JigKick Battery: Difference between revisions
CelesteBlue (talk | contribs) No edit summary |
|||
(9 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
= What is a JigKick Battery? = | = What is a JigKick Battery? = | ||
The term "JigKick" refers to external hardware that, when connected, causes the PSP to boot in Manufacturing Mode (commonly known as service mode). In this mode, the [[ | The term "JigKick" refers to external hardware that, when connected, causes the PSP to boot in Manufacturing Mode (commonly known as service mode). In this mode, the [[iplloader]] launches the [[IPL]] from sector 16 on the physical drive (the Memory Stick) instead of the NAND. | ||
The original JigKick Battery (also referred to as "Pandora Battery") is a PSP battery that reports a serial number of 0xFFFFFFFF. This version of JigKick Battery is only compatible with PSP-1000 and PSP-2000. Newer versions of JigKick hardware have been created for other models. | The original JigKick Battery (also referred to as "Pandora Battery") is a PSP battery that reports a serial number of 0xFFFFFFFF. This version of JigKick Battery is only compatible with PSP-1000 and PSP-2000. Newer versions of JigKick hardware have been created for other models. | ||
Line 9: | Line 9: | ||
== Pandora's Release == | == Pandora's Release == | ||
The original Pandora JigKick Battery and [[Magic_Memory_Stick | Magic Memory Stick]] software was [https://web.archive.org/web/20230627183619/http://noobz.fanjita.org/joomla/news/unbricker-for-all-firmwares.html released by Team C+D] on August 22nd, 2007. It included a PSP homebrew app to re-write | The original Pandora JigKick Battery and [[Magic_Memory_Stick | Magic Memory Stick]] software was [https://web.archive.org/web/20230627183619/http://noobz.fanjita.org/joomla/news/unbricker-for-all-firmwares.html released by Team C+D] on August 22nd, 2007. It included a PSP homebrew app to re-write the serial number stored in the battery's EEPROM to 0xFFFFFFFF and another homebrew app to create a Magic Memory Stick capable of installing a fresh copy of firmware 1.50 on any PSP-1000, allowing unbricking or downgrading from any firmware. | ||
This first version of the JigKick Battery continued to work on the PSP-2000 with updated [[Magic_Memory_Stick | Magic Memory Stick]] software. | This first version of the JigKick Battery continued to work on the PSP-2000 with updated [[Magic_Memory_Stick | Magic Memory Stick]] software. | ||
Line 19: | Line 19: | ||
=== Battery EEPROM Write Access Patched in New Motherboards === | === Battery EEPROM Write Access Patched in New Motherboards === | ||
Starting with the second revision of PSP Slim motherboard (TA-085v2 and newer), Sony | Starting with the second revision of PSP Slim motherboard (TA-085v2 and newer), Sony changed SYSCON firmware to block the ability to write to the battery's EEPROM, preventing homebrew software from changing the battery's serial when run on these newer PSPs. Using batteries already converted to JigKick to enter service mode still works on newer PSP-2000s with this change. | ||
=== Battery EEPROM Write Access Patched in New Batteries === | === Battery EEPROM Write Access Patched in New Batteries === | ||
Line 25: | Line 25: | ||
[https://web.archive.org/web/20230627183620/http://noobz.fanjita.org/joomla/news/are-new-sony-batteries-pandora-proof.html First reported by Fanjita] on September 24th, 2007. | [https://web.archive.org/web/20230627183620/http://noobz.fanjita.org/joomla/news/are-new-sony-batteries-pandora-proof.html First reported by Fanjita] on September 24th, 2007. | ||
Sony began preventing EEPROM writes in all sizes of newly manufactured batteries, mostly impacting 1200mAh batteries included with late PSP-2000s and PSP-3000s. These batteries have a | Sony began preventing EEPROM writes in all sizes of newly manufactured batteries, mostly impacting 1200mAh batteries included with late PSP-2000s and PSP-3000s. These 1200mAh batteries have a label serial starting with 08 or higher. | ||
=== | === iplloader patch in new Tachyon revisions === | ||
(This section should be moved to [[Magic_Memory_Stick | Magic Memory Stick]] as it deals with the software side of service mode more than the hardware) | (This section should be moved to [[Magic_Memory_Stick | Magic Memory Stick]] as it deals with the software side of service mode more than the hardware) | ||
As time went on, Slim PSPs with different revisions of the TA-088 motherboard have been released, and are confirmed to be Pandora-proof. The TA-088v2 first reported being shipped with Slims in the Asia continent, had a patched Tachyon that disabled the loading of all current Pandora IPL, but however did not defeat the loading of custom firmware IPLs. The ability to flash CFW via Despertar Del Cementerio has been fixed with v6 which uses a new kernel, therefore allowing Pandora Battery to work on TA-088v2. | As time went on, Slim PSPs with different revisions of the TA-088 motherboard have been released, and are confirmed to be Pandora-proof. The TA-088v2 first reported being shipped with Slims in the Asia continent, had a patched Tachyon that disabled the loading of all current Pandora IPL, but however did not defeat the loading of custom firmware IPLs. The ability to flash CFW via Despertar Del Cementerio has been fixed with v6 which uses a new kernel, therefore allowing Pandora Battery to work on TA-088v2. | ||
A third revision of the TA-088 came weeks after v2. Dubbed the TA-088v3, this motherboard is completely Pandora-proof as discovered by Silverspring. Sony has patched Pandora Battery by updating [[ | A third revision of the TA-088 came weeks after v2. Dubbed the TA-088v3, this motherboard is completely Pandora-proof as discovered by Silverspring. Sony has patched Pandora Battery by updating [[iplloader]] in newer [[Tachyon]] revisions (0x00600000 and newer). | ||
Source: [https://web.archive.org/web/20081226001926/http://forums.maxconsole.net/showthread.php?t=117432 TA-088v2 report on 14-07-2008] | Source: [https://web.archive.org/web/20081226001926/http://forums.maxconsole.net/showthread.php?t=117432 TA-088v2 report on 14-07-2008] | ||
Line 51: | Line 51: | ||
= Creating PSP-1000 and PSP-2000 JigKick Battery = | = Creating PSP-1000 and PSP-2000 JigKick Battery = | ||
In order to turn a battery into a JigKick battery, it must be modified so it reports a serial of 0xFFFFFFFF. This can be done through software (softmod) on PSP-1000 and extremely early PSP-2000 consoles by writing to the battery's EEPROM. If softmodding isn't an option, the battery hardware can be changed (hardmod) by lifting the ground pin on the EEPROM, which disables it and causes | In order to turn a battery into a JigKick battery, it must be modified so it reports a serial of 0xFFFFFFFF. This can be done through software (softmod) on PSP-1000 and extremely early PSP-2000 consoles by writing to the battery's EEPROM. If softmodding isn't an option, the battery hardware can be changed (hardmod) by lifting the ground pin on the EEPROM, which disables it and causes an open bus, which happens to read as if the serial is 0xFFFFFFFF. | ||
== Softmod == | == Softmod == | ||
Line 69: | Line 69: | ||
* Possibly other models of Datel branded batteries | * Possibly other models of Datel branded batteries | ||
<sup>1</sup>: Official Sony batteries have a | <sup>1</sup>: Official Sony batteries may have their EEPROM writing patched, these patched batteries are unable to be softmodded. The only batteries confirmed to have this patch are 1200mAh that have a label serial starting with 08 and higher (this serial check does not apply to 1800mAh and 2200mAh as they use a different serial layout). There has been a [https://web.archive.org/web/20230627183620/http://noobz.fanjita.org/joomla/news/are-new-sony-batteries-pandora-proof.html report in the past by Fanjita] that other sizes may have it as well, but that hasn't been 100% confirmed. The best way to be for sure is to try softmodding. If it doesn't work and your PSP is known to have a motherboard that can write to battery EEPROM, then your battery is patched. An example of the 1200mAh battery serial can be seen below: | ||
[[File:Sony 1200mAh Battery Serial.jpg|thumb|left]] | |||
=== Battery Softmod Software === | === Battery Softmod Software === |
Latest revision as of 21:35, 17 June 2024
What is a JigKick Battery?[edit | edit source]
The term "JigKick" refers to external hardware that, when connected, causes the PSP to boot in Manufacturing Mode (commonly known as service mode). In this mode, the iplloader launches the IPL from sector 16 on the physical drive (the Memory Stick) instead of the NAND.
The original JigKick Battery (also referred to as "Pandora Battery") is a PSP battery that reports a serial number of 0xFFFFFFFF. This version of JigKick Battery is only compatible with PSP-1000 and PSP-2000. Newer versions of JigKick hardware have been created for other models.
JigKick History[edit | edit source]
Pandora's Release[edit | edit source]
The original Pandora JigKick Battery and Magic Memory Stick software was released by Team C+D on August 22nd, 2007. It included a PSP homebrew app to re-write the serial number stored in the battery's EEPROM to 0xFFFFFFFF and another homebrew app to create a Magic Memory Stick capable of installing a fresh copy of firmware 1.50 on any PSP-1000, allowing unbricking or downgrading from any firmware.
This first version of the JigKick Battery continued to work on the PSP-2000 with updated Magic Memory Stick software.
Sony Fights Back[edit | edit source]
Sony changed the way newer PSPs worked multiple times in order to prevent users from using service mode to quickly downgrade or install Custom Firmware.
Battery EEPROM Write Access Patched in New Motherboards[edit | edit source]
Starting with the second revision of PSP Slim motherboard (TA-085v2 and newer), Sony changed SYSCON firmware to block the ability to write to the battery's EEPROM, preventing homebrew software from changing the battery's serial when run on these newer PSPs. Using batteries already converted to JigKick to enter service mode still works on newer PSP-2000s with this change.
Battery EEPROM Write Access Patched in New Batteries[edit | edit source]
First reported by Fanjita on September 24th, 2007.
Sony began preventing EEPROM writes in all sizes of newly manufactured batteries, mostly impacting 1200mAh batteries included with late PSP-2000s and PSP-3000s. These 1200mAh batteries have a label serial starting with 08 or higher.
iplloader patch in new Tachyon revisions[edit | edit source]
(This section should be moved to Magic Memory Stick as it deals with the software side of service mode more than the hardware)
As time went on, Slim PSPs with different revisions of the TA-088 motherboard have been released, and are confirmed to be Pandora-proof. The TA-088v2 first reported being shipped with Slims in the Asia continent, had a patched Tachyon that disabled the loading of all current Pandora IPL, but however did not defeat the loading of custom firmware IPLs. The ability to flash CFW via Despertar Del Cementerio has been fixed with v6 which uses a new kernel, therefore allowing Pandora Battery to work on TA-088v2.
A third revision of the TA-088 came weeks after v2. Dubbed the TA-088v3, this motherboard is completely Pandora-proof as discovered by Silverspring. Sony has patched Pandora Battery by updating iplloader in newer Tachyon revisions (0x00600000 and newer).
Source: TA-088v2 report on 14-07-2008
Explanation: explanation on 03-08-2008
The PSP-2000 version of the TA-090 (v1) motherboard is hackable with Pandora Battery. However, with the PSP-3000 version of the TA-090 (v2 and v3), Pandora Battery does not even turn on the PSP.
Added Authentication Challenges[edit | edit source]
Starting with PSP-3000, SYSCON issues extra challenges that are JigKick specific which must be passed before the PSP can boot from the Memory Stick IPL. A normal battery with serial changed to 0xFFFFFFFF will trigger these challenges but cannot pass them, preventing the PSP from booting and finally stopping the original JigKick Battery from working. Later versions of the 3000 introduced different, more obfuscated challenges thanks to Datel teasing a PSP-3000 compatible JigKick Battery that was never released. Newer models like the Go and Street didn't have removable batteries and used different pins/triggers for the same style of communication as 3000s with official JigKick hardware.
New Breakthroughs[edit | edit source]
On January 11th 2021, a new post on pspx.ru forums by khubik detailed information on how to build a new style of JigKick that could put 03g models of PSP-3000 into service mode by connecting the center pin of the battery connector to a USB serial adapter and using a PC program called Baryon Sweeper to receive and pass the SYSCON challenges. The way to trigger service mode on PSP Street was discovered in February, 2021 and involved using the USB ID pin for communication and a button combo. PSP Go keys seem to have been dumped around June, 2021. More keys for newer models were dumped on April 29th 2023 (11g) and May 2nd, 2023 (04g, 07g, 09g) and added to a new version of the PC program re-written in Python called PySweeper. The method to trigger service mode on PSP Go was discovered by l_oliveira on August 5th, 2023, finally making service mode available on all models.
Creating PSP-1000 and PSP-2000 JigKick Battery[edit | edit source]
In order to turn a battery into a JigKick battery, it must be modified so it reports a serial of 0xFFFFFFFF. This can be done through software (softmod) on PSP-1000 and extremely early PSP-2000 consoles by writing to the battery's EEPROM. If softmodding isn't an option, the battery hardware can be changed (hardmod) by lifting the ground pin on the EEPROM, which disables it and causes an open bus, which happens to read as if the serial is 0xFFFFFFFF.
Softmod[edit | edit source]
In order to softmod a battery, you will need the following:
- Any PSP-1000 or a PSP-2000 with a TA-085v1 motherboard that can run homebrew apps
- A compatible battery from the list below:
Softmod Compatible Batteries[edit | edit source]
- Sony original 1200mAh1
- Sony original 1800mAh1
- Sony original 2200mAh1
- Datel X2 3600mAh
- Datel Max Power 1800mAh
- Datel GO MAX GM1000 (Alkaline AAA Battery Adapter, changing the AAA batteries will cause the serial to default back to 0x00000000)
- Possibly other models of Datel branded batteries
1: Official Sony batteries may have their EEPROM writing patched, these patched batteries are unable to be softmodded. The only batteries confirmed to have this patch are 1200mAh that have a label serial starting with 08 and higher (this serial check does not apply to 1800mAh and 2200mAh as they use a different serial layout). There has been a report in the past by Fanjita that other sizes may have it as well, but that hasn't been 100% confirmed. The best way to be for sure is to try softmodding. If it doesn't work and your PSP is known to have a motherboard that can write to battery EEPROM, then your battery is patched. An example of the 1200mAh battery serial can be seen below:
Battery Softmod Software[edit | edit source]
There are many homebrew apps that offer the ability to change a battery's serial number and some Custom Firmwares even have the option baked in. Some of the more popular ones are listed below.
Original Pandora's Battery Creator[edit | edit source]
The original Pandora battery converter app, only works on the 1.50 kernel. Not recommended unless you have a 1000 on 1.50 already and want to check out the original. Download
Open Source Pandora Battery Tool[edit | edit source]
A tool created by Cory1492 for softmodding batteries from 3.xx+ kernels. Should still work on current Custom Firmwares. Download
PSP Tool[edit | edit source]
PSP Tool is a good service mode setup Swiss Army knife app. It can softmod batteries, create many older Magic Memory Sticks, dump and restore IDStorage, and show system info. Download
Custom Firmwares[edit | edit source]
Some newer Custom Firmwares have the option to convert a battery to a service mode JigKick built-in:
- 6.6x ARK-4 (VSH Menu>Advanced VSH Menu)
- 6.xx ME/LME (Recovery Menu>Advanced>Battery Config)
- 5.50 GEN (VSH Menu)
- 3.95 & 5.02 GEN (Recovery Menu>Advanced)
Softmodding the Battery[edit | edit source]
1. Download and install your chosen app above. If you're running one of the Custom Firmwares listed above, you can skip this step.
2. Insert the battery you want to softmod into your PSP and turn it on
3. Run your app of choice and navigate to the battery options
4. Most apps have options like "Back up EEPROM", "Normal battery", and "Autoboot battery". You should back up the EEPROM first if the option is available, then the one you want to select will be called "Make Jigkick battery" or "Convert to Service Mode Battery"
5. After it has completed, turn your PSP off, pull the battery out, and put it back in. If the conversion was successful, your PSP will turn on and stay at a black screen or will boot a previously installed Memory Stick IPL if you already have one
6. If you only have one battery and need to convert it back, leave the battery out, connect a charger to the PSP, turn it on, then insert the battery after it's already booted. Now you can navigate back to the battery options of your chosen app and either restore the serial from the EEPROM backup you took or use the "Make Normal Battery" option to change it back to a normal one with a randomly generated serial.
Hardmod[edit | edit source]
(This section to be re-written)
For this method, you will have to open up your battery, and maybe need some soldering skills, and guts. If you aren't sure about what to do, the best thing to use is a Datel Tool Battery.
Requirements[edit | edit source]
- An extra PSP Battery
- A knife / screwdriver
- Soldering equipment (to prevent shorting and to revert battery)
Making the JigKick Battery with a FAT PSP battery[edit | edit source]
You also can use a Datel Tool Battery to use (YOU STILL HAVE TO MAKE A MAGIC MEMORY STICK IF YOU USE DATEL TOOL!)
1. Open the extra battery with a knife or a screwdriver. Do not slide the tool all the way into the battery or you will run the risk of shorting it.
Image:Pandoranocfw1.jpg
2. Remove the top of the battery. (Or swing the case open)
Image:Pandoranocfw2.jpg
3. Remove (or disconnect) the leg of the chip next to the word C04, IC104, or IC04. This is better to do this with a knife. Once again, be careful not to touch the other objects as you can short it. You can always iron the leg back on if you want. (Requires soldering tools. Also, soldering is easier to do if the leg is still attached to the board, but not in it.
Image:Pandoranocfw3.jpg
If successful, take it out and plug it back in with no MS, the screen should stay blank. Also, the power light will automatically come on. However, if not, you may have shorted the battery or it needs a charge.
Making the JigKick Battery with a SLIM PSP battery[edit | edit source]
There are two methods of Hardmodding a SLIM PSP battery into a JigKick (which will be referred to as "Blue Square" or "Red Circle" as indicated by the picture).
image:slim.jpg
Red Circle[edit | edit source]
1. Open the extra battery with a knife or a screwdriver.
2. Remove the top of the battery, and pull back the motherboard
3. Remove the leg indicated by the red circle (Farthest left, as shown), it is better do this by soldering it!
4. Fold the motherboard back down, and replace the top of the battery. Scotch tape works perfectly to hold the battery together
5. If you want to turn it back into a normal battery, re-solder the leg down
Blue Square[edit | edit source]
1. Open the extra battery with a knife or a screwdriver.
2. Remove the top of the battery, and pull back the motherboard
3. Scrape away part of the trace (Preferably perpendicular to) indicated by the blue square
4. Fold the motherboard back down, and replace the top of the battery. Scotch tape works perfectly to hold the battery together
5. If you want to turn it back into a normal battery, simply use a pencil to fill in where you cut the trace
If successful, place the battery into the PSP without a Memory Stick inserted. The PSP should boot automatically with the screen staying blank.
Creating PSP-3000 JigKick Hardware[edit | edit source]
- See PSP-3000 Jigkick
Creating PSP Go JigKick Hardware[edit | edit source]
- See PSP Go Jigkick