[RELEASE] 5.03 TIFF Hello World - Page 46

Cloudy · 04-15-2009, 04:14 PM

Quote:

Originally Posted by wimat

And on my PSP fat?? Will the HEN be able to downgrade it?

If by downgrade you mean install custom firmware on it, then yes. To be completely clear:

The kernel exploit will allow changes to the IPL. However, on PSP models such as the PSP 3000 and the unhackable slim model, writing to the IPL will just cause a brick, as the pre-ipl won't verify it.

Quote:

Originally Posted by KezraPlanes

Oh! That makes sense now... Thanks for shedding light on that jx233

+rep

Edit: On another note though, will Kernel Mode be able to help crack the Custom IPL problem? Sorry for the questions but this is most likely things useful for everyone to know...

No - In order to be able to see the pre-ipl (which would hopefully, allow the IPL problem to be bypassed), there needs to be a much lower level exploit, or a way of reading the pre-ipl by hardware methods. The former is hard to find, and the latter is expensive

EDIT:

Quote:

Originally Posted by jx233

You could install custom firmware from HEN. If you do that on a PSP with the TA-088 V3 and TA-090 V2 motherboard, it will brick as those motherboards do not currently work with the Custom IPL used in the custom firmware.

This time you beat me

04-15-2009, 04:23 PM

The Pre-IPL terminates after the PSP boots. With very little knowledge of the Pre-IPL, it is very difficult to make/forge a Custom IPL to work for the PSP's with a TA-088 V3 and TA-090 V2 motherboards. Kernel exploit or no exploit, the custom IPL problem cannot be solved. But the kernel exploit is good for running unsigned code (homebrew), and dumping the PSP-3000 firmware / idstorage for study / research purposes.

dudericious · 04-15-2009, 04:24 PM

Quote:

Originally Posted by Cloudy

No - In order to be able to see the pre-ipl (which would hopefully, allow the IPL problem to be bypassed), there needs to be a much lower level exploit, or a way of reading the pre-ipl by hardware methods. The former is hard to find, and the latter is expensive

What is IPL? Or Pre-IPL even?

04-15-2009, 04:25 PM

Quote:

Originally Posted by dudericious

What is IPL? Or Pre-IPL even?

Pre-IPL is in the PSP's hardware, it starts / has instructions to start the IPL. IPL starts the PSP's firmware.

Cloudy · 04-15-2009, 04:28 PM

Quote:

Originally Posted by dudericious

What is IPL? Or Pre-IPL even?

The pre-ipl is code that is inside the ROM of the CPU. It is ran whenever the PSP boots up. Now, the PSP NAND is made to have an updatable IPL, so the first thing that the PSP does is to decrypt the IPL and check it.

The reason that the TA-083-v3 doesn't work, is that the pre-ipl has been updated to check extra things (or perhaps the exploit has been closed totally - depends how lazy sony is) - and our "fake signed" IPL's do not pass these checks, so it turns itself off

This check is done both to IPL's ran from the memory stick, and from the NAND (psp flash) - and custom IPL's are what make custom firmwares on the slim and above possible.

EDIT: We really should stop posting the same thing

04-15-2009, 04:31 PM

Quote:

Originally Posted by Cloudy

The pre-ipl is code that is inside the ROM of the CPU. It is ran whenever the PSP boots up. Now, the PSP NAND is made to have an updatable IPL, so the first thing that the PSP does is to decrypt the IPL and check it.

The reason that the TA-083-v3 doesn't work, is that the pre-ipl has been updated to check extra things (or perhaps the exploit has been closed totally - depends how lazy sony is) - and our "fake signed" IPL's do not pass these checks, so it turns itself off

This check is done both to IPL's ran from the memory stick, and from the NAND (psp flash) - and custom IPL's are what make custom firmwares on the slim and above possible.

EDIT: We really should stop posting the same thing

You're right. Our posts were a coincidence. Well, I guess I will reply later to other unanswered questions.

**Davee** · 04-15-2009, 04:35 PM

HEN will be a stripped down enabler lacking many features of M33 custom firmware. It'll allow the bootup of homebrew regardless but may be restrictive to certain applications (in cases where it will not boot at all). However, applications will be released to enhance the HEN such as the loading of M33 custom firmware when I get permission to use the modules.

As another note, the conditions of the TIFF exploit as very unstable (as you might have noticed) and flashing of modules to flash0 is improbable and will load off the memorystick. An eboot will be supplied to countervent this and will flash the modules in a more stable enviroment.

Release is currently unconfirmed but will be before Tuesday.

RoBz · 04-15-2009, 04:36 PM

Thanks for the update Davee.

**KezraPlanes** · 04-15-2009, 04:39 PM

Quote:

Originally Posted by Davee

HEN will be a stripped down enabler lacking many features of M33 custom firmware. It'll allow the bootup of homebrew regardless but may be restrictive to certain applications (in cases where it will not boot at all). However, applications will be released to enhance the HEN such as the loading of M33 custom firmware when I get permission to use the modules.

As another note, the conditions of the TIFF exploit as very unstable (as you might have noticed) and flashing of modules to flash0 is improbable and will load off the memorystick. An eboot will be supplied to countervent this and will flash the modules in a more stable enviroment.

Release is currently unconfirmed but will be before Tuesday.

Thanks Davee

Cloudy · 04-15-2009, 04:42 PM

Quote:

Originally Posted by Davee

HEN will be a stripped down enabler lacking many features of M33 custom firmware. It'll allow the bootup of homebrew regardless but may be restrictive to certain applications (in cases where it will not boot at all). However, applications will be released to enhance the HEN such as the loading of M33 custom firmware when I get permission to use the modules.

As another note, the conditions of the TIFF exploit as very unstable (as you might have noticed) and flashing of modules to flash0 is improbable and will load off the memorystick. An eboot will be supplied to countervent this and will flash the modules in a more stable enviroment.

Release is currently unconfirmed but will be before Tuesday.

Ta for the update. The exploit is weird. Stable in some circumstances, yet unstable in others. Personally, it loads every time for me on 5.00 M33. Guess it's more to do with the state of the memory though.

Looking forward to what you come up with

04-15-2009, 04:36 PM	#458
RoBz Jacking up the database Join Date: Oct 2008 Location: Dublin, Ireland Posts: 496 Reputation: 37	Thanks for the update Davee. __________________ {Last.fm \| Twitter}

04-15-2009, 04:23 PM	#452
The»Ph0ton Guest Posts: n/a	The Pre-IPL terminates after the PSP boots. With very little knowledge of the Pre-IPL, it is very difficult to make/forge a Custom IPL to work for the PSP's with a TA-088 V3 and TA-090 V2 motherboards. Kernel exploit or no exploit, the custom IPL problem cannot be solved. But the kernel exploit is good for running unsigned code (homebrew), and dumping the PSP-3000 firmware / idstorage for study / research purposes.

04-15-2009, 04:35 PM	#457
Davee lolhax Join Date: Oct 2008 Location: Scottishlands Posts: 374 Reputation: 32	HEN will be a stripped down enabler lacking many features of M33 custom firmware. It'll allow the bootup of homebrew regardless but may be restrictive to certain applications (in cases where it will not boot at all). However, applications will be released to enhance the HEN such as the loading of M33 custom firmware when I get permission to use the modules. As another note, the conditions of the TIFF exploit as very unstable (as you might have noticed) and flashing of modules to flash0 is improbable and will load off the memorystick. An eboot will be supplied to countervent this and will flash the modules in a more stable enviroment. Release is currently unconfirmed but will be before Tuesday.