# Unbrick PSP 2000/3000 Systems - Pandora Battery Style! [Hardware Jig Required]



## Jayro (Jan 21, 2021)

​_"The Pandora Battery was probably the most important release of the PS hack scene: a simple hack of the PSP battery, allowing the console to enter service mode. And from there tinker with the device, in particular to install and run custom firmwares, or flash a clean firmware on a bricked PSP.

But Sony fixed the PSP’s service mode process with new hardware revisions, making the Pandora battery useless on newer PSP Slim (PSP 2000) and all PSP Brite (PSP 3000) models. There were a few attempts at making Pandora work on these models (Datel at some point famously announced the Blue Lite tool, allegedly a Pandora battery for all PSPs, but the hacking device was never released).

More than a decade later, developer khubik and a bunch of other hackers on PSPx.Ru have just released Baryon Sweeper, a tool that finally makes a Pandora-like process possible on most (possibly all in the near future) PSPs.

The process is not for everyone, as it involves tinkering with a bit of hardware to create your own “advanced” Pandora Battery with an Arduino, and download some files that might or might not be based on Sony copyrighted material.

Nonetheless, people who have tried it confirmed that it works, and the list of contributors is impressive, for anyone who’s known the PSP scene for a while. This tool might not be for everyone at the moment (also, nobody would blame you at this point if you threw away, or sold, a PSP 3000 you bricked more than 10 years ago), but it’s possible we’ll see people starting to sell more “customer friendly” versions of the battery, or entrepreneurial folks might want to start buying bricked PSPs on eBay to try and revive them."_


*Baryon Sweeper Credits*
Khubik credits the following people for the release (google translated from russian):


M4j0r – help with the operation of the Voltage Fault Injection Siskon glitch;
Wildcard, Sean Shablack – Glitch exploitation and siskon dump;
Proxima – reverse engineering of the Siskon firmware, a script for generating responses to authentication requests;
khubik – battery emulator code, script port for generating responses, interface design;
dogecore – port of the script for generating responses, repairing streams, interface code;
Mathieu Hervais – homebrew code decrypt_os2, decrypt_sp;
SSL / Zerotolerance – reverse encryption capability for decrypted files;
zecoxao – decrypt_os2 and decrypt_sp ports on the PC, provision of boards, help in the port of the script for generating responses;
Yoti – improvements to decrypt-sp, instructions for creating a service card from a dump, MSID Dumper, PSP-3000 for tests (<3), participation in the Pandora PSP-3000 hack topic;
EriKPshat – useful information about JigKick, participation in the Pandora PSP-3000 hack topic, instructions for creating Pandora’s kits, assistance with design;
Boryan, lport3, dx3d, stasik007 and many more from the Pandora PSP-3000 hack theme – battery and PSP communication records, communication protocol reverse engineering, hardware schematics for communicating with PSP and much more

Source: wololo.net


----------



## Jayro (Apr 7, 2021)

1,000 views, and zero comments except for my own... Absolutely _stunning _discussion we're having.


----------



## Julie_Pilgrim (Apr 7, 2021)

Jayro said:


> 1,000 views, and zero comments except for my own... Absolutely _stunning _discussion we're having.


What a great discussion, remember when [REDACTED] said [NOT AVAILABLE]


----------



## urherenow (Apr 7, 2021)

No discussion because it's a dead console. I hadn't touched mine in so long that I noticed 2 years ago (after moving back to Japan) that both my PSP1001 and PSP3000 had swollen batteries. I was shocked and relieved that everything I own didn't go up in flames. I purchased a new battery for both, made sure they still turned on, and that's the last I ever touched them. I have a pandora battery and pandora memory card, but this new thing is way too much work.


----------



## Jayro (Apr 7, 2021)

urherenow said:


> No discussion because it's a dead console. I hadn't touched mine in so long that I noticed 2 years ago (after moving back to Japan) that both my PSP1001 and PSP3000 had swollen batteries. I was shocked and relieved that everything I own didn't go up in flames. I purchased a new battery for both, made sure they still turned on, and that's the last I ever touched them. I have a pandora battery and pandora memory card, but this new thing is way too much work.


I'm sure both of my batteries are swollen AF, as I haven't touched either PSP in over a decade.


----------



## Garirry (Apr 7, 2021)

It's a very interesting project actually. I had a PSP 3000 that I bricked by failing to installing Infinity (the old version) which I replaced the motherboard, but that damaged the display and bottom buttons. I still have the motherboard but I don't see any practical way to restore it into hardware. That being said, with Infinity 2.0 out I can't see any setup to brick a system, so the purpose of this may be limited.



Jayro said:


> I'm sure both of my batteries are swollen AF, as I haven't touched either PSP in over a decade.


The batteries for the console are terrible. It's probably best to remove them from the system whenever you're not playing, and charge them periodically.


----------



## Jayro (Apr 7, 2021)

Garirry said:


> It's a very interesting project actually. I had a PSP 3000 that I bricked by failing to installing Infinity (the old version) which I replaced the motherboard, but that damaged the display and bottom buttons. I still have the motherboard but I don't see any practical way to restore it into hardware. That being said, with Infinity 2.0 out I can't see any setup to brick a system, so the purpose of this may be limited.
> 
> 
> The batteries for the console are terrible. It's probably best to remove them from the system whenever you're not playing, and charge them periodically.


Yeah, I plan on removing the UMD drives and adding one large battery in its place. (with the proper protections for charging of course).


----------



## zfreeman (Jun 18, 2021)

https://yyoossk.blogspot.com/2021/04/psp10003000baryon-sweeper.html


----------



## Ryccardo (Jul 27, 2021)

Really nice to see they did it!

For historical context: maybe 8 years ago, the official service software (in the picture) was technically leaked, people on the pspx.ru forums did try getting it to work but it has DRM linking it to the serial number of the memory stick; very enterprising people figured out that you could "disassemble" a Sandisk memory stick to change it in the raw nand directly and "that was enough" to use it on new bootrom 2000s, but the item being discussed here is the first actual crack of the software coupled with (more or less accurate) emulation of the official "pandora battery", which isn't a battery in the first place!


----------



## Jayro (Jul 27, 2021)

Ryccardo said:


> Really nice to see they did it!
> 
> For historical context: maybe 8 years ago, the official service software (in the picture) was technically leaked, people on the pspx.ru forums did try getting it to work but it has DRM linking it to the serial number of the memory stick; very enterprising people figured out that you could "disassemble" a Sandisk memory stick to change it in the raw nand directly and "that was enough" to use it on new bootrom 2000s, but the item being discussed here is the first actual crack of the software coupled with (more or less accurate) emulation of the official "pandora battery", which isn't a battery in the first place!


Okay, now explain why this is important to an end-user like myself.


----------



## zfreeman (Jul 27, 2021)

I'm pretty sure this means we can unbrick all softbricks, as this allows reflashing even the bootrom. Does that sound right, @Ryccardo?


----------



## Ryccardo (Jul 27, 2021)

Jayro said:


> Okay, now explain why this is important to an end-user like myself.


You know what a pandora battery is? (any battery with the maximum serial number, FFFFFFFF, that causes every 1000 and earlier 2000s to boot from memory stick instead of nand)

Well, consider that an accident (even though really it's not), like the unlocked usb boot on "2017" Switch, as the official implementation is more complex - this project is a successful clone of it, at least for certain motherboard models (each of them needs a destructive process to dump their firmware, so not all of them are implemented)

This release is basically 2 things in 1 - a tool to sign the official recovery image for any memory stick, and another to emulate the official service battery - so the final result is the official reinstallation tool running on the console...

...so nothing special for *users*, more so for enthusiasts and *ex-users* who bricked 

More specifically it can fix a non-pandora 2000 and some early 3000s, for now



zfreeman said:


> I'm pretty sure this means we can unbrick all softbricks, as this allows reflashing even the bootrom. Does that sound right, @Ryccardo?


If you mean the IPL (bootrom comes earlier and is not on nand), most likely yes; no idea if it will deal with partition table or idstorage corruption...


----------



## Jayro (Jul 27, 2021)

Ah, okay. It's been years since I touched my modded PSP systems. Thanks for clarifying.


----------

