New raw idea for a possible exploit. (and its not HTML this time :P)

[Batholith_5]

i know and its obviously some sort of flash memory that is being recognized!!

so im 99% certain that now we have access to some sort of internal memory on the psp and that is a hell of an accomplishment!!! but this is gonna be a bit different and harder to do because it is completely different from all the other exploits. got to think of how to do this....

the hard part is going to be writing the program to emulate the camera. and if we are lucky and there aren't security features on this feature then all we have to do is write a driver.

[steve520]

Wow thats some good thinking....nice job you possibly might save tons of newbies hopefully somebody would pick up on this

[aznTerz]

umm... i read the time... and read it again....
kinda don get it XD

i just read it again... and read the comments.....
its starting to get clearer... maybe im just tired... or dumb
-_-"

[pt9087]

Could happen! but i think the next D/G will be by using GTA!

[White_Hawk_UK]

pt9087 - sorry fella', but I believe that hack went out of the window with FW3.10 - the code that deals with save-game loading has been properly patched now, as it was a flaw in the previous attempt to patch it that allowed the latest (3.03) downgrader to work with older (equally flawed) versions of GTA. Essentially, even if a great, glaring hole is found in another release, the firmware has compensated for the possibility. Result; no GTA downgraders for 3.1+ owners.

Noobz.eu covers the subject pretty well on that score.

I'm waiting for someone with a bit of savvy to completely debunk the USB suggestion. While I think it's similar to attempting to hack into a home alarm system via the water pipes, I can't claim to know enough about it to say anything definitive. For all I know, the PSP camera-handling code could be susceptible to the same sort of buffer overflow attack that allowed the TIFF exploit to work initially.

It's certainly not as bizarre as suggesting kernel-mode access via HTML!

[Batholith_5]

The thing that happens here though is that its running an externally based program with the flash0 on the psp. so it is sending out some code via the USB and this seems to me as being Very promising.

[Fanjita]

The camera device is not accessing flash0.

Effectively, there's a PRX which is providing communication to the camera, which is acting as a USB host.

Maybe it's possible to sample the protocol stream, and fake something up to overflow it, but chances are that it's not - device drivers tend to be written pretty carefully.

Anyway, the mental model you have for it is wrong, it's more like a server app rather than some sort of 'direct access to flash0'. Not all USB activity follows some sort of mass storage model.

[Buddy4point0]

ha i said that. it might be using a prx that we could use to get into the flash.

[-Xandu-]

The camera function will most likely come up with something, not exactly an exploit.

If you notice, connect the PSP to a USB cable and click the camera icon on the PSP. Your PC will detect a new device other than PSP. This most likely will be something like REMOTEJOY, an external camera other than Sony's 1.3 MP camera using a PC.

i know and its obviously some sort of flash memory that is being recognized!!

so im 99% certain that now we have access to some sort of internal memory on the psp and that is a hell of an accomplishment!!! but this is gonna be a bit different and harder to do because it is completely different from all the other exploits. got to think of how to do this....

the hard part is going to be writing the program to emulate the camera. and if we are lucky and there aren't security features on this feature then all we have to do is write a driver.

And no, camera doesn't access flash..

EDIT: Sorry Fanjita, haven't read your post before I posted mine.

[Batholith_5]

And no, camera doesn't access flash..

well than where the hell is this plugin located!!

oh and thanks Fanjita for pointing out the server app thing to me i was thinking of it more as a direct transfer of data between the flash and the usb device. :P