Gaming Some PSP arent fully hackeable, but...

The Composer

The Composer

Well-Known Member
OP
Member
Level 3
Joined
Sep 13, 2009
Messages
291
Trophies
0
Age
33
Location
Chile
Website
www.youtube.com
XP
314
Country
Cote d'Ivoire
We all know that PSP 1000 models are fully hackeable, while 3000 models arent.

My question is about the unhacked models. Why arent some 2000 and higher models moddable?


Because its already proven impossible, or is it because no one knows how to do it yet?


Im asking this because I remember the PS3 wasnt hacked for a while now, but no one said why. I thought that it was because no one bothered on that, but later someone did.



Opinions?
 
xist

xist

ΚΑΤΑ ΤΟΝ ΔΑΙΜΟΝΑ ΕΑΥΤΟΥ
Member
Level 7
Joined
Jul 14, 2008
Messages
5,859
Trophies
0
XP
984
Country
cpus.png


This is an explanation of the security that was added in TA88v3

When the PSP boots, the boot code (aka pre-ipl or ipl loader) loads the ipl from either the nand or memory stick. The IPL is split into pieces of 0x1000 bytes.

The First 0xA0 bytes of each block is a header for the kirk hardware command 1. It contains keys,
the size of the cipher data, and two hashes, one for part the header itself, and another one for the body. The 0xF60 remaining bytes are the ciphered body, which will decrypt to 0xF60 plain bytes... if the hashes, which are checked by kirk hardware itself, are OK. (Note: ciphered body can actually be less than 0xF60, in this case, remaining bytes are ignored... before TA88v3) For the first exploit and Pandora, the security of kirk hashes was destroyed by a timing attack, and the IPL became unprotected.

What has Sony added to fix this?

The answer can be found in 4.00+ slim ipl's. They decreased the size of the ciphered body to 0xF40 to leave 0x20 bytes at the end of each block (at offset 0xFE0).
As stated before, these remaining bytes are ignored... in pre-ipl's of psp's prior to TA88v3, and in fact, they can be randomized and ipl will still boot in those psp's. In newest pre-ipl's, these 0x20 bytes have a meaning.

The first 0x10 bytes is an unknown hash calculated from the decrypted block. It is deduced that it is calculated from the decrypted block and not the ciphered one due to the fact that 4.01 and 4.05 have a lot of ipl blocks in common, which, when decrypted, are similar, but they are totally different in its encrypted form. In these two ipl's, this hash is same, as seen in the picture

The second 0x10 bytes seem also to be dependent of the decrypted body (maybe dependent of the previous 0x10 bytes too?). In the picture it can be seen that they are different in 4.01 and 4.05, but they can actually be interchanged, you can move those 0x10 bytes from the same block in 4.05 ipl to the 4.01 ipl and it will still boot; however it cannot be randomized.

This protection also destroys any possibility of downgrading below 4.00, as these new cpu's won't be able to boot previous firmwares ipl's.

Summary: basically, all security of newest psp cpu's rely on the secrecy of the calculation of those 0x20 bytes. If the pre-ipl were somehow dumped then we could probably work out IF a Pandora could possibly work. It doesn't guarantee a CFW, but tells us whether one is possible.
 
S

soulo.kun

Active Member
Newcomer
Level 2
Joined
Dec 22, 2010
Messages
28
Trophies
0
XP
179
Country
xist said:
Summary: basically, all security of newest psp cpu's rely on the secrecy of the calculation of those 0x20 bytes. If the pre-ipl were somehow dumped then we could probably work out IF a Pandora could possibly work. It doesn't guarantee a CFW, but tells us whether one is possible.
Click to expand...

Lost.... well.. basically he's right.. Motherboards TA-088v3 and above cannot be fully hacked and will depend on what firmware you're using (That includes the PSP Go)

Don't be sad though... there's a hen for PSP ver. 6.20 anyways.. there's still a chance that a CFW can be created to partially MOD the psp without Overwriting/writing stuffs on the flash..
 
8BitWalugi

8BitWalugi

Taiyohhhhhh!
Member
Level 9
Joined
Mar 22, 2008
Messages
3,468
Trophies
1
Location
Side 7
Website
www.twitter.com
XP
1,636
Country
Australia
soulo.kun said:
xist said:
Summary: basically, all security of newest psp cpu's rely on the secrecy of the calculation of those 0x20 bytes. If the pre-ipl were somehow dumped then we could probably work out IF a Pandora could possibly work. It doesn't guarantee a CFW, but tells us whether one is possible.
Click to expand...

Lost.... well.. basically he's right.. Motherboards TA-088v3 and above cannot be fully hacked and will depend on what firmware you're using (That includes the PSP Go)

Don't be sad though... there's a hen for PSP ver. 6.20 anyways.. there's still a chance that a CFW can be created to partially MOD the psp without Overwriting/writing stuffs on the flash..
Click to expand...
This was just un-necessary.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Gaming  I need help regarding the downloading of my PSP games.

two psp questions (1000 model)

Yu-Gi-Oh! GX Tag Force Power of Chaos music mod

PSP 3004 in short?

PSP 1000 not turn on, no power led light

Homebrew  PSP plugin to persistently lock the CPU clock to a specific speed?

PSP 1000 STAY GREEN LIGH WHILE TURNED OFF

Gundam AGE: Universe Accel/Cosmic Drive Translation (Recruiting)

General chit-chat
Help Users
  • BakerMan @ BakerMan:
    iu
    +1
  • BakerMan @ BakerMan:
    first of all, i don't watch those kinds of videos, and if i did i'd pull a verbalase 50k but with wizards and wario
     +1
  • BakerMan @ BakerMan:
    second of all, i don't even have a 3ds
  • BigOnYa @ BigOnYa:
    OnlyWizard&WarioFans.com
     +2
  • BakerMan @ BakerMan:
    i just want a wizard to stick his wand (whether literal or figurative is up to interpretation, either way it's either freaky or sus, or both i guess) up my ass
  • BigOnYa @ BigOnYa:
    I'm making Texas sheet cake for first time today, my Nieghbor brought us some few weeks ago and damn that's good, so I got her recipe and gonna try it today.
  • BakerMan @ BakerMan:
    mmm, sounds good
  • BigOnYa @ BigOnYa:
    Its not a brownie, and its not a cake, so what is it- Texas sheet cake.
  • BigOnYa @ BigOnYa:
    I tried making chocolate lava cakes the other day in cupcake pan, what a mess, my lava exploded out of the cakes everywhere while baking, was still ok tho, just no lava inside.
  • BigOnYa @ BigOnYa:
    We had our grandkids over yesterday and I got a small above ground swimming pool I filled for them to play in. Well today I woke to find 3 ducks swimming around in it. Don't mind really but they are annoyingly loud, quack quack. Gotta drain it today. Guess what were having for dinner, lol.
     +1
  • BakerMan @ BakerMan:
    lol
  • AncientBoi @ AncientBoi:
    :O
  • AncientBoi @ AncientBoi:
    BBQ'd 🦆
     +1
  • BakerMan @ BakerMan:
    also i'm sorry your molten lava cakes failed
     +2
  • BakerMan @ BakerMan:
    just looked up a pic of texas sheet cake, and it looks delicious
     +1
  • AncientBoi @ AncientBoi:
    🌋 Science Project?
  • BakerMan @ BakerMan:
    i think i might need to try making lava cakes for the 4th of july fr
     +2
  • BigOnYa @ BigOnYa:
    I used butter instead of vegetable oil, and think that's why they squirted out during baking, who knows
  • BakerMan @ BakerMan:
    yeah i think oil is the right call
     +1
  • BakerMan @ BakerMan:
    plus if you're making brownies or lava cakes for people with dairy allergies, you should use oil instead of butter anyway
     +2
  • ZeroT21 @ ZeroT21:
    @BakerMan Make me a space cake plz
  • BigOnYa @ BigOnYa:
    I make rum cake for 4th July every year, I make it a week prior and then soak it in rum in the fridge all week. I flip the cake each day, and add little more rum, it soaks it up everyday, so good.
     +2
  • BakerMan @ BakerMan:
    sorry, idk what you mean by a space cake, and even if i did, i'm not really taking requests right now, because otherwise people will get mad at me for taking a request but not making a birthday cake for @Xdqwerty (i'm sorry for that btw bro)
  • ZeroT21 @ ZeroT21:
    @BakerMan lies, you just want to smoke it

    :rofl2:
  • ZeroT21 @ ZeroT21:
    Guess all the food in my fridge can knock out a cow or two
    ZeroT21 @ ZeroT21: Guess all the food in my fridge can knock out a cow or two