Dark_AleX explains why TA88v3 cannot be hacked

Tuesday, October 7th, 2008

“..yet.”

You may have noticed that DA’s site has been down for a while. Now that’s its back up, Dark_AleX has provided some details to the situation of unhackable PSP’s.

The technical stuff in the full article.

Quote: Dark_AleX

When the PSP boots, the boot code (aka pre-ipl or ipl loader) loads the ipl from either the nand or memory stick. The IPL is splitted into pieces of 0×1000 bytes.

First 0xA0 bytes of each block is a header for the kirk hardware command 1. It contains keys,
the size of the cipher data, and two hashes, one for part the header itself, and another one for the body. The 0xF60 remaining bytes are the ciphered body, which will decrypt to 0xF60 plain bytes… if the hashes, which are checked by kirk hardware itself, are OK. (Note: ciphered body can actually be less than 0xF60, in this case, remaining bytes are ignored… before TA88v3) Fir

The security of kirk hashes was destroyed by a timing attack, and the IPL became unprotected.
What has Sony added to fix this?

The answer can be found in 4.00+ slim ipl’s. They decreased the size of the ciphered body to 0xF40 to leave 0×20 bytes at the end of each block (at offset 0xFE0).
As stated before, these remaining bytes are ignored… in pre-ipl’s of psp’s prior to TA88v3, and in fact, they can be randomized and ipl will still boot in those psp’s. In newest pre-ipl’s, these 0×20 bytes have a meaning.

The first 0×10 bytes is an unknown hash calculated from the decrypted block. It is deduced that is calculated from the decrypted block and not the ciphered one due to the fact that 4.01 and 4.05 have a lot of ipl blocks in common, which, when decrypted, are similar, but they are totally different in its encrypted form. In these two ipl’s, this hash is same, as seen in the picture:

Click to enlarge

The second 0×10 bytes seem also to be dependent of the decrypted body (maybe dependent of the previous 0×10 bytes too?). In the picture it can be seen that they are different in 4.01 and 4.05, but they can actually be interchanged, you can move those 0×10 bytes from the same block in 4.05 ipl to the 4.01 ipl and it will still boot; however it cannot be randomized.

This protection also destroys any possibility of downgrading below 4.00, as these new cpu’s won’t be able to boot previous firmwares ipl’s.

Summary: basically, all security of newest psp cpu’s rely on the secrecy of the calculation of those 0×20 bytes. If pre-ipl were dumped somehow, the security would go down TOTALLY.

Graphic summary

Source: Dark-AleX.org

Thanks Saging for the tip!

Similar Posts:

Tags: Ta88v3

Posted in PSP News

ta088v3

you need to brick it first then pandora mod it will work…=)
or m I just got lucky? or a bug
ta088v3 to 4.01m33-2 work.!

r3mal

How to you brick a TA 88 v3 Mother Board?

I am curios now?

Thanks in advance for a response for a response.

fabulous

while installing a psp offical update when it reaches 24 percent and higher take out your battery know your psp is bricked

fabulous

does this realy work can someone please confirm this as i realy dont want to spend 20-50 dollars on psp games i have a psp slim 2003 and a psp slim 3000
thanks in advance

http://pspslimhacks.com/ PSP-Fan

Do you mean you got 4.01 M33 on this unhackable TA88v3 motherboard? Do you have proof of this?
patrick

PSP 3000 is it impossible to hack?
after reading about the security update for the psp 3000.
http://www.mcpsp.com ioriyagami

if psp 3000 cant be hack I dont think buy any PSP anymore. not need PSP without CFW.
http://pspslimhacks.com simon

The PSP-3000 will most likely come with this motherboard.
2die4

i thought sony went back to the hackable motherboards for the psp slim wasnt this motherboard in some slims
patrick

Yea!.. but it will be use in PSP 3000
SAD!!!.. hope there is a way it could be hack..
i wont buy their games…
so expensive..
PREngineer

For every action there’s a reaction.

For every un-hackable PSP there will come a very intelligent Engineer who will do it. Patience my young apprentice.

Hussain

Lmao nice one, so your telling me its a matter of waiting for my psp 2003 to be hackeD?

DBZBT2

That is very true. Its just like any other hacks. They say its impossible and a couple weeks to months and they solved it. I can wait, I’m just probably going to upgrade from a phat to a slim in the mean time then. XD
patrick

Yea~..
i have faith in them coming out with a hack!
Will wait too!!
hjacked

Ta088V3

do you proof of this CFW running on TA88V3 mobo? your reply will be highly appreciated. tnx!
patrick

i dont think there is proof.. just wait for it to be out…
idiotthatgetaTA088v3

how do you know if you get a TA088v3?
me? I downloaded and tried all the methods (dark-alex’s), and it wont work at all.
It says “The game could not be started (80020148)” at all time…
patrick

i thought this only use in psp 3000…
maybe you ask your friends go to a shop…
$(011

does the mother board come with ever psp3000?
http://pspslimhacks.com/ PSP-Fan

Apparently so…
ponce

remember when everybody when everybody thought the psp would be unhackable just it give time
ponce

i have been following
dark Alex and i trust his decision and i know hes the type of person who wont give up.
bulgarian

i think that every psp can be hacked including psp 3k. all you need is DC7 and 4.01 m33-2 or later
patrick

It will be out TMR!!!!!!
COOL!!~…
HOPE IT WONT BE THIS MOTHERBOARD!!!..
^^
Charlie

I did a search on google trying to find answers for the same question. I ended up totally confused by the firmware versions, tools needed. In the end,I bought a PSP 2000 from http://www.yeedong.com, which plays backed up (copied) games out of box! The psp also comes with bundled games. What a bargain!

Enjoy your PSP!
Subu

This sucks ive been reading around for a hack…I have the new god of war psp edition to see if it is hackable. Has anyone hacked this psp yet if so i really need the help
b

i have the god of war psp hacked with cfw 4.01 m33-2. here is link to how i did mine. http://www.psp-hacks.com/forums/f133/easy-flash-cfw-to-any-psp-slim-or-t210546/

i also made the pandora out of the battery that came with my psp by cutting the trace on the board and then drawing it back in.
romeo

The psp slim I bought at the mall was hacked right out of the box, I don’t think they sell unhacked ones here at all. of course this is not the usa.
Dante Motomura

so..when ta-088v3 can be hacked??
i buyed new slim psp 3 weeks ago in japan , i put pandora battery and mms but nothing happened..i think i had this mobo..shit!!
what should i do?? help me!!!
Patrick

can you read other post!!!!
=:=…
pandora battery dont work on psp 3000…
need help, read before you do so…
dont any how call for fire-engine…..
Saurabh

Waiting for a hack..and praying for it…to come out ASAP…
everyone having ta088v3…lets pray n hope hackers will emerge …lots of expectations from DA…carry on buddy
http://www.lucasmx.com Lucas

I belive it will be hacked, what i dont belive is that will be cheap and simple.
With the olders PSP we just needed to downgrade to 1.5 and then upgrade to any other version. As those new PSPs doesnt work with FW below 4.00, it means that problably the Pandora for those new PSPs will use and newer Firmware that doesnt allow to install an Custom Firmware, so to install it we will have to use some expensive equipment to hack directly to the motherboard or, lucky, some hack-by-computer easy way.

LETS PRAY AND CLICK ON DARK-ALEX WEBSITE ADS
Beast

Guys Mine is PSP-2006 with OFW 4.01 which means not only PSP 3K got this Problem btw i did tried every single software available but no luck… only way to do is Sell back n buy new one which is OFW 3.90 n below the no matter what the size is lolx
subhash

i have a piano black psp 2000 having OFW 4.01.can it be downgraded?
OMG!!!!

omfg subhash if you have a pandora and mmstick than yes it can be hacked!!!!!
Pingback: TA-088v3 partially hacked | iHackpsp.com| All the information you need to hack your psp
Average dude

I did a search on google trying to find answers for the same question. I ended up totally confused by the firmware versions, tools needed. In the end,I bought a PSP 2000 from http://www.yeedong.com, which plays backed up (copied) games out of box! The psp also comes with bundled games. What a bargain!

Enjoy your PSP!

God, you are such a fucktard. You paid $80 more for something you could and should have done yourself.
rowell

actually if you buy the psp with the motherboard that you said unhackable with software installed 3.95 it can be brick, but if it will come with higher than that it cannot be brick, i’m here in canada and i tested it already because some of my frnds are asking for my frnds..hope it will help u guys…we just return some their psp heheheheheh and look for older stock they have
PSPGuru

I have phat which is running CFW 5.00 M33 i also have just bought a PSP 2003 Piano Black running 4.01 OFW letter G on the sticker is this likley to have a TA88v3 Card in only bought last week i have tried pandora but only DC6 MMS does it need to be DC7 for it to boot, when pandora in green light shows nothing else

any ideas, wondering if there is any software you can put on memstick that will work with OFW and tell you excactly what MOBO you have in.

keep up the good work DA
GrimReaper

having some problems i have a psp slim 2000 model running on OFW 4.01 and ive tried using the pandora battery and the mms in it and it doesnt seem to work wondering if i might have the ta88v3 mobo as well if not could anyone please help me with this problem
Duc Nguyen

I also have PSP 2000 bought 2 days ago OFW 4.01 (dammm). Look like BrokenCodes has haxed it himself, hopefully till Xmas I’ll be able to hax mine. damm Im playing many waiting games now..

Romanios9782

Pray

Paul

hey everyone don’t you think it is in the charger that you can hack the psp 3000 because the guy from sony said they have a new charger here in this video http://www.youtube.com/watch?v=mAW-EqLMfhI
http://de.pastebin.ca/1293266 PSP TA88v3 Hacked

http://de.pastebin.ca/1293266
Exodia1010

@ Dyc Nguyen – Hacking shouldn’t take more than an hour. I have hacked easily 10 PSP phats and 20 psp Slims. Just download the Despar Calmienta thingy from the front page and follow its instructions. Also, look for Rain MMS.

@ The person who wanted to know if all PSP 3000′s shipped with TA88v3 – Apparently not, my friend had just bought a brand new PSP-3000 off of Amazon, the one with the built-in mic which is how I know its 3000, and I hacked it using DCv8 and RainMMS. I don’t know if he had the TA88v3 because I hacked it or what, but it was deffinetly a PSP-3000 and he has 5.00M33-2 on it currently.

@ Dark Alex – Keep trying man, you’ll get it!
Exodia1010

And, what is with my name having that one-toothed stop-sign thing?! Any idea how to change.

*this is off-topic but I would still like to know!*
Nydous19

You have to hack your shit thingy so it can change the stop sign thingy except i don’t think that you can because it has the new mother board.
http://Udaff.com Gay

Hi boys i wanna fuck us!! I have this psp. When he be hacked? My pussyboys…
random person

Datel has come up with a new battery meant for hacking the PSP-3000 & possibly the TA88 it is called the LIte Blue Tool. I’ll post a pic below http://www.maxconsole.net/content_img/300_4.jpg
random person

“New PSP 3000 hacked – Datel gives the green light to PSP 3000 service mode! MaxConsole can exclusively reveal that the brand new PSP 3000 model is now perfectly hackable thanks to Datel’s newest tool battery that will put the PSP 3000 into service mode. Once you’re in service mode, you can downgrade your PSP and pretty much do what you want with it! The new crypto processor based battery is called the LITE BLUE TOOL battery and will enable the service mode on both PSP 2000 and PSP 3000 models. It will come with the option to toggle between a service mode and normal mode, and also features a built in LED power gauge. Look out for the LITE BLUE TOOL when it goes on sale from November 28th priced at $19.99 in the UK market and $29.99 across North America.”

Ps.it has not yet reached North America hopefully it will be here around the second week of this month,let’s cross our fingers but atleast we know it exists.Here is another pic http://www.maxconsole.net/content_img/datelgreenlight.jpg

CREDIT goes to http://www.maxconsole.net for the info & post Thanks goes out to Datel & to Dark Alex for all their hard work poor sony got beat on this one.

Romanios9782

Thats a scam

Romanios9782

Hello I have a PSP 2001 Black with TA88v3 motherboard.Im just asking Dark-Alex to try his best to hack the TA88v3 mobo because u are our only hope.By the end of his month he new motherboard should be hacked PLEASEEEEE WE NEED U.I will encourage people to donate just for u to hack the TA88v3.I have a suggestion try use a PSP Batch File.
chip

please hack the v3 DA please!!! there are so many ppl waiting on u! hopefuly u will be able to do something soon!
sLiCkyWoRm

yeah, i got a PSP 2001 running on TA88v3 motherboard (DAMN) .. now, i hope there would be brighter light for all TA88v3 owners .. a week from now? a couple? a month? i guess i’ll stick with Official Demos and UMDs for the meantime but it sucks bigtime knowing your friends are just downloading ISO/CSO .. ehehehe ..
PSPUser

Any updates on this? Please Dark Alex.. We believe in you!!!
sLiCkyWoRm

i guess none for now except for GripShift ..

SSJ5

Dude’s forget about it, Psp 2000 and 3000 are unhakable and if they find a solution it will be in 6 months and will require to open ur psp nad hack it.

http://www.earthhelpers.info matspm

One version of 3000 is hackable. It is based on MB. All version of 2000 except with TA-88v3 MB is hackable

Dark_AleX explains why TA88v3 cannot be hacked

Similar Posts:

Recent Posts

Categories

Friends

Our Network Sites

Links