We told you that we’d be releasing an unbricker for the M33 bricks. But then we got to thinking, maybe that just wouldn’t be exciting enough. Would you like a super special surprise bonus? How about an unbricker for ALL PSPs? Yep, you read that right. We call it “Pandora’s Battery”.

There’s a larger story behind this unbricker, though, and it deserves to be told. It’s the culmination of years of behind-the-scenes research and development by some of the top names in PSP hacking, under the name of the Prometheus project. This group of people, from various development teams, was dedicated to developing and releasing PSP hacks and exploits, with the aim of improving the status of PSP homebrew, and making sure that it was kept alive.

For some time this project was highly successful - many releases from Noobz, C+D and others were direct results of this work. The zenith of this success was the development of this unbricker - which required some amazing technical leaps, including:

 

1. Reverse engineering of the service (unbrick) mode

2. Development of a technique to change an ordinary battery into a service mode trigger battery (and back)

3. Development of custom IPL code along with a technique to sign that code as authentic.

 

Even more impressive is that all of the above was achieved without any access to the official hardware or software. With careful nurturing, this unbricker and custom IPL was to become the foundation of a whole new homebrew environment. Unfortunately something happened to shatter the idyll. Somehow, the unbricker was leaked into the wider world before it was ready to be released. Whether this was deliberate, by one of the team members, or accidental via a security breach is still unclear. The fact is that t

his unbricker appeared on the black market, being sold for huge prices. As far as we know, it is probably very close to the same software that appears in at least some of the ‘magic unbricker’/'jigkick’ videos.

So, although the time was not right to release this (it would have been wise to wait at least until the PSP Slim release), our hand has been forced. In order to prevent small fortunes being made by leeches, we are giving this unbricker away for free. So - let it be known - if you have paid for an unbricker, then you have been ripped off. I suggest that you take up your grievances with the seller - it should never have been sold. And if you’re unhappy about this being released before PSP Slim - then blame whoever it was that leaked or stole it.

It’s unclear whether or not this is the end for the Prometheus project - hopefully not, but that is undecided so far. In case it is the end, it is worth a quick roll of honour. In alphabetical order:

Adrahil, Booster, Cswindle, Dark_AleX, Ditlew, Fanjita, Joek2100, Jim, Mathieulh, Nem, Psp250, Skylark, TyRaNiD.

And here are their respective C+D (Create and Destroy) nicknames.

Mathieulh = WiseFellow

Tyranid = bockscar

Fanjita = FullerMonty

Joek = CosmicOverSoul

Dark_Alex = Malyot

Chris = Caretaker

Adrahil = VoidPointer

nem = h1ckeyph0rce

Anyway - make sure to read the readme.txt in this release for how to use it, but in brief it works like this:

 

1. You run a program on a homebrew-enabled PSP that will convert a standard PSP battery into a jigkick battery. Note that you can’t then use that battery normally - so you should use a spare one.

2. You run a program to generate the unbricker memory stick image, built from the v1.5 update EBOOT (note that this, and the custom IPL, means the release is completely free of Sony copyright materials).

3. You run some programs on a PC to install the image to your memory stick.

 

Now, you have a battery/memory stick pair that works just like the famous jigkick combination (but better) - just insert them into any PSP (even a brick) and the PSP will be reinstalled with the v1.5 firmware. As far as we know, this will continue to work for all future firmwares.

Enjoy! And remember - if you find this useful, please donate to the original developers - it’s a lot cheaper than paying £1500 for it on the black market.

Source and Downloads: Lan.st

Donate to Team C+D

GBA/NDS emulator

21 August 2007 - version 2.4d

 

No$gba v2.4d lots of new info on wifi and ds-lite

(*) no$gba/wifi can send/receive packets, commercial programs are still getting stuck somewhere in transmission. NEW in v2.4d: Pictochat is now successfully exchanging authentication and associations requests and responses. After that, on real hardware, the host should immediately send data frames (via port 090h presumably), in no$gba, the host doesn't send any such data frames for whatever reason (only the client does, via port 094h). Info on fixing that problem would be highly welcome. Built-in help text (in debug ver) contains almost complete wifi specs now.

 

- debug/setup: allows to enable/disable user-debugmsg, wifi-log, and 3d-log

- cpu: emulates undef opcode/copro exception (with warning if no bios/vector=0)

- wifi/emu: emulates new bits in rx header, and optional auto sequence control

- cpu/bugfix: arm ldm/stm accidently destroyed mis-alignments (on writeback)

- wifi/help: added info on port 1C4h, and on some of the 1Bxh ports (rxstat's)

- wifi/help: added new chapter on transmit errors and automatic ACK responses

- wifi/help: added info on ports 1A8h,1AAh,1ACh,1AEh (bit0..12 vs. 1B0h..1BFh)

- wifi/help: discovered new bits in RX header, added notes on MAC addresses

- wifi/debug: allows to log all packets (with automatic comments on ieee header)

- wifi/help: added notes on automatic sequence ctrl and auto-modified frame ctrl

- wifi/emu: tx-engine uses new timers, and emulates length/rate/preamble timing

- wifi/emu: emulates the various wifi counters and irqs at correct timing

- debug/setup: memorizes if iomap window was open (if so, re-opens it on boot)

- debug/emustop: break_requests (esc-key) take place only on current machine

- debug/internal: replaced ds:bibos swi_retadr/haltstop/intrwait by vals:bios

- debug/vramviewer: oam viewer supports extended obj palettes (thanks pierre)

- debug/vramviewer: fixed engine-B palette viewer (thanks pierre for bug report)

- dslite/help: added info on new TSC chip by AKM (new IN2, different PD bits)

- dslite/help: added note on near-crt-quality colors and wider viewing angles

- dslite/help: added custom change-channels-flowchart for new wifi-type3-chips

- dslite/help: added settings at firmware[0CEh-and-up] for new wifi-type3-chips

- dslite/xboo: updated nds-pins.gif (added new pin-positions on ds-lite board)

- dslite/xboo: added 8 extra diodes in data lines (to prevent power-on problem)

- dslite/help: added lite-specific wifi (W) mirrors, and unused wifi ram/ports

- dslite/help: added the new backlight level bits in firmware user settings

- dslite/help: added caution on DS-lite destroying wifi ports 064h and 076h

- dslite/help: added new powerman backlight/power register (and lost mute-bit)

- dslite/help: added ID for firmare chip 35PE20P (and supported it in ds-xboo)

- powerman/help: added unknown bit (mutes volume to zero, if amplifier is on)

- wifi/emu: emulates initial wifi-port settings and random register (mod 5FDh)

- wifi/emu: emulates primary wifi irq flag stuck zero while secondary nonzero

- wifi/emu: emulates corrected ports (004h,0ACh,0AEh,0B0h,0B4h)

- wifi/emu: emulates new ports (210h, 05Ch/06Ch, 062h/064h) and new mirrors

- wifi/help: added rx/tx signal/timing charts (rfu pins, aka 19Ch bits)

- wifi/help: added specs/cautions on primary wifi irq flag (2000214h.Bit24)

- wifi/help: added new mirrors (on read from 0ACh,0AEh,20Ch,21Ch,298h,2A8h,2B0h)

- wifi/help: added notes/info on ports 038h,19Ch,214h,21Ch and on W_CONFIG_140h

- wifi/help: new bits 0EAh.1,008h.13/14 004h.14); extra-TX ports 118h,0EEh,090h

- wifi/help: corrected ports 004h,0ACh,0AEh,0B0h,0B4h and txstat.bit12-13

- wifi/help: added info on new ports (110h, 210h, 05Ch/06Ch, 062h/064h)

- wifi/help: fixed tx_hdr: rate 8bit (not 16bit) defaults to 1Mbit/s if invalid

- wifi/help: added new bits: port004h.bit0 tx_master, 008h.bit15 beacon_irq1

- wifi/help: major updates in timers chapter (reloads, IRQ13/14/15, 22MHz, etc)

- nds/help: pinouts for nds LCD sockets, wifi RFU boards, and powerman chips

- gui: mousewheel support (win98 or dos/ctmouse) (thanks jasper/idea, tilo/hw)

Changelog / Download

Front End

August 21st, 2007

Beta u23 Release

 

- Updated "RESOURCE.ML" file with more information, mostly adding MESS specific support. As a side, running MESS now should show you a fully accurate representation of what you have based on your romsets. Also, added some MESS specific command support.

 

- Changed order of checking for joystick movement to check UP/DOWN movements BEFORE LEFT/RIGHT. Hopefully those who were having any issues with scrolling the gamelist with a controller will have a better time with it.

 

- Fixed clone detection for Parent Set lookups when using COMPLETE DATA CHECK (F3).

 

- Added SYSINFO.DAT as a viewable DAT file. This is the default information file when using MESS. If you do not use MESS but still want the file, the latest one is always available at: http://mess.toseciso.org/_media/sysinfo.zip

 

- Added some regulation to F3 to only show DAT files available for that emulator. For instance, MESS will only attempt to show SYSINFO and PINMAME will show only HISTORY.

 

- Added informational line on screen and in console when using any "-list" commands which port to a file.

 

- Added interm support for the new -SPEED command that was introduced in MAME 0.118u2.

Changelog / Download

Shash has written a pretty large post with an informal to-do list. He's also managed to fix Dead 'n' Furious.

... I wanted to fix Dead'n'furious, as it seemed to fail rendering 3D or stall while getting ingame. I really didn't knew, so I started to work, first to understand why it was failing. The first debugging sessions showed that it was in fact sending stuff to the 3D renderer, so it wasn't freezing, only not rendering onscreen.

Screenshots and full text here:

http://shashemudev.blogspot.com/2007/08/sm...provements.html