[RELEASE] 5.03 TIFF Hello World

[Moose]

Yes, Dark_AleX pioneered the custom firmware for the PSP.

 

[wimat]

Then from now on he's my hero

 

[Jolan]

And by running a flasher, it will write files to your flash memory. So it will break down security and let you install Custom FW. OMG whoever made this is a genius!!

BTW: I've read somewhere that it was Dark Alex. Any truth to this?

...Except the security in the 88v3 and 90 is in the CPU.

 

[wimat]

...Except the security in the 88v3 and 90 is in the CPU.

But my PSP is old so I guess it don't have one of those

 

[thedicemaster]

And the PRE-IPL is like a Read Only BIOS in some sort of crazy Trusted Computing set up where if the MBR doesn't match a signature or whatever security the PRE-IPL is checking then the entire boot process stops there. I still dont fully understand why a CFW has to use a new IPL and not just alter the OFW in ways that allow for similar functionality of the CFW? IE, allowing custom PSX PBPs and using unsigned ISO PBPs and homebrew. Again, Im not a developer so I might of just sounded like an idiot, and even if this is not possible I still wait patiently like many to see the HEN.

the alteration required to allow booting of iso's and unsigned eboots would corrupt the sony signature on the FW.
if that's corrupted the ipl won't boot it anymore.

psp bootsequence:
pre-ipl(read-only, checks for a sony signature on the ipl*)>ipl(writable, checks if the FW is good)>FW(writable, does everything else)

*in the TA-088v3 and TA-090v2 this signature check is more extensive.
all PSP's need a signed IPL, but older ones only check part of the signature

 

[MaxMouseDLL]

And by running a flasher, it will write files to your flash memory. So it will break down security and let you install Custom FW. OMG whoever made this is a genius!!

BTW: I've read somewhere that it was Dark Alex. Any truth to this?

No it wont... aren't you listening? if you flash CFW to a TA-088v3 or a TA-090v2 YOU WILL BRICK IT.

 

[OMG HACKS]

HEN before tuesday .

 

[imported_Bumblebee]

But could you install an OF less than 5.03 like 4.05 in case of ta88v3 mobo and 4.21 in case of 3k???

 

[anon2146]

the alteration required to allow booting of iso's and unsigned eboots would corrupt the sony signature on the FW.
if that's corrupted the ipl won't boot it anymore.

psp bootsequence:
pre-ipl(read-only, checks for a sony signature on the ipl*)>ipl(writable, checks if the FW is good)>FW(writable, does everything else)

*in the TA-088v3 and TA-090v2 this signature check is more extensive.
all PSP's need a signed IPL, but older ones only check part of the signature

So, we rewrote the IPL too and then had free rain over the FW on the older MoBos? Or did the PRE-IPL exist on the old ones as well just they figured out how to work around those checks? If its the latter and if I remember an old DAX post its just looking into and maybe taking a few bricks on the cheek before they figure out how to work with the new Pre-IPL as well? Thanks for taking the time out to explain it as well.

 

[MaxMouseDLL]

But could you install an OF less than 5.03 like 4.05 in case of ta88v3 mobo and 4.21 in case of 3k???

Yes, you could... in theory. it's important to make the distinction between OFW and CFW here, you could install say 5.00 OFW on either a TA-088v3 or a TA-090v2 but not 5.00M33 CFW... the issue (as stated previously) lies within Pre-IPL/IPL security.

 

[thedicemaster]

So, we rewrote the IPL too and then had free rain over the FW on the older MoBos? Or did the PRE-IPL exist on the old ones as well just they figured out how to work around those checks? If its the latter and if I remember an old DAX post its just looking into and maybe taking a few bricks on the cheek before they figure out how to work with the new Pre-IPL as well? Thanks for taking the time out to explain it as well.

the pre-ipl has always existed, and has always checked if the ipl is good.
but the newer pre-ipl has a lot more checks built-in to see if the ipl is good, so it requires a lot more work to crack.

 

[anon2146]

the pre-ipl has always existed, and has always checked if the ipl is good.
but the newer pre-ipl has a lot more checks built-in to see if the ipl is good, so it requires a lot more work to crack.

Well, good so at least they have experience with this system. For some reason I was under the impression that the existence of a PRE-IPL or at least one with security checks was a brand new thing.

 

[Usuruk]

JJJJUuuuuuuuuuuuuuuuuuuuuuuuhhhhhhhhhuu it

 

Hey guys.

When you will run PSP-1000 HEN for Version 5.03 in the future, from there you can make a Pandora Battery and MagicStick using Hellcat's Pandora Installer for 3.xx+ kernels. This HEN is a gateway to installing custom firmware on the PSP-1000s becuase they can make the Pandora Battery.

 

[bigjkcfan]

Hey guys.

When you will run PSP-1000 HEN for Version 5.03 in the future, from there you can make a Pandora Battery and MagicStick using Hellcat's Pandora Installer for 3.xx+ kernels. This HEN is a gateway to installing custom firmware on the PSP-1000s becuase they can make the Pandora Battery.

correct me if i am wrong but you can make a pandora battery with a psp slim too, the early models at least...

 

[dtom2444]

i'm really torn with this tiff exploit. I used to be a very active member of the PSP homebrew community from the early days (Fanjita, Booster, ....) until the first tiff exploit bricked my psp 1000 phat. Just bought a psp 3000 and really hope lightning doesn't strike twice...

But still, great work everyone! Can't wait to see what lies ahead!

Edit: Quick question (and probably a stupid question) will this allow for a psp 3000 downgrader or will all future homebrew for psp 3000's need to be unique for this exploit? (ie, no older homebrew will work)

 

correct me if i am wrong but you can make a pandora battery with a psp slim too, the early models at least...

You're absolutely right. Those early PSP Slim models with the TA-085 motherboard did have those abilities.

I only posted about the PSP-1000 because it is alot easier to get a custom firmware through this exploit on this model, and I posted that to give true hope to those last remaining PSP Phat users that aren't on custom firmware yet.

Also, I hope the HEN released soon will be model specific too.

 

[thedicemaster]

i'm really torn with this tiff exploit. I used to be a very active member of the PSP homebrew community from the early days (Fanjita, Booster, ....) until the first tiff exploit bricked my psp 1000 phat. Just bought a psp 3000 and really hope lightning doesn't strike twice...

But still, great work everyone! Can't wait to see what lies ahead!

Edit: Quick question (and probably a stupid question) will this allow for a psp 3000 downgrader or will all future homebrew for psp 3000's need to be unique for this exploit? (ie, no older homebrew will work)

it should work for most 5.00 homebrew.
a downgrade for 1.50 homebrew is simply impossible, because that FW is only made for psp1000's
lowest a 3000 can go is 4.21

a CFW isn't possible either, because the ipl would detect cfw, and prevent booting.

 

a CFW isn't possible either, because the ipl would detect cfw, and prevent booting.

The PSP-3000 Pre-IPL won't be able to start the custom IPL (found in custom firmwares). So it's the Pre-IPL security and its revisions that prevent custom IPL and custom firmware from loading.

 

[Cheetablaze]

I am running a PSP-3001 with firmware 5.02. This was made by Darkcloud-x but it didn't work for me.. the tiff exploit froze and froze on me every single time. All I did was tweak it a bit and now it literally works 100% for me. Just like Mr. Darkcloud-x did, I did not add the h.bin. Thanks Mr. Darkcloud-x for helping me out and hopefully this will help others out as well. All you do is try and view the pictures and it automatically loads the tiff exploit.

Once again thank you Darkcloud-x, I tried adding your name in this as much as possible so somebody doesn't think I stole your good idea. LOL!