10 Days of Hacking, Day 5: The PSP, Part 2

Acid_Snake

I like beer.

You may also like...

38 Responses

  1. L2SSnake says:

    Genious, this is genious, so much fun man, ty for this article

  2. wololo says:

    It’s difficult to summarize almost 10 years of history of the PSP hacking scene without forgetting a bunch of names. Among names I didn’t see in your article but that deserve some credit, I can think of:

    nem, ookm, fanjita (and the rest of noobz), tyranid, mathieulh, silverspring, coldbird, virtuous_flame.

    Would also like to give additional credit to JJS and Davee for their key contributions in the early days of HBL.

    You also completely ignored the pandora batteries in your articles (and I know you stated that’s because you didn’t have enough documentation about it), but wanted to point that out since it was by far the biggest hack/discovery of the PSP scene.

    There were many others who contributed to that extremely lively scene, I hope they won’t take it personally if I forgot other key people in here

  3. dboyz says:

    thanks for the articles & tech stuff details, I like your words here =)

  4. zxz says:

    thanks for the article. I just wanna point out one small typo though :D
    Name of HEN for 5.03 is chickHEN not checkHEN.

  5. something x3 dark side says:

    Gen firmware was my favourite so much you could do, to bad that they never released a firmware for the pspgo, oh well, thanks to the devs that did

    • fate6 says:

      GEN is terrible and you should feel terrible for liking it >__<

      • The Z says:

        The only “semi-decent” CFW from the GEN Team was the 5.03 GEN-C, everything else was low quality.

        • fate6 says:

          GEN is what would have happen if DaX stopped straightening the M33 backend and instead added plugins into the CFW which only added more bugs

          the plugins also could not be updated sepretly from the CFW

          GG to bubbletune BTW

          • Acid_Snake says:

            You and The Z are looking at Gen CFW from a user perspective, but if you look at it from a dev perspective, it isn’t nearly as bad it you two make it look like. Take into consideration that upon that time NOBODY quite knew how the M33 CFW worked other than the core M33 members, it was a closed source project and most hacks were undisclosed until Dark_Alex left. Team GEN had to not only learn most of the inner workings of M33, but also port it to a firmware that had changed a lot from the one it was last ported to, so it’s very natural that the initial versions of such CFW were so buggy, so was TN-A on 6.20, extremely buggy, but GEN managed to pull it off and by GEN-D3 they had managed to deliver a robust CFW experience, just like TN eventually managed get his HEN stable.

  6. Jun DeJane says:

    Again, nice article and a great read. Keep it up!

  7. The Z says:

    Minor mistake:

    TNs 6.20 kernel mode exploit worked up to FW 6.36, not 6.35 :) (/Nitpicking)

    It is also worth to mention that the perma patch, despite being very awesome and a “nearly” permanent solution”, has a very minor chance of failing, which thus renders the device unuseable/bricked.

    The perma patch is technically also not a “full CFW”, since a few things are missing and those things were important for the cIPL CFWs, which are kind of the only full CFWs.

    Just my 2 cents.

  8. ambrosjb says:

    A good set of articles. Only one major omission for PSP was PANDORA BATTERY! By far one of the coolest hacks found for PSP. Also talking about the DAX/M33. Wasn’t M33 originally something about March 33nd which is actually April Fools Day?

    • The Z says:

      March 33rd = 2nd April

      The theory is, Dark_AleX woke up to his alarm (clock) showing the 33rd march at 3:33 o’clock. But this is just a legend, haha.

  9. Hudavendigar says:

    One thing to add is that the PSP keys were discovered thanks to work done in the PS3 scene.

  10. PspJunkie says:

    What? No shout out to Freeplay? Lol!!!

  11. SwoRNLeaDejZ says:

    I am thoroughly enjoying this hacking series. Keep up the great work! Couple things that weren’t really touched on in either PSP article were the importance of 5.03 GEN firmware, and I would have also liked a quick breakdown of what the cIPL is and how it works.. Otherwise, awesome post, awesome series, awesome blog, as always. Love reading new posts here ;)

  12. poop34244 says:

    The ps vita as the same security as the ps3 good like hacking that. psp was easy to hack

  13. poop34244 says:

    I mean The ps vita as the same security as the ps3 good luck hacking that.

  14. Peter Chavéz says:

    Hey great story, but do you remember the Undiluted Platinum Modchip? It helped me unbrick my PSP several times :-)

  15. ivo says:

    hi, im still missing something for psp specially on vita :)
    a psplink plugin tutorial with nethostfs and specially a tutorial for the vita

    thanks and cheers :)

  16. ivo says:

    or a remotejoy lite with nethostfs tut
    thanks

  17. ivo says:

    psplink wifi
    http://forums.qj.net/psp-development-forum/52589-psplink-wifi-working-install-tutorial.html
    or more precise
    howto load psplink wifi in 660 mode as eboot or as plugin

    how do i compile for 660 ? ALLREADY RUN psptoolchain666 with ebootsign by op

    but cant figure out the compile for 660 :/

  18. ivo says:

    BUT WHAT ABOUT NETHOSTFS … is this nethostfs just the same and how does psplink vs wifihost vs nethostfs vs remotejoy behave in 660 mode if all at once as plugins ?
    i guess eboot eight right ?

  19. osumaniac says:

    I joined this site when 5.55 firmware came out, a year later patapon exploit was made, which allowed me to finally start playing games. Fun times :)

  20. Davee says:

    Also, for clarification I also found the psheet exploit for ChickHEN. Still think you’re missing out on pandora a little hah.

  21. G0l3m says:

    I have to second that. Davee found the exploit, gave it to some1 and he made the downgrader.

    Still have the screenshot when HEN got released and the big drama when it failed the first day :-D Good old times

  22. Frezzno says:

    Oh man I’m crying… This article is so great. Total_Noob forever. I remember how I sat with my PSP3000 every day waiting for a good CFW. How I every time need to boot patapon to do some fun. Today my PSP3000 still run on PRO-B10. Without Total_Noob it wouldn’t even be a PRO. I am so relived that Total_Noob and Coldbird can shake hands today.

  23. DS_Marine says:

    My two cents about Pandora:
    Sony’s designers added a way to boot up the PSP even if flash0 was messed up, so the service dudes could repair the psp in case a firmware update somehow falied.
    The PSP’s battery has a small microcontroller inside it.(as most notebook’s batteries do)
    When you place the battery in your PSP, the logic inside the psp will instantly communicate with it, and request the serial number of your battery (and maybe some other stuff, since the battery’s dump was 256 bytes long).
    IF your battery returns the magic number (0xFFFFFF) then the PSP would load its operating system from the memory stick instead (and it would also auto-power on without you using the power switch).
    Of course, your memory stick had to have the right files in order to boot, and also it needed a modification in its partition table/boot record in order to work (there was an mspformat utility for doing that)
    I suppose some really clever guys figured out this system was in place by reverse engineering the kernel PRXs, or the information leaked out from some Sony employee that went rich by selling batteries and memcards.
    There were some cool utilies made by hellcat for mangling your battery and recover some other vital stuff (like some usb idstorage stuff)
    Cool stuff: your psp could be used to write to the battery and convert any battery to pandora. They removed the ability to write to battery somewhere in psp 2000 models (but still they reacted to pandora batteries). PSP3000 doesn’t even react to pandora batteries, which makes me think that if that they closed this door for psp3000 then maybe they put another system in place to boot from MS, and it’s there waiting for us to discover… maybe communication over the audio remote serial interface? who knows…
    Oh and in theory you could connect that battery pin to the parallel port of a pc and emulate the pandora battery, but I never heard of someone doing that.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding