– The first instruction executed by the PSP at boot is 0xbfc00000. Note that this ipl is flashed to the nand, not written to the ms. If you are in a cfw, you will have to execute the kdumper as a recovery or autoboot, because the 3.XX kernel overwrites the 0x883e0000 memory. To get the boot code in a 1.50 original firmware, just run kdumper, and extract 0x3e0000-0x3effff from the kmem.bin file -> that’s the psp boot code. – It dumps 0xbfc00000, the psp boot code prior to ipl, to the address 0x883e0000 (which is not touched by 1.50 kernel). – It bypasses ta-082+ brick, so you can have a ta-082+ without any key patched running 1.50 kernel based firmwares. Only run it if you know what you’re doing. Note: This program is intended for developers. However, it does mean that in the future we could see a custom firmware independent of the 1.5 kernel. What does it mean for end users? At this point, not so much.
It is an extension of the firmware 1.5 IPL and provides numerous features for programmers, as well as bypassing the TA-082+ key check. Moonlight has released the very first custom IPL.