vita-kbl-loader
PSP2 kbl loader (Non-secure).
What is this plugin
A plugin that executes nskbl saved on the memory card and reboot the software.
Installation
1. Copy the decrypted nskbl.bin
to one of the paths.
host0:data/kbl-loader/nskbl.bin
for devkit
sd0:data/kbl-loader/nskbl.bin
for advanced user (If installed the Manufacturing mode)
ux0:data/kbl-loader/nskbl.bin
for end user
2. If you need software reboot with enso, Copy the enso_second.bin
to one of the paths.
host0:data/kbl-loader/enso_second.bin
for devkit
sd0:data/kbl-loader/enso_second.bin
for advanced user (If installed the Manufacturing mode)
ux0:data/kbl-loader/enso_second.bin
for end user
note : We developers need to have enso_second.bin for enso and non enso. for sector redirect patch.
3. Run kbl-loader.skprx.
Development note
NSKBL has a different offset for each fw, so adjustment is required when using it with 3.65 etc.
Like enso 3.60 and 3.65.
Also because it needs cleanup, not yet compatible with "dumped" NSKBL.
Also, if you accidentally execute broken code and get stuck with a software reboot, you can easily recover by resetting the hardware because the original NSKBL etc, will be loaded.
Building
Define TARGET_FW
as either FW_360
or FW_365
in CMakeLists.txt
.
Define FORCE_SD0_BOOT_PATCHES
to 1 to enable forced os0->sd0 redirection.
When building for firmware 3.65, you may need to build extra stubs (mkdir extra && vita-libs-gen -c import_365.yml extra
) and link against resulting .a
.
NOTE: When FORCE_SD0_BOOT_PATCHES
is defined as 1, the following behaviour is changed in sysstatemgr.skprx
:
* Text format system configuration scripts are allowed.
* sd0:psp2config.skprx
and ux0:psp2config.skprx
are attempted to be used as system configuration script.
* The MANUFACTURING_MODE
predicate always evaluates to 1.
Information
Check out the original repository for more details.
Credits
Thanks to everybody who contributes to wiki.henkaku.xyz and helps reverse engineering the PSVita OS.
Also xerpi who created the original vita-baremetal-loader.