Title: Beginners Guide To PSP
1Beginners Guide To PSP
- Information on the PSP-1000, PSP-2000, PSP-3000,
and the PSP Go!
Created Sunday, March 29, 2009 Updated Sunday,
December 06, 2009
Version 5.3.1
2Basic Info For This PowerPoint
- If you see one of these , please read the note
at the bottom, most of them are very important - Internal flash refers to the NAND/LFlash, where
the firmware is stored. This is not the same as
the RAM. - Hackable refers to the ability to unbrick and/or
install custom firmware using Pandora/Despertar
del Cementerio - If a link will not open normally, right-click and
select Open Hyperlink - Original Firmware OFW, Custom Firmware CFW
- HEN Homebrew ENabler temporary CFW that goes
away with a full shutdown and restart, used with
an exploit that has kernel access to allow most
(if not all) homebrew to run, can sometimes
enable other CFW features - Most apps talked about have a download link on
the Downloads page
This is an important note
3The Reason For Custom Firmware
- Everybody new to the PSP scene needs to know
this, so read it. - If you are only getting CFW so you can go
download official games for free, then you
shouldnt use CFW. - The only reason CFW even has an ISO loader in it
is so people can use their LEGAL BACKUP COPIES OF
UMDS THEY ALREADY OWN!!!, not so people can
pirate games. - The real reason CFW was created was to completely
open the PSP so people can play homebrew games or
use applications that are otherwise blocked by
OFW, and use the hardware to its full potential.
This is my opinion, what you do with CFW is your
own business. Just know that dark-alex.org does
NOT support piracy. This is a known fact and is
NOT my opinion.
4Table of Contents
- Basic Info For This PowerPoint 2
- The Reason For Custom Firmware 3
- Table Of Contents 4
- Regions And Model Numbers 5
- Fake CFW Warning 6
- Exploits and How To Find Them 7
- User And Kernel Mode 8
- PSP-1000 Series Comparison 9
- PSP-1000 Motherboards 12
- PSP-2000 Series Comparison 13
- PSP-2000 Motherboards 16
- About The TA-088v3 17
- How To Tell If Its A TA-088v3 18
- PSP-3000 Series Comparison 19
- PSP-3000 Motherboards 22
- About the PSP-3000 - 23
- PSP-3000/TA-088v3 Compatible Exploits 24
- PSP Go! Series Comparison 25
- PSP Go! Motherboards 28
- Downgrading Without Pandora 29
- Battery Info And Pandora Battery Creation 30
- Now What? (Hackable) 31
- Now What? (Unhackable) 32
- ISO to EBOOT Explanation 33
- Downloads 34
- OFW Changelogs 35
- CFW Version Information 42
- PowerPoint Change Log 43
- Credits - 44
5Regions And Model Numbers
- It doesnt matter if you have a PSP-3004 or a
PSP-3001, its still a PSP-3000 in relation to
what model it is. The only difference between a
PSP-3001 and a PSP-3004 is where it was sold, so
in other words the last 1 or 2 numbers designates
region. Here is a list of all the different model
numbers and the region they belong to - PSP-1000/2000/3000/N1000 Japan
- PSP-1001/2001/3001/N1001 North America
- PSP-1002/2002/3002/N1002 Australia/New Zealand
- PSP-1003/2003/3003/N1003 UK
- PSP-1004/2004/3004/N1004 Europe
- PSP-1005/2005/3005/N1005 Korea
- PSP-1006/2006/3006/N1006 Hong Kong/Singapore
- PSP-1007/2007/3007/N1007 Taiwan
- PSP-1008/2008/3008/N1008 Russia
- PSP-1009/2009/3009/N1009 China
- PSP-1010/2010/3010/N1010 Mexico
6Fake CFW Warning
- Lately, there have been a lot of fake Custom
Firmwares popping up on YouTube, mostly 5.55 and
6.00 (these are the easiest to fake), these are
usually just people looking for their 5 minutes
of fame. - There are a few ways to tell if someone is faking
or not - 1. Know the OFW they are trying to customize, if
one thing seems off, its probably fake. - 2. Do a Google search on their username, if
nothing good turns up, theres a chance theyre
faking - 3. If they make multiple excuses/postpone the
release multiple times, its probably a fake - I have made a fake CFW myself just to show people
how easy it is to make a fake 6.00 CFW without
any coding experience, I only used 7 files from
6.10 and 2 plugins and it looks exactly like 6.00
to the untrained eye, see it here.
7Exploits and How To Find Them
- What is an exploit?
- To put it into simpler words, an exploit is
basically a piece of software, or code that takes
advantage of a bug or vulnerability in a piece of
software or hardware. - If a user-mode exploit is found on the PSP, it
will enable a good amount of homebrew to run.
Possibly allowing an eLoader to be coded. - If the user-mode exploit is supplied with a
kernel-mode one, you will be able to make a HEN. - For more info on User and Kernel-Mode, refer to
slide 5. - Please refer to slide 18 for more info regarding
current exploits that work with the TA-088v3 and
the 3000, and slide 22 for info on past exploits
used on the Phat. - Here are some tutorials about exploits
- Finding gamesaves exploits on the PSP
- Looking for vulnerabilities in the PSP Firmware
8User And Kernel Mode
- Kernel-mode is much like administrator rights on
a PC. It has more access over the computer than a
normal user would have. - A "Kernel" is actually the interface between
software and hardware. The kernel tells the
hardware what to do, and it receives data from
the software/firmware. - With a Kernel-mode exploit you can access program
functions that are normally only available to
Sony-signed code, or Sony technicians.The
kernel-mode would have more access to functions
that would allow the control of the Hardware and
firmware. - User-mode is simply the normal mode that a
software (a game) would be able to access. In a
way, it only allows access to what a game or a
typical user has access to. - Basically, a kernel-mode exploit would allow
access to hardware and firmware functions, while
the user-mode exploits would deny access to those
things. - Kernel-mode exploits are harder to find in-game
than in-XMB - Both a user-mode and a kernel-mode exploit are
needed to make a HEN.
9PSP-1000 Series
- This PSP is also known as the Phat
- How To Tell If Its A Phat
- Speaker holes are at the bottom of this PSP
- The WLan switch is on the left side
- The UMD drive is opened by a latch on the top
- The back of the Phat has humps on both sides
10PSP-1000 Series Pros
- All versions of the 1000 are hackable
- Is compatible with the 1.50 kernel, which is used
in older homebrew - Is built strong with an internal metal frame
- Has a built-in IR port
11PSP-1000 Series Cons
- Small internal flash (32MB)
- Low amount of RAM (32MB)
- Heavy
- No TV-Out
- Not compatible with Skype
12PSP-1000 Motherboards
- To find out which motherboard you have, use
PSPIdent v0.4
13PSP-2000 Series
- This PSP is also known as the Slim
- How To Tell If Its A Slim
- The speaker holes are at the top
- The WLan switch is on top
- The UMD drive is opened manually
- The back of the Slim is flat with a slight curve
at each end
14PSP-2000 Series Pros
- Large internal flash space (64MB)
- Large amount of RAM (64MB)
- Lighter than 1000 Series
- Has a TV-Out feature for HDTVs
- Certain homebrew is designed to use the Slims
extra RAM, this type of homebrew only works on
the Slim or higher - As of OFW 3.90, the Slim has the ability to use
Skype
15PSP-2000 Series Cons
- Not all Slims are hackable, Slims with the
motherboard TA-088v3 cannot be hacked yet - The only way to run homebrew on a TA-088v3 is to
use exploits/HEN/CFW Enabler - Uses a plastic frame, easier to break
- No IR port
- Easily shows fingerprints
- PSP games cant be played using TV-Out on
standard TVs, only HDTVs
16PSP-2000 Motherboards
- To find out which motherboard you have, use
PSPIdent v0.4
17About The TA-088v3
- This motherboard has a new CPU, this CPU holds a
new Pre-IPL, the new Pre-IPL blocks all current
custom IPLs used for custom firmware, this is the
reason the TA-088v3 cannot be hacked yet. - For more info, visit this page
18How To Tell If Its A TA-088v3
- If you purchased a new PSP-2000, how can you tell
if its hackable? Well there are many ways to
tell! - Look for your box letter, if its a G or
higher, its most likely a TA-088v3 (Fig. A) - Check to see which firmware it came with, if it
came with Version 4.01 or higher, its most
likely a TA-088v3 (Fig. B) - If it was used and has firmware 5.03 or under ,
the easiest way to tell if its a TA-088v3 is to
run PSPIdent v0.4 thru ChickHEN, this also works
on new PSP-2000s as well (Fig. C)
Fig. A
Fig. B
Fig. C
This method only works on NEW PSPs, if you
purchased it used, the original owner could have
updated the firmware
19PSP-3000 Series
- This PSP is also known as the Brite
- How To Tell If Its A Brite
- The Home button is now a PS button
- The PS, Select, and Start buttons are oval
instead of half-circles - The metal ring on the UMD drive is thinner
- The D-Pad and Action buttons now sit in a small
crater - The edges are rounded
- There is a mic hole next to the PSP logo under
the screen
20PSP-3000 Series Pros
- Large internal flash space (64MB)
- Large amount of RAM (64MB)
- Lighter than 1000 Series
- Has a new screen with better color
- Has a built-in microphone
- TV-Out is enhanced, PSP games can be played on
any TV - Can use Skype
21PSP-3000 Series Cons
- None of the PSP-3000 Series systems can be hacked
yet - Some people can see interlacing lines on the new
screen - The only way to currently run homebrew is to use
exploits/HEN/CFW Enabler - Uses a plastic frame, easier to break
- No IR port
22PSP-3000 Motherboards
- To find out which motherboard you have, use
PSPIdent v0.4
23About the PSP-3000
- This motherboard has a new CPU, this CPU holds a
new Pre-IPL, the new Pre-IPL blocks all current
custom IPLs used for custom firmware, this is the
reason the PSP-3000 cannot be hacked yet. - For more info, visit this page
- Also, the PSP-3000 has no reaction to current
jigkick (also known as Pandora) batteries, making
it even harder to hack.
24PSP-3000/TA-088v3/Go Compatible Exploits
- Lately, the PSP-3000 has started a search for
exploits that allow unsigned code to be run on
Official firmware, this is a list of known user
mode exploits for the PSP-3000/
TA-088v3/Go - Format Exploit Name firmware supported info
- Gripshift Exploit 1.52-5.02 This exploit uses
the UMD game Gripshift to launch homebrew using a
hacked savegame, the homebrew this exploit
launches must be coded specifically for this
exploit, this exploit was patched in 5.03 - Easter Eggsploit (Also known as the Laughing
Man TIFF Exploit) 5.00-5.05 This exploit was
found by MaTiAz, it uses a bug in the way Sony
implemented libtiff to run unsigned code. A HEN
(named ChickHEN) was created for 5.03 by Davee,
who found the kernel exploit needed for a HEN.
Using the ChickHEN, PSP Slims with the TA-088v3
Motherboard and the PSP-3000 are able to use most
homebrew. Using a homebrew called CFW Enabler,
the TA-088v3 and the PSP-3000 can run 5.03
M33/MHU on top of the HEN. This exploit was
patched in 5.50 - MOHH Exploit 3.03-5.55 This exploit uses the
UMD game Metal of Honor Heroes to launch
homebrew using a hacked savegame, the exploit
happens when you kill yourself in an adhoc
multiplayer mode. Currently, the homebrew this
exploit launches must be coded specifically for
this exploit, but an eLoader is currently being
coded for it, this exploit was patched in 6.00 - Mercury Exploit - ?.??-6.10 This exploit uses
the game Archer Macleans Mercury to launch
homebrew using a hacked savegame. The homebrew
this exploit launches must be coded specifically
for this exploit .See this page for more info.
This exploit was patched in 6.20
This does not mean you can now install CFW on an
unhackable motherboard, it just makes the HEN
more CFW-like, DO NOT TRY TO INSTALL CFW ON
TA-088v3 OR PSP-3000, YOU WILL GET A BRICK!!!
25PSP Go! Series
- This PSPs model number is PSP-N1000
- How To Tell If Its A Go!
- The PS button is located on the left side of the
screen - This system has no UMD Drive
- This system can slide up and down to hide/reveal
buttons - The speaker holes are four dots in a diamond
pattern beside the screen - This system has a Bluetooth indicator light on
the right of the screen, and a Wi-Fi indicator
light on the left - There is a mic hole between the analog stick and
the start/select buttons
26PSP Go! Pros
- Has 16 GB Internal Flash Memory
- Smaller and lighter than PSP-2000/3000
- Game Sleep Function (Save State)
- Bluetooth Compatibility
- - Can be paired with a PS3 controller
- - Can connect to a cell phone and use it to
connect to the internet - - Can use a Bluetooth headset
A PS3 is required to pair a PS3 controller with
the PSP Go!
27PSP Go! Cons
- No UMD Drive
- Smaller Screen (3.8 inch)
- Uses a custom USB/AV Out/Charge port, AV Out
cable for 2000/3000 will not work, chargers for
1000/2000/3000 will not work, special USB cable
needed - Uses M2 memory cards, so MS Pro Duo will not work
with the PSP Go! - There is no current way to run homebrew on the Go!
28PSP Go! Motherboards
29Downgrading Without Pandora
- Before Pandora existed, installing CFW involved
downgrading to 1.50 thru exploits then upgrading
to CFW, exploits can still be used to install CFW
with the help of Hellcats Recovery Flasher,
this is a list of all user mode exploits that
have the ability to downgrade/install CFW (a
kernel mode exploit is needed for HEN) - Format Exploit Name (Game Used) Type
firmware supported info - TIFF Exploit eLoader 2.00 Used a bug in
libtiff to run unsigned code, this exploit was
patched in 2.01 - GTALCS Exploit (GTALCS) eLoader 2.00 to
2.60 Used a modified savegame to run unsigned
code, can be used to downgrade in 2.50, 2.60,
save slots 1-7 were patched to prevent this
exploit in 2.70 - TIFF Exploit eLoader/HEN 2.01 to 2.80 Used a
bug in libtiff to run unsigned code, can be used
to downgrade in 2.01, 2.71, 2.80, this exploit
was patched in 2.81 - Goofy Exploit (GTALCS) HEN 2.00 to 3.03
Used a modified savegame to run unsigned code,
this exploit is different than the one for
firmwares 2.00 to 2.60 as it uses save slot 8
instead of slots1-7, Sony patched slots 1-7 but
not slot 8, can be used to downgrade in 3.03,
this exploit was completely patched in 3.10 - Illuminati Exploit (Lumines) HEN 1.50 to
3.50 Used a modified savegame to run unsigned
code, can be used to downgrade in 3.11,3.50, this
exploit was patched in 3.51 - Easter Eggsploit HEN 5.00 to 5.05 Also
called the Laughing Man Exploit, uses a bug in
the way Sony implemented libtiff to run unsigned
code, can be used to install CFW on 5.03, this
exploit was patched in 5.50
Do not try this on a PSP-2000 with the TA-088v3
motherboard or on a PSP-3000, you will end up
with an unrecoverable brick!! You have been
warned!
30Battery Info And Pandora Battery Creation
- There are three types of official Sony batteries
for the Phat, Slim, and Brite 1200 mAh
(PSP-S110), 1800 mAh (PSP-110), and 2200 mAh
(PSP-280) - Phat compatible 1800 mAh, 2200mAh
- Slim compatible 1200 mAh, 1800 mAh, 2200 mAh
- Brite compatible 1200 mAh, 1800 mAh, 2200 mAh
- Only certain PSPs have the ability to create
Jigkick (also known as Pandora) batteries, if you
get a PSP that doesnt have this ability, you
will have to ask someone to make one for you,
hardmod one, or buy a pre-made one - All PSP Phats can make Pandora Batteries
- The only Slims that are capable of making
Pandoras are ones with a TA-085v1 motherboard,
these Slims were found in early Daxter
Entertainment Packs and are silver - Later versions of the Daxter pack PSP have
TA-085v2 motherboards and are also silver, all
PSP Slims with a TA-085v2 motherboard and up
cannot create Pandora batteries - Newer 1200 mAh batteries cannot be changed into
jigkick/Pandora batteries at all - The PSP-3000 can not create Pandora batteries
- OSPBT 0.52 is a good program to make Softmodded
Pandora Batteries
The Slim and Brite require a special battery
cover to use these batteries
31Now What? (Hackable)
- So you found the PSP you wanted and its
hackable, now what do you do to get it hacked?
Here is a list of helpful tutorials to get you
started - How to make Jigkick Battery (Softmod) Here
- How to make Jigkick Battery (Hardmod) Here
- Using The Universal Unbricker To
Unbrick/Downgrade Here - Installing CFW via OFW 5.03 on 100x 200x Here
NOTE DO NOT USE HELLCATS RECOVERY FLASHER ON
TA-088V3 OR PSP-3000, YOU WILL BRICK IT AND THERE
IS NO WAY TO UNBRICK IT AT THIS POINT!!! You have
been warned!
32Now What? (Unhackable)
- So you found the PSP you wanted and its
unhackable, now what do you do to get homebrew on
it? - If you have firmware 5.03 or below, your best bet
is to upgrade to 5.03 and use ChickHEN, if you
really want CFW, there is a homebrew called CFW
Enabler that makes HEN act like CFW. You still
have to run it every time you hard reset your
PSP, though. - If you have firmware above 5.03, then there
currently isnt a way to run homebrew on your
PSP, if you have firmware 5.55 or below, your
best bet is to wait for the MOHH eLoader, if you
have a firmware above 5.55, youll have to wait
for a new exploit. - Step by Step tutorial Installing ChickHEN
CFWEnabler Here
This does not mean you can now install CFW on an
unhackable motherboard, it just makes the HEN
more CFW-like, DO NOT TRY TO INSTALL CFW ON
TA-088v3 OR PSP-3000, YOU WILL GET A BRICK!!!
33ISO to EBOOT Explanation
- It is possible to take a PS1 ISO file that was
ripped from a disc you own and convert it into an
EBOOT.PBP file so you can play it on a
CFW-Enabled PSP, it is NOT possible to convert a
PSP ISO/CSO into an EBOOT.PBP - Why cant I convert a PSP ISO into an EBOOT?
This is a common question that gets asked all the
time, why can you convert PSX ISOs to eboots, and
not PSP ISOs to eboots? - The simple answer is, PSP ISOs are encrypted, PSX
ones are not. So how can I convert PSX ISOs to
eboots? - There are tons of guides available, as well as
easy-to-use tools that make converting PS1 games
a snap - The best tools out there are PSX2PSP for Windows
and iPoPS for Mac - Here are a few guides to get you started
- Tutorial Quickly Convert PSX to EBOOT (Uses
AutoPopstation 4) - PS1 2 PSP (PSX) TUTORIAL (Uses PSX2PSP)
In my opinion
34Downloads
- ChickHEN R2 (m0skit0 Mod) Here
- CFW Enabler (3.60) Here
- PSPIdent v0.4 Here
- Recovery Flasher v1.60 Here
- OSPBT 0.52 Here
- PS1 to PSP Windows Mac
Note If you are having problems opening the
links, right-click them and select Open
Hyperlink
35OFW Changelogs Part 1
36OFW Changelogs Part 2
37OFW Changelogs Part 3
38OFW Changelogs Part 4
39OFW Changelogs Part 5
40OFW Changelogs Part 6
41OFW Changelogs Part 7
42CFW Version Information
- For a list of many different CFW versions, info,
and downloads, see this page on the PSPWiki - That list contains info on OE, M33, GEN, and many
other CFWs from other people
43PowerPoint Change Log
- For earlier changelogs, see this page on my
website. - 5.0 Edited User And Kernel Mode, Added
multiple OFW Changelogs pages, Added Table Of
Contents page, Added CFW Version Information
page - 5.1 PowerPoint Change Log format changed,
Changed alignment of dates on the Title page - 5.2 Added note to PowerPoint Change Log,
Added 6.20 to OFW Changelogs - 5.3 Changed PSP-3000/TA-088v3 Compatible
Exploits to PSP-3000/TA-088v3/Go Compatible
Exploits, Edited PSP-3000/TA-088v3/Go
Compatible Exploits, Added Fake CFW Warning
page - 5.3.1 Edited PSP-3000/TA-088v3/Go Compatible
Exploits
Note Changes made to Table of Contents will
not be logged
44Credits
- Author Ruyor
- Contributors mortalinstincts, wololo, leq,
DarkestVoid, Rolen47, raing3, SifJar, n00b81 - Sources dark-alex.org, PSP Wiki, Many websites I
dont remember, My Brain ? - Thanks Jonatan10, jeerum
If you have any suggestions or find any errors
please go to upsp.ws, a site with a dedicated
section to this PowerPoint If you found this
PowerPoint helpful, please go to ruyor.upsp.ws
and donate something ?