Editing Pandora
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 21: | Line 21: | ||
= Official JigKick = | = Official JigKick = | ||
The official Jigkick is running as a battery emulator which communicates to the PSP's System Controller | The official Jigkick is running as a battery emulator which communicates to the PSP's System Controller, it passes an authentication using special key IDs set during the challenge when the battery serial is 0xFFFFFFFF if it passes, the GPIO that sets service mode is enabled. | ||
= DTP-T1000/Development Tool JIG Test/emulation Mode = | |||
Starting from kbooti 0.7.0, a special JIG test mode exists, it will read an IPL block at 0x2000 on the Memory Stick instead of address 0xBFE01000 if the specific condition is met: | Starting from kbooti 0.7.0, a special JIG test mode exists, it will read an IPL block at 0x2000 on the Memory Stick instead of address 0xBFE01000 if the specific condition is met: | ||
Line 56: | Line 38: | ||
In kbooti revision 3.5.0 this mode skips the XOR step (overwrites the xor key with 00s in the scratchpad) on the kirk header, allowing to use a regular IPL block to achieve code execution and dump the payload (without the xor key). | In kbooti revision 3.5.0 this mode skips the XOR step (overwrites the xor key with 00s in the scratchpad) on the kirk header, allowing to use a regular IPL block to achieve code execution and dump the payload (without the xor key). | ||
= DTP-H1500/Testing Tool JIG Mode = | |||
The Battery emulator will simulate a Pandora battery (serial 0xFFFFFFFF) when the P24 switch on the S3503 DIPSW is set to 1. | The Battery emulator will simulate a Pandora battery (serial 0xFFFFFFFF) when the P24 switch on the S3503 DIPSW is set to 1. |