Playstation Vita first_loader hack for prototype units on firmware 1.03/0.945.000 or internal units on firmware 0.930
This hack grants "bootrom"-level code execution on the PSP2 by exploiting a first_loader vulnerability discovered by Team Molecule

• You will need mepsdk and vitasdk
• Compile all the cmep-payloads, make sure that resulting byte arrays are static const
• Compile the main code, the result should be kexec.bin or kpayload.bin
• Run kexec.bin or kpayload.bin in THUMB mode with a kernel exploit such as this one

• By default, on firmware 1.03 broombroom expects arg to be a user-space pointer to a decrypted 3.65 second_loader.enc
  • it is only used for convenience, it is not required for the hack itself
• Porting to different firmwares requires offset changes in the kernel and tz payloads

• 'Proxima' for help and guidance over discord
• 'Team Molecule' for the user, kernel, bootloader, trustzone, update_sm and bootrom exploits as well as mepsdk and sceutils
• 'Zecoxao', 'LemonHaze', 'Princess Of Sleeping'
• All henkaku wiki and vitasdk contributors
• 'Yasen' for providing a type B prototype devkit and lots of electrons.