This short guide will present you all the necessary resources you need to start reverse engineering on PSP. This guide works for both reverse engineering kernel modules and userland (most probably game) binaries.
It is supposed you already know how to reverse engineer: if you don't, check a Ghidra tutorial and preferably also a MIPS assembly course.
Note there exists alternatives to Ghidra, for example using IDA Pro. Ghidra is used here because:
In order to get a binary to decrypt, you first need to pick:
psp_game/sysdir/ of the game ISO, either boot.bin (unencrypted) or eboot.bin (encrypted) ;In both cases, if you encounter a .PBP file or an encrypted file, you can use the pspdecrypt tool to decrypt it.
Install Ghidra and install ghidra-allegrex using the included README. Note there are some limitations in the plugin: VFPU support is limited, 64-bit return values or arguments (using two registers) are not properly handled.
After Ghidra is setup, you can start it and install the psp-ghidra-scripts using the included README in order to fix function imports and exports.
Then, you can download the pspsdk.gdt type archive for games, or uofw.gdt for kernel modules (or both, but that might cause incompatibilities).
These files were built using include files from the PSPSDK or uOFW using the File -> Parse C Source... menu.
If you want to regenerate (or update) them:
Source files to parse, from the src folder,
base/psptypes.h, debug/*.h, user/pspkerneltypes.h, user/*.h, then the rest of the .h filesinclude/common/*.h, then include/*.hNow that Ghidra is up and running, you should:
SonyPSPResolveNIDs.py scriptData Type Manager open it with Menu -> Open Project Archive...Apply Function Data TypesIf you're reverse engineering a low-level kernel module addressing the hardware through the 0xB.......
memory range, you'll also want to run the SonyPSPMapHWRegisters.py script (you can run it anytime).
Now all the imports should use the correct signatures, and you're good to go!