It’s very simple. First of all, PSP games have UMD versions and PKG (downloaded from the software store) versions. UMD is a physical version and relies on a CD-ROM drive to operate. If someone is willing to make a D disk, they can also play the D disk like PS2. , but the cost is too high....PKG can be regarded as a signed version of ISO. Theoretically, it is possible to add SONY's digital signature to ISO and then package it into PKG, but there is no tool... So everyone often hears a word said by WA (he can only say this word), that is NAND, then NAND What exactly is it?
NAND is just the storage medium for the various PSP startup programs on the PSP chip. It is a physical backup, which is usually something tangible and tangible like hardware. It stores IPL, IDStorage and lflash...
That What is IDStorage? This is equivalent to the computer hardware bios area, which stores some hardware information, such as power supply, screen, buttons and other messy things. You don't need to understand this if you pass it.
Let’s continue to explore:
Everyone often hears about IPL, so what is IPL? Simply put, IPL is the driver of PSP. There is an IPL loader inside PSP. When PSP is turned on, it automatically starts to search and load IPL from NAND, detects ID, detects MAC address and so on, and then starts IPL and then loads lflash. So you understand, right?
So what is lflash?
This is relatively simple. It is what we often call FO, F1, etc. The most important ones are the two folders F0 and F1. FO contains all the information about the PSP firmware version, which is the most important part. F1 contains wallpapers, user names and other settings, which is also very important.
After understanding the startup process of PSP, let’s take a look at Shendian. What is the working principle of Shendian?
To put it simply, when starting the PSP with a magic battery, it deceives the PSP CPU and guides it into the homebrew system mode. There is some information to mention during this process. Ordinary batteries only have positive and negative poles, but SONY's magic battery has three levels. The third pole is the third pin, and the third pole is the signal pin. This signal pin records the hardware information of the PSP, and there is a serial number in it. This serial number is to start the IPL. The key is, this also determines the way the PSP reads the IPL when it is turned on.
The detailed working process of Shendian is: there is an encryption IC or E2PROM in the original SONY battery (you don’t need to know these two words, it’s enough to understand the idea anyway, the more you talk about it, the more profound it will be), plug in When the battery is turned on, the IC is queried to determine what mode it is entering by judging what data it is. Shendian changed the content of the IC to trick the PSP into booting from the memory stick.
The original startup process of PSP1000 and PSP2000 is as follows
In the first step, the battery forms a loop after being placed in the machine, and the eeprom information is output at the same time
The second step determines the serial number type given by eeprom and decides whether to start directly or wait for activation [i.e. switch]
The third step continues to determine where to use the IPL for initialization based on the serial number type
The fourth step is IPL initialization, such as determining the starting position of the kernel (PSP firmware version) and a series of tests
The fifth step is loading the list of KD (KD is the PSP version core folder) and reading the main module (Module), that is, those prx and other elf files
However, the PSP-3000 cracking process seems to have added a double verification, and changed some minor details of the PSP3000 IPL, making cracking more difficult...< /p>