the "newer" PSP 2000 can not be hacked because of the TA-88V3 boards.
One reason why it couldnt be hacked is because it couldnt read the IPL off the pandora battery because the newer version reads smaller versions of the IPL, i think...
They were thought that the PSP 3000 would have this motherboard but it turns out that it has an TA-90, which might be able to hack, but no one knows for sure.
Make sure when you buy one, it doesnt have an 4.xx firmware i think, those are the ones that cant be hacked.... yet
The best homebrew PSP is the 1000 series because of the 1.5FW.
I wouldnt get an 3000 yet, i would wait awhile. If you are going to get an 2000, make sure you get an older one.
Quote by DAX
When the PSP boots, the boot code (aka pre-ipl or ipl loader) loads the ipl from either the nand or memory stick. The IPL is splitted into pieces of 0×1000 bytes.
First 0xA0 bytes of each block is a header for the kirk hardware command 1. It contains keys, the size of the cipher data, and two hashes, one for part the header itself, and another one for the body. The 0xF60 remaining bytes are the ciphered body, which will decrypt to 0xF60 plain bytes… if the hashes, which are checked by kirk hardware itself, are OK. (Note: ciphered body can actually be less than 0xF60, in this case, remaining bytes are ignored… before TA88v3)
What has Sony added to fix this?
The answer can be found in 4.00+ slim ipl’s. They decreased the size of the ciphered body to 0xF40 to leave 0×20 bytes at the end of each block (at offset 0xFE0). In newest pre-ipl’s, these 0×20 bytes have a meaning.
This protection also destroys any possibility of downgrading below 4.00, as these new cpu’s won’t be able to boot previous firmwares ipl’s.
Summary: basically, all security of newest psp cpu’s rely on the secrecy of the calculation of those 0×20 bytes. If pre-ipl were dumped somehow, the security would go down TOTALLY.