JigKick Battery

From PSP Developer wiki
Revision as of 04:44, 3 September 2023 by Ruyor (talk | contribs) (→‎Softmod Compatible Batteries: Update info on non-softmoddable Sony batteries due to new discoveries)
Jump to navigation Jump to search

What is a JigKick Battery?

The term "JigKick" refers to external hardware that, when connected, causes the PSP to boot in Manufacturing Mode (commonly known as service mode). In this mode, the PRE-IPL launches the IPL from sector 16 on the physical drive (the Memory Stick) instead of the NAND.

The original JigKick Battery (also referred to as "Pandora Battery") is a PSP battery that reports a serial number of 0xFFFFFFFF. This version of JigKick Battery is only compatible with PSP-1000 and PSP-2000. Newer versions of JigKick hardware have been created for other models.

JigKick History

Pandora's Release

The original Pandora JigKick Battery and Magic Memory Stick software was released by Team C+D on August 22nd, 2007. It included a PSP homebrew app to re-write the serial number stored in the battery's EEPROM to 0xFFFFFFFF and another homebrew app to create a Magic Memory Stick capable of installing a fresh copy of firmware 1.50 on any PSP-1000, allowing unbricking or downgrading from any firmware.

This first version of the JigKick Battery continued to work on the PSP-2000 with updated Magic Memory Stick software.

Sony Fights Back

Sony changed the way newer PSPs worked multiple times in order to prevent users from using service mode to quickly downgrade or install Custom Firmware.

Battery EEPROM Write Access Patched in New Motherboards

Starting with the second revision of PSP Slim motherboard (TA-085v2 and newer), Sony changed SYSCON firmware to block the ability to write to the battery's EEPROM, preventing homebrew software from changing the battery's serial when run on these newer PSPs. Using batteries already converted to JigKick to enter service mode still works on newer PSP-2000s with this change.

Battery EEPROM Write Access Patched in New Batteries

First reported by Fanjita on September 24th, 2007.

Sony began preventing EEPROM writes in all sizes of newly manufactured batteries, mostly impacting 1200mAh batteries included with late PSP-2000s and PSP-3000s. These batteries have a string of numbers at the bottom of the label starting with a 4.

PRE-IPL patch in new Tachyon revisions

(This section should be moved to Magic Memory Stick as it deals with the software side of service mode more than the hardware)

As time went on, Slim PSPs with different revisions of the TA-088 motherboard have been released, and are confirmed to be Pandora-proof. The TA-088v2 first reported being shipped with Slims in the Asia continent, had a patched Tachyon that disabled the loading of all current Pandora IPL, but however did not defeat the loading of custom firmware IPLs. The ability to flash CFW via Despertar Del Cementerio has been fixed with v6 which uses a new kernel, therefore allowing Pandora Battery to work on TA-088v2.

A third revision of the TA-088 came weeks after v2. Dubbed the TA-088v3, this motherboard is completely Pandora-proof as discovered by Silverspring. Sony has patched Pandora Battery by updating PRE-IPL in newer Tachyon revisions (0x00600000 and newer).

Source: TA-088v2 report on 14-07-2008

Explanation: explanation on 03-08-2008

The PSP-2000 version of the TA-090 (v1) motherboard is hackable with Pandora Battery. However, with the PSP-3000 version of the TA-090 (v2 and v3), Pandora Battery does not even turn on the PSP.

Added Authentication Challenges

Starting with PSP-3000, SYSCON issues extra challenges that are JigKick specific which must be passed before the PSP can boot from the Memory Stick IPL. A normal battery with serial changed to 0xFFFFFFFF will trigger these challenges but cannot pass them, preventing the PSP from booting and finally stopping the original JigKick Battery from working. Later versions of the 3000 introduced different, more obfuscated challenges thanks to Datel teasing a PSP-3000 compatible JigKick Battery that was never released. Newer models like the Go and Street didn't have removable batteries and used different pins/triggers for the same style of communication as 3000s with official JigKick hardware.

New Breakthroughs

On January 11th 2021, a new post on pspx.ru forums by khubik detailed information on how to build a new style of JigKick that could put 03g models of PSP-3000 into service mode by connecting the center pin of the battery connector to a USB serial adapter and using a PC program called Baryon Sweeper to receive and pass the SYSCON challenges. The way to trigger service mode on PSP Street was discovered in February, 2021 and involved using the USB ID pin for communication and a button combo. PSP Go keys seem to have been dumped around June, 2021. More keys for newer models were dumped on April 29th 2023 (11g) and May 2nd, 2023 (04g, 07g, 09g) and added to a new version of the PC program re-written in Python called PySweeper. The method to trigger service mode on PSP Go was discovered by l_oliveira on August 5th, 2023, finally making service mode available on all models.


Creating PSP-1000 and PSP-2000 JigKick Battery

In order to turn a battery into a JigKick battery, it must be modified so it reports a serial of 0xFFFFFFFF. This can be done through software (softmod) on PSP-1000 and extremely early PSP-2000 consoles by writing to the battery's EEPROM. If softmodding isn't an option, the battery hardware can be changed (hardmod) by lifting the ground pin on the EEPROM, which disables it and causes an open bus, which happens to read as if the serial is 0xFFFFFFFF.

Softmod

In order to softmod a battery, you will need the following:

  • Any PSP-1000 or a PSP-2000 with a TA-085v1 motherboard that can run homebrew apps
  • A compatible battery from the list below:

Softmod Compatible Batteries

  • Sony original 1200mAh1
  • Sony original 1800mAh1
  • Sony original 2200mAh1
  • Datel X2 3600mAh
  • Datel Max Power 1800mAh
  • Datel GO MAX GM1000 (Alkaline AAA Battery Adapter, changing the AAA batteries will cause the serial to default back to 0x00000000)
  • Possibly other models of Datel branded batteries

1: Official Sony batteries have a string of numbers at the bottom of the label, this string on known softmod compatible batteries starts with 2 or 3. If the string on your Sony battery starts with 4, EEPROM writing has most likely been disabled and you will not be able to softmod it. The best way to tell is to check your battery's serial in PSP Tool or PSP Everest 2, if it reads as nothing or all 0s, it's not softmoddable. Example image below.

Sony Battery Number String.jpg


Battery Softmod Software

There are many homebrew apps that offer the ability to change a battery's serial number and some Custom Firmwares even have the option baked in. Some of the more popular ones are listed below.

Original Pandora's Battery Creator

The original Pandora battery converter app, only works on the 1.50 kernel. Not recommended unless you have a 1000 on 1.50 already and want to check out the original. Download

Open Source Pandora Battery Tool

A tool created by Cory1492 for softmodding batteries from 3.xx+ kernels. Should still work on current Custom Firmwares. Download

PSP Tool

PSP Tool is a good service mode setup Swiss Army knife app. It can softmod batteries, create many older Magic Memory Sticks, dump and restore IDStorage, and show system info. Download

Custom Firmwares

Some newer Custom Firmwares have the option to convert a battery to a service mode JigKick built-in:

  • 6.6x ARK-4 (VSH Menu>Advanced VSH Menu)
  • 6.xx ME/LME (Recovery Menu>Advanced>Battery Config)
  • 5.50 GEN (VSH Menu)
  • 3.95 & 5.02 GEN (Recovery Menu>Advanced)

Softmodding the Battery

1. Download and install your chosen app above. If you're running one of the Custom Firmwares listed above, you can skip this step.

2. Insert the battery you want to softmod into your PSP and turn it on

3. Run your app of choice and navigate to the battery options

4. Most apps have options like "Back up EEPROM", "Normal battery", and "Autoboot battery". You should back up the EEPROM first if the option is available, then the one you want to select will be called "Make Jigkick battery" or "Convert to Service Mode Battery"

5. After it has completed, turn your PSP off, pull the battery out, and put it back in. If the conversion was successful, your PSP will turn on and stay at a black screen or will boot a previously installed Memory Stick IPL if you already have one

6. If you only have one battery and need to convert it back, leave the battery out, connect a charger to the PSP, turn it on, then insert the battery after it's already booted. Now you can navigate back to the battery options of your chosen app and either restore the serial from the EEPROM backup you took or use the "Make Normal Battery" option to change it back to a normal one with a randomly generated serial.

Hardmod

(This section to be re-written)

For this method, you will have to open up your battery, and maybe need some soldering skills, and guts. If you aren't sure about what to do, the best thing to use is a Datel Tool Battery.

Requirements

  • An extra PSP Battery
  • A knife / screwdriver
  • Soldering equipment (to prevent shorting and to revert battery)

Making the JigKick Battery with a FAT PSP battery

You also can use a Datel Tool Battery to use (YOU STILL HAVE TO MAKE A MAGIC MEMORY STICK IF YOU USE DATEL TOOL!)

1. Open the extra battery with a knife or a screwdriver. Do not slide the tool all the way into the battery or you will run the risk of shorting it.

   Image:Pandoranocfw1.jpg 

2. Remove the top of the battery. (Or swing the case open)

   Image:Pandoranocfw2.jpg 

3. Remove (or disconnect) the leg of the chip next to the word C04, IC104, or IC04. This is better to do this with a knife. Once again, be careful not to touch the other objects as you can short it. You can always iron the leg back on if you want. (Requires soldering tools. Also, soldering is easier to do if the leg is still attached to the board, but not in it.

   Image:Pandoranocfw3.jpg

If successful, take it out and plug it back in with no MS, the screen should stay blank. Also, the power light will automatically come on. However, if not, you may have shorted the battery or it needs a charge.

Making the JigKick Battery with a SLIM PSP battery

There are two methods of Hardmodding a SLIM PSP battery into a JigKick (which will be referred to as "Blue Square" or "Red Circle" as indicated by the picture).

image:slim.jpg

Red Circle

1. Open the extra battery with a knife or a screwdriver.

2. Remove the top of the battery, and pull back the motherboard

3. Remove the leg indicated by the red circle (Farthest left, as shown), it is better do this by soldering it!

4. Fold the motherboard back down, and replace the top of the battery. Scotch tape works perfectly to hold the battery together

5. If you want to turn it back into a normal battery, re-solder the leg down

Blue Square

1. Open the extra battery with a knife or a screwdriver.

2. Remove the top of the battery, and pull back the motherboard

3. Scrape away part of the trace (Preferably perpendicular to) indicated by the blue square

4. Fold the motherboard back down, and replace the top of the battery. Scotch tape works perfectly to hold the battery together

5. If you want to turn it back into a normal battery, simply use a pencil to fill in where you cut the trace

If successful, place the battery into the PSP without a Memory Stick inserted. The PSP should boot automatically with the screen staying blank.

Creating PSP-3000 JigKick Hardware

Creating PSP Go JigKick Hardware

Creating PSP Street JigKick Hardware

See also