著名PSP非官方固件編寫員Dark_AleX指出﹐PSP新型底板 (編號 TA88v3) 暫時沒有方法能進行破解. 以下是部份簡介內容, 想參看全文請按下面的來源連結:

When the PSP boots, the boot code (aka pre-ipl or ipl loader) loads the ipl from either the nand or memory stick. The IPL is splitted into pieces of 0×1000 bytes.

First 0xA0 bytes of each block is a header for the kirk hardware command 1. It contains keys, the size of the cipher data, and two hashes, one for part the header itself, and another one for the body. The 0xF60 remaining bytes are the ciphered body, which will decrypt to 0xF60 plain bytes… if the hashes, which are checked by kirk hardware itself, are OK. (Note: ciphered body can actually be less than 0xF60, in this case, remaining bytes are ignored… before TA88v3)

What has Sony added to fix this?

The answer can be found in 4.00+ slim ipl’s. They decreased the size of the ciphered body to 0xF40 to leave 0×20 bytes at the end of each block (at offset 0xFE0). In newest pre-ipl’s, these 0×20 bytes have a meaning.

…

…

This protection also destroys any possibility of downgrading below 4.00, as these new cpu’s won’t be able to boot previous firmwares ipl’s.

重點翻譯:
現時最新型的PSP CPU都是以0×20 bytes數值計算來設置的, 如果能找出pre-ipl漏洞﹐新的機種便能破解.

注意: PSP-3000很有可能會用這個(編號 TA88v3)底板.

來源: 參看文章 (dark-alex.org)