dumping their NANDs and being able to flash them to downgrade.
* Introduced a new privilege level, 0x0200, specifically for applications/demos ran from memory stick. Prior to 2.00 the firmware checked 0 for all unfinished APIs.


=== 2.01 ===
=== 2.01 ===
* Patches the libtiff exploit introduced in 2.00.
* Patches the libtiff exploit introduced in 2.00


=== 2.50 ===
=== 2.50 ===


=== 2.60 ===
=== 2.60 ===
* The IPL now uses an extra layer of encryption in stage 2 tied to a pseudo-random number generated by doing a checksum of the [[iplloader]].
* The IPL now uses an extra layer of encryption in stage 2 tied to a pseudo-random number generated by doing a checksum of the pre-IPL.
* The psp boot config files now contain checksums of all PRX files and block them if they don't match.


=== 2.70 ===
=== 2.70 ===
=== 2.71 ===
=== 2.71 ===
=== 2.80 ===
=== 2.80 ===
* The psp boot config files now contain checksums of all PRX files and block them if they don't match.
=== 2.81 ===
=== 2.81 ===
=== 2.82 ===
=== 2.82 ===
Line 109: Line 85:
=== 6.10 ===
=== 6.10 ===
=== 6.20 ===
=== 6.20 ===
=== 6.30 ===
=== 6.30 ===
* ECDSA signatures are now checked for all kernel PRX as well as updaters. This was partly in response to Datel's '''Action Replay''', which is signed as an update.
=== 6.31 ===
=== 6.31 ===
=== 6.35 ===
=== 6.35 ===
* The ~SCE header exploit was fixed, which had allowed running unsigned PRX by using the header to point to a signed PRX located after it.
=== 6.36 ===
=== 6.36 ===
=== 6.37 ===
=== 6.37 ===
Please note that all contributions to PSP Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PSP Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/psp/Security_Updates"