Im a network engineer not a program but I have been wondering why very little (at least that i have seen) has been said about looking for vulnerabilities in the PSP's wifi implementation? In alot of net appliances one of the weakest links has been the tcp/ip stack. Several games are now shipping with "game sharing" support like Harry Potter and The Con, anyone run something like snort against it or do any sniffing to try and pick apart the packets or send malformed packets back? Seems to me to be a more likely way of getting at the kernel than bughunting the picture viewer.

I might be way off base since I assume there has to be a reason its not talked about much, but if so why?

I don't think too much valid data is being transmitted via Wi Fi. All it is is game demo's, pictures and input/output data from the psp.

Then again, it's not impossible to do SOMETHING with the wifi. There's already homebrew that uses it. I just don't see how that would help the homebrew scene though. You can't really run programs straight off wi fi and any vulnerabilites that it may have would be out of reach for a lot of people who don't have wireless routers/access to wi fi hotspots.

That's not really feasible for a hack. If you could pass data back to the psp and get it to run code, you would lose it once you restarted. For it to be a good and viable hack, it should be able to run natively without going thru a game first.

The idea has crossed my mind - I believe that such an exploit is used against the NDS.

I thought The Con in particular allowed pretty much full gameplay with one UMD through game sharing mode?

Didnt think about the reset, still it wouldnt be a bad idea for something like the "game server" exploits on the gamecube.

Any progress is good progress, the xbox had buffer overflows in-game that would run unsigned code.. the PSP may have the same overflows open for exploit. Just where and how is the problem. I imagine there's a few holes in the wireless TV beaming station too, just no one knows what to look for ATM, or has no urge or time to do it.

well the difference with the T.V. thing and PSP is you have both client and server on psp meaning decompile the client or server code and find a exploit in it.. I think latly no1 cares or has time since its coming up to christmas and most people probly got a temp job to get money.. come new year the scene will probly pick up again and a exploit found. PSP will probly be the easiest console EVER to hack/exploit due to all the crap thats on it like ad hoc usb etc..

It is possible problably. Game sharing is problably just encrypted the way Eboot's are and it isn't possible to crack that I think. But invoking a game to exploit is the way to go and if WiFi isn't the best solution, but every progres is OK. Just use sleep mode and you haven't to do it every time. Thing is also that we can dump memory in v1.5 games on a v1.5

I believe this was one of the first areas to be looked into and all data transmitted is heavily encrypted.

I think he means the traditional "crash the stack" methods found on early PC TCP/IP implementations.
Nothing would have to be actually transmitted or received on the PSP.
Problem is, that would probably require an eboot or something that directly attacks the TCP/IP stack in the firmware. So that means 2.0.
But who knows, it could lead to a kernel-mode exploit on 2.0 by using a user-mode eboot to "crash the stack" (overflow it). Of course, since Sony probably used the latest and greatest code in the TCP/IP, they probably thought to themselves "how do we stop TCP/IP from crashing the PSP if a malicious hacker sees it?" and tested it thoroughly. But again, who knows?

they probably thought to themselves "how do we stop TCP/IP from crashing the PSP if a malicious hacker sees it?" and tested it thoroughly.

As they did for the tiflib in 2.0 ;)

As they did for the tiflib in 2.0 ;)
Yes, a hacker on the internet is really going to magically crash a PSP over said internet using the TIF exploit. Not going to happen.
Logically, a company would look at the most important attack vectors first. The most important attack vector for an internet-enabled handheld would be the TCP/IP stack, which would be the most vulnerable. The second most important would be running unsigned code that would "brick" a PSP (that's been proven already). And they would be more interested in finding and squashing vulnerabilities in anything that runs in kernel-mode and would brick a PSP.
The picture viewer on 2.0 runs in user-mode.

It seems PSPadvance uses the LocationFree player:

"The PSP EBOOT application cannot currently be loaded on PSPs with firmware version 2.50. But not to worry, PSPAdvance is a fully functioning Wi-Fi entertainment system for 2.50 users, so you will be able to enjoy PSPAdvance and the Media Network wirelessly!"

Maybe interresting :) I don't want to install because i think installer is loaded with spyware :p Btw, its version 1.01 released 17/11/05 :)