JigKick Battery: Difference between revisions

From PSP Developer wiki
Jump to navigation Jump to search
(Move blurb from top of page into it's own section and update it)
(Re-wrote everything except original JigKick tutorial)
Line 1: Line 1:
= What is a JigKick Battery? =
The term "JigKick" refers to external hardware that, when connected, causes the PSP to boot in Manufacturing Mode (commonly known as service mode). In this mode, the [[PRE-IPL]] launches the [[IPL]] from sector 16 on the physical drive (the Memory Stick) instead of the NAND.
The original JigKick Battery (also referred to as "Pandora Battery") is a PSP battery that reports a serial number of 0xFFFFFFFF. This version of JigKick Battery is only compatible with PSP-1000 and PSP-2000. Newer versions of JigKick hardware have been created for other models.
= JigKick History =
== Pandora's Release ==
The original Pandora JigKick Battery and [[Magic_Memory_Stick | Magic Memory Stick]] software was [https://web.archive.org/web/20230627183619/http://noobz.fanjita.org/joomla/news/unbricker-for-all-firmwares.html released by Team C+D] on August 22nd, 2007. It included a PSP homebrew app to re-write a battery's serial number to 0xFFFFFFFF and another homebrew app to create a Magic Memory Stick capable of installing a fresh copy of firmware 1.50 on any PSP-1000, allowing unbricking or downgrading from any firmware.
This first version of the JigKick Battery continued to work on the PSP-2000 with updated [[Magic_Memory_Stick | Magic Memory Stick]] software.


== Sony Fights Back ==


= A Note =
Sony changed the way newer PSPs worked multiple times in order to prevent users from using service mode to quickly downgrade or install Custom Firmware.


The JigKick Battery described on this page is the original iteration by Team C+D. Some of the info presented may be outdated and/or missing images and is in the process of being fixed up. This version of the JigKick Battery is only able to put PSP-1000 and PSP-2000 in service mode. For newer models, please see the following:
=== Battery EEPROM Write Access Patched in New Motherboards ===
* [[Psp-3000_Jigkick | PSP-3000 JigKick]]
* [[Psp_Go_Jigkick | PSP Go JigKick]]
* [[PSP_Street_Jigkick | PSP Street JigKick]]


= What is a JigKick Battery? =
Starting with the second revision of PSP Slim motherboard (TA-085v2 and newer), Sony disabled the ability to write to the battery's EEPROM, preventing homebrew software from changing the battery's serial when run on these newer PSPs. Using batteries already converted to JigKick to enter service mode still works on newer PSP-2000s with this change.


The term "JigKick" refers to external hardware that when connected causes the PSP to boot in Manufacturing Mode (commonly known as service mode). In this mode, the [[PRE-IPL]] launches the [[IPL]] from sector 16 on the physical drive (the Memory Stick) instead of the NAND.
=== Battery EEPROM Write Access Patched in New Batteries ===


The original JigKick Battery (also referred to as "Pandora Battery") is a PSP battery that reports a serial number of 0xFFFFFFFF. This version of JigKick Battery is only compatible with PSP-1000 and PSP-2000 (excl. TA-090v1).
[https://web.archive.org/web/20230627183620/http://noobz.fanjita.org/joomla/news/are-new-sony-batteries-pandora-proof.html First reported by Fanjita] on September 24th, 2007.  


= Sony's patches =
Sony began preventing EEPROM writes in all sizes of newly manufactured batteries, mostly impacting 1200mAh batteries included with late PSP-2000s and PSP-3000s. These batteries have a string of numbers at the bottom of the label starting with a 4.


== PRE-IPL patch in new Tachyon revisions ==
=== PRE-IPL patch in new Tachyon revisions ===
(This section should be moved to [[Magic_Memory_Stick | Magic Memory Stick]] as it deals with the software side of service mode more than the hardware)


As time went on, Slim PSPs with different revisions of the TA-088 motherboard have been released, and are confirmed to be Pandora-proof. The TA-088v2 first reported being shipped with Slims in the Asia continent, had a patched Tachyon that disabled the loading of all current Pandora IPL, but however did not defeat the loading of custom firmware IPLs. The ability to flash CFW via Despertar Del Cementerio has been fixed with v6 which uses a new kernel, therefore allowing Pandora Battery to work on TA-088v2.
As time went on, Slim PSPs with different revisions of the TA-088 motherboard have been released, and are confirmed to be Pandora-proof. The TA-088v2 first reported being shipped with Slims in the Asia continent, had a patched Tachyon that disabled the loading of all current Pandora IPL, but however did not defeat the loading of custom firmware IPLs. The ability to flash CFW via Despertar Del Cementerio has been fixed with v6 which uses a new kernel, therefore allowing Pandora Battery to work on TA-088v2.
Line 28: Line 40:
The PSP-2000 version of the TA-090 (v1) motherboard is hackable with Pandora Battery. However, with the PSP-3000 version of the TA-090 (v2 and v3), Pandora Battery does not even turn on the PSP.
The PSP-2000 version of the TA-090 (v1) motherboard is hackable with Pandora Battery. However, with the PSP-3000 version of the TA-090 (v2 and v3), Pandora Battery does not even turn on the PSP.


== Battery EEPROM write access patch in new motherboards ==
=== Added Authentication Challenges ===


The new PSP Slim motherboards (TA085v2 and newer) can not write to the battery EEPROM at all because Sony disabled it, therefore you have to use the hardware mod way to make a Pandora battery.
Starting with PSP-3000, SYSCON issues extra challenges that are JigKick specific which must be passed before the PSP can boot from the Memory Stick IPL. A normal battery with serial changed to 0xFFFFFFFF will trigger these challenges but cannot pass them, preventing the PSP from booting and finally stopping the original JigKick Battery from working. Later versions of the 3000 introduced different, more obfuscated challenges thanks to Datel teasing a PSP-3000 compatible JigKick Battery that was never released. Newer models like the Go and Street didn't have removable batteries and used different pins/triggers for the same style of communication as 3000s with official JigKick hardware.


== Battery EEPROM write access patch in new batteries ==
== New Breakthroughs ==


Reported by Fanjita on 24-09-2007. [http://noobz.fanjita.org/joomla/news/are-new-sony-batteries-pandora-proof.html]
On January 11th 2021, a new post [https://www.pspx.ru/forum/showthread.php?t=111113 on pspx.ru forums] by khubik detailed information on how to build a new style of JigKick that could put 03g models of PSP-3000 into service mode by connecting the center pin of the battery connector to a USB serial adapter and using a PC program called Baryon Sweeper to receive and pass the SYSCON challenges. The way to trigger [[PSP_Street_Jigkick | service mode on PSP Street]] was discovered in February, 2021 and involved using the USB ID pin for communication and a button combo. PSP Go keys seem to have been dumped around June, 2021. More keys for newer models were dumped on April 29th 2023 (11g) and May 2nd, 2023 (04g, 07g, 09g) and added to a new version of the PC program re-written in Python called PySweeper. The method to trigger [[Psp_Go_Jigkick | service mode on PSP Go]] was discovered by l_oliveira on August 5th, 2023, finally making service mode available on all models.


Any new battery which is official (including Fat and Slim) and all fake batteries cannot be converted into a Pandora Battery. So the advice is to buy a new one and use the original one as a Pandora Battery. This is ideal because a Pandora Battery can do lots of useful things like run the Time Machine and along with a Magic Memory Stick you can unbrick, downgrade any supported PSP. Or you can just use the original one and convert it back to a normal battery, if you don't want to spend any money. You can also buy a Datel Tool Battery. This is the same as an "original" JigKick Battery. But, even if you have a Datel Tool Battery, you still have to make a Magic Memory Stick.


= Converting a normal battery to JigKick =
= Creating PSP-1000 and PSP-2000 JigKick Battery =
(This section pending re-write)


You can either Hardmod a battery or Softmod it.
You can either Hardmod a battery or Softmod it.
Line 152: Line 164:
5. If you want to turn it back into a normal battery, re-solder the leg down
5. If you want to turn it back into a normal battery, re-solder the leg down


=== Blue Square ===
==== Blue Square ====


1. Open the extra battery with a knife or a screwdriver.
1. Open the extra battery with a knife or a screwdriver.
Line 165: Line 177:


If successful, place the battery into the PSP without a Memory Stick inserted. The PSP should boot automatically with the screen staying blank.
If successful, place the battery into the PSP without a Memory Stick inserted. The PSP should boot automatically with the screen staying blank.
= Creating PSP-3000 JigKick Hardware =
* See [[Psp-3000_Jigkick | PSP-3000 Jigkick]]
= Creating PSP Go JigKick Hardware =
* See [[Psp_Go_Jigkick | PSP Go Jigkick]]
= Creating PSP Street JigKick Hardware =
* See [[PSP_Street_Jigkick | PSP Street Jigkick]]


= See also =
= See also =


* [https://web.archive.org/web/20090309223546/http://alek.dark-alex.org/pspwiki/index.php/JigKick_Battery Old PSP Wiki page]
* [https://web.archive.org/web/20090309223546/http://alek.dark-alex.org/pspwiki/index.php/JigKick_Battery Old PSP Wiki page]
* [http://noobz.fanjita.org/joomla/news/unbricker-for-all-firmwares.html Pandora's Battery release by Team C+D (22-08-2007)]

Revision as of 07:27, 26 August 2023

What is a JigKick Battery?

The term "JigKick" refers to external hardware that, when connected, causes the PSP to boot in Manufacturing Mode (commonly known as service mode). In this mode, the PRE-IPL launches the IPL from sector 16 on the physical drive (the Memory Stick) instead of the NAND.

The original JigKick Battery (also referred to as "Pandora Battery") is a PSP battery that reports a serial number of 0xFFFFFFFF. This version of JigKick Battery is only compatible with PSP-1000 and PSP-2000. Newer versions of JigKick hardware have been created for other models.

JigKick History

Pandora's Release

The original Pandora JigKick Battery and Magic Memory Stick software was released by Team C+D on August 22nd, 2007. It included a PSP homebrew app to re-write a battery's serial number to 0xFFFFFFFF and another homebrew app to create a Magic Memory Stick capable of installing a fresh copy of firmware 1.50 on any PSP-1000, allowing unbricking or downgrading from any firmware.

This first version of the JigKick Battery continued to work on the PSP-2000 with updated Magic Memory Stick software.

Sony Fights Back

Sony changed the way newer PSPs worked multiple times in order to prevent users from using service mode to quickly downgrade or install Custom Firmware.

Battery EEPROM Write Access Patched in New Motherboards

Starting with the second revision of PSP Slim motherboard (TA-085v2 and newer), Sony disabled the ability to write to the battery's EEPROM, preventing homebrew software from changing the battery's serial when run on these newer PSPs. Using batteries already converted to JigKick to enter service mode still works on newer PSP-2000s with this change.

Battery EEPROM Write Access Patched in New Batteries

First reported by Fanjita on September 24th, 2007.

Sony began preventing EEPROM writes in all sizes of newly manufactured batteries, mostly impacting 1200mAh batteries included with late PSP-2000s and PSP-3000s. These batteries have a string of numbers at the bottom of the label starting with a 4.

PRE-IPL patch in new Tachyon revisions

(This section should be moved to Magic Memory Stick as it deals with the software side of service mode more than the hardware)

As time went on, Slim PSPs with different revisions of the TA-088 motherboard have been released, and are confirmed to be Pandora-proof. The TA-088v2 first reported being shipped with Slims in the Asia continent, had a patched Tachyon that disabled the loading of all current Pandora IPL, but however did not defeat the loading of custom firmware IPLs. The ability to flash CFW via Despertar Del Cementerio has been fixed with v6 which uses a new kernel, therefore allowing Pandora Battery to work on TA-088v2.

A third revision of the TA-088 came weeks after v2. Dubbed the TA-088v3, this motherboard is completely Pandora-proof as discovered by Silverspring. Sony has patched Pandora Battery by updating PRE-IPL in newer Tachyon revisions (0x00600000 and newer).

Source: TA-088v2 report on 14-07-2008

Explanation: explanation on 03-08-2008

The PSP-2000 version of the TA-090 (v1) motherboard is hackable with Pandora Battery. However, with the PSP-3000 version of the TA-090 (v2 and v3), Pandora Battery does not even turn on the PSP.

Added Authentication Challenges

Starting with PSP-3000, SYSCON issues extra challenges that are JigKick specific which must be passed before the PSP can boot from the Memory Stick IPL. A normal battery with serial changed to 0xFFFFFFFF will trigger these challenges but cannot pass them, preventing the PSP from booting and finally stopping the original JigKick Battery from working. Later versions of the 3000 introduced different, more obfuscated challenges thanks to Datel teasing a PSP-3000 compatible JigKick Battery that was never released. Newer models like the Go and Street didn't have removable batteries and used different pins/triggers for the same style of communication as 3000s with official JigKick hardware.

New Breakthroughs

On January 11th 2021, a new post on pspx.ru forums by khubik detailed information on how to build a new style of JigKick that could put 03g models of PSP-3000 into service mode by connecting the center pin of the battery connector to a USB serial adapter and using a PC program called Baryon Sweeper to receive and pass the SYSCON challenges. The way to trigger service mode on PSP Street was discovered in February, 2021 and involved using the USB ID pin for communication and a button combo. PSP Go keys seem to have been dumped around June, 2021. More keys for newer models were dumped on April 29th 2023 (11g) and May 2nd, 2023 (04g, 07g, 09g) and added to a new version of the PC program re-written in Python called PySweeper. The method to trigger service mode on PSP Go was discovered by l_oliveira on August 5th, 2023, finally making service mode available on all models.


Creating PSP-1000 and PSP-2000 JigKick Battery

(This section pending re-write)

You can either Hardmod a battery or Softmod it.

Hardmod is when you you make a JigKick Battery by opening it up and and removing a pin, this can be done to ANY battery.

Softmod is when you make a JigKick Battery by using a program. But it has to be suitable. New Batteries cannot be softmodded.

Softmod

For this you will need a spare compatible battery and a PSP on FW 1.50 or on a CFW eg. 3.80 M33 with 1.50 Kernel addon. You wil first need a Pandorable-by-software battery (see list).

Pandorable-by-software batteries

Working:

   Sony Slim "standard" Li-ion 1200 mAh
   Sony "standard" Li-ion 1800 mAh
   Sony PSP-280 2200mAh
   Datel, PSP Battery 3600 mAh (X2)
   Datel, PSP Battery 1800 Max Power
   Datel, PSP Battery GO MAX (Model # GM1000, uses AAA batteries) note: If you remove the batteries, it resets the serial back to all 0's

Not working:

   3.6v 3600 mAh Battery Pack (Silver letters) (Model PSP-360) (Fake)
   2600 mAh Mega Battery Pack (Fake)
   Atomic Battery Pack 3.6V 1800mAh
   Sony PSP-280 2200mAh (Fake)
   Sony PSP Bloc-Battery pack 3.6v 1800 mAh
   Battery 3600mAh, unknown brand, (china made model NK-RH008) (Fake)
   Battery Pack, unknown brand, (lithium) 3.6v 3600 mAH (Fake)
   Intec 1800 mAh Li-ion
   Intec 2200 mAh
   UltraLast e-Boost 3.7v 2200mAh Li-PO battery

There is now a method that will enable users of CFW above 3.71 M33 which does not automatically have the 1.50 firmware kernel, or for those who are on Slim PSP), to create a Pandora battery, by interfacing directly with the PSP's Syscon chip. This method uses code by SilverSpring, and can be found here???.

Requirements

  • A Pandorable battery (spare if possible). Check if it is pandorable in the list below.
  • An homebrew capable PSP: on FW 1.50, or any CFW with the 1.50 Kernel addon, or a homebrew-enabled PSP.
  • A Pandora installer software:
    • Pandora's Battery Creator (taken from N00bz)
    • Cory149's tool (taken from Max Console)

Installer software

Original Pandora's Battery creator

The original Pandora's Battery creator only for suitable FAT batteries. However, other alternatives such as the UPMS Installer, Hellcat's Pandora Installer for 3.xx kernels, can convert a Slim battery to Service Mode successfully. Download pandora files; battery files included in it, only works on 1.50 or CFW with 1.50 kernel.

Cory149's tool

Cory149's tool which can even convert some old SLIM and FAT suitable batteries.

Installation

   First make sure you have the requirements, then download the software depending on what firmware you are on.
   If you are on 1.50/CFW with 1.50 kernel download the Pandora files; which can convert only FAT batteries, since it only works on FAT PSPs. However, the alternative options for Slims are available.
   If on CFW with no 1.50 kernel download Cory149's tool, which can convert all batteries, and works on both FAT and SLIM PSPs, only on CFW.
   Whichever one downloaded put it in the GAME folder, but you will have to change your kernel depending on what you downloaded.
   If you downloaded the Cory149's tool, make sure it is set to 3.xx kernel.
   If you downloaded the Pandora tools then make sure it is set to 1.50 kernel.
   Run it on the XMB with the battery and Press triangle if you plan to make use it for normal use again.
   Then go back on the program and press X to convert to Pandora's Battery.
   If successful, take it out and plug it back in with no MS, (or an MS that has an IPL that cannot boot with a Pandora Battery) the screen will stay blank.

Hardmod

For this method, you will have to open up your battery, and maybe need some soldering skills, and guts. If you aren't sure about what to do, the best thing to use is a Datel Tool Battery.

Requirements

  • An extra PSP Battery
  • A knife / screwdriver
  • Soldering equipment (to prevent shorting and to revert battery)

Making the JigKick Battery with a FAT PSP battery

You also can use a Datel Tool Battery to use (YOU STILL HAVE TO MAKE A MAGIC MEMORY STICK IF YOU USE DATEL TOOL!)

1. Open the extra battery with a knife or a screwdriver. Do not slide the tool all the way into the battery or you will run the risk of shorting it.

   Image:Pandoranocfw1.jpg 

2. Remove the top of the battery. (Or swing the case open)

   Image:Pandoranocfw2.jpg 

3. Remove (or disconnect) the leg of the chip next to the word C04, IC104, or IC04. This is better to do this with a knife. Once again, be careful not to touch the other objects as you can short it. You can always iron the leg back on if you want. (Requires soldering tools. Also, soldering is easier to do if the leg is still attached to the board, but not in it.

   Image:Pandoranocfw3.jpg

If successful, take it out and plug it back in with no MS, the screen should stay blank. Also, the power light will automatically come on. However, if not, you may have shorted the battery or it needs a charge.

Making the JigKick Battery with a SLIM PSP battery

There are two methods of Hardmodding a SLIM PSP battery into a JigKick (which will be referred to as "Blue Square" or "Red Circle" as indicated by the picture).

image:slim.jpg

Red Circle

1. Open the extra battery with a knife or a screwdriver.

2. Remove the top of the battery, and pull back the motherboard

3. Remove the leg indicated by the red circle (Farthest left, as shown), it is better do this by soldering it!

4. Fold the motherboard back down, and replace the top of the battery. Scotch tape works perfectly to hold the battery together

5. If you want to turn it back into a normal battery, re-solder the leg down

Blue Square

1. Open the extra battery with a knife or a screwdriver.

2. Remove the top of the battery, and pull back the motherboard

3. Scrape away part of the trace (Preferably perpendicular to) indicated by the blue square

4. Fold the motherboard back down, and replace the top of the battery. Scotch tape works perfectly to hold the battery together

5. If you want to turn it back into a normal battery, simply use a pencil to fill in where you cut the trace

If successful, place the battery into the PSP without a Memory Stick inserted. The PSP should boot automatically with the screen staying blank.

Creating PSP-3000 JigKick Hardware

Creating PSP Go JigKick Hardware

Creating PSP Street JigKick Hardware

See also