I'm really happy today to announce that I've do my first patch on a PSP game. I've experience from 65C816 (SNES) and x86 processors' reverse engineering, and yesterday I've studied a bit of mips to do a thing... Maybe a lot of people remember when the chinese coder Hrimfaxi (aka liquidzigong) released some tools to run Birth By Sleep ISO on PSP. One of this tools is dnas_decryptor, that decrypt BBS1-2-3.DAT files to make more faster the loading screens, but this only work for JAP version. Yesterday I tried to put BBS1-2-3.DAT decrypted on my ISO (oh, I don't download games from internet, I've the original game) but the game freezed before the warning screen about savedata. What I've do? I took the EBOOT.BIN and I decompiled it. I've search the routine that load crypted BBS1-2-3 and I found a way to skip decryption process simply editing 2 bytes. This trick work on EUR and USA version of the game:
Open EBOOT.BIN (or .OLD if you use prometheus patch) and go to 0xBD00 offset. You can see 0900 8018 right? Now change 8018 in 8104 and save. If you won't to extract the EBOOT, reput it on ISO and save, you can directly edit the ISO. I've found 0900 8018 on 0x11BD30.
Surely works on Birth By Sleep doesn't stop here, I'll continue to find more stuff and I'll release all here! Stay tuned :D