Register / Log in

Category Archives: PlayStation Portable Development

MAZIORA PLEIADES-2 is not the codename for a military operating but actually is the name of a pigment. MAZIORA pigments change colour respective to the viewing angle, one angle might be red whilst another being blue. The video below is taken from wikipedia and demonstrate the colour changing effect. You might be asking “why are […]


First thing first, huge thanks to Proxima and some1. They’ve provided key utilities and advice for this research. So, yeah, it was really only a matter of time till this kind of thing happened. Sony dont just emulate the userland process of a PSP game, they emulate the entire kernel albeit, a modified kernel. The […]

As an ongoing project, me and some1 have been enhancing this downgrader from birth on the 6.31/6.35 firmwares. This multi-firmware downgrader allows you to install a lower (or higher) firmware without any fuss. No complex flash0 sharing, just running the firmware update. However, there comes restriction with PSP models and compatible firmware. For example, a […]

The private key for the KIRK 0x10 functionality is known to be stored in a encrypted buffer of 0x20 bytes. Proxima discovered that the KIRK 0x10 operates as this: Kirk 0x10 – ECDSA Sign hash Invocation: u8 buffer[0x34] u8 encryptedprivatekey[0x20] – the private key returned by KIRK 0xC must be AES encrypted somehow u8 SHA1hashofmessagetosign[0x14] […]

First a huge thanks to Gusha for his huge support donating a lot of time for testing stuff on his TA-88v3, cheers mate! This post I’ll describe what I have found out so far with the TA-88v3 and provide a model representing the security and operation of the TA-88v3 pre-IPL. Unfortunately, the hash has not […]



Written by Davee. 32 comments Posted in: PlayStation Portable Development

this is a test. cheers guys.

Sony, being as sneaky as they are decided to do a rather interesting move. As researched by Coyotebean, Sony started enforcing using a public key method of verifying KIRK data and removing the ability to load the old types of data. As they did this, firmware 6.30+ cannot decrypt the updater and the PRX inside […]


Now that 6.20 TN-A is out in the open, allow me to describe the kernel vulnerability used. Back in 5.70/6.00 Sony introduced a feature into the sceUtility_private library that allowed to set and unset a callback with kernel privileges. sceUtility_private_764F5A3C //Set power callback sceUtility_private_2DC8380C // release (unset) power callback These two functions are not normally […]