• Steam recently changed the default privacy settings for all users. This may impact tracking. Ensure your profile has the correct settings by following the guide on our forums.

PSP 2000 4.01 OFW and PSP 3000 Hardware Hack Project

Status
Not open for further replies.
F

freesoul

Filipino
Good day!

We are composed of Hardware Computer Technicians here in Asia. We would like to help the PSP community in extracting the pre-ipl from PSP 2000 4.01 OFW TA-88V3 and PSP 3000.

We will tinker on the hardware part of the PSP MOBO and all of you will share inputs on the software side of it.

I just need a Schematic Diagram for PSP 2000 TA-88V3 and PSP 3000 TA-90. Since there is no unbricker for these types of MOBO. This type of project will benefit the PSP community.

Not all of us have extra money to spend on a new PSP if we got our unit bricked. Not all of us can afford to buy bunch of UMDs. Not all homebrew experts create dozens of Homebrew games due to lack of funding.


Just PM me for your inputs on the Schematic Diagram for PSP. If this project will be successful, I will share the findings here in M for M Forums.

Our group is specialized in reviving Dead MOBOs, Video Card, Memory and Hard Disk for PC, Laptops, POS (Point of Sale System). We also do Data Recovery on Corrupted or Dead Hard Disk. We have very good background on the Schematic diagram on PCs and Laptops. We use hot air and other techniques in reviving dead MOBOs.

Since PC and Gaming Console MOBOs are not that different from eachother. We will venture on this project. Our current case study as of now is resolving and minimizing the Dreaded Ring of Death 3RL for XBOX 360 Falcon, Zypher, Zenon MOBOs.

If you would like to help on the XBOX360 Problem please feel free to PM me.

"Lets FREE our SOUL from Corporate Slavery"

More power to OPEN Source Technology.
 
C

Chaoskeeper56

Pineapple
That sounds great! I wish you guys the best of luck with your project, and if I come along any schematic's for the 3000, i'll be sure to show you.
 
M

megaorange

New Member
That would be awsom if you guys created a pandora for PSP 2000 TA-88V3 and PSP 3000 TA-90 Good luck :cool: ill let you know if i find anything
 
Hellcat

Hellcat

Contributor
AFAIK the service mode itself it already hacked.

You need to hack/exploit/reverse the additional checksums on the IPL and check if they actually fixed the old exploit AND added the additional hashs, or if they only added the hashs instead of actually fixing the exploit.

Good luck with that.

BTW: A pandora works on any FW, no need to glue this to 4.01.
 
X

xist

Member
Hellcat said:
AFAIK the service mode itself it already hacked.

You need to hack/exploit/reverse the additional checksums on the IPL and check if they actually fixed the old exploit AND added the additional hashs, or if they only added the hashs instead of actually fixing the exploit.

Good luck with that.

BTW: A pandora works on any FW, no need to glue this to 4.01.
Click to expand...

You make it sound so simple! :laugh:
 
F

freesoul

Filipino
wololo, moskito and noob81 has advice us on what to do extactly and that is to find a way to extract the pre-ipl of the said mobos.

we will just look for reference and information on how to do this.

if you have close friends and relatives working in a company ic/chipset developer. so that we will ask for advice to do this

we have initial ideas on how to do this but its still not clear enough.

PM me.

Ty
 
Hellcat

Hellcat

Contributor
freesoul said:
wololo, moskito and noob81 has advice us on what to do extactly and that is to find a way to extract the pre-ipl of the said mobos.
Click to expand...
....as stated in this thread.

freesoul said:
we will just look for reference and information on how to do this.
Click to expand...
freesoul said:
we have initial ideas on how to do this but its still not clear enough.
Click to expand...
Try to "sniff" and log it while the CPU executes it or decap syscon / CPU.

Not meaning to pull you down, but much of what's possible has already been tried - or at least tried to figure out the "how".
The smartest guys I know are squishing their heads on this,
But maybe you'll suceed in your quest, who knows....

You should also talk to Datel, they have a special lab for stuff like that - and they pretend (do they still?) to have a battery that brings the 3k into service mode, you'd just need to figure out how to make it boot unsigned/unencrypted stuff.
 
A

afteralter

S for Surreal
*Nosebleed due to many dev jargons* (Filipino joke)

Anyway, good luck with it :)

About the buying bunch of UMD's.. You could always borrow from your friends :D *and keep it! joke XD* Or buy second-hand UMD's from a legal dealer like what I did for the UMD's I have. Ripped them and placed them in my MS so I wouldn't carry them ~.^
 
Davee

Davee

lolhax
freesoul said:
wololo, moskito and noob81 has advice us on what to do extactly and that is to find a way to extract the pre-ipl of the said mobos.

we will just look for reference and information on how to do this.

if you have close friends and relatives working in a company ic/chipset developer. so that we will ask for advice to do this

we have initial ideas on how to do this but its still not clear enough.

PM me.

Ty
Click to expand...

Pre-IPL is a waste, dump KIRK...
 
X

xist

Member
Davee...would dumping and cracking KIRK mean that essentially a PSP could run anything thrown at it? (by verifying everything irrespective of signatures).

In your view how would it be used if it was dumped?
 
Davee

Davee

lolhax
Dragoneon said:
PFFT your just scared that if they hack the ipl and
instal CFW,
that theyl stop useing your hen:sleep:
Click to expand...

You're just an ignorant retard. If you re-engineer KIRK code, you can run code SIGNED AND ENCRYPTED. Everyone has this weird lust for hacking the pre-IPL which is more than likely fixed now and pretty much useless.
 
Hellcat

Hellcat

Contributor
Isn't the process of singing/checking and encryption/decryptio asymetric (AES and the such)?
Wouldn't a dumped KIRK then be useless as in you got the code that checks, but you still don't have the required keys to actually sign and encrypt?
 
F

freesoul

Filipino
Davee said:
=/
Whats your intention?
Click to expand...

our intention is to have an unbricker for psp2000 TA-88BV3 and PSP3000. and also to make 5.50 OFW and 5.51 OFW with this mobos to run homebrew.

only DATEL can help us now. They have the equipment we need. We are trying to find contacts here in our place that has that kind of equipment.

Davee, if you think this would be useless and un-achievable, just let us know because we will skip this project and move to XBOX360 3RL Problem.

Since you are the first to make TA-88V3 and PSP3000 run homebrew application, you have the better view if this is feasible or not.

Thanks!
 
Bubbletune

Bubbletune

Member
Hellcat said:
Isn't the process of singing/checking and encryption/decryptio asymetric (AES and the such)?
Wouldn't a dumped KIRK then be useless as in you got the code that checks, but you still don't have the required keys to actually sign and encrypt?
Click to expand...

Both the algorithm and keys are in KIRK though, so if you get your hands on KIRK, you're pretty much all in. Both KIRK and the pre-IPL are on the CPU, and it's likely they patched the pre-IPL correctly, in which case a dumped one isn't going to have any use. In that case you'd need KIRK, so why not go for that in the first place? ;)
 
Status
Not open for further replies.
Top