Playstation Vita first_loader hack for prototype units on firmware 1.03/0.945.000 or internal units on firmware 0.930
This hack grants "bootrom"-level code execution on the PSP2 by exploiting a first_loader vulnerability discovered by Team Molecule
- You will need mepsdk and vitasdk
- Compile all the cmep-payloads, make sure that resulting byte arrays are static const
- Compile the main code, the result should be kexec.bin or kpayload.bin
- Run kexec.bin or kpayload.bin in THUMB mode with a kernel exploit such as this one
- By default, on firmware 1.03 broombroom expects arg to be a user-space pointer to a decrypted 3.65 second_loader.enc
- it is only used for convenience, it is not required for the hack itself
- Porting to different firmwares requires offset changes in the kernel and tz payloads
- 'Proxima' for help and guidance over discord
- 'Team Molecule' for the user, kernel, bootloader, trustzone, update_sm and bootrom exploits as well as mepsdk and sceutils
- 'Zecoxao', 'LemonHaze', 'Princess Of Sleeping'
- All henkaku wiki and vitasdk contributors
- 'Yasen' for providing a type B prototype devkit and lots of electrons.