[Released] JigKick for PSP-2000 (TA-088v3 supported)

[frostegater]

Sorry. Thit JigKick not worked in PSP 100x. For worked this card in PSP 1000, need special IPL.

Advertising

[devshelper]

Can somebody experienced open a new topic explaining what does that do and why it is useful?

Advertising

[wololo]

Can somebody experienced open a new topic explaining what does that do and why it is useful?

I'm explaining in a fairly detailed way (non technical) here: http://wololo.net/wagic/2011/07/08/pand ... -the-wild/

[frostegater]

Decrypting JigKick 5.02

MemoryStick ID(msid) = key for decrypting *.enc files from JigKick

tag: 0x2D454353
key: 0x20, 0x4D, 0x53, 0x50, 0x53, 0x4E, 0x59, 0x30, 0x00, 0x78, 0x88, 0x84, 0xC6, 0xAA, 0x00, 0x00
scramble code range: 0x40 - 0x6F

[TioSolid]

Obvious question here: NO WAY to change the memory stick ID without low level tsop flashing right?

[usuariox]

Obvious question here: NO WAY to change the memory stick ID without low level tsop flashing right?

Yes. May be if You wait you can buy a Chinese Memory Stick ready with the ID flashed.

[danielt3]

I'm right now satting and starting to try something: I will try to use Windows' low level DeviceIOControl calls to read the service area in the memory stick. Do you think this method has any chance to work?

[ErikPshat]

I'm right now satting and starting to try something: I will try to use Windows' low level DeviceIOControl calls to read the service area in the memory stick. Do you think this method has any chance to work?

Programmatic access to the Nand memory controller provides. Need to know what type of controller used in MSPro DUO. Then, under such controllers need to find a program, probably from the manufacturer, with the help of this program you can manage it, that is, read and write data.
But usually this method is suitable for USB-flash drives, and actually broke their long, read the serial number, PID & VID and so on.

But I do not know of any way to programmatically change the data in the service area Nand memory MS. The controller does not have his memory, so it reserves the service area and stores in memory chip Nand (TSOP-48).

So we went to a more complicated way ...
We reveal the card, unsolder Nand memory (usually a chip Hynix HY27UH08AG5M 2GB or equivalent), then grab the dump through the programmer.
In this chip, the area MSID is in second bank in the range 07FFC4-07FFC5 (this one page = ((512+16) x 4)). This 2GB Nand has 2 banks of 1GB. Then change the dump and back stitches MSID in Nand.

+ Hackable memory card is not original

+ The original card will not work

They have a controller, Nand memory and board are in one monolithic package.
They do not have datasheets or to find a programmer.

MSID_Damper can read MSID and to him a source code (attached in arhive).
There are interesting lines:

Code: Select all

ms_drv.h:

int pspMsWriteSector (int sector, void * addr);

ms_drv.c:

OVER_WR_FLAG_REG     (0x16)

I can not understand how to use it.
So I asked on the previous page about the possibility of write-back.

[Chris10Lyn]

is it ok to post a pic or link of this NAND Flash TSOP-48 programmer.?

[ErikPshat]

is it ok to post a pic or link of this NAND Flash TSOP-48 programmer.?

List of supported chips
Info for No Name MS
Buy