This time it involves the camera function on the psp. This function seems to me as very "unsafe" shall we call it because there have been third party cameras for the psp that can run on it. so this got me thinking.... what if there was a way that you could that you could run some software either on a PC or another homebrew enabled PSP that emulated the camera and than (via USB) link the PSP to either the PSP or PC and from there you could write a file to the psp's flash memory that enabled a downgrader. Well it was just a thought so please, all criticism is welcome and wanted :cool: :thumbup:


:thumbup: SO EXCITED FOR TRAVELLER :thumbup:

hhhhhhhhhhhhhmmmmmmmmmmmmmmmmmmmmmm...... iono bout this

hhhhhhhhhhhhhmmmmmmmmmmmmmmmmmmmmmm...... iono bout this

VERY well put!!:) :P

hm, thats a good idea, yea the psp camera is very tappable.

it does seem as though it is the most vulnerable. I also am a coder but i would have no idea how to go around doing this... hm

and btw thats some noice homebrew youre making there Buddy4point0

thats some really deep thinking.. seems possible

it seems like the other psp is more possible than the pc because with the psp its much easier to shut off all the other functions. ie: the pc (windows, linux whatever you use) may still recognize it and things could get weird. and if anyone knows how to code something like this please tell me!!!!! as i am a C++ coder but im not familiar with this type of thing.

i have just tested the function out with a usb connection and it shows up as a usb accessory with or without the memory card. so you know that there must be some special memory (possibly flash0 or flash1 :) ) being read :) please any ideas are welcome

pm me if any one can downgrade without bricking and that i can use dark alex fw

plus is there a way to have more than one fw or a hybird fw that has all the functions of official and non-offical fw?

I want the best of both worlds

pm me if any one can downgrade without bricking and that i can use dark alex fw

plus is there a way to have more than one fw or a hybird fw that has all the functions of official and non-offical fw?

I want the best of both worlds


!?!?!?!?!. seriously. how this relevant to the post at all ughhh... :mad:

hey, this idea really could work, plug your psp into your computer then click the camera, your pc recognises it!!

edit: i just read up and u already figured this out lol, and yea no memcard. hmm there could seriously be something here, i mean if we can even acsess only the camera plugin in the flash, we could replace it with a downgrador.

i know and its obviously some sort of flash memory that is being recognized!!

so im 99% certain that now we have access to some sort of internal memory on the psp and that is a hell of an accomplishment!!! but this is gonna be a bit different and harder to do because it is completely different from all the other exploits. got to think of how to do this....

the hard part is going to be writing the program to emulate the camera. and if we are lucky and there aren't security features on this feature then all we have to do is write a driver.

Wow thats some good thinking....nice job you possibly might save tons of newbies hopefully somebody would pick up on this

umm... i read the time... and read it again....
kinda don get it XD

i just read it again... and read the comments.....
its starting to get clearer... maybe im just tired... or dumb
-_-"

Could happen! but i think the next D/G will be by using GTA!

pt9087 - sorry fella', but I believe that hack went out of the window with FW3.10 - the code that deals with save-game loading has been properly patched now, as it was a flaw in the previous attempt to patch it that allowed the latest (3.03) downgrader to work with older (equally flawed) versions of GTA. Essentially, even if a great, glaring hole is found in another release, the firmware has compensated for the possibility. Result; no GTA downgraders for 3.1+ owners.

Noobz.eu covers the subject pretty well on that score. :(

I'm waiting for someone with a bit of savvy to completely debunk the USB suggestion. While I think it's similar to attempting to hack into a home alarm system via the water pipes, I can't claim to know enough about it to say anything definitive. For all I know, the PSP camera-handling code could be susceptible to the same sort of buffer overflow attack that allowed the TIFF exploit to work initially.

It's certainly not as bizarre as suggesting kernel-mode access via HTML! ;)

The thing that happens here though is that its running an externally based program with the flash0 on the psp. so it is sending out some code via the USB and this seems to me as being Very promising.

The camera device is not accessing flash0.

Effectively, there's a PRX which is providing communication to the camera, which is acting as a USB host.

Maybe it's possible to sample the protocol stream, and fake something up to overflow it, but chances are that it's not - device drivers tend to be written pretty carefully.

Anyway, the mental model you have for it is wrong, it's more like a server app rather than some sort of 'direct access to flash0'. Not all USB activity follows some sort of mass storage model.

ha i said that. it might be using a prx that we could use to get into the flash.

The camera function will most likely come up with something, not exactly an exploit.

If you notice, connect the PSP to a USB cable and click the camera icon on the PSP. Your PC will detect a new device other than PSP. This most likely will be something like REMOTEJOY, an external camera other than Sony's 1.3 MP camera using a PC.


i know and its obviously some sort of flash memory that is being recognized!!

so im 99% certain that now we have access to some sort of internal memory on the psp and that is a hell of an accomplishment!!! but this is gonna be a bit different and harder to do because it is completely different from all the other exploits. got to think of how to do this....

the hard part is going to be writing the program to emulate the camera. and if we are lucky and there aren't security features on this feature then all we have to do is write a driver.

And no, camera doesn't access flash..

EDIT: Sorry Fanjita, haven't read your post before I posted mine.

And no, camera doesn't access flash..



well than where the hell is this plugin located!!

oh and thanks Fanjita for pointing out the server app thing to me i was thinking of it more as a direct transfer of data between the flash and the usb device. :P

well than where the hell is this plugin located!!

oh and thanks Fanjita for pointing out the server app thing to me i was thinking of it more as a direct transfer of data between the flash and the usb device. :P

the plugin (prx) is in the flash but that doesnt mean it has writeable acsess to the flash. but still it could be hackable

yeah but surely something as stupid as the memory stick reader has a prx, that doesn't mean its hackable.

still its a idea, I wouldn't have a clue were to start =p

Fanjita severely debunked this. Probably not gonna happen :)

Cloudy

A few things you must know first...

The camera only sends a video feed to the PSP and never actually writes files to it. The system software basically takes screenshots of the video feed and writes those files to it itself.

You see the top of your PSP? I am going to guess that the top of it has (from left to right, with screen towards you) an IR port, a circular docking hole, a USB logo, a tiny rectangular hole, the USB port, another tiny rectangular hole, another circular docking hole, and a UMD open switch. Believe it or not, the camera connects to the PSP via the USB port AND the two tiny rectangular holes. (Proof: use two tiny pieces of paper or something to block the connection between your camera and your PSP. It will not work. I found this out cause there used to be some crud in there that kept it from working and it wouldn't work until I used a toothpick to scrape it out.) I don't know if any USB devices can connect to the PSP like the official camera because of that.

The "install new software" PC glitch won't work. Why? Sony isn't gonna release PSP camera drivers to your computer. I believe that the drivers are actually stored on a tiny flash chip inside the camera itself, and I would think it to be near impossible to grab them off of there. Even if you did, they probably would be incompatible with the PC.

But don't let all your hopes down. This is coming from the person who didn't know Russia was involved in WWII until 15 minutes before my test on WWII.

when you connect your psp to a pc via usb and you press the camara icon in the xmb, windows will say "new hardware found"

So I think its possible...

I'VE GOT IT!

I just downgraded my sisters!

Here's the fil---

Dammit I deleted it! oh well!
:D

Thank you for the information IndianCheese very useful!! but the weird thing about this mode is how it actually continually sends out a signal through the usb port even when the official camera isn't present because until you hit back on it windows will still recognize it. and during this time when it is continually searching for it seems the best because the first file that it would receive would be a confirmation/identification file from the camera. so counld't you if you were able to encrypt a file that sony might recognize on the psp (preferably the dumped camera data :P(if its possible)) and send that over the usb connection and..... this is gonna be harder than i originally planned. (it always ends up that way ;( ) and then just like soder a wire to the cameras metal peices and... yeah.... hm.... well i still think it is one of the best shots we have :)

(second option would be some sort of buffer overflow attack as fanjita metioned) :)

EDIT: very funny parkermauney :D

Has anyone given a look at using PSX homebrew converted to an EBOOT as a vehicle to 'break into' a non-modded/downgraded PSP?

pt9087 - sorry fella', but I believe that hack went out of the window with FW3.10 - the code that deals with save-game loading has been properly patched now, as it was a flaw in the previous attempt to patch it that allowed the latest (3.03) downgrader to work with older (equally flawed) versions of GTA. Essentially, even if a great, glaring hole is found in another release, the firmware has compensated for the possibility. Result; no GTA downgraders for 3.1+ owners.

Noobz.eu covers the subject pretty well on that score. :(

I'm waiting for someone with a bit of savvy to completely debunk the USB suggestion. While I think it's similar to attempting to hack into a home alarm system via the water pipes, I can't claim to know enough about it to say anything definitive. For all I know, the PSP camera-handling code could be susceptible to the same sort of buffer overflow attack that allowed the TIFF exploit to work initially.

It's certainly not as bizarre as suggesting kernel-mode access via HTML! ;)

That was also said by many people after the 2.60 downgrader, do you know that for a fact???... NO! people also say that about Tiff! but nearly anything can happen if you look at the history of downgraders! :)

Tesseract - all homebrew is in eBoot form. :)

pt9087 - I'm not saying a downgrader isn't possible at all, just that I think the GTA exploit has seen its final version. Fanjita more-or-less makes this seem the case with his explanation re: GTA exploitation.. ;)

PSP Homebrew is EBOOT. PSX is not. You can make a PSX ISO and convert it to an EBOOT that will run on the PSP, though.

It doesn't interface via those little gold terminals. As I understand it those provide power to the device. Quite why Sony didn't just provide power via USB is anyone's guess.

(I got this information from a discussion about how to hack together a non-official microphone for the PSP so it's entirely possible that it's wrong ...)

Tesseract - are you suggesting kernel-mode access via PSX code running within the PSP's PSX emulator? ;)

Spoo - I think that's most likely because sending power out on a mini-USB socket would be a potentially disasterous contravention of an already ambiguously-implemented standard. Think what sort of confusion you'd get into if USB peripheral devices started trying to send current to the host (your PC, for instance). Those terminals help to disambiguate the otherwise dual nature of the PSP's USB interface, providing power to plug-in gadgets that would otherwise require their own power source (seeing as they're not being connected to a powered host interface, like the full-size 'A'-type sockets on your PC). It's a fairly neat idea to provide power to a PSP-hosted device via anchor points either side of the mini-USB socket, IMO - beats having batteries in the camera.

That wasn't very clear, was it? Too tired to make sense, sorry. Long day n'all. Goin'abed. G'night... zzz

Yeah, but I finally learned enough in another thread to abandon this train of thought. Previously, I had only been answered with silence. :P