Beginners Guide To PSP - PowerPoint PPT Presentation

1 / 44
About This Presentation
Title:

Beginners Guide To PSP

Description:

Internal flash refers to the NAND/LFlash, where the firmware ... This exploit uses the game Archer Maclean's Mercury to launch homebrew using a hacked savegame. ... – PowerPoint PPT presentation

Number of Views:211
Avg rating:3.0/5.0
Slides: 45
Provided by: Ruy6
Category:
Tags: psp | beginners | guide | maclean

less

Transcript and Presenter's Notes

Title: Beginners Guide To PSP


1
Beginners Guide To PSP
  • Information on the PSP-1000, PSP-2000, PSP-3000,
    and the PSP Go!

Created Sunday, March 29, 2009 Updated Sunday,
December 06, 2009
Version 5.3.1
2
Basic Info For This PowerPoint
  • If you see one of these , please read the note
    at the bottom, most of them are very important
  • Internal flash refers to the NAND/LFlash, where
    the firmware is stored. This is not the same as
    the RAM.
  • Hackable refers to the ability to unbrick and/or
    install custom firmware using Pandora/Despertar
    del Cementerio
  • If a link will not open normally, right-click and
    select Open Hyperlink
  • Original Firmware OFW, Custom Firmware CFW
  • HEN Homebrew ENabler temporary CFW that goes
    away with a full shutdown and restart, used with
    an exploit that has kernel access to allow most
    (if not all) homebrew to run, can sometimes
    enable other CFW features
  • Most apps talked about have a download link on
    the Downloads page

This is an important note
3
The Reason For Custom Firmware
  • Everybody new to the PSP scene needs to know
    this, so read it.
  • If you are only getting CFW so you can go
    download official games for free, then you
    shouldnt use CFW.
  • The only reason CFW even has an ISO loader in it
    is so people can use their LEGAL BACKUP COPIES OF
    UMDS THEY ALREADY OWN!!!, not so people can
    pirate games.
  • The real reason CFW was created was to completely
    open the PSP so people can play homebrew games or
    use applications that are otherwise blocked by
    OFW, and use the hardware to its full potential.

This is my opinion, what you do with CFW is your
own business. Just know that dark-alex.org does
NOT support piracy. This is a known fact and is
NOT my opinion.
4
Table of Contents
  • Basic Info For This PowerPoint 2
  • The Reason For Custom Firmware 3
  • Table Of Contents 4
  • Regions And Model Numbers 5
  • Fake CFW Warning 6
  • Exploits and How To Find Them 7
  • User And Kernel Mode 8
  • PSP-1000 Series Comparison 9
  • PSP-1000 Motherboards 12
  • PSP-2000 Series Comparison 13
  • PSP-2000 Motherboards 16
  • About The TA-088v3 17
  • How To Tell If Its A TA-088v3 18
  • PSP-3000 Series Comparison 19
  • PSP-3000 Motherboards 22
  • About the PSP-3000 - 23
  • PSP-3000/TA-088v3 Compatible Exploits 24
  • PSP Go! Series Comparison 25
  • PSP Go! Motherboards 28
  • Downgrading Without Pandora 29
  • Battery Info And Pandora Battery Creation 30
  • Now What? (Hackable) 31
  • Now What? (Unhackable) 32
  • ISO to EBOOT Explanation 33
  • Downloads 34
  • OFW Changelogs 35
  • CFW Version Information 42
  • PowerPoint Change Log 43
  • Credits - 44

5
Regions And Model Numbers
  • It doesnt matter if you have a PSP-3004 or a
    PSP-3001, its still a PSP-3000 in relation to
    what model it is. The only difference between a
    PSP-3001 and a PSP-3004 is where it was sold, so
    in other words the last 1 or 2 numbers designates
    region. Here is a list of all the different model
    numbers and the region they belong to
  • PSP-1000/2000/3000/N1000 Japan
  • PSP-1001/2001/3001/N1001 North America
  • PSP-1002/2002/3002/N1002 Australia/New Zealand
  • PSP-1003/2003/3003/N1003 UK
  • PSP-1004/2004/3004/N1004 Europe
  • PSP-1005/2005/3005/N1005 Korea
  • PSP-1006/2006/3006/N1006 Hong Kong/Singapore
  • PSP-1007/2007/3007/N1007 Taiwan
  • PSP-1008/2008/3008/N1008 Russia
  • PSP-1009/2009/3009/N1009 China
  • PSP-1010/2010/3010/N1010 Mexico

6
Fake CFW Warning
  • Lately, there have been a lot of fake Custom
    Firmwares popping up on YouTube, mostly 5.55 and
    6.00 (these are the easiest to fake), these are
    usually just people looking for their 5 minutes
    of fame.
  • There are a few ways to tell if someone is faking
    or not
  • 1. Know the OFW they are trying to customize, if
    one thing seems off, its probably fake.
  • 2. Do a Google search on their username, if
    nothing good turns up, theres a chance theyre
    faking
  • 3. If they make multiple excuses/postpone the
    release multiple times, its probably a fake
  • I have made a fake CFW myself just to show people
    how easy it is to make a fake 6.00 CFW without
    any coding experience, I only used 7 files from
    6.10 and 2 plugins and it looks exactly like 6.00
    to the untrained eye, see it here.

7
Exploits and How To Find Them
  • What is an exploit?
  • To put it into simpler words, an exploit is
    basically a piece of software, or code that takes
    advantage of a bug or vulnerability in a piece of
    software or hardware.
  • If a user-mode exploit is found on the PSP, it
    will enable a good amount of homebrew to run.
    Possibly allowing an eLoader to be coded.
  • If the user-mode exploit is supplied with a
    kernel-mode one, you will be able to make a HEN.
  • For more info on User and Kernel-Mode, refer to
    slide 5.
  • Please refer to slide 18 for more info regarding
    current exploits that work with the TA-088v3 and
    the 3000, and slide 22 for info on past exploits
    used on the Phat.
  • Here are some tutorials about exploits
  • Finding gamesaves exploits on the PSP
  • Looking for vulnerabilities in the PSP Firmware

8
User And Kernel Mode
  • Kernel-mode is much like administrator rights on
    a PC. It has more access over the computer than a
    normal user would have.
  • A "Kernel" is actually the interface between
    software and hardware. The kernel tells the
    hardware what to do, and it receives data from
    the software/firmware.
  • With a Kernel-mode exploit you can access program
    functions that are normally only available to
    Sony-signed code, or Sony technicians.The
    kernel-mode would have more access to functions
    that would allow the control of the Hardware and
    firmware.
  • User-mode is simply the normal mode that a
    software (a game) would be able to access. In a
    way, it only allows access to what a game or a
    typical user has access to.
  • Basically, a kernel-mode exploit would allow
    access to hardware and firmware functions, while
    the user-mode exploits would deny access to those
    things.
  • Kernel-mode exploits are harder to find in-game
    than in-XMB
  • Both a user-mode and a kernel-mode exploit are
    needed to make a HEN.

9
PSP-1000 Series
  • This PSP is also known as the Phat
  • How To Tell If Its A Phat
  • Speaker holes are at the bottom of this PSP
  • The WLan switch is on the left side
  • The UMD drive is opened by a latch on the top
  • The back of the Phat has humps on both sides

10
PSP-1000 Series Pros
  • All versions of the 1000 are hackable
  • Is compatible with the 1.50 kernel, which is used
    in older homebrew
  • Is built strong with an internal metal frame
  • Has a built-in IR port

11
PSP-1000 Series Cons
  • Small internal flash (32MB)
  • Low amount of RAM (32MB)
  • Heavy
  • No TV-Out
  • Not compatible with Skype

12
PSP-1000 Motherboards
  • To find out which motherboard you have, use
    PSPIdent v0.4

13
PSP-2000 Series
  • This PSP is also known as the Slim
  • How To Tell If Its A Slim
  • The speaker holes are at the top
  • The WLan switch is on top
  • The UMD drive is opened manually
  • The back of the Slim is flat with a slight curve
    at each end

14
PSP-2000 Series Pros
  • Large internal flash space (64MB)
  • Large amount of RAM (64MB)
  • Lighter than 1000 Series
  • Has a TV-Out feature for HDTVs
  • Certain homebrew is designed to use the Slims
    extra RAM, this type of homebrew only works on
    the Slim or higher
  • As of OFW 3.90, the Slim has the ability to use
    Skype

15
PSP-2000 Series Cons
  • Not all Slims are hackable, Slims with the
    motherboard TA-088v3 cannot be hacked yet
  • The only way to run homebrew on a TA-088v3 is to
    use exploits/HEN/CFW Enabler
  • Uses a plastic frame, easier to break
  • No IR port
  • Easily shows fingerprints
  • PSP games cant be played using TV-Out on
    standard TVs, only HDTVs

16
PSP-2000 Motherboards
  • To find out which motherboard you have, use
    PSPIdent v0.4

17
About The TA-088v3
  • This motherboard has a new CPU, this CPU holds a
    new Pre-IPL, the new Pre-IPL blocks all current
    custom IPLs used for custom firmware, this is the
    reason the TA-088v3 cannot be hacked yet.
  • For more info, visit this page

18
How To Tell If Its A TA-088v3
  • If you purchased a new PSP-2000, how can you tell
    if its hackable? Well there are many ways to
    tell!
  • Look for your box letter, if its a G or
    higher, its most likely a TA-088v3 (Fig. A)
  • Check to see which firmware it came with, if it
    came with Version 4.01 or higher, its most
    likely a TA-088v3 (Fig. B)
  • If it was used and has firmware 5.03 or under ,
    the easiest way to tell if its a TA-088v3 is to
    run PSPIdent v0.4 thru ChickHEN, this also works
    on new PSP-2000s as well (Fig. C)

Fig. A
Fig. B
Fig. C
This method only works on NEW PSPs, if you
purchased it used, the original owner could have
updated the firmware
19
PSP-3000 Series
  • This PSP is also known as the Brite
  • How To Tell If Its A Brite
  • The Home button is now a PS button
  • The PS, Select, and Start buttons are oval
    instead of half-circles
  • The metal ring on the UMD drive is thinner
  • The D-Pad and Action buttons now sit in a small
    crater
  • The edges are rounded
  • There is a mic hole next to the PSP logo under
    the screen

20
PSP-3000 Series Pros
  • Large internal flash space (64MB)
  • Large amount of RAM (64MB)
  • Lighter than 1000 Series
  • Has a new screen with better color
  • Has a built-in microphone
  • TV-Out is enhanced, PSP games can be played on
    any TV
  • Can use Skype

21
PSP-3000 Series Cons
  • None of the PSP-3000 Series systems can be hacked
    yet
  • Some people can see interlacing lines on the new
    screen
  • The only way to currently run homebrew is to use
    exploits/HEN/CFW Enabler
  • Uses a plastic frame, easier to break
  • No IR port

22
PSP-3000 Motherboards
  • To find out which motherboard you have, use
    PSPIdent v0.4

23
About the PSP-3000
  • This motherboard has a new CPU, this CPU holds a
    new Pre-IPL, the new Pre-IPL blocks all current
    custom IPLs used for custom firmware, this is the
    reason the PSP-3000 cannot be hacked yet.
  • For more info, visit this page
  • Also, the PSP-3000 has no reaction to current
    jigkick (also known as Pandora) batteries, making
    it even harder to hack.

24
PSP-3000/TA-088v3/Go Compatible Exploits
  • Lately, the PSP-3000 has started a search for
    exploits that allow unsigned code to be run on
    Official firmware, this is a list of known user
    mode exploits for the PSP-3000/
    TA-088v3/Go
  • Format Exploit Name firmware supported info
  • Gripshift Exploit 1.52-5.02 This exploit uses
    the UMD game Gripshift to launch homebrew using a
    hacked savegame, the homebrew this exploit
    launches must be coded specifically for this
    exploit, this exploit was patched in 5.03
  • Easter Eggsploit (Also known as the Laughing
    Man TIFF Exploit) 5.00-5.05 This exploit was
    found by MaTiAz, it uses a bug in the way Sony
    implemented libtiff to run unsigned code. A HEN
    (named ChickHEN) was created for 5.03 by Davee,
    who found the kernel exploit needed for a HEN.
    Using the ChickHEN, PSP Slims with the TA-088v3
    Motherboard and the PSP-3000 are able to use most
    homebrew. Using a homebrew called CFW Enabler,
    the TA-088v3 and the PSP-3000 can run 5.03
    M33/MHU on top of the HEN. This exploit was
    patched in 5.50
  • MOHH Exploit 3.03-5.55 This exploit uses the
    UMD game Metal of Honor Heroes to launch
    homebrew using a hacked savegame, the exploit
    happens when you kill yourself in an adhoc
    multiplayer mode. Currently, the homebrew this
    exploit launches must be coded specifically for
    this exploit, but an eLoader is currently being
    coded for it, this exploit was patched in 6.00
  • Mercury Exploit - ?.??-6.10 This exploit uses
    the game Archer Macleans Mercury to launch
    homebrew using a hacked savegame. The homebrew
    this exploit launches must be coded specifically
    for this exploit .See this page for more info.
    This exploit was patched in 6.20

This does not mean you can now install CFW on an
unhackable motherboard, it just makes the HEN
more CFW-like, DO NOT TRY TO INSTALL CFW ON
TA-088v3 OR PSP-3000, YOU WILL GET A BRICK!!!
25
PSP Go! Series
  • This PSPs model number is PSP-N1000
  • How To Tell If Its A Go!
  • The PS button is located on the left side of the
    screen
  • This system has no UMD Drive
  • This system can slide up and down to hide/reveal
    buttons
  • The speaker holes are four dots in a diamond
    pattern beside the screen
  • This system has a Bluetooth indicator light on
    the right of the screen, and a Wi-Fi indicator
    light on the left
  • There is a mic hole between the analog stick and
    the start/select buttons

26
PSP Go! Pros
  • Has 16 GB Internal Flash Memory
  • Smaller and lighter than PSP-2000/3000
  • Game Sleep Function (Save State)
  • Bluetooth Compatibility
  • - Can be paired with a PS3 controller
  • - Can connect to a cell phone and use it to
    connect to the internet
  • - Can use a Bluetooth headset

A PS3 is required to pair a PS3 controller with
the PSP Go!
27
PSP Go! Cons
  • No UMD Drive
  • Smaller Screen (3.8 inch)
  • Uses a custom USB/AV Out/Charge port, AV Out
    cable for 2000/3000 will not work, chargers for
    1000/2000/3000 will not work, special USB cable
    needed
  • Uses M2 memory cards, so MS Pro Duo will not work
    with the PSP Go!
  • There is no current way to run homebrew on the Go!

28
PSP Go! Motherboards
29
Downgrading Without Pandora
  • Before Pandora existed, installing CFW involved
    downgrading to 1.50 thru exploits then upgrading
    to CFW, exploits can still be used to install CFW
    with the help of Hellcats Recovery Flasher,
    this is a list of all user mode exploits that
    have the ability to downgrade/install CFW (a
    kernel mode exploit is needed for HEN)
  • Format Exploit Name (Game Used) Type
    firmware supported info
  • TIFF Exploit eLoader 2.00 Used a bug in
    libtiff to run unsigned code, this exploit was
    patched in 2.01
  • GTALCS Exploit (GTALCS) eLoader 2.00 to
    2.60 Used a modified savegame to run unsigned
    code, can be used to downgrade in 2.50, 2.60,
    save slots 1-7 were patched to prevent this
    exploit in 2.70
  • TIFF Exploit eLoader/HEN 2.01 to 2.80 Used a
    bug in libtiff to run unsigned code, can be used
    to downgrade in 2.01, 2.71, 2.80, this exploit
    was patched in 2.81
  • Goofy Exploit (GTALCS) HEN 2.00 to 3.03
    Used a modified savegame to run unsigned code,
    this exploit is different than the one for
    firmwares 2.00 to 2.60 as it uses save slot 8
    instead of slots1-7, Sony patched slots 1-7 but
    not slot 8, can be used to downgrade in 3.03,
    this exploit was completely patched in 3.10
  • Illuminati Exploit (Lumines) HEN 1.50 to
    3.50 Used a modified savegame to run unsigned
    code, can be used to downgrade in 3.11,3.50, this
    exploit was patched in 3.51
  • Easter Eggsploit HEN 5.00 to 5.05 Also
    called the Laughing Man Exploit, uses a bug in
    the way Sony implemented libtiff to run unsigned
    code, can be used to install CFW on 5.03, this
    exploit was patched in 5.50

Do not try this on a PSP-2000 with the TA-088v3
motherboard or on a PSP-3000, you will end up
with an unrecoverable brick!! You have been
warned!
30
Battery Info And Pandora Battery Creation
  • There are three types of official Sony batteries
    for the Phat, Slim, and Brite 1200 mAh
    (PSP-S110), 1800 mAh (PSP-110), and 2200 mAh
    (PSP-280)
  • Phat compatible 1800 mAh, 2200mAh
  • Slim compatible 1200 mAh, 1800 mAh, 2200 mAh
  • Brite compatible 1200 mAh, 1800 mAh, 2200 mAh
  • Only certain PSPs have the ability to create
    Jigkick (also known as Pandora) batteries, if you
    get a PSP that doesnt have this ability, you
    will have to ask someone to make one for you,
    hardmod one, or buy a pre-made one
  • All PSP Phats can make Pandora Batteries
  • The only Slims that are capable of making
    Pandoras are ones with a TA-085v1 motherboard,
    these Slims were found in early Daxter
    Entertainment Packs and are silver
  • Later versions of the Daxter pack PSP have
    TA-085v2 motherboards and are also silver, all
    PSP Slims with a TA-085v2 motherboard and up
    cannot create Pandora batteries
  • Newer 1200 mAh batteries cannot be changed into
    jigkick/Pandora batteries at all
  • The PSP-3000 can not create Pandora batteries
  • OSPBT 0.52 is a good program to make Softmodded
    Pandora Batteries

The Slim and Brite require a special battery
cover to use these batteries
31
Now What? (Hackable)
  • So you found the PSP you wanted and its
    hackable, now what do you do to get it hacked?
    Here is a list of helpful tutorials to get you
    started
  • How to make Jigkick Battery (Softmod) Here
  • How to make Jigkick Battery (Hardmod) Here
  • Using The Universal Unbricker To
    Unbrick/Downgrade Here
  • Installing CFW via OFW 5.03 on 100x 200x Here

NOTE DO NOT USE HELLCATS RECOVERY FLASHER ON
TA-088V3 OR PSP-3000, YOU WILL BRICK IT AND THERE
IS NO WAY TO UNBRICK IT AT THIS POINT!!! You have
been warned!
32
Now What? (Unhackable)
  • So you found the PSP you wanted and its
    unhackable, now what do you do to get homebrew on
    it?
  • If you have firmware 5.03 or below, your best bet
    is to upgrade to 5.03 and use ChickHEN, if you
    really want CFW, there is a homebrew called CFW
    Enabler that makes HEN act like CFW. You still
    have to run it every time you hard reset your
    PSP, though.
  • If you have firmware above 5.03, then there
    currently isnt a way to run homebrew on your
    PSP, if you have firmware 5.55 or below, your
    best bet is to wait for the MOHH eLoader, if you
    have a firmware above 5.55, youll have to wait
    for a new exploit.
  • Step by Step tutorial Installing ChickHEN
    CFWEnabler Here

This does not mean you can now install CFW on an
unhackable motherboard, it just makes the HEN
more CFW-like, DO NOT TRY TO INSTALL CFW ON
TA-088v3 OR PSP-3000, YOU WILL GET A BRICK!!!
33
ISO to EBOOT Explanation
  • It is possible to take a PS1 ISO file that was
    ripped from a disc you own and convert it into an
    EBOOT.PBP file so you can play it on a
    CFW-Enabled PSP, it is NOT possible to convert a
    PSP ISO/CSO into an EBOOT.PBP
  • Why cant I convert a PSP ISO into an EBOOT?
    This is a common question that gets asked all the
    time, why can you convert PSX ISOs to eboots, and
    not PSP ISOs to eboots?
  • The simple answer is, PSP ISOs are encrypted, PSX
    ones are not. So how can I convert PSX ISOs to
    eboots?
  • There are tons of guides available, as well as
    easy-to-use tools that make converting PS1 games
    a snap
  • The best tools out there are PSX2PSP for Windows
    and iPoPS for Mac
  • Here are a few guides to get you started
  • Tutorial Quickly Convert PSX to EBOOT (Uses
    AutoPopstation 4)
  • PS1 2 PSP (PSX) TUTORIAL (Uses PSX2PSP)

In my opinion
34
Downloads
  • ChickHEN R2 (m0skit0 Mod) Here
  • CFW Enabler (3.60) Here
  • PSPIdent v0.4 Here
  • Recovery Flasher v1.60 Here
  • OSPBT 0.52 Here
  • PS1 to PSP Windows Mac

Note If you are having problems opening the
links, right-click them and select Open
Hyperlink
35
OFW Changelogs Part 1
36
OFW Changelogs Part 2
37
OFW Changelogs Part 3
38
OFW Changelogs Part 4
39
OFW Changelogs Part 5
40
OFW Changelogs Part 6
41
OFW Changelogs Part 7
42
CFW Version Information
  • For a list of many different CFW versions, info,
    and downloads, see this page on the PSPWiki
  • That list contains info on OE, M33, GEN, and many
    other CFWs from other people

43
PowerPoint Change Log
  • For earlier changelogs, see this page on my
    website.
  • 5.0 Edited User And Kernel Mode, Added
    multiple OFW Changelogs pages, Added Table Of
    Contents page, Added CFW Version Information
    page
  • 5.1 PowerPoint Change Log format changed,
    Changed alignment of dates on the Title page
  • 5.2 Added note to PowerPoint Change Log,
    Added 6.20 to OFW Changelogs
  • 5.3 Changed PSP-3000/TA-088v3 Compatible
    Exploits to PSP-3000/TA-088v3/Go Compatible
    Exploits, Edited PSP-3000/TA-088v3/Go
    Compatible Exploits, Added Fake CFW Warning
    page
  • 5.3.1 Edited PSP-3000/TA-088v3/Go Compatible
    Exploits

Note Changes made to Table of Contents will
not be logged
44
Credits
  • Author Ruyor
  • Contributors mortalinstincts, wololo, leq,
    DarkestVoid, Rolen47, raing3, SifJar, n00b81
  • Sources dark-alex.org, PSP Wiki, Many websites I
    dont remember, My Brain ?
  • Thanks Jonatan10, jeerum

If you have any suggestions or find any errors
please go to upsp.ws, a site with a dedicated
section to this PowerPoint If you found this
PowerPoint helpful, please go to ruyor.upsp.ws
and donate something ?
Write a Comment
User Comments (0)
About PowerShow.com