diff --git a/README.md b/README.md
index a6e17a5..598aad2 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,30 @@
+# Repo moved to [ChronoSwitch](https://github.com/PSP-Archive/Chronoswitch)
+
+
 # Chronoswitch Downgrader
 Chronoswitch is a downgrader for the Playstation Portable (PSP).
 
 ## Installation
 Download and extract the latest version from the releases on this github page. Copy the `PSP` folder from the extracted output to your memory stick. You will need the firmware update for version you wish to downgrade to. If you want to downgrade to 6.60, you will need the 6.60 official update. If you're downgrading a PSPgo, make sure you download the official firmware appropriate for that device.
 
-Copy the official firmware update to `PSP/GAME/UPDATE/EBOOT.PBP` on your memory stick. If you're using a PSPgo, make sure this copied to the internal storage instead.
+Copy the official firmware update to `PSP/GAME/UPDATE/EBOOT.PBP` on your memory stick. If you're using a PSPgo, you can use internal storage or the memory stick for the official firmware EBOOT
 
 The downgrader is "signed", and can be launched without having a custom firmware installed. Once you run the application, follow the on-screen instructions.
 
 ## Changelog
+### Version 7.6.1
+* Added more print statements for less common issues with parsing EBOOT.PBP or the buffer
+### Version 7.6
+* Changed Default color, makes it a bit easier to read.
+* Detect which OFW you have to make sure your flashing the proper model OFW. ( i.e You can only flash GO OFW on GO and vice versa )
+### Version 7.5
+* Updated Tools to encrypt EBOOT to be OS agnostic ( from Yoti's psp_pspident )
+* Bugfix: GO had issue running with just Infinity/OFW running.
+### Version 7.4
+* PSP GO cleanup
+* Detect if EBOOT.PBP is missing from `PSP/GAME/UPDATE/`
+### Version 7.3
+* PSP GO can boot from ms0/ef0
 ### Version 7.2
 * Replaced 'factory firmware limitation', which prevented certain PSPs from being downgradable at all or limited them from being downgraded to certain firmwares they theoretically support.
 * This fixes most cases where an IDXFFFFFFFF or CAAFFFFFCF7 error could appear.
diff --git a/src/Makefile.signed b/src/Makefile.signed
index 6cc1a89..f2e702a 100644
--- a/src/Makefile.signed
+++ b/src/Makefile.signed
@@ -1,25 +1,33 @@
+UNAME := $(shell uname)
 release: all
-	bin/prxEncrypter $(TARGET).prx
-	pack-pbp $(EXTRA_TARGETS) PARAM.SFO icon0.png NULL NULL NULL NULL data.psp NULL
-	rm -f data.psp
+ifeq ($(UNAME), Linux)
+	bin/psptools/pack_ms_game.py --vanity "$(PSP_EBOOT_TITLE)" EBOOT.PBP EBOOT.PBP
+else
+	bin\\psptools\\pack_ms_game.py --vanity "$(PSP_EBOOT_TITLE)" EBOOT.PBP EBOOT.PBP
+endif
+	unpack-pbp EBOOT.PBP
+	pack-pbp $(EXTRA_TARGETS) PARAM.SFO icon0.png NULL NULL NULL NULL DATA.PSP NULL
+	rm -f DATA.PSP
 	rm -f downgrade_ctrl.h
 	rm -f downgrade660_ctrl.h
+	@mkdir -p PSP/GAME/ChronoSwitch
+	@cp EBOOT.PBP PSP/GAME/ChronoSwitch/
 
 TARGET = downgrader
 OBJS = main.o kernel_exploit.o kernel_land.o rebootex.o utils.o extras.o extra_stubs.o libasm/libinfinityUser.o
 
-INCDIR = ../include
+INCDIR = include
 CFLAGS = -Os -G0 -Wall
 CXXFLAGS = $(CFLAGS) -fno-exceptions -fno-rtti
 ASFLAGS = $(CFLAGS) -c
  
-LIBDIR = ../lib
+LIBDIR = lib
 LIBS = -lpsppower
 
 PSP_FW_VERSION = 271
 
 EXTRA_TARGETS = EBOOT.PBP
-PSP_EBOOT_TITLE = Chronoswitch Downgrader v7.2
+PSP_EBOOT_TITLE = Chronoswitch Downgrader v7.6.1
 
 BUILD_PRX = 1
 
diff --git a/src/bin/prxEncrypter.exe b/src/bin/prxEncrypter.exe
deleted file mode 100644
index 3428331..0000000
Binary files a/src/bin/prxEncrypter.exe and /dev/null differ
diff --git a/src/bin/psptools/pack_btcnf.py b/src/bin/psptools/pack_btcnf.py
new file mode 100755
index 0000000..c696ce1
--- /dev/null
+++ b/src/bin/psptools/pack_btcnf.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+
+import argparse
+
+from psptool.pack import pack_btcnf
+from psptool.prx import encrypt
+
+parser = argparse.ArgumentParser(description="Infinity Boot Config Packer")
+parser.add_argument('input', type=argparse.FileType('rb'),
+                    help='The raw text file to pack')
+parser.add_argument('--vanity', type=str,
+                    help='Some vanity text in the executable header')
+parser.add_argument('output', type=str,
+                    help='The output to write the packed text')
+args = parser.parse_args()
+
+executable = args.input.read()
+executable = encrypt(pack_btcnf(executable,
+                              psptag=0x00000000), vanity=args.vanity)
+
+with open(args.output, 'wb') as f:
+    f.write(executable)
diff --git a/src/bin/psptools/pack_kernel_module.py b/src/bin/psptools/pack_kernel_module.py
new file mode 100755
index 0000000..39c1f87
--- /dev/null
+++ b/src/bin/psptools/pack_kernel_module.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+
+import argparse
+
+from psptool.pack import pack_prx
+from psptool.prx import encrypt
+
+parser = argparse.ArgumentParser(description="Infinity Kernel Module Packer")
+parser.add_argument('input', type=argparse.FileType('rb'),
+                    help='The raw kernel PRX to pack')
+parser.add_argument('--vanity', type=str,
+                    help='Some vanity text in the executable header')
+parser.add_argument('output', type=str,
+                    help='The output to write the packed PRX')
+args = parser.parse_args()
+
+executable = args.input.read()
+executable = encrypt(pack_prx(executable, is_pbp=False,
+                              psptag=lambda x: 0x00000000), vanity=args.vanity)
+
+with open(args.output, 'wb') as f:
+    f.write(executable)
diff --git a/src/bin/psptools/pack_ms_game.py b/src/bin/psptools/pack_ms_game.py
new file mode 100755
index 0000000..b960d7f
--- /dev/null
+++ b/src/bin/psptools/pack_ms_game.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python3
+
+import argparse
+
+from psptool.pbp import is_pbp, PBP
+from psptool.pack import pack_prx
+from psptool.prx import encrypt
+
+parser = argparse.ArgumentParser(description="Infinity Game Packer")
+parser.add_argument('input', type=argparse.FileType('rb'),
+                    help='The raw PBP to pack')
+parser.add_argument('--vanity', type=str,
+                    help='Some vanity text in the executable header')
+parser.add_argument('output', type=str,
+                    help='The output to write the packed PBP')
+args = parser.parse_args()
+
+executable = args.input.read()
+
+if not is_pbp(executable):
+    raise ValueError("not a PBP")
+
+# Although there are several tags for MS demos, 0x0C000000 is the most
+# portable as it exists in every firmware
+pbp = PBP(executable)
+pbp.prx = encrypt(pack_prx(pbp.prx, is_pbp=True,
+                           psptag=lambda x: 0x0C000000), vanity=args.vanity)
+
+with open(args.output, 'wb') as f:
+    f.write(pbp.pack())
diff --git a/src/bin/psptools/pack_updater.py b/src/bin/psptools/pack_updater.py
new file mode 100755
index 0000000..fed09d5
--- /dev/null
+++ b/src/bin/psptools/pack_updater.py
@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+
+import argparse
+
+from psptool.pbp import is_pbp, PBP
+from psptool.pack import pack_prx
+from psptool.prx import encrypt
+
+parser = argparse.ArgumentParser(description="Infinity Updater Packer")
+parser.add_argument('input', type=argparse.FileType('rb'),
+                    help='The raw PBP to pack')
+parser.add_argument('--vanity', type=str,
+                    help='Some vanity text in the executable header')
+parser.add_argument('output', type=str,
+                    help='The output to write the packed PBP')
+args = parser.parse_args()
+
+executable = args.input.read()
+
+if not is_pbp(executable):
+    raise ValueError("not a PBP")
+
+pbp = PBP(executable)
+pbp.prx = encrypt(pack_prx(pbp.prx, is_pbp=True,
+                           psptag=lambda x: 0x0B000000), vanity=args.vanity)
+
+with open(args.output, 'wb') as f:
+    f.write(pbp.pack())
diff --git a/src/bin/psptools/pack_user_fw_module.py b/src/bin/psptools/pack_user_fw_module.py
new file mode 100755
index 0000000..1949ae8
--- /dev/null
+++ b/src/bin/psptools/pack_user_fw_module.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+
+import argparse
+
+from psptool.pack import pack_prx
+from psptool.prx import encrypt
+
+parser = argparse.ArgumentParser(
+    description="Infinity User Firmware Module Packer")
+parser.add_argument('input', type=argparse.FileType('rb'),
+                    help='The raw user PRX to pack')
+parser.add_argument('--id', type=str, help='The btcnf id to set')
+parser.add_argument('output', type=str,
+                    help='The output to write the packed PRX')
+args = parser.parse_args()
+
+executable = args.input.read()
+executable = encrypt(pack_prx(executable, is_pbp=False,
+                              psptag=lambda x: 0x457B8AF0), id=bytes.fromhex(args.id))
+
+with open(args.output, 'wb') as f:
+    f.write(executable)
diff --git a/src/bin/psptools/psptool/.gitignore b/src/bin/psptools/psptool/.gitignore
new file mode 100644
index 0000000..bee8a64
--- /dev/null
+++ b/src/bin/psptools/psptool/.gitignore
@@ -0,0 +1 @@
+__pycache__
diff --git a/src/bin/psptools/psptool/__init__.py b/src/bin/psptools/psptool/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/src/bin/psptools/psptool/kirk.py b/src/bin/psptools/psptool/kirk.py
new file mode 100644
index 0000000..8bad818
--- /dev/null
+++ b/src/bin/psptools/psptool/kirk.py
@@ -0,0 +1,289 @@
+import struct
+import hashlib
+from Crypto.Cipher import AES
+from Crypto.Hash import CMAC
+from Crypto import Random
+from ecdsa.ellipticcurve import CurveFp, Point
+from ecdsa.curves import Curve
+from ecdsa import SigningKey, VerifyingKey
+from ecdsa.numbertheory import inverse_mod
+
+_k1_key = '98C940975C1D10E87FE60EA3FD03A8BA'
+
+_k4_k7_keys = [
+    '2C92E5902B86C106B72EEA6CD4EC7248',
+    '058DC80B33A5BF9D5698FAE0D3715E1F',
+    'B813C35EC64441E3DC3C16F5B45E6484',
+    '9802C4E6EC9E9E2FFC634CE42FBB4668',
+    '99244CD258F51BCBB0619CA73830075F',
+    '0225D7BA63ECB94A9D237601B3F6AC17',
+    '6099F28170560E5F747CB520C0CDC23C',
+    '76368B438F77D87EFE5FB6115939885C',
+    '14A115EB434A1BA4905E03B617A15C04',
+    'E65803D9A71AA87F059D229DAF5453D0',
+    'BA3480B428A7CA5F216412F70FBB7323',
+    '72AD35AC9AC3130A778CB19D88550B0C',
+    '8485C848750843BC9B9AECA79C7F6018',
+    'B5B16EDE23A97B0EA17CDBA2DCDEC46E',
+    'C871FDB3BCC5D2F2E2D7729DDF826882',
+    '0ABB336C96D4CDD8CB5F4BE0BADB9E03',
+    '32295BD5EAF7A34216C88E48FF50D371',
+    '46F25E8E4D2AA540730BC46E47EE6F0A',
+    '5DC71139D01938BC027FDDDCB0837D9D',
+    '51DD65F071A4E5EA6AAF12194129B8F4',
+    '03763C6865C69B0FFE8FD8EEA43616A0',
+    '7D50B85CAF6769F0E54AA8098B0EBE1C',
+    '72684B32AC3B332F2A7AFC9E14D56F6B',
+    '201D31964AD99FBF32D5D61C491BD9FC',
+    'F8D84463D610D12A448E9690A6BB0BAD',
+    '5CD4057FA13060440AD9B6745F244F4E',
+    'F48AD678599C22C1D411933DF845B893',
+    'CAE7D287A2ECC1CD94542B5E1D9488B2',
+    'DE26D37A39956C2AD8C3A6AF21EBB301',
+    '7CB68B4DA38D1DD932679CA99FFB2852',
+    'A0B556B469AB368F36DEC9092ECB41B1',
+    '939DE19B725FEEE2452ABC1706D14769',
+    'A4A4E621382EF1AF7B177AE842AD0031',
+    'C37F13E8CF84DB34747BC3A0F19D3A73',
+    '2BF7838AD898E95FA5F901DA61FE35BB',
+    'C704621E714A66EA62E04B203DB8C2E5',
+    'C933859AAB00CDCE4D8B8E9F3DE6C00F',
+    '1842561F2B5F34E3513EB78977431A65',
+    'DCB0A0065A50A14E59AC973F1758A3A3',
+    'C4DBAE83E29CF254A3DD374E807BF425',
+    'BFAEEB498265C57C64B8C17E19064409',
+    '797CECC3B3EE0AC03BD8E6C1E0A8B1A4',
+    '7534FE0BD6D0C28D68D4E02AE7D5D155',
+    'FAB35326974F4EDFE4C3A814C32F0F88',
+    'EC97B386B433C6BF4E539D95EBB979E4',
+    'B320A204CF480629B5DD8EFC98D4177B',
+    '5DFC0D4F2C39DA684A3374ED4958A73A',
+    'D75A5422CED9A3D62B557D8DE8BEC7EC',
+    '6B4AEE4345AE7007CF8DCF4E4AE93CFA',
+    '2B522F664C2D114CFE61318C56784EA6',
+    '3AA34E44C66FAF7BFAE55327EFCFCC24',
+    '2B5C78BFC38E499D41C33C5C7B2796CE',
+    'F37EEAD2C0C8231DA99BFA495DB7081B',
+    '708D4E6FD1F66F1D1E1FCB02F9B39926',
+    '0F6716E180699C51FCC7AD6E4FB846C9',
+    '560A494A844C8ED982EE0B6DC57D208D',
+    '12468D7E1C42209BBA5426835EB03303',
+    'C43BB6D653EE67493EA95FBC0CED6F8A',
+    '2CC3CF8C2878A5A663E2AF2D715E86BA',
+    '833DA70CED6A2012D196E6FE5C4D37C5',
+    'C743D06742EE90B8CA75503520ADBCCE',
+    '8AE3663F8D9E82A1EDE68C9CE8256DAA',
+    '7FC96F0BB1485CA55DD364B77AF5E4EA',
+    '91B765788BCB8BD402ED553A6662D0AD',
+    '2824F9101B8D0F7B6EB263B5B55B2EBB',
+    '30E2575DE0A249CEE8CF2B5E4D9F52C7',
+    '5EE50439623202FA85393F72BB77FD1A',
+    'F88174B1BDE9BFDD45E2F55589CF46AB',
+    '7DF49265E3FAD678D6FE78ADBB3DFB63',
+    '747FD62DC7A1CA96E27ACEFFAA723FF7',
+    '1E58EBD065BBF168C5BDF746BA7BE100',
+    '24347DAF5E4B35727A52276BA05474DB',
+    '09B1C705C35F536677C0EB3677DF8307',
+    'CCBE615C05A20033378E5964A7DD703D',
+    '0D4750BBFCB0028130E184DEA8D48413',
+    '0CFD679AF9B4724FD78DD6E99642288B',
+    '7AD31A8B4BEFC2C2B39901A9FE76B987',
+    'BE787817C7F16F1AE0EF3BDE4CC2D786',
+    '7CD8B891910A4314D0533DD84C45BE16',
+    '32722C8807CF357D4A2F511944AE68DA',
+    '7E6BBFF6F687B898EEB51B3216E46E5D',
+    '08EA5A8349B59DB53E0779B19A59A354',
+    'F31281BFE69F51D164082521FFBB2261',
+    'AFFE8EB13DD17ED80A61241C959256B6',
+    '92CDB4C25BF2355A2309E819C9144235',
+    'E1C65B226BE1DA02BA18FA21349EF96D',
+    '14EC76CE97F38A0A34506C539A5C9AB4',
+    '1C9BC490E3066481FA59FDB600BB2870',
+    '43A5CACC0D6C2D3F2BD989676B3F7F57',
+    '00EFFD1808A405893C38FB2572706106',
+    'EEAF49E009879BEFAAD6326A3213C429',
+    '8D26B90F431DBB08DB1DDAC5B52C92ED',
+    '577C3060AE6EBEAE3AAB1819C571680B',
+    '115A5D20D53A8DD39CC5AF410F0F186F',
+    '0D4D51AB2379BF803ABFB90E75FC14BF',
+    '9993DA3E7D2E5B15F252A4E66BB85A98',
+    'F42830A5FB0D8D760EA671C22BDE669D',
+    'FB5FEB7FC7DCDD693701979B29035C47',
+    '02326AE7D396CE7F1C419DD65207ED09',
+    '9C9B1372F8C640CF1C62F5D592DDB582',
+    '03B302E85FF381B13B8DAA2A90FF5E61',
+    'BCD7F9D32FACF847C0FB4D2F309ABDA6',
+    'F55596E97FAF867FACB33AE69C8B6F93',
+    'EE297093F94E445944171F8E86E170FC',
+    'E434520CF088CFC8CD781B6CCF8C48C4',
+    'C1BF66818EF953F2E1266B6F550CC9CD',
+    '560FFF8F3C9649144516F1BCBFCEA30C',
+    '2408DC753760A29F0554B5F243857399',
+    'DDD5B56A59C55AE83B9667C75C2AE2DC',
+    'AA686772E02D44D5CDBB6504BCD5BF4E',
+    '1F17F014E777A2FE4B136B56CD7EF7E9',
+    'C93548CF558D7503896B2EEB618CA902',
+    'DE34C541E7CA86E8BEA7C31CECE4360F',
+    'DDE5FF551B74F6F4E016D7AB22311B6A',
+    'B0E93521333FD7BAB4762CCB4D8008D8',
+    '381469C4C3F91B9633638E4D5F3DF029',
+    'FA486AD98E6716EF6AB087F589457F2A',
+    '321A091250148A3E963DEA025932E18F',
+    '4B00BE29BCB02864CEFD43A96FD95CED',
+    '577DC4FF0244E28091F4CA0A7569FDA8',
+    '835336C61803E43E4EB30F6B6E799B7A',
+    '5C9265FD7B596AA37A2F509D85E927F8',
+    '9A39FB89DF55B2601424CEA6D9650A9D',
+    '8B75BE91A8C75AD2D7A594A01CBB9591',
+    '95C21B8D05ACF5EC5AEE77812395C4D7',
+    'B9A461643633FA5D9488E2D3281E01A2',
+    'B8B084FB9F4CFAF730FE7325A2AB897D',
+    '5F8C179FC1B21DF1F6367A9CF7D3D47C'
+]
+
+
+def _kirk1_curve():
+    # ECDSA curve
+    p = 0xFFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF
+    a = -3
+    b = 0x65D1488C0359E234ADC95BD3908014BD91A525F9
+    Gx = 0x2259ACEE15489CB096A882F0AE1CF9FD8EE5F8FA
+    Gy = 0x604358456D0A1CB2908DE90F27D75C82BEC108C0
+    r = 0xffffffffffffffff0001b5c617f290eae1dbad8f
+    curve = CurveFp(p, a, b)
+    generator = Point(curve, Gx, Gy, r)
+    return Curve("kirk1", curve, generator, (1, 3, 3, 7, 4))
+
+
+def _kirk11_curve():
+    # ECDSA curve
+    p = 0xFFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF
+    a = -3
+    b = 0xA68BEDC33418029C1D3CE33B9A321FCCBB9E0F0B
+    Gx = 0x128EC4256487FD8FDF64E2437BC0A1F6D5AFDE2C
+    Gy = 0x5958557EB1DB001260425524DBC379D5AC5F4ADF
+    r = 0xFFFFFFFFFFFFFFFEFFFFB5AE3C523E63944F2127
+    curve = CurveFp(p, a, b)
+    generator = Point(curve, Gx, Gy, r)
+    return Curve("kirk11", curve, generator, (1, 3, 3, 7, 4))
+
+
+_k_ecdsa_sign = SigningKey.from_string(bytes.fromhex(
+    'F392E26490B80FD889F2D9722C1F34D7274F983D'), curve=_kirk1_curve())
+_k_ecdsa_verify = _k_ecdsa_sign.get_verifying_key()
+
+
+def _verify_cmac(key, block, size, offset):
+    cobj = CMAC.new(key, ciphermod=AES)
+    cobj.update(block[0x60:0x60+0x30])
+    cobj.verify(block[0x20:0x30])
+    cobj = CMAC.new(key, ciphermod=AES)
+    cobj.update(block[0x60:0x90+size+offset])
+    cobj.verify(block[0x30:0x40])
+
+
+def _verify_ecdsa(block, size, offset):
+    _k_ecdsa_verify.verify(block[0x10:0x10+0x28], block[0x60:0x60+0x30])
+    _k_ecdsa_verify.verify(block[0x38:0x38+0x28],
+                           block[0x60:0x60+0x30+size+offset])
+
+
+def kirk1(block):
+    mode = struct.unpack("<I", block[0x60:0x64])[0]
+    ecdsa = struct.unpack("<I", block[0x64:0x68])[0]
+    size = struct.unpack("<I", block[0x70:0x74])[0]
+    offset = struct.unpack("<I", block[0x74:0x78])[0]
+    padding = 0
+
+    while (size + offset + padding) % 16 != 0:
+        padding = padding + 1
+
+    size = size + padding
+
+    # decrypt our kirk keys
+    k1_aes = AES.new(bytes.fromhex(_k1_key), AES.MODE_CBC, iv=b'\x00'*16)
+    keys = k1_aes.decrypt(block[0x00:0x20])
+
+    if ecdsa == 1:
+        _verify_ecdsa(block, size, offset)
+    else:
+        _verify_cmac(keys[0x10:0x20], block, size, offset)
+
+    aes = AES.new(keys[0x00:0x10], AES.MODE_CBC, iv=b'\x00'*16)
+    return aes.decrypt(block[0x90+offset:0x90+offset+size])[:size-padding]
+
+
+def kirk1_encrypt_ecdsa(data, salt=b'', key=None):
+    if key is None:
+        key = Random.get_random_bytes(16)
+
+    # pad to 16 byte boundary if required
+    padding = b''
+    if len(data) % 16:
+    	for i in range(15, len(data) % 16-1, -1):
+    		padding += bytes([i << 4 | i])
+
+    # encrypt the data
+    aes = AES.new(key, AES.MODE_CBC, iv=b'\x00'*16)
+    enc_data = aes.encrypt(data + padding)
+
+    # sign the header
+    header = struct.pack('<II8xII8x16x', 1, 1, len(data), len(salt))
+    header_sig = _k_ecdsa_sign.sign(header)
+
+    # sign the data
+    block = header + salt + enc_data
+    data_sig = _k_ecdsa_sign.sign(block)
+
+    # encrypt keys and return result
+    k1_aes = AES.new(bytes.fromhex(_k1_key), AES.MODE_CBC, iv=b'\x00'*16)
+    return k1_aes.encrypt(key) + header_sig + data_sig + block
+
+
+def kirk1_encrypt_cmac(data, salt=b'', aes_key=None, cmac_key=None):
+    if aes_key is None:
+        aes_key = Random.get_random_bytes(16)
+
+    if cmac_key is None:
+        cmac_key = Random.get_random_bytes(16)
+
+    # pad to 16 byte boundary if required
+    padding = b''
+    if len(data) % 16:
+    	for i in range(15, len(data) % 16-1, -1):
+    		padding += bytes([i << 4 | i])
+
+    # encrypt the data
+    aes = AES.new(aes_key, AES.MODE_CBC, iv=b'\x00'*16)
+    enc_data = aes.encrypt(data + padding)
+
+    # cmac the header
+    header = struct.pack('<II8xII8x16x', 1, 0, len(data), len(salt))
+    cmac = CMAC.new(cmac_key, ciphermod=AES)
+    cmac.update(header)
+    header_mac = cmac.digest()
+
+    # cmac the data
+    block = header + salt + enc_data
+    cmac = CMAC.new(cmac_key, ciphermod=AES)
+    cmac.update(block)
+    data_mac = cmac.digest()
+
+    # encrypt keys and return result
+    k1_aes = AES.new(bytes.fromhex(_k1_key), AES.MODE_CBC, iv=b'\x00'*16)
+    return k1_aes.encrypt(aes_key + cmac_key) + header_mac + data_mac + b'\x00'*0x20 + block
+
+
+def kirk4(data, key):
+    aes = AES.new(bytes.fromhex(_k4_k7_keys[key]), AES.MODE_CBC, iv=b'\x00'*16)
+    return aes.encrypt(data)
+
+
+def kirk7(data, key):
+    aes = AES.new(bytes.fromhex(_k4_k7_keys[key]), AES.MODE_CBC, iv=b'\x00'*16)
+    return aes.decrypt(data)
+
+
+def kirk11(pubkey, sig, data):
+    vk = VerifyingKey.from_string(pubkey, curve=_kirk11_curve())
+    vk.verify(sig, data)
diff --git a/src/bin/psptools/psptool/pack.py b/src/bin/psptools/psptool/pack.py
new file mode 100644
index 0000000..ca00d28
--- /dev/null
+++ b/src/bin/psptools/psptool/pack.py
@@ -0,0 +1,316 @@
+#!/usr/bin/env python3
+
+import psptool.pbp
+import argparse
+import struct
+import gzip
+from enum import Enum, auto
+
+PBP_HEADER_MAGIC = 0x50425000
+PSP_HEADER_MAGIC = 0x5053507E
+ELF_HEADER_MAGIC = 0x464C457F
+ELF_TYPE_PRX = 0xFFA0
+
+R_MIPS_GPREL16 = 7
+R_MIPS_NONE = 0
+
+
+class ExecutableType(Enum):
+    USER_PRX = auto()
+    KERNEL_PRX = auto()
+    PBP = auto()
+
+
+class Rel:
+    def __init__(self, data):
+        (self.r_offset, self.r_info) = struct.unpack('<II', data[:0x8])
+
+    def pack(self):
+        return struct.pack('<II', self.r_offset, self.r_info)
+
+
+class Phdr:
+    def __init__(self, data):
+        (self.p_type, self.p_offset, self.p_vaddr,
+         self.p_paddr, self.p_filesz, self.p_memsz,
+         self.p_flags, self.p_align) = struct.unpack('<IIIIIIII', data[:0x20])
+
+
+class Shdr:
+    def __init__(self, data):
+        (self.sh_name, self.sh_type, self.sh_flags,
+         self.sh_addr, self.sh_offset, self.sh_size,
+         self.sh_link, self.sh_info, self.sh_addralign,
+         self.sh_entsize) = struct.unpack('<IIIIIIIIII', data[:0x28])
+
+
+class ELF:
+    def __init__(self, data):
+        (self.e_magic, self.e_class, self.e_data, self.e_idver,
+         self.e_type, self.e_machine, self.e_version,
+         self.e_entry, self.e_phoff, self.e_shoff,
+         self.e_flags, self.e_ehsize, self.e_phentsize,
+         self.e_phnum, self.e_shentsize, self.e_shnum,
+         self.e_shstrndx) = struct.unpack('<IBBBxxxxxxxxxHHIIIIIHHHHHH', data[:0x34])
+
+        self.phdrs = [Phdr(data[self.e_phoff+x*self.e_phentsize:])
+                      for x in range(self.e_phnum)]
+        self.shdrs = [Shdr(data[self.e_shoff+x*self.e_shentsize:])
+                      for x in range(self.e_shnum)]
+        self.strtab = data[self.shdrs[self.e_shstrndx].sh_offset:self.shdrs[self.e_shstrndx].sh_offset +
+                           self.shdrs[self.e_shstrndx].sh_size].decode('ascii')
+
+
+class ModuleInfo:
+    def __init__(self, data):
+        (self.modattribute, self.modversion,
+         self.modname, self.gp_value, self.ent_top, self.ent_end,
+         self.stub_top, self.stub_end) = struct.unpack('<HH28sIIIII', data[:0x34])
+
+        self.modname = self.modname.decode('ascii').rstrip('\0')
+
+    def is_kernel(self):
+        return (self.modattribute & 0x1000) != 0
+
+
+class PSPHeader:
+    def __init__(self, executable, elf, phdr, modinfo, is_pbp):
+        self.attribute = modinfo.modattribute
+        self.modinfo_offset = phdr.p_paddr
+        self.version = 1
+
+        # set compression to gzip
+        self.comp_attribute = 0
+        self.module_ver_lo = modinfo.modversion & 0xFF
+        self.module_ver_hi = (modinfo.modversion >> 8) & 0xFF
+        self.modname = modinfo.modname
+        self.elf_size = len(executable)
+
+        self.entry = elf.e_entry
+        self.nsegments = elf.e_phnum if elf.e_phnum < 2 else 2
+        self.seg_align = [
+            x.p_align for x in elf.phdrs[:self.nsegments]] + [0]*(4-self.nsegments)
+        self.seg_address = [
+            x.p_vaddr for x in elf.phdrs[:self.nsegments]] + [0]*(4-self.nsegments)
+        self.seg_size = [
+            x.p_memsz for x in elf.phdrs[:self.nsegments]] + [0]*(4-self.nsegments)
+
+        bss = next(x for x in elf.shdrs if elf.strtab[x.sh_name:].split(
+            '\0')[0] == '.bss')
+        self.bss_size = bss.sh_size
+
+        self.devkitversion = 0
+
+        if modinfo.is_kernel():
+            # self.devkitversion = 0x06060110 if self.attribute & 0x2000 else 0x05070110
+            self.decrypt_mode = 1
+
+        elif is_pbp:
+            # check if VSH API (updater)
+            if (self.attribute & 0x800) == 0x800:
+                self.decrypt_mode = 0xC
+
+            # check if APP API (comics, etc)
+            elif (self.attribute & 0x600) == 0x600:
+                self.decrypt_mode = 0xE
+
+            # check if USB WLAN API (skype, etc)
+            elif (self.attribute & 0x400) == 0x400:
+                self.decrypt_mode = 0x4
+
+            # set to MS API
+            else:
+                # TODO: could check the SFO for POPS...
+                # MS games must set attribute to 0x200 for firmware 2.00+
+                # On firmware <2.00 it must be set to 0
+                self.attribute |= 0x200
+                self.decrypt_mode = 0xD
+
+        else:
+            # standalone user prx
+            # check for VSH API
+            if (self.attribute & 0x800) == 0x800:
+                self.decrypt_mode = 3
+
+            # standard user prx
+            else:
+                self.devkitversion = 0x05070210
+                self.decrypt_mode = 4
+
+        # to be filled in by caller
+        self.psptag = None
+        self.oetag = None
+        self.comp_size = None
+        self.psp_size = None
+
+        self.reserved = [0]*5
+        self.key_data0 = [0xDA]*0x30
+        self.reserved2 = [0]*2
+        self.key_data1 = [0xDA]*0x10
+        self.signcheck = [0]*0x58
+        self.key_data2 = 0
+        self.key_data3 = [0xDA]*0x1C
+
+    def pack(self):
+        return struct.pack('<IHHBB28sBBIIIII4H4I4I5IIBxH48BII2I16BI88BII28B',
+                           PSP_HEADER_MAGIC, self.attribute, self.comp_attribute, self.module_ver_lo, self.module_ver_hi,
+                           self.modname.encode(
+                               'ascii'), self.version, self.nsegments, self.elf_size, self.psp_size, self.entry,
+                           self.modinfo_offset, self.bss_size, *
+                           self.seg_align, *self.seg_address, *self.seg_size,
+                           *self.reserved, self.devkitversion, self.decrypt_mode, 0,
+                           *self.key_data0, self.comp_size, 0x80, *
+                           self.reserved2, *self.key_data1, self.psptag,
+                           *self.signcheck, self.key_data2, self.oetag, *self.key_data3)
+
+
+class PSPBootHeader:
+    def __init__(self, executable):
+        self.attribute = 0x1000
+        self.modinfo_offset = 0
+        self.version = 1
+
+        # set compression to gzip
+        self.comp_attribute = 0
+        self.module_ver_lo = 0
+        self.module_ver_hi = 0
+        self.modname = ""
+        self.elf_size = len(executable)
+
+        self.entry = 0
+        self.nsegments = 0
+        self.seg_align = [0]*4
+        self.seg_address = [0]*4
+        self.seg_size = [0]*4
+        self.bss_size = 0
+        self.devkitversion = 0
+        self.decrypt_mode = 1
+
+        # to be filled in by caller
+        self.psptag = None
+        self.oetag = None
+        self.comp_size = None
+        self.psp_size = None
+
+        self.reserved = [0]*5
+        self.key_data0 = [0xDA]*0x30
+        self.reserved2 = [0]*2
+        self.key_data1 = [0xDA]*0x10
+        self.signcheck = [0]*0x58
+        self.key_data2 = 0
+        self.key_data3 = [0xDA]*0x1C
+
+    def pack(self):
+        return struct.pack('<IHHBB28sBBIIIII4H4I4I5IIBxH48BII2I16BI88BII28B',
+                           PSP_HEADER_MAGIC, self.attribute, self.comp_attribute, self.module_ver_lo, self.module_ver_hi,
+                           self.modname.encode(
+                               'ascii'), self.version, self.nsegments, self.elf_size, self.psp_size, self.entry,
+                           self.modinfo_offset, self.bss_size, *
+                           self.seg_align, *self.seg_address, *self.seg_size,
+                           *self.reserved, self.devkitversion, self.decrypt_mode, 0,
+                           *self.key_data0, self.comp_size, 0x80, *
+                           self.reserved2, *self.key_data1, self.psptag,
+                           *self.signcheck, self.key_data2, self.oetag, *self.key_data3)
+
+def determine_exec_type(modinfo, is_pbp):
+    if is_pbp:
+        return ExecutableType.PBP
+
+    elif modinfo.is_kernel():
+        return ExecutableType.KERNEL_PRX
+
+    return ExecutableType.USER_PRX
+
+
+def psptag_default(type):
+    if type == ExecutableType.USER_PRX:
+        return 0x457B06F0
+    elif type == ExecutableType.KERNEL_PRX:
+        return 0xDADADAF0
+
+    # must be pbp
+    return 0xADF305F0
+
+
+def oetag_default(type):
+    if type == ExecutableType.USER_PRX:
+        return 0x8555ABF2
+    elif type == ExecutableType.KERNEL_PRX:
+        return 0x55668D96
+
+    # must be pbp
+    return 0x7316308C
+
+
+def fix_relocations(elf, executable):
+    for x in elf.shdrs:
+        if x.sh_type == 0x700000A0:
+            for i in range(0, x.sh_size, 8):
+                rel = Rel(executable[x.sh_offset+i:x.sh_offset+i+8])
+                if (rel.r_info & 0xFF) == R_MIPS_GPREL16:
+                    rel.r_info = (rel.r_info & 0xFFFFFF00) | R_MIPS_NONE
+                    executable = executable[:x.sh_offset+i] + \
+                        rel.pack() + executable[x.sh_offset+i+8:]
+    return executable
+
+
+def pack_prx(executable, is_pbp, fix_relocs=True, psptag=psptag_default, oetag=oetag_default):
+    magic = struct.unpack('<I', executable[:4])[0]
+
+    if magic == PSP_HEADER_MAGIC:
+        return -1  # TODO: refine this
+
+    if magic != ELF_HEADER_MAGIC:
+        return -2  # TODO: refine this
+
+    elf = ELF(executable)
+    if elf.e_magic != ELF_HEADER_MAGIC or elf.e_type != ELF_TYPE_PRX:
+        return -3  # TODO: refine this
+
+    if fix_relocs:
+        executable = fix_relocations(elf, executable)
+        elf = ELF(executable)
+
+    # TODO: handle where there is no modinfo
+    modinfo_phdr = next(x for x in elf.phdrs if x.p_type ==
+                        1 and x.p_vaddr != x.p_paddr)
+
+    is_kernel = (modinfo_phdr.p_paddr & 0x80000000) != 0
+    modinfo = ModuleInfo(executable[modinfo_phdr.p_paddr & 0x7FFFFFFF:(
+        modinfo_phdr.p_paddr & 0x7FFFFFFF)+0x34])
+
+    # check for mixed privileges with kernel modules
+    if is_kernel != modinfo.is_kernel():
+        return -4  # TODO: refine this
+
+    psp_header = PSPHeader(executable, elf, modinfo_phdr, modinfo, is_pbp)
+
+    if psp_header.attribute != modinfo.modattribute:
+        print("conflict module attribute {:X} vs {:X}".format(
+            psp_header.attribute, modinfo.modattribute))
+
+    # compressed_exec = gzip.compress(executable)
+    padding = padding = b'\x00' * \
+        (0x10-(len(executable) % 16)) if len(executable) % 16 else b''
+
+    psp_header.comp_size = len(executable)
+    psp_header.psp_size = len(executable) + len(padding) + 0x150
+
+    exec_type = determine_exec_type(modinfo, is_pbp)
+    psp_header.psptag = psptag(exec_type)
+    psp_header.oetag = oetag(exec_type)
+
+    return psp_header.pack() + executable
+
+def pack_btcnf(executable, psptag=0xDADADAF0, oetag=0x55668D96):
+    psp_header = PSPBootHeader(executable)
+
+    padding = padding = b'\x00' * \
+        (0x10-(len(executable) % 16)) if len(executable) % 16 else b''
+
+    psp_header.comp_size = len(executable)
+    psp_header.psp_size = len(executable) + len(padding) + 0x150
+    psp_header.psptag = psptag
+    psp_header.oetag = oetag
+
+    return psp_header.pack() + executable
diff --git a/src/bin/psptools/psptool/pbp.py b/src/bin/psptools/psptool/pbp.py
new file mode 100644
index 0000000..0bd22e6
--- /dev/null
+++ b/src/bin/psptools/psptool/pbp.py
@@ -0,0 +1,40 @@
+import struct
+
+PBP_HEADER_MAGIC = 0x50425000
+
+
+def is_pbp(data):
+    return struct.unpack('<I', data[:0x4])[0] == PBP_HEADER_MAGIC
+
+
+class PBP:
+    def __init__(self, data):
+        (self.magic, self.version, sfo_offset, icon0_offset,
+         icon1_offset, pic0_offset, pic1_offset,
+         snd0_offset, prx_offset, psar_offset) = struct.unpack('<IIIIIIIIII', data[:0x28])
+
+        self.sfo = data[sfo_offset:icon0_offset]
+        self.icon0 = data[icon0_offset:icon1_offset]
+        self.icon1 = data[icon1_offset:pic0_offset]
+        self.pic0 = data[pic0_offset:pic1_offset]
+        self.pic1 = data[pic1_offset:snd0_offset]
+        self.snd0 = data[snd0_offset:prx_offset]
+        self.prx = data[prx_offset:psar_offset]
+        self.psar = data[psar_offset:]
+
+    def pack(self):
+        return struct.pack('<IIIIIIIIII', self.magic, self.version,
+                           0x28,
+                           0x28+len(self.sfo),
+                           0x28+len(self.sfo)+len(self.icon0),
+                           0x28+len(self.sfo)+len(self.icon0)+len(self.icon1),
+                           0x28+len(self.sfo)+len(self.icon0) +
+                           len(self.icon1)+len(self.pic0),
+                           0x28+len(self.sfo)+len(self.icon0)+len(self.icon1) +
+                           len(self.pic0)+len(self.pic1),
+                           0x28+len(self.sfo)+len(self.icon0)+len(self.icon1) +
+                           len(self.pic0)+len(self.pic1)+len(self.snd0),
+                           0x28+len(self.sfo)+len(self.icon0)+len(self.icon1) +
+                           len(self.pic0)+len(self.pic1) +
+                           len(self.snd0)+len(self.prx)
+                           ) + self.sfo + self.icon0 + self.icon1 + self.pic0 + self.pic1 + self.snd0 + self.prx + self.psar
diff --git a/src/bin/psptools/psptool/prx.py b/src/bin/psptools/psptool/prx.py
new file mode 100644
index 0000000..72f69b6
--- /dev/null
+++ b/src/bin/psptools/psptool/prx.py
@@ -0,0 +1,293 @@
+import struct
+import hashlib
+from Crypto.Util.strxor import strxor as xor
+from Crypto.Hash import SHA1
+
+import psptool.kirk
+import psptool.prxtypes.type2 as type2
+import psptool.prxtypes.type6 as type6
+import psptool.prxtypes.type8 as type8
+import psptool.prxtypes.type9 as type9
+
+_metatypes = {
+    0x457B8AF0: {
+        'key': 0x5B,
+        'seed': '47EC6015122CE3E04A226F319FFA973E',
+        'decrypt': type6.decrypt,
+        'encrypt': type6.encrypt
+    },
+
+    0x457B90F0: {
+        'key': 0x5B,
+        'seed': 'BA7661478B55A8728915796DD72F780E',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x4C9494F0: {
+        'key': 0x43,
+        'seed': '76F26C0ACA3ABA4EAC76D240F5C3BFF9',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x4C9495F0: {
+        'key': 0x43,
+        'seed': '7A3E5575B96AFC4F3EE3DFB36CE82A82',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x4C9496F0: {
+        'key': 0x43,
+        'seed': 'EBD91E053CAEAB62E3B71F37E5CD68C3',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x4C9490F0: {
+        'key': 0x43,
+        'seed': 'FA790936E619E8A4A94137188102E9B3',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x4C9484F0: {
+        'key': 0x43,
+        'seed': '36B0DCFC592A951D802D803FCD30A01B',
+        'decrypt': type6.decrypt
+    },
+
+    0x4C9485F0: {
+        'key': 0x43,
+        'seed': '238D3DAE4150A0FAF32F32CEC727CD50',
+        'decrypt': type6.decrypt
+    },
+
+    0x4C9486F0: {
+        'key': 0x43,
+        'seed': '8DDBDC5CF2702B40B23D0009617C1060',
+        'decrypt': type6.decrypt
+    },
+
+    0x457B80F0: {
+        'key': 0x5B,
+        'seed': 'D43518022968FBA06AA9A5ED78FD2E9D',
+        'decrypt': type6.decrypt
+    },
+
+    0x457B81F0: {
+        'key': 0x5B,
+        'seed': 'AAA1B57C935A95BDEF6916FC2B9231DD',
+        'decrypt': type6.decrypt
+    },
+
+    0x457B82F0: {
+        'key': 0x5B,
+        'seed': '873721CC65AEAA5F40F66F2A86C7A1C8',
+        'decrypt': type6.decrypt
+    },
+
+    0x380280F0: {
+        'key': 0x5A,
+        'seed': '970912D3DB02BDD8E77451FEF0EA6C5C',
+        'decrypt': type6.decrypt
+    },
+
+    0x457B91F0: {
+        'key': 0x5B,
+        'seed': 'C59C779C4101E48579C87163A57D4FFB',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x457B92F0: {
+        'key': 0x5B,
+        'seed': '928CA412D65C55315B94239B62B3DB47',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x380290F0: {
+        'key': 0x5A,
+        'seed': 'F94A6B96793FEE0A04C88D7E5F383ACF',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x00000000: {
+        'key': 0x42,
+        'seed': '6A1971F318DED3A26D3BDEC7BE98E24CE3DCDF427B5B12287DC07A5986F0F5B558D8641884247FE957AB4FC6926D7029D3618787D0AE2CE73777C73C967E211F6595C06157AC64D85A6D14D29C54C6685DF5C3F050DAEA1943A7ADC32A14CAC84C838618AE8649FB4F4575D2C3D6E1136937C690CFF979A1773A3EBBBBD53B841B9AB879F0D35F6F4CC02887BCAEDA00',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0x02000000: {
+        'key': 0x45,
+        'seed': '72812FB3395A3DBD388A10749655B1DF889FEEA1B571748956E1A3BB7E9FC3C29EF89BB987BD228857DE1B88C99A3B1ABABDC7A658CB8FA10EDF643B4A9696CB36D04F2D32DD19ABE1D654FE9713575C7A680571347D311E3366DD6D7B76171B259BAF2179177210FDB55535A9BE55AE7245CE55A27080E5ADD0BEB9E47E02A99246C33505F17A93C13A1A48993B3C1B',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0x03000000: {
+        'key': 0x46,
+        'seed': '224E3B01DEC83F2C2500079E1648BCCBAE1D134B34BB7383FA6AF9A1F3AE8EB76A25736B0AB77A1DCA3A75344669D5526D62EC805EB1D064E41C1E29659F7DC54D714FA9B8BEF9B49EA899632C268A6877F56B8EACAC158A1ED640E011E0B78D300437733A265ECE6631733CAB5AFFD087F8384E880F4565265DDFD74976CCB8C5219FCB856F19AF394F729F7907FD07',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0x06000000: {
+        'key': 0x49,
+        'seed': '8415128CA883D780EF1E88DBBC6196232BF388FCE53FB5DE985AA06BDE0A55DBF2F84436EBD194554A393E937C3DE3021288E7F5F8F0C1EB251B8DC6B81E2B44A5B76A7ED03946926D71DE0797B82F1018BADD53C6072B98248A740D5C645DFE8EE767439396B3A1A1A8EC12C4FB5844FC550A9C1E3037FA5424D303E292BD312303EAF7E773DE093BB38379DA17850E',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0x08000000: {
+        'key': 0x4B,
+        'seed': '5B16917544C5C5026C7694C055F112957193917E81D27731F12830709B73774A11D756F10E4CC1B09204E4E2ACA8460785EA699AD7D2ECF1A043421CC6AFC621E824062901BCB6594D780D00D3FD95E73FD14516DB0A01180B70E48D8BF9C45A8510DB7805DFFB4AA9DD31C66AC198B4659058F5653CCDB06A2FF6FDA4C78662E6F85EE866162092F08EEA179F1AF3DD',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0x09000000: {
+        'key': 0x4C,
+        'seed': '88D776F5B76DEC0E000B85E64A379BC90095EA7AAD66670905F2095247278E4E5783F75D1F90110EEFF6973983A165D011CA64967AEFC9186B7D977AF03228A6E2E38664DFAE03D2AD7E7F462E5F0295E9355C17AD4254628466C9359C7B2AFAD7DCD02BDA89327CD077E6EEFECD2BE087BBE1B5CE29119A79F1A871C05E6539FB6DB937D4527444E1C2BABA3D2D4A35',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0x0A000000: {
+        'key': 0x4D,
+        'seed': '80E4895A27DB397D6B7B7BF23DDF92DD50D4B572AC6AF87C672942326137791374E45FB957561A14F3105D8B7C745C2FBB966BE40067ECF62881FC6101F04283717FCEB6D45984CEE9AB385B7CD1B7FB30DC87DF3B0C78C835F7A8C72F33C7A031DD2340E277DFC206D74E784CA4D42273492D98EE17A19A90F79648DB6D8171F1DB07859168E52695EADFEEA1B89D36',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0x0B000000: {
+        'key': 0x4E,
+        'seed': '0B011CE731156B833E260DCC693612CBA7FD2666932A6E1A912EC6FCD82F00135AE2DFB6A2E427C818C35050B7E94AEDCC3C30FD106A2B0A22CBC6E0206512EB7D4E2A370B0AEF88DA0654D430AFCDCA9AF9DA1AB01BBB620CDBF8447356148E93B12CFD67E25DCB485BD9B35414D79F799C24E9C27A4E8C4D241994FFC9C22D236351B8FAD67FE65EBC32B20213C476',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0x0C000000: {
+        'key': 0x4F,
+        'seed': '824CA518D3C86EEA174104DCEAC501FC97B19454711922EEE02DE9833D6430E6425C305FEB41A0E062C663EE5DA50D1EC210144906C6938471A5426313F0B6D543519EFA910A7CE1581B95254011F18DB1018D0409545C54F55308B05385B4CE0BF5C3FBC655240BF2C62CE40CF0053CD76C39D5872209F73DC5A2FD55923FB1F6FEC8181D6B04525F8CE8E7265A6E5A',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0x0D000000: {
+        'key': 0x50,
+        'seed': 'F507A447D7E02925B2C8E3953E5E69E06FA50DCF2D6AB56CF17D65D281D5BEDAFCE9BE4FCE259584E794234A9926486FFCCBC7DB997A545D0607DFD85097481949720F160FE694417064C269CD2297A4B7BD3FF8D960BA3E7CCE5E98BFAC5B9101F3F142B0E9DA2CE16275A1353CCE571DB0C14AD5C2D098AF647884B7DF5B576774F120577A5FFF208AE429EB125EF4',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0x0E000000: {
+        'key': 0x51,
+        'seed': 'DE57B77717DD62EE7B78035D4486CA59208DF69328938121714EA786CA82241B58AE745F6C018D5632884D9A7243A22E84F40C82B906FCFC6AFB5B8AD79C9FBF010D8515BA5FED399383C34CAFDE3AEDBF68A71A778ABD8965415646D9DB3373816CE862969B29035AAEAF732053A040E84B6610996AB7E570DDE029282460EA30AE4220328D6F94715F9EA2D57F0C7C',
+        'decrypt': type8.decrypt,
+        'encrypt': type8.encrypt
+    },
+
+    0xD82310F0: {
+        'key': 0x51,
+        'seed': '9D09FD20F38F10690DB26F00CCC5512E',
+        'decrypt': type2.decrypt,
+        'encrypt': type2.encrypt
+    },
+
+    0xD8231EF0: {
+        'key': 0x51,
+        'seed': '4F445C62B353C430FC3AA45BECFE51EA',
+        'decrypt': type2.decrypt,
+        'encrypt': type2.encrypt
+    },
+
+    0xD82328F0: {
+        'key': 0x51,
+        'seed': '5DAA72F226604D1CE72DC8A32F79C554',
+        'decrypt': type2.decrypt,
+        'encrypt': type2.encrypt
+    },
+
+    0x457B93F0: {
+        'key': 0x5B,
+        'seed': '88AF18E9C3AA6B56F7C5A8BF1A84E9F3',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x4C9497F0: {
+        'key': 0x43,
+        'seed': 'BFF834028447BD871C52032379BB5981',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x380293F0: {
+        'key': 0x5A,
+        'seed': 'CB93123831C02D2E7A185CAC9293AB32',
+        'pubkey': '773F4BE14C0AB452672B6756824CCF42AA37FFC08941E5635E84E9FB53DA949E9BB7C2A4229FDF1F',
+        'decrypt': type9.decrypt
+    },
+
+    0x4C9414F0: {
+        'key': 0x43,
+        'seed': '45EF5C5DED81998412948FABE8056D7D',
+        'decrypt': type2.decrypt,
+        'encrypt': type2.encrypt
+    },
+
+    0x4C9416F0: {
+        'key': 0x43,
+        'seed': 'EB1B530B624932581F830AF4993D75D0',
+        'decrypt': type2.decrypt,
+        'encrypt': type2.encrypt
+    },
+
+    0x4C9417F0: {
+        'key': 0x43,
+        'seed': 'BAE2A31207FF041B64A51185F72F995B',
+        'decrypt': type2.decrypt,
+        'encrypt': type2.encrypt
+    },
+
+    0x4C941FF0: {
+        'key': 0x43,
+        'seed': '2C8EAF1DFF79731AAD96AB09EA35598B',
+        'decrypt': type2.decrypt,
+        'encrypt': type2.encrypt
+    },
+    
+    0x38020AF0: {
+        'key': 0x5A,
+        'seed': 'AB8225D7436F6CC195C5F7F063733FE7',
+        'decrypt': type2.decrypt,
+        'encrypt': type2.encrypt
+    }
+}
+
+
+def _meta(tag):
+    try:
+        meta = dict(_metatypes[tag])
+        meta['seed'] = bytes.fromhex(meta['seed'])
+        return meta
+    except KeyError:
+        print('missing tag {:08X}'.format(tag))
+        raise
+
+
+def decrypt(prx, **kwargs):
+    meta = _meta(struct.unpack('<I', prx[0xD0:0xD4])[0])
+    return meta['decrypt'](prx, meta, **kwargs)
+
+
+def encrypt(prx, tag=None, **kwargs):
+    if tag is None:
+        tag = struct.unpack('<I', prx[0xD0:0xD4])[0]
+    meta = _meta(tag)
+    return meta['encrypt'](prx, meta, **kwargs)
diff --git a/src/bin/psptools/psptool/prxtypes/__init__.py b/src/bin/psptools/psptool/prxtypes/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/src/bin/psptools/psptool/prxtypes/__pycache__/__init__.cpython-312.pyc b/src/bin/psptools/psptool/prxtypes/__pycache__/__init__.cpython-312.pyc
new file mode 100644
index 0000000..918930a
Binary files /dev/null and b/src/bin/psptools/psptool/prxtypes/__pycache__/__init__.cpython-312.pyc differ
diff --git a/src/bin/psptools/psptool/prxtypes/__pycache__/common.cpython-312.pyc b/src/bin/psptools/psptool/prxtypes/__pycache__/common.cpython-312.pyc
new file mode 100644
index 0000000..9f414a1
Binary files /dev/null and b/src/bin/psptools/psptool/prxtypes/__pycache__/common.cpython-312.pyc differ
diff --git a/src/bin/psptools/psptool/prxtypes/__pycache__/type2.cpython-312.pyc b/src/bin/psptools/psptool/prxtypes/__pycache__/type2.cpython-312.pyc
new file mode 100644
index 0000000..5b1b718
Binary files /dev/null and b/src/bin/psptools/psptool/prxtypes/__pycache__/type2.cpython-312.pyc differ
diff --git a/src/bin/psptools/psptool/prxtypes/__pycache__/type6.cpython-312.pyc b/src/bin/psptools/psptool/prxtypes/__pycache__/type6.cpython-312.pyc
new file mode 100644
index 0000000..1239b66
Binary files /dev/null and b/src/bin/psptools/psptool/prxtypes/__pycache__/type6.cpython-312.pyc differ
diff --git a/src/bin/psptools/psptool/prxtypes/__pycache__/type8.cpython-312.pyc b/src/bin/psptools/psptool/prxtypes/__pycache__/type8.cpython-312.pyc
new file mode 100644
index 0000000..fbed2c6
Binary files /dev/null and b/src/bin/psptools/psptool/prxtypes/__pycache__/type8.cpython-312.pyc differ
diff --git a/src/bin/psptools/psptool/prxtypes/__pycache__/type9.cpython-312.pyc b/src/bin/psptools/psptool/prxtypes/__pycache__/type9.cpython-312.pyc
new file mode 100644
index 0000000..e093469
Binary files /dev/null and b/src/bin/psptools/psptool/prxtypes/__pycache__/type9.cpython-312.pyc differ
diff --git a/src/bin/psptools/psptool/prxtypes/common.py b/src/bin/psptools/psptool/prxtypes/common.py
new file mode 100644
index 0000000..807d996
--- /dev/null
+++ b/src/bin/psptools/psptool/prxtypes/common.py
@@ -0,0 +1,45 @@
+import psptool.kirk as kirk
+
+
+class prx_header(object):
+    def __init__(self, header):
+        self.header = header
+
+    def btcnf_id(self):
+        return self.header[0x140:0x150]
+
+    def sha1_hash(self):
+        return self.header[0x12C:0x140]
+
+    def personalisation(self):
+        return self.header[0xD0:0x12C]
+
+    def kirk_aes_key(self):
+        return self.header[0x80:0x90]
+
+    def kirk_cmac_key(self):
+        return self.header[0x90:0xA0]
+
+    def kirk_cmac_header_hash(self):
+        return self.header[0xA0:0xB0]
+
+    def kirk_metadata(self):
+        return self.header[0xB0:0xC0]
+
+    def kirk_cmac_data_hash(self):
+        return self.header[0xC0:0xD0]
+
+    def elf_info(self):
+        return self.header[:0x80]
+
+
+def set_kirk_cmd_1(block):
+    return block[:0x60] + (1).to_bytes(4, 'little') + block[0x64:]
+
+
+def set_kirk_cmd_1_ecdsa(block):
+    return block[:0x64] + (1).to_bytes(4, 'little') + block[0x68:]
+
+
+def expand_seed(seed, key):
+    return kirk.kirk7(b''.join([bytes([x])+seed[1:] for x in range(9)]), key)
diff --git a/src/bin/psptools/psptool/prxtypes/type2.py b/src/bin/psptools/psptool/prxtypes/type2.py
new file mode 100644
index 0000000..9b0521b
--- /dev/null
+++ b/src/bin/psptools/psptool/prxtypes/type2.py
@@ -0,0 +1,151 @@
+import psptool.kirk as kirk
+
+from .common import expand_seed, prx_header, set_kirk_cmd_1, set_kirk_cmd_1_ecdsa
+from Crypto.Util.strxor import strxor as xor
+from Crypto.Hash import SHA1
+from Crypto import Random
+
+
+class prx_header_2(object):
+    def __init__(self, header=None):
+        if header is None:
+            self.header = b'\x00'*0x150
+        else:
+            prx = prx_header(header)
+            self.header = prx.personalisation() + prx.btcnf_id() + prx.sha1_hash() + prx.kirk_aes_key() + prx.kirk_cmac_key() + \
+                prx.kirk_cmac_header_hash() + prx.kirk_cmac_data_hash() + \
+                prx.kirk_metadata() + prx.elf_info()
+
+    def tag(self):
+        return self.header[:0x4]
+
+    def set_tag(self, tag):
+        self.header = tag + self.header[0x4:]
+
+    def btcnf_id(self):
+        return self.header[0x5C:0x6C]
+
+    def set_btcnf_id(self, id):
+        self.header = self.header[:0x5C] + id + self.header[0x6C:]
+
+    def sha1_hash(self):
+        return self.header[0x6C:0x80]
+
+    def set_sha1_hash(self, hash):
+        self.header = self.header[:0x6C] + hash + self.header[0x80:]
+
+    def personalisation(self):
+        return self.header[:0x5C]
+
+    def kirk_metadata(self):
+        return self.header[0xC0:0xD0]
+
+    def set_kirk_metadata(self, metadata):
+        self.header = self.header[:0xC0] + metadata + self.header[0xD0:]
+
+    def kirk_block(self):
+        return self.header[0x80:0xC0]
+
+    def set_kirk_block(self, block):
+        self.header = self.header[:0x80] + block + self.header[0xC0:]
+
+    def elf_info(self):
+        return self.header[0xD0:]
+
+    def set_elf_info(self, info):
+        self.header = self.header[:0xD0] + info
+
+    def prx(self):
+        return self.elf_info() + self.kirk_block()[:0x30] + self.kirk_metadata() + self.kirk_block()[0x30:] + self.personalisation() + self.sha1_hash() + self.btcnf_id()
+
+    def encrypt_header(self, key):
+        self.header = self.header[:0x5C] + kirk.kirk4(
+            self.header[0x5C:0x5C+0x60], key) + self.header[0x5C+0x60:]
+
+    def decrypt_header(self, key):
+        self.header = self.header[:0x5C] + kirk.kirk7(
+            self.header[0x5C:0x5C+0x60], key) + self.header[0x5C+0x60:]
+
+
+def decrypt(prx, meta):
+    xorbuf = expand_seed(meta['seed'], meta['key'])
+
+    # check if range contains nonzero
+    if any(x != 0 for x in prx[0xD4:0xD4+0x58]):
+        return False
+
+    p = prx_header_2(prx)
+
+    # decrypt the header information
+    p.decrypt_header(meta['key'])
+
+    # calculate SHA1 of header
+    h = SHA1.new()
+    h.update(p.tag())
+    h.update(xorbuf[:0x10])
+    h.update(b'\x00'*0x58)
+    h.update(p.btcnf_id())
+    h.update(p.kirk_block())
+    h.update(p.kirk_metadata())
+    h.update(p.elf_info())
+
+    if h.digest() != p.sha1_hash():
+        print("bad SHA1")
+        return False
+
+    # decrypt the kirk header
+    header = xor(p.kirk_block(), xorbuf[0x10:0x50])
+    header = kirk.kirk7(header, meta['key'])
+    header = xor(header, xorbuf[0x50:])
+
+    # prepare the kirk block
+    block = header + b'\x00'*0x30
+    block = set_kirk_cmd_1(block)
+    block = block + p.kirk_metadata() + b'\x00'*0x10 + \
+        p.elf_info() + prx[0x150:]
+
+    # do the decryption
+    return kirk.kirk1(block)
+
+
+def encrypt(prx, meta, id=None):
+    xorbuf = expand_seed(meta['seed'], meta['key'])
+
+    # encrypt as kirk1
+    encrypted = kirk.kirk1_encrypt_cmac(prx[0x150:], salt=prx[:0x80])
+
+    header = xor(encrypted[:0x40], xorbuf[0x50:])
+    header = kirk.kirk4(header, meta['key'])
+    header = xor(header, xorbuf[0x10:0x50])
+
+    # calculate an id
+    if id == None:
+        id = Random.get_random_bytes(16)
+
+    elif type(id) is str:
+        id = '{:16.16}'.format(id).encode()
+
+    id = kirk.kirk7(id, meta['key'])
+
+    # create a prx header
+    p = prx_header_2()
+    p.set_elf_info(prx[:0x80])
+    p.set_kirk_block(header)
+    p.set_kirk_metadata(encrypted[0x70:0x80])
+    p.set_btcnf_id(id)
+    p.set_tag(prx[0xD0:0xD4])
+
+    # calculate SHA1 of header
+    h = SHA1.new()
+    h.update(p.tag())
+    h.update(xorbuf[:0x10])
+    h.update(b'\x00'*0x58)
+    h.update(p.btcnf_id())
+    h.update(p.kirk_block())
+    h.update(p.kirk_metadata())
+    h.update(p.elf_info())
+    p.set_sha1_hash(h.digest())
+
+    # encrypt the header and return the complete PRX
+    p.encrypt_header(meta['key'])
+    return p.prx() + encrypted[0x90+0x80:]
diff --git a/src/bin/psptools/psptool/prxtypes/type6.py b/src/bin/psptools/psptool/prxtypes/type6.py
new file mode 100644
index 0000000..5d80091
--- /dev/null
+++ b/src/bin/psptools/psptool/prxtypes/type6.py
@@ -0,0 +1,174 @@
+import psptool.kirk as kirk
+
+from .common import expand_seed, prx_header, set_kirk_cmd_1, set_kirk_cmd_1_ecdsa
+from Crypto.Util.strxor import strxor as xor
+from Crypto.Hash import SHA1
+from Crypto import Random
+
+
+class prx_header_6(object):
+    def __init__(self, header=None):
+        if header is None:
+            self.header = b'\x00'*0x150
+        else:
+            prx = prx_header(header)
+            self.header = prx.personalisation() + prx.btcnf_id() + prx.sha1_hash() + prx.kirk_aes_key() + prx.kirk_cmac_key() + \
+                prx.kirk_cmac_header_hash() + prx.kirk_cmac_data_hash() + \
+                prx.kirk_metadata() + prx.elf_info()
+
+    def tag(self):
+        return self.header[:0x4]
+
+    def set_tag(self, tag):
+        self.header = tag + self.header[0x4:]
+
+    def btcnf_id(self):
+        return self.header[0x5C:0x6C]
+
+    def set_btcnf_id(self, id):
+        self.header = self.header[:0x5C] + id + self.header[0x6C:]
+
+    def sha1_hash(self):
+        return self.header[0x6C:0x80]
+
+    def set_sha1_hash(self, hash):
+        self.header = self.header[:0x6C] + hash + self.header[0x80:]
+
+    def personalisation(self):
+        return self.header[:0x5C]
+
+    def kirk_aes_key(self):
+        return self.header[0x80:0x90]
+
+    def kirk_ecdsa_header_sig(self):
+        return self.header[0x90:0xB8]
+
+    def kirk_ecdsa_data_sig_begin(self):
+        return self.header[0xB8:0xC0]
+
+    def kirk_metadata(self):
+        return self.header[0xC0:0xD0]
+
+    def set_kirk_metadata(self, metadata):
+        self.header = self.header[:0xC0] + metadata + self.header[0xD0:]
+
+    def kirk_ecdsa_data_sig_end(self):
+        return self.header[0x3C:0x5C]
+
+    def set_kirk_ecdsa_data_sig_end(self, ecdsa_end):
+        self.header = self.header[:0x3C] + ecdsa_end + self.header[0x5C:]
+
+    def kirk_block(self):
+        return self.header[0x80:0xC0]
+
+    def set_kirk_block(self, block):
+        self.header = self.header[:0x80] + block + self.header[0xC0:]
+
+    def elf_info(self):
+        return self.header[0xD0:]
+
+    def set_elf_info(self, info):
+        self.header = self.header[:0xD0] + info
+
+    def prx(self):
+        return self.elf_info() + self.kirk_block()[:0x30] + self.kirk_metadata() + self.kirk_block()[0x30:] + self.personalisation() + self.sha1_hash() + self.btcnf_id()
+
+    def encrypt_header(self, key):
+        self.header = self.header[:0x5C] + kirk.kirk4(
+            self.header[0x5C:0x5C+0x60], key) + self.header[0x5C+0x60:]
+
+    def decrypt_header(self, key):
+        self.header = self.header[:0x5C] + kirk.kirk7(
+            self.header[0x5C:0x5C+0x60], key) + self.header[0x5C+0x60:]
+
+
+def decrypt(prx, meta):
+    xorbuf = expand_seed(meta['seed'], meta['key'])
+
+    # check if range contains nonzero
+    if any(x != 0 for x in prx[0xD4:0xD4+0x38]):
+        return False
+
+    p = prx_header_6(prx)
+
+    # decrypt the header information
+    p.decrypt_header(meta['key'])
+
+    # calculate SHA1 of header
+    h = SHA1.new()
+    h.update(p.tag())
+    h.update(xorbuf[:0x10])
+    h.update(b'\x00'*0x38)
+    h.update(p.kirk_ecdsa_data_sig_end())
+    h.update(p.btcnf_id())
+    h.update(p.kirk_aes_key())
+    h.update(p.kirk_ecdsa_header_sig())
+    h.update(p.kirk_ecdsa_data_sig_begin())
+    h.update(p.kirk_metadata())
+    h.update(p.elf_info())
+
+    if h.digest() != p.sha1_hash():
+        print("bad SHA1")
+        return False
+
+    # decrypt the kirk header
+    header = xor(p.kirk_block(), xorbuf[0x10:0x50])
+    header = kirk.kirk7(header, meta['key'])
+    header = xor(header, xorbuf[0x50:])
+
+    # prepare the kirk block
+    block = header + p.kirk_ecdsa_data_sig_end() + b'\x00'*0x10
+    block = set_kirk_cmd_1(block)
+    block = set_kirk_cmd_1_ecdsa(block)
+    block = block + p.kirk_metadata() + b'\x00'*0x10 + \
+        p.elf_info() + prx[0x150:]
+
+    # do the decryption
+    return kirk.kirk1(block)
+
+
+def encrypt(prx, meta, id=None):
+    xorbuf = expand_seed(meta['seed'], meta['key'])
+
+    # encrypt as kirk1
+    encrypted = kirk.kirk1_encrypt_ecdsa(prx[0x150:], salt=prx[:0x80])
+
+    header = xor(encrypted[:0x40], xorbuf[0x50:])
+    header = kirk.kirk4(header, meta['key'])
+    header = xor(header, xorbuf[0x10:0x50])
+
+    # calculate an id
+    if id == None:
+        id = Random.get_random_bytes(16)
+
+    elif type(id) is str:
+        id = '{:16.16}'.format(id).encode()
+
+    id = kirk.kirk7(id, meta['key'])
+
+    # create a prx header
+    prx_header = prx_header_6()
+    prx_header.set_elf_info(prx[:0x80])
+    prx_header.set_kirk_block(header)
+    prx_header.set_kirk_ecdsa_data_sig_end(encrypted[0x40:0x60])
+    prx_header.set_kirk_metadata(encrypted[0x70:0x80])
+    prx_header.set_btcnf_id(id)
+    prx_header.set_tag(prx[0xD0:0xD4])
+
+    # calculate SHA1 of header
+    h = SHA1.new()
+    h.update(prx_header.tag())
+    h.update(xorbuf[:0x10])
+    h.update(b'\x00'*0x38)
+    h.update(prx_header.kirk_ecdsa_data_sig_end())
+    h.update(prx_header.btcnf_id())
+    h.update(prx_header.kirk_aes_key())
+    h.update(prx_header.kirk_ecdsa_header_sig())
+    h.update(prx_header.kirk_ecdsa_data_sig_begin())
+    h.update(prx_header.kirk_metadata())
+    h.update(prx_header.elf_info())
+    prx_header.set_sha1_hash(h.digest())
+
+    # encrypt the header and return the complete PRX
+    prx_header.encrypt_header(meta['key'])
+    return prx_header.prx() + encrypted[0x90+0x80:]
diff --git a/src/bin/psptools/psptool/prxtypes/type8.py b/src/bin/psptools/psptool/prxtypes/type8.py
new file mode 100644
index 0000000..d4f94fe
--- /dev/null
+++ b/src/bin/psptools/psptool/prxtypes/type8.py
@@ -0,0 +1,128 @@
+import psptool.kirk as kirk
+
+from Crypto.Util.strxor import strxor as xor
+from Crypto.Hash import SHA1
+from Crypto import Random
+
+
+class prx_header_8(object):
+    def __init__(self, header=None):
+        if header is None:
+            self.header = b'\x00'*0x150
+        else:
+            self.header = header[0xD0:0x150] + \
+                header[0x80:0xD0] + header[:0x80]
+
+    def tag(self):
+        return self.header[:0x4]
+
+    def set_tag(self, tag):
+        self.header = tag + self.header[0x4:]
+
+    def sha1_hash(self):
+        return self.header[0x4:0x18]
+
+    def set_sha1_hash(self, hash):
+        self.header = self.header[:0x4] + hash + self.header[0x18:]
+
+    def vanity_area(self):
+        return self.header[0x18:0x40]
+
+    def set_vanity_area(self, vanity):
+        self.header = self.header[:0x18] + vanity + self.header[0x40:]
+
+    def kirk_block(self):
+        return self.header[0x40:0xB0]
+
+    def set_kirk_block(self, block):
+        self.header = self.header[:0x40] + block + self.header[0xB0:]
+
+    def kirk_metadata(self):
+        return self.header[0xB0:0xD0]
+
+    def set_kirk_metadata(self, metadata):
+        self.header = self.header[:0xB0] + metadata + self.header[0xD0:]
+
+    def elf_info(self):
+        return self.header[0xD0:]
+
+    def set_elf_info(self, info):
+        self.header = self.header[:0xD0] + info
+
+    def kirk_aes_key(self):
+        return self.header[0x40:0x50]
+
+    def kirk_ecdsa_header_sig(self):
+        return self.header[0x50:0x78]
+
+    def kirk_ecdsa_data_sig(self):
+        return self.header[0x78:0xA0]
+
+    def prx(self):
+        return self.elf_info() + self.header[0x80:0xD0] + self.header[:0x80]
+
+
+def decrypt(prx, meta, **kwargs):
+    p = prx_header_8(prx)
+    xorbuf = kirk.kirk7(meta['seed'], meta['key'])
+
+    # calculate SHA1 of header
+    h = SHA1.new()
+    h.update(xorbuf[:0x14])
+    h.update(p.vanity_area())
+    h.update(p.kirk_block())
+    h.update(p.kirk_metadata())
+    h.update(p.elf_info())
+
+    if h.digest() != p.sha1_hash():
+        print("bad SHA1")
+        return False
+
+    # decrypt the kirk header
+    header = xor(p.kirk_block(), xorbuf[0x14:0x84])
+    header = kirk.kirk7(header, meta['key'])
+    header = xor(header, xorbuf[0x20:])
+
+    # prepare the kirk block
+    block = header + p.kirk_metadata() + p.elf_info() + prx[0x150:]
+
+    # do the decryption
+    return kirk.kirk1(block)
+
+
+def encrypt(prx, meta, vanity=None, **kwargs):
+    xorbuf = kirk.kirk7(meta['seed'], meta['key'])
+
+    # encrypt as kirk1
+    encrypted = kirk.kirk1_encrypt_ecdsa(prx[0x150:], salt=prx[:0x80])
+
+    header = xor(encrypted[:0x70], xorbuf[0x20:])
+    header = kirk.kirk4(header, meta['key'])
+    header = xor(header, xorbuf[0x14:0x84])
+
+    # calculate some vanity
+    if vanity == None:
+        vanity = Random.get_random_bytes(0x28)
+
+    elif type(vanity) is str:
+        vanity = '{:40.40}'.format(vanity).encode()
+
+    # create a prx header
+    prx_header = prx_header_8()
+    prx_header.set_elf_info(prx[:0x80])
+    prx_header.set_kirk_block(header)
+    prx_header.set_kirk_metadata(encrypted[0x70:0x90])
+    prx_header.set_vanity_area(vanity)
+    prx_header.set_tag(prx[0xD0:0xD4])
+
+    # calculate SHA1 of header
+    h = SHA1.new()
+    h.update(xorbuf[:0x14])
+    h.update(prx_header.vanity_area())
+    h.update(prx_header.kirk_block())
+    h.update(prx_header.kirk_metadata())
+    h.update(prx_header.elf_info())
+    prx_header.set_sha1_hash(h.digest())
+
+    # encrypt the header and return the complete PRX
+    return prx_header.prx() + encrypted[0x90+0x80:]
diff --git a/src/bin/psptools/psptool/prxtypes/type9.py b/src/bin/psptools/psptool/prxtypes/type9.py
new file mode 100644
index 0000000..913b9c1
--- /dev/null
+++ b/src/bin/psptools/psptool/prxtypes/type9.py
@@ -0,0 +1,112 @@
+from ecdsa.ellipticcurve import CurveFp, Point
+import hashlib
+from ecdsa.numbertheory import inverse_mod
+from ecdsa import SigningKey
+from ecdsa.curves import Curve
+import psptool.kirk as kirk
+
+from .common import expand_seed, prx_header, set_kirk_cmd_1
+from Crypto.Util.strxor import strxor as xor
+from Crypto.Hash import SHA1
+
+
+class prx_header_9(object):
+    def __init__(self, header):
+        prx = prx_header(header)
+        self.header = prx.personalisation() + prx.btcnf_id() + prx.sha1_hash() + prx.kirk_aes_key() + prx.kirk_cmac_key() + \
+            prx.kirk_cmac_header_hash() + prx.kirk_cmac_data_hash() + \
+            prx.kirk_metadata() + prx.elf_info()
+
+    def tag(self):
+        return self.header[:0x4]
+
+    def btcnf_id(self):
+        return self.header[0x5C:0x6C]
+
+    def sha1_hash(self):
+        return self.header[0x6C:0x80]
+
+    def personalisation(self):
+        return self.header[:0x5C]
+
+    def prx_ecdsa(self):
+        return self.header[0x34:0x5C]
+
+    def kirk_aes_key(self):
+        return self.header[0x80:0x90]
+
+    def kirk_cmac_key(self):
+        return self.header[0x90:0xA0]
+
+    def kirk_cmac_header_hash(self):
+        return self.header[0xA0:0xB0]
+
+    def kirk_cmac_data_hash(self):
+        return self.header[0xB0:0xC0]
+
+    def kirk_metadata(self):
+        return self.header[0xC0:0xD0]
+
+    def kirk_block(self):
+        return self.header[0x80:0xC0]
+
+    def elf_info(self):
+        return self.header[0xD0:]
+
+    def decrypt_header(self, key):
+        self.header = self.header[:0x5C] + kirk.kirk7(
+            self.header[0x5C:0x5C+0x60], key) + self.header[0x5C+0x60:]
+
+
+def decrypt(prx, meta, **kwargs):
+    xorbuf = expand_seed(meta['seed'], meta['key'])
+
+    # check if range contains nonzero
+    if any(x != 0 for x in prx[0xD4:0xD4+0x30]):
+        return False
+
+    p = prx_header_9(prx)
+
+    print(meta['pubkey'])
+    print(p.prx_ecdsa().hex())
+
+    # check ECDSA signature
+    # kirk.kirk11(bytes.fromhex(meta['pubkey']), p.prx_ecdsa(
+    # ), prx[4:0x104] + b'\x00'*0x28 + prx[0x12C:])
+
+    h2 = SHA1.new()
+    h2.update(prx[4:0x104] + b'\x00'*0x28 + prx[0x12C:])
+    print(h2.hexdigest())
+
+    # decrypt the header information
+    p.decrypt_header(meta['key'])
+
+    # calculate SHA1 of header
+    h = SHA1.new()
+    h.update(p.tag())
+    h.update(xorbuf[:0x10])
+    h.update(b'\x00'*0x58)
+    h.update(p.btcnf_id())
+    h.update(p.kirk_aes_key())
+    h.update(p.kirk_cmac_key())
+    h.update(p.kirk_cmac_header_hash())
+    h.update(p.kirk_cmac_data_hash())
+    h.update(p.kirk_metadata())
+    h.update(p.elf_info())
+
+    # sanity check that our SHA1 actually matches
+    if h.digest() != p.sha1_hash():
+        return False
+
+    # decrypt the kirk block
+    header = xor(p.kirk_block(), xorbuf[0x10:0x50])
+    header = kirk.kirk7(header, meta['key'])
+    header = xor(header, xorbuf[0x50:])
+
+    # prepare the kirk block
+    block = header + b'\x00'*0x30
+    block = set_kirk_cmd_1(block)
+    block = block + p.kirk_metadata() + b'\x00'*0x10 + \
+        p.elf_info() + prx[0x150:]
+
+    return kirk.kirk1(block)
diff --git a/src/bin/psptools/psptool/psar.py b/src/bin/psptools/psptool/psar.py
new file mode 100644
index 0000000..aa96ade
--- /dev/null
+++ b/src/bin/psptools/psptool/psar.py
@@ -0,0 +1,182 @@
+import psptool.prx as prx
+import psptool.kirk as kirk
+import struct
+import zlib
+import csv
+import io
+import math
+
+import hashlib
+
+from Crypto.Cipher import DES
+from Crypto.Util.strxor import strxor as xor
+
+_psar_table_keys = [
+    {
+        'key': '95620B49B730E5C7',
+        'iv': '9EA43381860C5285'
+    },
+    {
+        'key': '5A7B3D9D45C9DC95',
+        'iv': 'B2FED9798A02B187'
+    },
+    {
+        'key': '4CCE495B6F20585A',
+        'iv': '8108C1F2359869B0'
+    },
+    {
+        'key': '73F45262620BF15A',
+        'iv': '6D521BA3C236F92B'
+    },
+    {
+        'key': 'A664C8F8FD9D4498',
+        'iv': 'DB4E7941F59730AD'
+    },
+    {
+        'key': 'D7BD74813D6426E7',
+        'iv': 'A6830C2F630B9629'
+    }
+]
+
+
+def decrypt_table(f, table, mode):
+    des = DES.new(bytes.fromhex(_psar_table_keys[mode]['key']), DES.MODE_CBC, iv=bytes.fromhex(
+        _psar_table_keys[mode]['iv']))
+    return prx.decrypt(des.decrypt(table))
+
+
+def is_table(name, version):
+    if version == 1 or version == 2:
+        return name == '01g:00000' or name == '02g:00000'
+    elif version == 3 or version == 4:
+        return int(name) < 10
+    return False
+
+
+def table_model(name, version):
+    if version == 1 or version == 2:
+        if name.startswith('01g'):
+            return 0
+        elif name.startswith('02g'):
+            return 1
+    elif version == 3 or version == 4:
+        return int(name)
+    return 0
+
+
+class psar_file(object):
+    def __init__(self, data):
+        self.name = struct.unpack('128s', data[4:0x84])[
+            0].decode().split('\0')[0]
+        (self.size, self.expanded_size, self.flags) = struct.unpack(
+            '<III', data[0x104:0x110])
+
+
+class PSAR(object):
+    def __init__(self, data):
+        self._version = struct.unpack('<I', data[4:8])[0]
+        metadata = self._decrypt_block(data[0x10:0x270])
+        second_size = struct.unpack('<I', metadata[0xC:0x10])[0]
+        info = struct.unpack('<64s', metadata[0x10:0x50])
+        info = b''.join(info).decode('utf-8').rstrip('\x00')
+        version = info.split(',')[5]
+
+        if version.startswith('3.8') or version.startswith('3.9'):
+            table_version = 1
+            delimiter = '|'
+        elif version.startswith('4.'):
+            table_version = 2
+            delimiter = '|'
+        elif version.startswith('5.'):
+            table_version = 3
+            delimiter = ','
+        elif version.startswith('6.'):
+            table_version = 4
+            delimiter = ','
+        else:
+            table_version = 0
+            delimiter = ','
+
+        if self._version != 1:
+            block = self._decrypt_block(data[0x270:0x270+second_size])
+
+        files = {}
+        pos = 0x270+second_size
+
+        while pos < len(data)-0x10:
+            size = self._get_file_entry_size(data[pos:pos+0x260])
+            f = self._read_file(data[pos:pos+size])
+            files[f['name']] = f
+            pos += size
+
+        tables = {table_model(f, table_version): decrypt_table(f,
+                                                               files[f]['file'], table_version).decode() for f in files if is_table(f, table_version)}
+        # print(tables)
+
+        # print(table)
+        # f3 = io.StringIO(table)
+        # reader = csv.reader(f3, delimiter=delimiter)
+        # if table_key == 2:
+        #     table_files = {x[0]: x[1] for x in reader}
+        # else:
+        #     table_files = {x[0]: x[1] for x in reader}
+
+        # print(files.keys())
+
+        table_files = {}
+
+        for x in tables:
+            if table_version == 1 or table_version == 2:
+                if x == 0:
+                    model = '01g:'
+                else:  # x == 1:
+                    model = '02g:'
+
+                f3 = io.StringIO(tables[x])
+                reader = csv.reader(f3, delimiter=delimiter)
+                for x in reader:
+                    if model + x[0] in files:
+                        table_files[model + x[0]] = x[1]
+                    else:
+                        table_files['com:' + x[0]] = x[1]
+            else:
+                f3 = io.StringIO(tables[x])
+                reader = csv.reader(f3, delimiter=delimiter)
+                for x in reader:
+                    table_files[x[0]] = x[1]
+
+        files = [{'name': table_files[x], 'data':files[x]}
+                 for x in table_files]
+        self.directories = [f['name']
+                            for f in files if f['data']['file'] is None]
+        self.directories.sort()
+        self.files = [f for f in files if f['data']['file'] is not None]
+
+    def _demangle(self, block):
+        if self._version == 5:
+            block = xor(block, math.ceil(
+                len(block)/0x10)*bytes.fromhex('D869B895336B633498B9FC3CB7262BD7')[:len(block)])
+
+        block = kirk.kirk7(block, 0x55)
+
+        if self._version == 5:
+            block = xor(block, math.ceil(
+                len(block)/0x10)*bytes.fromhex('0DA09084AF9EB6E2D294F2AAEF996871')[:len(block)])
+
+        return block
+
+    def _decrypt_block(self, block):
+        if self._version != 1:
+            block = block[:0x20] + \
+                self._demangle(block[0x20:0x150]) + block[0x150:]
+        return prx.decrypt(block)
+
+    def _get_file_entry_size(self, data):
+        meta = psar_file(self._decrypt_block(data))
+        return 0x260+meta.size
+
+    def _read_file(self, data):
+        meta = psar_file(self._decrypt_block(data))
+        file = zlib.decompress(self._decrypt_block(
+            data[0x260:0x260+meta.size])) if meta.expanded_size > 0 else None
+        return {"name": meta.name, "flags": meta.flags, "file": file}
diff --git a/src/bin/psptools/psptools.txt b/src/bin/psptools/psptools.txt
new file mode 100644
index 0000000..4fd4781
--- /dev/null
+++ b/src/bin/psptools/psptools.txt
@@ -0,0 +1 @@
+https://github.com/galaxyhaxz/Infinity/commit/6de980d8fbcaad8bf7a1e7d48a3b476a55752088
diff --git a/src/bin/psptools/requirements.txt b/src/bin/psptools/requirements.txt
new file mode 100644
index 0000000..96fed4b
--- /dev/null
+++ b/src/bin/psptools/requirements.txt
@@ -0,0 +1,2 @@
+ecdsa
+pycryptodome
\ No newline at end of file
diff --git a/src/downgrade660_ctrl/main.c b/src/downgrade660_ctrl/main.c
index eb6511e..3f6956a 100644
--- a/src/downgrade660_ctrl/main.c
+++ b/src/downgrade660_ctrl/main.c
@@ -14,12 +14,15 @@
 #include <systemctrl.h>
 #include <libinfinity.h>
 
+#include "common.h"
+
 #include "utils.h"
 #include "patch_table.h"
 #include "decrypt.h"
 
 PSP_MODULE_INFO("DowngraderCTRL", 0x3007, 1, 0);
 
+
 /* function pointers */
 int (* PrologueModule)(void *modmgr_param, SceModule2 *mod) = NULL;
 STMOD_HANDLER previous = NULL;
@@ -57,16 +60,26 @@ int ApplyFirmware(SceModule2 *mod)
 	SfoEntry *entries = (SfoEntry *)((char *)g_sfo_buffer + sizeof(SfoHeader));
 	
 	/* Lets open the updater */
-	char *file = (sceKernelGetModel() == 4) ? ("ef0:/PSP/GAME/UPDATE/EBOOT.pbp") : ("ms0:/PSP/GAME/UPDATE/EBOOT.pbp");
-	
+	SceIoStat stats;
+	int status;
+
+	status = sceIoGetstat(eboot_path, &stats);
+
+	if(status < 0) {
+		eboot_path[0] = 'm';
+		eboot_path[1] = 's';
+		status = sceIoGetstat(eboot_path, &stats);
+
+	}
+
 	/* set k1 */
 	u32 k1 = pspSdkSetK1(0);
 	
 	/* lets open the file */
-	SceUID fd = sceIoOpen(file, PSP_O_RDONLY, 0777);
+	SceUID fd; 
 	
 	/* check for failure */
-	if (fd < 0)
+	if ((fd = sceIoOpen(eboot_path, PSP_O_RDONLY, 0777)) < 0)
 	{
 		/* rage */
 		pspSdkSetK1(k1);
diff --git a/src/downgrade_ctrl/main.c b/src/downgrade_ctrl/main.c
index 5b0e85f..854ab21 100644
--- a/src/downgrade_ctrl/main.c
+++ b/src/downgrade_ctrl/main.c
@@ -8,12 +8,15 @@
 #include <pspkernel.h>
 #include <pspidstorage.h>
 #include <pspsysmem_kernel.h>
+#include <pspiofilemgr_kernel.h>
 
 #include <stdio.h>
 #include <string.h>
 #include <systemctrl.h>
 #include <libinfinity.h>
 
+#include "common.h"
+
 #include "utils.h"
 #include "patch_table.h"
 #include "decrypt.h"
@@ -57,16 +60,25 @@ int ApplyFirmware(void)
     SfoEntry *entries = (SfoEntry *)((char *)g_sfo_buffer + sizeof(SfoHeader));
 	
 	/* Lets open the updater */
-	char *file = (sceKernelGetModel() == 4) ? ("ef0:/PSP/GAME/UPDATE/EBOOT.pbp") : ("ms0:/PSP/GAME/UPDATE/EBOOT.pbp");
+	SceIoStat stats;
+	int status;
+
+	status = sceIoGetstat(eboot_path, &stats);
+
+	if(status < 0) {
+		eboot_path[0] = 'm';
+		eboot_path[1] = 's';
+		status = sceIoGetstat(eboot_path, &stats);
+	}
 	
 	/* set k1 */
 	u32 k1 = pspSdkSetK1(0);
 	
 	/* lets open the file */
-	SceUID fd = sceIoOpen(file, PSP_O_RDONLY, 0777);
+	SceUID fd;
 	
 	/* check for failure */
-	if (fd < 0)
+	if ((fd = sceIoOpen(eboot_path, PSP_O_RDONLY, 0777)) < 0)
 	{
 		/* rage */
 		pspSdkSetK1(k1);
diff --git a/src/include/common.h b/src/include/common.h
new file mode 100644
index 0000000..4075fb8
--- /dev/null
+++ b/src/include/common.h
@@ -0,0 +1,4 @@
+#ifndef _COMMON_H_
+#define _COMMON_H_
+char eboot_path[] = "ef0:/PSP/GAME/UPDATE/EBOOT.PBP";
+#endif
diff --git a/src/kernel_exploit.c b/src/kernel_exploit.c
index 99f2e1b..4f43aea 100644
--- a/src/kernel_exploit.c
+++ b/src/kernel_exploit.c
@@ -65,12 +65,15 @@ int pre_kernel(int (* kfunc)(void))
 		/* find our functions */
 		if((g_devkit_version == FIRMWARE_VERSION_660) || (g_devkit_version == FIRMWARE_VERSION_661))
 		{
+			pspKernelGetModel = (void *)FindProc("sceSystemMemoryManager", "SysMemForKernel", 0x07C586A1); //6.60
 			pspKernelGetModel = (void *)FindProc("sceSystemMemoryManager", "SysMemForKernel", 0x07C586A1); //6.60
 			pspKernelLoadExecVSHEf1 = (void *)FindProc("sceLoadExec", "LoadExecForKernel", 0x16A68007); //6.60
 			pspKernelLoadExecVSHMs1 = (void *)FindProc("sceLoadExec", "LoadExecForKernel", 0x4FB44D27); //6.60
 			
 			pspSysconGetBaryonVersion = (void *)FindProc("sceSYSCON_Driver", "sceSyscon_driver", 0x7EC5A957);
 			pspIoOpen = (void *)FindProc("sceIOFileManager", "IoFileMgrForKernel", 0x109F50BC);	
+			pspIoAssign = (void *)FindProc("sceIOFileManager", "IoFileMgrForKernel", 0xB2A628C1);	
+			pspIoUnAssign = (void *)FindProc("sceIOFileManager", "IoFileMgrForKernel", 0x6D08A871);	
 			pspIoWrite = (void *)FindProc("sceIOFileManager", "IoFileMgrForKernel", 0x42EC03AC);
 			pspIoClose = (void *)FindProc("sceIOFileManager", "IoFileMgrForKernel", 0x810C4BC3);
 		}
diff --git a/src/kernel_land.c b/src/kernel_land.c
index 9c39778..9e9351c 100644
--- a/src/kernel_land.c
+++ b/src/kernel_land.c
@@ -8,6 +8,7 @@
 #include <pspkernel.h>
 #include <pspsysmem_kernel.h>
 #include <psploadexec_kernel.h>
+#include <pspiofilemgr.h>
 
 #include <stdio.h>
 #include <string.h>
@@ -17,6 +18,10 @@
 #include "utils.h"
 #include "downgrade_ctrl/patch_table.h"
 
+
+extern char eboot_path[];
+
+
 /* function pointers */
 int (* pspKernelGetModel)(void) = NULL;
 int (* pspSysconGetBaryonVersion)(u32 *baryon) = NULL;
@@ -26,6 +31,9 @@ int (* pspKernelLoadExecVSHMs1)(const char *path, struct SceKernelLoadExecVSHPar
 SceUID (* pspIoOpen)(char *file, int flags, SceMode mode) = NULL;
 int (* pspIoWrite)(SceUID fd, void *data, u32 len) = NULL;
 int (* pspIoClose)(SceUID fd) = NULL;
+int (* pspIoAssign)(const char *dev1, const char *dev2, const char *dev3, int mode, void *unk1, long unk2) = NULL;
+int (* pspIoUnAssign)(const char *dev) = NULL;
+
 
 /* globals */
 struct SceKernelLoadExecVSHParam g_exec_param;
@@ -47,6 +55,15 @@ int getModel(void)
 	return pspKernelGetModel();
 }
 
+
+int reassign() {
+	u32 ret;
+	pspIoUnAssign("ms0:");
+	pspIoAssign("ms0:","msstor0p1:","fatms0:",IOASSIGN_RDWR,NULL,0);
+	ret = pspIoOpen(eboot_path, PSP_O_RDONLY, 0777);
+	return ret;
+}
+
 int delete_resume_game(void)
 {
 	u8 _header[512+64];
@@ -111,7 +128,7 @@ int patch_loadexec_phat(void)
 	KClearCaches();
 	
 	/* just return 0 */
-	return pspKernelLoadExecVSHMs1(OTHER_UPDATER_PATH, &g_exec_param);
+	return pspKernelLoadExecVSHMs1(eboot_path, &g_exec_param);
 }
 
 int patch_loadexec_slim(void)
@@ -138,7 +155,7 @@ int patch_loadexec_slim(void)
 	KClearCaches();
 	
 	/* just return 0 */
-	return pspKernelLoadExecVSHMs1(OTHER_UPDATER_PATH, &g_exec_param);
+	return pspKernelLoadExecVSHMs1(eboot_path, &g_exec_param);
 }
 
 int patch_loadexec_3000(void)
@@ -165,7 +182,7 @@ int patch_loadexec_3000(void)
 	KClearCaches();
 	
 	/* just return 0 */
-	return pspKernelLoadExecVSHMs1(OTHER_UPDATER_PATH, &g_exec_param);
+	return pspKernelLoadExecVSHMs1(eboot_path, &g_exec_param);
 }
 
 int patch_loadexec_4000(void)
@@ -192,7 +209,7 @@ int patch_loadexec_4000(void)
 	KClearCaches();
 	
 	/* just return 0 */
-	return pspKernelLoadExecVSHMs1(OTHER_UPDATER_PATH, &g_exec_param);
+	return pspKernelLoadExecVSHMs1(eboot_path, &g_exec_param);
 }
 
 int patch_loadexec_pspgo(void)
@@ -220,8 +237,13 @@ int patch_loadexec_pspgo(void)
 	/* clear the caches */
 	KClearCaches();
 
-	/* reboot into the updater */
-	return pspKernelLoadExecVSHEf1(PSPGO_UPDATER_PATH, &g_exec_param);
+	if(strstr(eboot_path, "ms0")) {
+		return pspKernelLoadExecVSHMs1(eboot_path, &g_exec_param);
+	}
+	else {
+		/* reboot into the updater */
+		return pspKernelLoadExecVSHEf1(eboot_path, &g_exec_param);
+	}
 }
 
 int patch_loadexec_street(void)
@@ -240,13 +262,13 @@ int patch_loadexec_street(void)
 	KClearCaches();
 	
 	/* just return 0 */
-	return pspKernelLoadExecVSHMs1(OTHER_UPDATER_PATH, &g_exec_param);
+	return pspKernelLoadExecVSHMs1(eboot_path, &g_exec_param);
 }
 
-int launch_updater(void)
+int launch_updater()
 {
 	KClearCaches();
-	
+
 	int res = -1;
 	
 	/* clear our param */
@@ -254,7 +276,7 @@ int launch_updater(void)
 	
 	/* fill the field */
 	g_exec_param.size = sizeof(struct SceKernelLoadExecVSHParam);
-	g_exec_param.argp = (pspKernelGetModel() == 4) ? (PSPGO_UPDATER_PATH) : (OTHER_UPDATER_PATH);
+	g_exec_param.argp = eboot_path;
 	g_exec_param.args = strlen(g_exec_param.argp) + 1;
 	g_exec_param.key = "updater";
 	g_exec_param.vshmain_args_size = 0;
diff --git a/src/kernel_land.h b/src/kernel_land.h
index 0c2b50a..3ce61cd 100644
--- a/src/kernel_land.h
+++ b/src/kernel_land.h
@@ -13,8 +13,11 @@
 int getModel(void);
 u32 getBaryon(void);
 int launch_updater(void);
+int reassign(void);
 int delete_resume_game(void);
 
+//extern char eboot_path[];
+
 extern int (* pspKernelGetModel)(void);
 extern int (* pspSysconGetBaryonVersion)(u32 *baryon);
 extern SceModule2 *(* pspKernelFindModuleByName)(const char *name);
@@ -23,5 +26,9 @@ extern int (* pspKernelLoadExecVSHMs1)(const char *path, struct SceKernelLoadExe
 extern SceUID (* pspIoOpen)(char *file, int flags, SceMode mode);
 extern int (* pspIoWrite)(SceUID fd, void *data, u32 len);
 extern int (* pspIoClose)(SceUID fd);
+extern int (* pspIoRead)(int fd, void* data, int size);
+extern int (* pspIoAssign)(const char *dev1, const char *dev2, const char *dev3, int mode, void *unk1, long unk2);
+extern int (* pspIoUnAssign)(const char *dev);
+extern int (* pspIoLseek32)(int fd, int offset, int whence);
 
 #endif /* __KERNEL_LAND_H__ */
diff --git a/src/main.c b/src/main.c
index 7826abc..d0a694f 100644
--- a/src/main.c
+++ b/src/main.c
@@ -13,22 +13,26 @@
 #include <pspsysmem_kernel.h>
 #include <psploadexec_kernel.h>
 #include <psploadcore.h>
+#include <pspiofilemgr.h>
 
 #include <stdio.h>
 #include <string.h>
 #include <stdarg.h>
 #include <malloc.h>
 
+#include "common.h"
+
 #include "utils.h"
 #include "kernel_land.h"
 #include "kernel_exploit.h"
 #include "rebootex.h"
 
-PSP_MODULE_INFO("Chronoswitch", 0, 1, 1);
+PSP_MODULE_INFO("Chronoswitch", 0, 7, 61);
 PSP_MAIN_THREAD_ATTR(PSP_THREAD_ATTR_VFPU);
 PSP_HEAP_SIZE_KB(3 << 10);
 
-#define DOWNGRADER_VER    ("7.2")
+#define DOWNGRADER_VER    ("7.6.1")
+
 
 typedef struct __attribute__((packed))
 {
@@ -50,7 +54,7 @@ typedef struct __attribute__((packed))
         short unknown; // 16
 } SfoEntry;
     
-u32 get_updater_version(u32 is_pspgo)
+u32 get_updater_version(char *argv)
 {
     int i;
     char *fw_data = NULL;
@@ -60,23 +64,62 @@ u32 get_updater_version(u32 is_pspgo)
     SfoEntry *entries = (SfoEntry *)((char *)sfo_buffer + sizeof(SfoHeader));
     
     /* Lets open the updater */
-    char *file = (is_pspgo) ? ("ef0:/PSP/GAME/UPDATE/EBOOT.PBP") : ("ms0:/PSP/GAME/UPDATE/EBOOT.PBP");
-    
-    /* open file */
-    SceUID fd = sceIoOpen(file, PSP_O_RDONLY, 0777);
-    
+	SceIoStat stats;
+	int status;
+
+	status = sceIoGetstat(eboot_path, &stats);
+
+	if(status < 0) {
+		eboot_path[0] = 'm';
+		eboot_path[1] = 's';
+	}
+
+	status = sceIoGetstat(eboot_path, &stats);
+
+	int go_fw = -1;
+
+	int go_check = sceIoOpen(eboot_path, PSP_O_RDONLY, 0);
+	sceIoLseek32(go_check, 0x346F, PSP_SEEK_SET);
+	u8 go_buf[1] = { 0 };
+	sceIoRead(go_check, go_buf, 1);
+	if(go_buf[0] == 0x63)
+		go_fw = 1;
+	sceIoLseek32(go_check, 0, PSP_SEEK_SET);
+	sceIoClose(go_check);
+
+	if(status < 0 && !strstr(argv, "ef0")) {
+		printf("\nHmmmm? Are you sure you have EBOOT.PBP in PSP/GAME/UPDATE/ ???\n");
+		return 0xFFF;
+	}
+
     /* check for failure */
-    if (fd < 0)
-    {
-        /* error firmware */
-        return 0xFFF;
-    }
-    
-    /* read the PBP header */
-    sceIoRead(fd, pbp_header, sizeof(pbp_header));
-    
-    /* seek to the SFO */
-    sceIoLseek32(fd, pbp_header[8/4], PSP_SEEK_SET);
+    int model = execKernelFunction(getModel);
+	if(model == 4 && go_fw < 0) {
+		pspDebugScreenSetTextColor(0xCC0000FF);
+		printf("\nYour running OFW from a X000 Series, it should be for the GO OFW\n");
+    	pspDebugScreenSetTextColor(0x00BFFF);
+		return 0xFFF;
+	}
+	else if(model != 4 && go_fw == 1) {
+		pspDebugScreenSetTextColor(0xCC0000FF);
+		printf("\nYour running OFW from a GO, it should be for the X000 OFW Series\n");
+    	pspDebugScreenSetTextColor(0x00BFFF);
+		return 0xFFF;
+	}
+	else if(model == 4 && strstr(argv, "ef0") && go_fw >= 0) { return 0xFA4E; /* FAKE some reason CS on ef0 does not like reading from ms0 */ }
+	SceUID fd = sceIoOpen(eboot_path, PSP_O_RDONLY, 0777);
+	if (fd < 0)
+	{
+		printf("\nHmmmm? Are you sure you have EBOOT.PBP in PSP/GAME/UPDATE/ ???\n");
+		/* error firmware */
+		return 0xFFF;
+	}
+
+	/* read the PBP header */
+	sceIoRead(fd, pbp_header, sizeof(pbp_header));
+
+	/* seek to the SFO */
+	sceIoLseek32(fd, pbp_header[8/4], PSP_SEEK_SET);
     
     /* calculate the size of the SFO */
     u32 sfo_size = pbp_header[12/4] - pbp_header[8/4];
@@ -85,15 +128,16 @@ u32 get_updater_version(u32 is_pspgo)
     if (sfo_size > sizeof(sfo_buffer))
     {
         /* too much */
+		printf("\nTo much deditated wammm ... Perhaps not have all your plugins running right now ...\n");
         sceIoClose(fd);
         return 0xFFF;
     }
-    
-    /* read the sfo */
-    sceIoRead(fd, sfo_buffer, sizeof(sfo_buffer));
-    
-    /* close the file */
-    sceIoClose(fd);
+	
+	/* read the sfo */
+	sceIoRead(fd, sfo_buffer, sizeof(sfo_buffer));
+
+	/* close the file */
+	sceIoClose(fd);
     
     /* now parse the SFO */
     for (i = 0; i < header->count; i++)
@@ -110,6 +154,7 @@ u32 get_updater_version(u32 is_pspgo)
     /* see if we went through all the data */
     if (i == header->count)
     {
+		printf("\nHmmm SFO count is too big ... Looks like the EBOOT.PBP is corrupted somehow.\n");
         return 0xFFF;
     }
     
@@ -129,21 +174,28 @@ int main(int argc, char *argv[])
     
     /* initialise the PSP screen */
     pspDebugScreenInit();
-    pspDebugScreenSetTextColor(0x00D05435);
+    pspDebugScreenSetTextColor(0x00BFFF);
+    //pspDebugScreenSetTextColor(0x00D05435);
     
     /* display welcome message */
     printf(
         "Chronoswitch Downgrader" "\n"
-        "Version %s. Built %s %s" "\n" "\n"
+        "Version %s Built %s %s" "\n" "\n"
         
         "Contributions:" "\n"
         "\t"    "6.31/6.35 Support added by Davee" "\n"
         "\t"    "6.38/6.39/6.60 Support added by some1" "\n"
-        "\t"    "6.61 Support added by qwikrazor87" "\n" "\n"
+        "\t"    "6.61 Support added by qwikrazor87" "\n"
+        "\t"    "Removed factory firmware limits (and more) by TheZett" "\n"
+        "\t"    "GO ms0/ef0 UPDATE support added by krazynez" "\n" "\n"
+        "Testers:" "\n"
+        "\t"    "Peter Lustig" "\n"
+        "\t"    "Nall (nallwolf)" "\n"
+        "\t"    "Total Kommando" "\n" "\n"
         
         "Web:" "\n"
-        "\t"    "https://lolhax.org" "\n" "\n"
-        , DOWNGRADER_VER, __DATE__, __TIME__);
+        "\t"    "https://lolhax.org" "\n"
+        , DOWNGRADER_VER, __DATE__, __TIME__ "\n");
 
 #ifdef HBL_SUKKIRI    
     /* Clear html param to 0 */
@@ -254,7 +306,25 @@ int main(int argc, char *argv[])
     sceKernelDelayThread(4*1000*1000);
 
     /* get the updater version */
-    u32 upd_ver = get_updater_version(model == 4);
+    u32 upd_ver = get_updater_version(argv[0]);
+
+	if (upd_ver == 0xFFF) {
+		printf("\nPress R to exit...\n");
+		while (1)
+        {
+            sceCtrlPeekBufferPositive(&pad_data, 1);
+            
+            /* filter out previous buttons */
+            cur_buttons = pad_data.Buttons & ~prev_buttons;
+            prev_buttons = pad_data.Buttons;
+            
+            /* check for cross */
+            if (cur_buttons & PSP_CTRL_RTRIGGER)
+            {
+                ErrorExit(5000, "Exiting in 5 seconds.\n");
+            }
+        }
+	}
 
 	/* make sure that we are not attempting to downgrade a PSP below its firmware boundaries */
 	
@@ -372,8 +442,13 @@ int main(int argc, char *argv[])
     }
     
     /* do confirmation stuff */
-    printf("\n" "Will attempt to Downgrade: %X.%X -> %X.%X.\n", (g_devkit_version >> 24) & 0xF, ((g_devkit_version >> 12) & 0xF0) | ((g_devkit_version >> 8) & 0xF), (upd_ver >> 8) & 0xF, upd_ver & 0xFF);
-    printf("X to continue, R to exit.\n");
+	if(model == 4 && strstr(argv[0], "ef0")) {
+    	printf("\nX to continue, R to exit.\n");
+	}
+	else {
+    	printf("\n" "Currently Running: %X.%X going to Downgrade/Reinstall: %X.%X.\n", (g_devkit_version >> 24) & 0xF, ((g_devkit_version >> 12) & 0xF0) | ((g_devkit_version >> 8) & 0xF), (upd_ver >> 8) & 0xF, upd_ver & 0xFF);
+    	printf("\nX to continue, R to exit.\n");
+	}
     
     /* get button */
     while (1)
@@ -383,6 +458,7 @@ int main(int argc, char *argv[])
         /* filter out previous buttons */
         cur_buttons = pad_data.Buttons & ~prev_buttons;
         prev_buttons = pad_data.Buttons;
+
         
         /* check for cross */
         if (cur_buttons & PSP_CTRL_CROSS)
diff --git a/src/utils.h b/src/utils.h
index c0d4eeb..5704dea 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -19,9 +19,6 @@
 #define FIRMWARE_VERSION_660	(0x06060010)
 #define FIRMWARE_VERSION_661	(0x06060110)
 
-#define PSPGO_UPDATER_PATH	"ef0:/PSP/GAME/UPDATE/EBOOT.PBP"
-#define OTHER_UPDATER_PATH	"ms0:/PSP/GAME/UPDATE/EBOOT.PBP"
-
 #define printf pspDebugScreenPrintf
 
 /**