Someone on this forum said that sony mips chips have to support EJTAG. It supports several chips on one connector. There are 2 chip: cpu and media engine, and each of them have JTAG lines. if anyone have motherboard without chips - try to find 5 or 6 lines, that connects both chips and MAYBE some connection pads on the board.
The second idea is about bootstrap. If we write some small loader, that can load firmware from smartmedia, it'll be unbrickable psp :) this loader may be in bootstrap stage 2 or it can be in flash0 as an original firware.
sorry for my english
custom bios
because it's not software solution. with custom bootstrap you don't need to break wires on the board.
by the way, may be this functionality is implemented in standart bootstrap. just imagine: sony technical support get bricked psp, insert into SM slot 32MB card with image of flash0 and boot psp with pressed select button, for example. something like PS BIOS recovery mode, while it read BIOS image from floppy if CRC error detected ni CMOS.
by the way, may be this functionality is implemented in standart bootstrap. just imagine: sony technical support get bricked psp, insert into SM slot 32MB card with image of flash0 and boot psp with pressed select button, for example. something like PS BIOS recovery mode, while it read BIOS image from floppy if CRC error detected ni CMOS.
It's not that simple.... There is not a "MSREAD" or "NANDWRITE" hardware register which would do the job easily. Moreover, one can't use a fully custom FW as the psp HAS to boot on an encrypted FW (don't try to understand, just believe it). Unencrypted ELFs are loaded thanks to a bug in loadexec (correct me if i'm wrong), and this is how a "custom" firmware like OE is loaded. So, forget the fully custom FW for now. :)
Also, the psp bios, the reset vector, is not known and won't be for a good while. Moreover, if it is known, it will probably be unmodifiable (read only). And, finally, to destroy your hopes, it uses assymetric encryption thanks to KIRK. So, if one gets decryption keys, we won't be able to encrypt anyway.
To conclude, the only viable solution would be to replace KIRK by some other chip, something like a FPGA which would just return positive at any check given.
Also, the psp bios, the reset vector, is not known and won't be for a good while. Moreover, if it is known, it will probably be unmodifiable (read only). And, finally, to destroy your hopes, it uses assymetric encryption thanks to KIRK. So, if one gets decryption keys, we won't be able to encrypt anyway.
To conclude, the only viable solution would be to replace KIRK by some other chip, something like a FPGA which would just return positive at any check given.
what is the KIRK?
in 1.50 firmware, as i know, IPL wasn't encoded. but in 2.xx firmware it's encoded, and it's mean, that sony can update boot code in CPU. and it's possible to downgrade TA082 motherboards to 1.50, it mean that bootstrap can load decoded IPL. and i've seen on some site, that c+d team has decoded new version of IPL. if smbd cuts off decoding part of IPL and writes decoded prx files on flash.. may be, it'll be first real custom FW :)
in 1.50 firmware, as i know, IPL wasn't encoded. but in 2.xx firmware it's encoded, and it's mean, that sony can update boot code in CPU. and it's possible to downgrade TA082 motherboards to 1.50, it mean that bootstrap can load decoded IPL. and i've seen on some site, that c+d team has decoded new version of IPL. if smbd cuts off decoding part of IPL and writes decoded prx files on flash.. may be, it'll be first real custom FW :)