I have spent a day or so pursuing a possible exploit that exists for all versions of the firmware.
Read about it here (please read the entire thread as some of the posts have some inconsistencies):
I believe this issue was discovered only a few days ago.
We believe that we are experiencing buffer overflow, but cannot be entirely sure. Homework (I need to read it thoroughly again as I am quite rusty on the subject):
I have created a directory structure that when placed on the memory stick (this wasn't challenging, and I'm not claiming to have done anything new) results in a screen containing an icon (image) of our design being displayed for some number of seconds before the PSP shuts down (we believe as a result of the buffer overflow). st0n3d at PSP Hacks discovered the buffer overflow (if that's what it is -- we believe it to be thus far) and I've been trying a number of things since reading his thread, but would like others to pursue this as well. Note that to recreate the issue you need to use PBP Unpacker as opposed to just a hex editor when modifying SFO data/rebuilding PBPs (as it fixes SFO/PBP file structure after sizes of data members change).
Another thing I want to point out is that we can easily determine where the icon exists in the framebuffer (I haven't written any applications for the PSP since my 1.52 is locked-down/under house arrest by Sony, but I'm sure many of the developers in this forum could tell us in a matter of moments). I know the framebuffer starts at 0x40000000, we just have to figure out the address of the icon at 0x40000000 + (480 * (bits_per_pixel/8)) + (however_many_pixels those_icons_are_offset_fr om_left_side_of_screen * (bits_per_pixel/8)) and put the code we want to run there. The last machine code instructions for each row of the icon except for the last row will be identical, and will jump to the start of the next row (program counter + (480 - 144)). This would yield 144 * 80 bytes for our custom machine code.
I will post a URL to the dir. structure/files (zipped) containing everything you need to see where we are at (extract all contents as they are to the memory stick, but backup its contents first to avoid any overwriting of files you may not want touched) as soon as I figure out where to put it (putfile has a 10 MB limit :doh: ). If this has already been discovered and proven not to be buffer overflow, I apologize, I've been away from the forums for a while (and yes, I searched, in case that's brought up :) ). Can someone host this for me if it proves to be something new and not something already shot down?