Neoseeker.com Forum Thread: A Technical Explaination of Whatever You Want - page 1

reprinted from http://www.neoseeker.com/forums/
original thread: http://www.neoseeker.com/forums/23172/t1370561-technical-explaination-of-whatever-you-want/


Author:   Luigi Panache
Date:   May 31, 09 at 1:05am (PST)
Subject:   A Technical Explaination of Whatever You Want
-------------------------------------------
So What the 0xFFFF is a Pandora Battery?

I'm sure if you've even done five minutes of Googling about Custom Firmware, you've heard of the Pandora Battery. But what exactly is it, how does it work, and what does it do? I'll explain.

The Battery Itself

Inside every high-quality PSP Battery (like those made by Sony) is a computer chip called the EEPROM. EEPROM stands for Electronically (or Easily) Eraseable Programmable Read-Only Memory. This is the chip that lets us turn a battery from a normal battery to a Pandora battery.
A Pandora battery, to put it simply, is a battery that has the first sixteen bytes of its EEPROM set to on. The serial number of the battery when read by the PSP is 65,536 (please correct me if I'm wrong.) This is the highest possible serial number a battery could have.

So it's Got a Big Serial Number, Who Cares?

Well, this little serial number can change the way your PSP works quite a lot.
When the PSP first turns on, before it's loaded its firmware from its internal memory (NAND) chip, it looks at the battery. Why the battery? Because Sony though no one would ever look there. If the battery has a serial number anywhere from 0 to 65,535 it'll boot from its internal memory. However, if it finds the battery has that special serial number it takes another course of action.

Pandora Found, Now Booting

The PSP will look at the inserted MemoryStick (if there is one) for a file at the root of the MemoryStick called MSipl.bin. This stands for MemoryStick Initial Program Loader. Only a Magic MemoryStick (as they are commonly called) contains this file and all the others required.
Inside this MSipl.bin file are instructions for where to boot from. When Sony technicians are fixing a bricked PSP, they make this file tell the PSP to load a "Back-up" firmware saved on the MemoryStick. This temporary firmware has the ability to re-install firmware onto the PSP's internal memory, thus fixing the PSP.

Yes, Yes. But How Does This Help Me Hack My PSP?

Well, what if we decided to tell the PSP to boot not from some Sony firmware, but from a different firmware not made by Sony? It could be an installer that didn't write a Sony firmware on the internal memory, but a better, Custom Firmware instead! This is exactly what Dark Alex's Despetar Del Cementrio programs do. They load a firmware capable of installing custom firmware onto your PSP.

So After All That I've Got Custom Firmware?

Yes, after all that you do!

Please keep in mind that the newer PSP-3000 models, as well as the PSP-2000 models with version TA-088v3 motherboards have extra securities implemented by Sony to make the loading of an un-encrypted MSipl.bin file impossible. This prevents installation of a custom firmware, as well as the running of a custom firmware on these models if written to a PSP's NAND. Additionally, the PSP-3000 does not use a typical Pandora battery to boot into service mode. It instead requires a different battery with an advanced cryptographic chip.




Author:   Luigi Panache
Date:   May 31, 09 at 1:06am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
Did my PSAR Just Take a Dump on my PSP!?

You may have heard about PSAR Dumper, and how Dark Alex et al always ask you to use it to get Sony files that you're not allowed to distribute online. But what exactly is PSAR Dumper, and what can you use it for? I'll explain,

Think of a Fez: File Encrypted and Zipped

When Sony gives out their updates to your PSP's Firmware (which have been a little lacking in features lately) they make it in the form of an EBOOT. Now, I don't want to get into the nitty-gritty of EBOOTS right now, I'll get to that at a later time. For now, just think of it as a Setup.exe file on your computer.
Of course, this file includes all of the files contained in the new firmware it plans to install. It simply has to, or else installation would be like importing a CD without the CD! However, Sony has placed file encryption and packaging to put all the files for the program in one convenient little package. This also prevents any would-be hackers from seeing what's inside the EBOOT and learning too much. Still, we have a trick up our sleeve!

So what's a PSAR Dumper?

The PSP has a little microchip dubbed Kirk that handles decryption of this data. Sony has kept the way Kirk works under wraps, and figuring out how Kirk works is a difficult task in itself. It requires reverse engineering of the microchip and adjacent motherboard. Good luck with that, homebrew community!
Now, Sony's updater program has no problem using Kirk to retrieve the firmware files it needs. Peeling apart Sony's update EBOOTS revealed the code Sony uses to decrypt data via Kirk. This code is in every release of PSAR dumper.

Legal Issues

The files contained in the update EBOOTS are under copyright by Sony. You cannot distribute them, nor can you modify them. Thus, if you need the version.txt file in firmware 5.03 to say, spoof that you have a higher version firmware, you need to get the file yourself.
This is what PSAR dumper is used for. Using the Sony code, the PSAR dumper uses the encryption tables (sets of values to decode data, think of it like a really long password) to decode the firmware data. Instead of putting it in your Flash0, (a NAND partition of your flash memory) it saves it to your MemoryStick.
Now you have the data you need, and you did it legally!

I Have the Data, What is it Used For?

Well, the firmware files are used for a lot of things. Some plugins like CXMB and PopsLoader work better with firmware files on the MemoryStick (installed where the manual says, of course.)
It's also good if you're curious as to how the heck your firmware actually works. Whatever you use them for, have fun and keep on dumpin'!



Author:   Luigi Panache
Date:   May 31, 09 at 1:07am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
PSP 3001: A Sony Odyssey

So I'm sure by now you've heard people tossing around the terms Phat (or Fat) PSP, Slim PSP, and Brite PSP. All over the internet, people say they have different strengths and weaknesses. Well, I'll take a look at each of them, in order of release. So, let's start!

1001 Ways to Hack a PSP Phat

This, my friends, is a PSP Model 1001-1004; dubbed the PSP Phat by the homebrew community.


This was the first PSP, released by Sony in North America on March 24, 2005. It has two CPUs that can reach 333 mHz, a GPU that can reach 166 mHz, and 32 MB of RAM. It also has an unused IR Port that homebrew can access.
If you have a Phat PSP, and you want custom firmware, then you're in luck! The Phat PSP comes with virtually no security. A Pandora battery and Magic Memory Stick will work 100% of the time. Also, as long as your Firmware version is under 5.04 you can run a HEN (Homebrew ENabler) and then a Custom Firmware installer.

The Phat PSP does have an IR Port that can be used as a Universal Remote. It is bulkier than its newer brothers, but with that bulkiness comes a protective metal housing for the LCD Screen, so it can withstand a few falls. The speakers for the Phat are placed underneath the PSP, beneath the Home Button row. The PSP does not have as much RAM as its brothers as well, and some newer Homebrew applications don't run as fast on a Phat thus.
Still, if you can get a Phat they're cheap and get the job done! I myself had one for years, until one day when I was fixing its speakers I accidentally broke the connection to the screen. So, a hundred seventy dollars later I got a Slim.


Slim Phast!

And here is the PSP Slim:

The PSP model 2001-2005(?); dubbed the PSP Slim, was released in North America on September 6, 2007. It has the same CPU and GPU specifications as the PSP Phat, twice the RAM (64 mb), and it does not have an IR Port. Sony has changed the Serial I/O port on the Slim so that it can support Video Out functions. Unless you use a special plugin called FuSa, you'll need to have a TV that can support progressive scan to play games on your giant TV.
If you want Homebrew for your Slim, you'll need a bit of work. On older Slims, with motherboard models below the TA-088v3, the current version of Despertar Del Cementerio (the Pandora-run installer of Custom Firmware by Dark Alex) will work. You can use a Slim Pandora battery, or a Phat battery. However, the newer TA-088v3 motherboards cannot load a custom firmware, due to newer encryption installed by Sony. If you use a HEN to change the internal Flash0 to boot (not run) a custom firmware, you will brick your PSP. So, just use HEN for homebrew please!

The Slim is noticeably lighter and thinner than a PSP Phat. The first time I held one, I was worried that I'd break it. However, after a while I found that I liked the feel of it, and whenever I hold a friend's Phat I think, "Holy crap, this is heavy!" Still it depends on your own personal taste.
The PSP Slim has twice as much RAM as the Phat, and can thus run a few programs a little faster. Sony has also created a UMD cache so that the extra RAM holds some of the already accessed UMD data. This allows the PSP to save some power by loading data from the RAM instead of from the UMD. The Slim and 3000 both support VOIP through the popular internet telephone client Skype. The Phat does not, sadly. The Slim has a pop-out UMD tray, unlike the Phat, and has its Wi-Fi switch on top of the PSP, where the Phat's IR port is. The Slim has no IR port.

If you have a hackable PSP Slim (here's a hint, it's mostly the black ones that could have the TA-088v3! The Silvers are all hackable!) then you will enjoy it. If you want a meatier feel, then the PSP Phat is the one for you. Regardless, it's a PSP!


The Good Ol' Lite and Brite!

The lower one is the latest released PSP from Sony, in comparison with the Slim on top:

The PSP model 3001-3005(?); dubbed the PSP Lite & Brite was released on October 14, 2008 in North America. It has the same CPU and GPU Speeds as the Phat and Slim, and has the same amount of RAM as the Slim (64 mb), and does not have an IR Port. It also has a built in microphone next to the PSP logo at the bottom of the screen, and the Home Button has been replaced with a PS Button. The Serial I/O Port is the same as the Slim's.
The PSP 3000 was first packaged with firmware version 4.20 from Sony. As long as your 3000's firmware is under 5.04, you can use the latest HEN to run Homebrew. There is no current Custom Firmware that can boot on a 3000, for the same reasons as the TA-088v3 Slims. You can use Custom Firmware Enabler when the new 3000-compatible version comes out.
Datel got everyone's hopes up a little while back when they announced they had the "Lite Blue Tool Battery" that could boot the 3000 to "service mode" using an "advanced cryptographic chip." (Service Mode is the state a PSP goes in when you put a Pandora Battery in it.) Sadly, this battery was of little use to anyone as there was not and is not to this day) a tool that will boot a 3000 from service mode.

When Sony first put out the 3000, they announced that it would, quote "[have] an improved LCD screen with an increased color range, five times the contrast ratio, [and] half the pixel response time to reduce ghosting and blurring effects." They didn't mention that the pixels on the LCD screen would be in horizontal rows instead of vertical rows like the previous models' screens. This means that on games that use little graphical tricks to make the games looks smoother (mostly a lot of 2-D side-scrollers) you can see scan lines across the screen. I've never actually seen a PSP 3000 in real life, but I've heard they're only noticeable during high-movement scenes and if you hold the screen really close.
A big benefit of this new screen is that you can see it in clear daylight. If you've ever tried playing on your Phat or Slim outside, I'm sure you've noticed it's near impossible to see in sunlight. The 3000 removes this limitation.

The new screen drains battery power much more than the previous models. However, Sony has said that other components on the motherboard use less power to balance this out. Also, the PSP 3000 has a new battery type with a new Lithium-Ion cell structure that yields 4800 mAh (milli-amperes per hour). For comparison, the Phat comes with a 1800 mAh battery, and the Slim comes with a 1200 mAh battery. The extended life battery (of which I am one of the lucky few to use on his Slim) has 2200 mAh. In the end, the PSP 3000 has the same battery life as a PSP Slim with its original battery.

So, if you just want a little Homebrew, and you're patient to wait for the encryption to be cracked then the 3000 is for you! It's also a good choice if you want to play outside a lot, and if you like brighter colors.

Well Go! Get One (Oh Wait, They're Not Out Yet...)

This is a pre-release picture of the yet to be out PSP Go!:


The official way of naming this newest PSP according to Sony is either PSPgo or PSP go, but I saw PSP Go! one time and I like it much better. So from here on in I'll call it the PSP Go!.
The newest announced PSP from Sony, dubbed the PSP Go! by me, is scheduled for release on October 1, 2009. It has model number PSP-N1000, and will most likely follow the same region number scheme as the 3000.
The PSP Go! most likely has the same CPU, GPU, and Wi-Fi specifications as the 3000, but it also has a few major changes. Namely, there is no longer a UMD drive on the Go!. Instead, the Go! comes with 16 GB of memory built in. This can be doubled by inserting a 16 GB Memory Stick Micro into the MSM (Memory Stick Micro) slot. Thus, all your purchases of games will; have to come from the PSN (Playstation Network) Store. Additionally, the PSP Go! features a built in Bluetooth connection. As you can see from the picture above, the PSP Go! has a sliding screen, but no touch screen. It is "43% lighter and 56% smaller than the original PSP [Phat]" according to Sony. The screen is also slightly smaller than the other PSP models, at 9.65 cm (3.8 inches) compared to the older models' 4.3 inch (10.922 cm) screens.

As far as it comes to homebrew on the PSP Go!, we will have to wait for its release. One would assume the security on the Go! is equal to or greater than the security on the 3000. Additionally, it is almost certain that the Go! will come pre-packaged with a firmware above the current exploitable ones.

If you do plan on getting a PSP Go!, then you are very patient for, or do not want homebrew. You have a sturdy internet connection for downloading games, and you want something a little more portable.

A section on the UMD and Memory Stick is soon to come.



Author:   Luigi Panache
Date:   May 31, 09 at 1:07am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
[Take a Wild Guess]



Author:   Luigi Panache
Date:   May 31, 09 at 1:07am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
[Last One!]



Author:   StarJet
Date:   May 31, 09 at 1:41am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
Hmmm... Good idea. But I doubt you're gonna need so many reserved posts, though.



Author:   Luigi Panache
Date:   May 31, 09 at 1:53am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
Oh, I already have five more topics to write about, I just need time to write them.



Author:   StarJet
Date:   May 31, 09 at 4:15am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
What I meant was, I'm pretty sure you can put more than that much into a post.



Author:   Luigi Panache
Date:   May 31, 09 at 4:25am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
quote StarJet
What I meant was, I'm pretty sure you can put more than that much into a post.
I'm just planning far ahead, no worries.



Author:   Luigi Panache
Date:   Jun 06, 09 at 1:52am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
Updated.



Author:   StarJet
Date:   Jun 06, 09 at 2:29am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
Lol'd at the new title.
Creative.



Author:   Luigi Panache
Date:   Jun 06, 09 at 4:07am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
quote StarJet
Lol'd at the new title.
Creative.
Haha, I'm going to try and make all of them a sort of nerd joke. Do you get the first one?



Author:   StarJet
Date:   Jun 06, 09 at 4:17am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
I got the first one. But not many people will recognize the serial number of the Pandora.
The 2nd one is the epic one.



Author:   Luigi Panache
Date:   Jun 06, 09 at 4:51am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
Well, I wonder what to make a guide about next. I'm sure Ville won't let me do ISOs, so any suggestions?



Author:   Ville_Valo
Date:   Jun 06, 09 at 6:14am (PST)
Subject:   re: A Technical Explaination of Whatever You Want
-------------------------------------------
You know me too well.


Copyright Neo Era Media, Inc. 1999-2014.
All Rights Reserved.