“..yet.”
You may have noticed that DA’s site has been down for a while. Now that’s its back up, Dark_AleX has provided some details to the situation of unhackable PSP’s.
The technical stuff in the full article.
Quote: Dark_AleX
When the PSP boots, the boot code (aka pre-ipl or ipl loader) loads the ipl from either the nand or memory stick. The IPL is splitted into pieces of 0×1000 bytes.
First 0xA0 bytes of each block is a header for the kirk hardware command 1. It contains keys,
the size of the cipher data, and two hashes, one for part the header itself, and another one for the body. The 0xF60 remaining bytes are the ciphered body, which will decrypt to 0xF60 plain bytes… if the hashes, which are checked by kirk hardware itself, are OK. (Note: ciphered body can actually be less than 0xF60, in this case, remaining bytes are ignored… before TA88v3) FirThe security of kirk hashes was destroyed by a timing attack, and the IPL became unprotected.
What has Sony added to fix this?The answer can be found in 4.00+ slim ipl’s. They decreased the size of the ciphered body to 0xF40 to leave 0×20 bytes at the end of each block (at offset 0xFE0).
As stated before, these remaining bytes are ignored… in pre-ipl’s of psp’s prior to TA88v3, and in fact, they can be randomized and ipl will still boot in those psp’s. In newest pre-ipl’s, these 0×20 bytes have a meaning.The first 0×10 bytes is an unknown hash calculated from the decrypted block. It is deduced that is calculated from the decrypted block and not the ciphered one due to the fact that 4.01 and 4.05 have a lot of ipl blocks in common, which, when decrypted, are similar, but they are totally different in its encrypted form. In these two ipl’s, this hash is same, as seen in the picture:
Click to enlarge
The second 0×10 bytes seem also to be dependent of the decrypted body (maybe dependent of the previous 0×10 bytes too?). In the picture it can be seen that they are different in 4.01 and 4.05, but they can actually be interchanged, you can move those 0×10 bytes from the same block in 4.05 ipl to the 4.01 ipl and it will still boot; however it cannot be randomized.
This protection also destroys any possibility of downgrading below 4.00, as these new cpu’s won’t be able to boot previous firmwares ipl’s.
Summary: basically, all security of newest psp cpu’s rely on the secrecy of the calculation of those 0×20 bytes. If pre-ipl were dumped somehow, the security would go down TOTALLY.
Graphic summary
Source: Dark-AleX.org
Thanks Saging for the tip!
Similar Posts
Digg it
Stumble
Del.ico.us
Reddit
Newsvine
Add your link!
October 8, 2008 at 12:36 am
you need to brick it first then pandora mod it will work…=)
or m I just got lucky? or a bug
ta088v3 to 4.01m33-2 work.!
January 15, 2009 at 2:53 am
How to you brick a TA 88 v3 Mother Board?
I am curios now?
Thanks in advance for a response for a response.
February 21, 2009 at 10:12 pm
while installing a psp offical update when it reaches 24 percent and higher take out your battery know your psp is bricked
February 21, 2009 at 10:14 pm
does this realy work can someone please confirm this as i realy dont want to spend 20-50 dollars on psp games i have a psp slim 2003 and a psp slim 3000
thanks in advance
October 8, 2008 at 10:48 am
Do you mean you got 4.01 M33 on this unhackable TA88v3 motherboard? Do you have proof of this?
October 8, 2008 at 10:51 am
PSP 3000 is it impossible to hack?
after reading about the security update for the psp 3000.
October 8, 2008 at 2:32 pm
if psp 3000 cant be hack I dont think buy any PSP anymore. not need PSP without CFW.
October 8, 2008 at 3:01 pm
The PSP-3000 will most likely come with this motherboard.
October 8, 2008 at 5:50 pm
i thought sony went back to the hackable motherboards for the psp slim wasnt this motherboard in some slims
October 8, 2008 at 5:53 pm
Yea!.. but it will be use in PSP 3000
SAD!!!.. hope there is a way it could be hack..
i wont buy their games…
so expensive..
October 8, 2008 at 5:58 pm
For every action there’s a reaction.
For every un-hackable PSP there will come a very intelligent Engineer who will do it. Patience my young apprentice.
January 28, 2009 at 3:57 pm
Lmao nice one, so your telling me its a matter of waiting for my psp 2003 to be hackeD?
October 9, 2008 at 1:34 am
That is very true. Its just like any other hacks. They say its impossible and a couple weeks to months and they solved it. I can wait, I’m just probably going to upgrade from a phat to a slim in the mean time then. XD
October 9, 2008 at 5:22 am
Yea~..
i have faith in them coming out with a hack!
Will wait too!!
October 9, 2008 at 7:35 am
Ta088V3
do you proof of this CFW running on TA88V3 mobo? your reply will be highly appreciated. tnx!
October 9, 2008 at 3:46 pm
i dont think there is proof.. just wait for it to be out…
October 9, 2008 at 4:59 pm
how do you know if you get a TA088v3?
me? I downloaded and tried all the methods (dark-alex’s), and it wont work at all.
It says “The game could not be started (80020148)” at all time…
October 9, 2008 at 5:15 pm
i thought this only use in psp 3000…
maybe you ask your friends go to a shop…
October 10, 2008 at 12:41 am
does the mother board come with ever psp3000?
October 10, 2008 at 4:17 am
Apparently so…
October 12, 2008 at 8:58 am
remember when everybody when everybody thought the psp would be unhackable just it give time
October 12, 2008 at 9:02 am
i have been following
dark Alex and i trust his decision and i know hes the type of person who wont give up.
October 13, 2008 at 1:28 am
i think that every psp can be hacked including psp 3k. all you need is DC7 and 4.01 m33-2 or later
October 13, 2008 at 3:25 pm
It will be out TMR!!!!!!
COOL!!~…
HOPE IT WONT BE THIS MOTHERBOARD!!!..
^^
October 14, 2008 at 10:46 am
I did a search on google trying to find answers for the same question. I ended up totally confused by the firmware versions, tools needed. In the end,I bought a PSP 2000 from http://www.yeedong.com, which plays backed up (copied) games out of box! The psp also comes with bundled games. What a bargain!
Enjoy your PSP!
October 15, 2008 at 2:11 am
This sucks ive been reading around for a hack…I have the new god of war psp edition to see if it is hackable. Has anyone hacked this psp yet if so i really need the help
October 16, 2008 at 9:23 pm
i have the god of war psp hacked with cfw 4.01 m33-2. here is link to how i did mine. http://www.psp-hacks.com/forums/f133/easy-flash-cfw-to-any-psp-slim-or-t210546/
i also made the pandora out of the battery that came with my psp by cutting the trace on the board and then drawing it back in.
October 18, 2008 at 7:55 am
The psp slim I bought at the mall was hacked right out of the box, I don’t think they sell unhacked ones here at all. of course this is not the usa.
October 21, 2008 at 3:43 pm
so..when ta-088v3 can be hacked??
i buyed new slim psp 3 weeks ago in japan , i put pandora battery and mms but nothing happened..i think i had this mobo..shit!!
what should i do?? help me!!!
October 21, 2008 at 3:47 pm
can you read other post!!!!
=:=…
pandora battery dont work on psp 3000…
need help, read before you do so…
dont any how call for fire-engine…..
October 29, 2008 at 4:49 pm
Waiting for a hack..and praying for it…to come out ASAP…
…lots of expectations from DA…carry on buddy
everyone having ta088v3…lets pray n hope hackers will emerge
November 5, 2008 at 9:47 pm
I belive it will be hacked, what i dont belive is that will be cheap and simple.
With the olders PSP we just needed to downgrade to 1.5 and then upgrade to any other version. As those new PSPs doesnt work with FW below 4.00, it means that problably the Pandora for those new PSPs will use and newer Firmware that doesnt allow to install an Custom Firmware, so to install it we will have to use some expensive equipment to hack directly to the motherboard or, lucky, some hack-by-computer easy way.
LETS PRAY AND CLICK ON DARK-ALEX WEBSITE ADS
November 23, 2008 at 2:40 am
Guys Mine is PSP-2006 with OFW 4.01 which means not only PSP 3K got this Problem btw i did tried every single software available but no luck… only way to do is Sell back n buy new one which is OFW 3.90 n below the no matter what the size is lolx
November 23, 2008 at 12:20 pm
i have a piano black psp 2000 having OFW 4.01.can it be downgraded?
November 24, 2008 at 4:32 pm
omfg subhash if you have a pandora and mmstick than yes it can be hacked!!!!!
November 26, 2008 at 3:01 am
[...] brokencodes, of the Dark-AleX.org forums has gotten into part of the motherboard’s signing code. [...]
November 26, 2008 at 9:33 pm
I did a search on google trying to find answers for the same question. I ended up totally confused by the firmware versions, tools needed. In the end,I bought a PSP 2000 from http://www.yeedong.com, which plays backed up (copied) games out of box! The psp also comes with bundled games. What a bargain!
Enjoy your PSP!
God, you are such a fucktard. You paid $80 more for something you could and should have done yourself.
November 27, 2008 at 4:55 am
actually if you buy the psp with the motherboard that you said unhackable with software installed 3.95 it can be brick, but if it will come with higher than that it cannot be brick, i’m here in canada and i tested it already because some of my frnds are asking for my frnds..hope it will help u guys…we just return some their psp heheheheheh and look for older stock they have
November 27, 2008 at 7:53 pm
I have phat which is running CFW 5.00 M33 i also have just bought a PSP 2003 Piano Black running 4.01 OFW letter G on the sticker is this likley to have a TA88v3 Card in only bought last week i have tried pandora but only DC6 MMS does it need to be DC7 for it to boot, when pandora in green light shows nothing else
any ideas, wondering if there is any software you can put on memstick that will work with OFW and tell you excactly what MOBO you have in.
keep up the good work DA
December 3, 2008 at 5:57 pm
having some problems i have a psp slim 2000 model running on OFW 4.01 and ive tried using the pandora battery and the mms in it and it doesnt seem to work wondering if i might have the ta88v3 mobo as well if not could anyone please help me with this problem
December 4, 2008 at 8:10 pm
I also have PSP 2000 bought 2 days ago OFW 4.01 (dammm). Look like BrokenCodes has haxed it himself, hopefully till Xmas I’ll be able to hax mine. damm Im playing many waiting games now..
January 18, 2009 at 6:00 am
Pray
December 14, 2008 at 9:05 pm
hey everyone don’t you think it is in the charger that you can hack the psp 3000 because the guy from sony said they have a new charger here in this video http://www.youtube.com/watch?v=mAW-EqLMfhI
December 25, 2008 at 4:16 am
http://de.pastebin.ca/1293266
December 26, 2008 at 2:10 am
@ Dyc Nguyen – Hacking shouldn’t take more than an hour. I have hacked easily 10 PSP phats and 20 psp Slims. Just download the Despar Calmienta thingy from the front page and follow its instructions. Also, look for Rain MMS.
@ The person who wanted to know if all PSP 3000’s shipped with TA88v3 – Apparently not, my friend had just bought a brand new PSP-3000 off of Amazon, the one with the built-in mic which is how I know its 3000, and I hacked it using DCv8 and RainMMS. I don’t know if he had the TA88v3 because I hacked it or what, but it was deffinetly a PSP-3000 and he has 5.00M33-2 on it currently.
@ Dark Alex – Keep trying man, you’ll get it!
December 26, 2008 at 2:12 am
And, what is with my name having that one-toothed stop-sign thing?! Any idea how to change.
*this is off-topic but I would still like to know!*
January 2, 2009 at 2:56 am
You have to hack your shit thingy so it can change the stop sign thingy except i don’t think that you can because it has the new mother board.
January 5, 2009 at 9:15 pm
Hi boys i wanna fuck us!! I have this psp. When he be hacked? My pussyboys…
January 5, 2009 at 9:25 pm
Datel has come up with a new battery meant for hacking the PSP-3000 & possibly the TA88 it is called the LIte Blue Tool. I’ll post a pic below http://www.maxconsole.net/content_img/300_4.jpg
January 5, 2009 at 9:40 pm
“New PSP 3000 hacked – Datel gives the green light to PSP 3000 service mode! MaxConsole can exclusively reveal that the brand new PSP 3000 model is now perfectly hackable thanks to Datel’s newest tool battery that will put the PSP 3000 into service mode. Once you’re in service mode, you can downgrade your PSP and pretty much do what you want with it! The new crypto processor based battery is called the LITE BLUE TOOL battery and will enable the service mode on both PSP 2000 and PSP 3000 models. It will come with the option to toggle between a service mode and normal mode, and also features a built in LED power gauge. Look out for the LITE BLUE TOOL when it goes on sale from November 28th priced at $19.99 in the UK market and $29.99 across North America.”
Ps.it has not yet reached North America hopefully it will be here around the second week of this month,let’s cross our fingers but atleast we know it exists.Here is another pic http://www.maxconsole.net/content_img/datelgreenlight.jpg
CREDIT goes to http://www.maxconsole.net for the info & post Thanks goes out to Datel & to Dark Alex for all their hard work poor sony got beat on this one.
January 18, 2009 at 5:58 am
Thats a scam
January 18, 2009 at 5:58 am
Hello I have a PSP 2001 Black with TA88v3 motherboard.Im just asking Dark-Alex to try his best to hack the TA88v3 mobo because u are our only hope.By the end of his month he new motherboard should be hacked PLEASEEEEE WE NEED U.I will encourage people to donate just for u to hack the TA88v3.I have a suggestion try use a PSP Batch File.
January 18, 2009 at 10:18 pm
please hack the v3 DA please!!! there are so many ppl waiting on u! hopefuly u will be able to do something soon!
January 19, 2009 at 3:07 pm
yeah, i got a PSP 2001 running on TA88v3 motherboard (DAMN) .. now, i hope there would be brighter light for all TA88v3 owners .. a week from now? a couple? a month? i guess i’ll stick with Official Demos and UMDs for the meantime but it sucks bigtime knowing your friends are just downloading ISO/CSO .. ehehehe ..
January 21, 2009 at 5:52 pm
Any updates on this? Please Dark Alex.. We believe in you!!!
January 28, 2009 at 11:51 am
i guess none for now except for GripShift ..
January 29, 2009 at 5:21 am
Dude’s forget about it, Psp 2000 and 3000 are unhakable and if they find a solution it will be in 6 months and will require to open ur psp nad hack it.
January 31, 2009 at 3:09 am
One version of 3000 is hackable. It is based on MB. All version of 2000 except with TA-88v3 MB is hackable