a Quick summary of information and speculation:

UMD:
RUN.PBP
_____probably packet containing the usual:
_____PARAM.SFO (to "guide" us with the Parental control and region restriction... the usual)
_____.......etc.

UMD - Movie:
pending (RUN.PBP?)

UMD - Music:
pending (RUN.PBP?)

UMD protection:
- CDProof modification, physical sector damage, like in PS2.
- Random check every n-th second in games (of encryption? sectors.. something)


PBP apears to be the main container used by PSP File-System. It is a non-encrypted container usually containing:
PARAM.SFO (how, where, what to execute)
PNG files - images, usually the icons
AT3 files - audio backgrounds when brawsing the program?
XXXXX.PSP (loading? + code-tables for keys)
XXXXX.PSAR (encryped ELF/PRX)

Files Found in savegames/psdat(updates)/eboot

Savegame Files
PARAM.SFO - PSF Formatted metafile
DATA.BIN - game data (encrypted)
ICON0.PNG - icon
PIC1.PNG - background image
SND0.AT3 - background sound (ATRAC-3 format)

xxxx.pspdat Files
PARAM.SFO - PSF Formatted metafile
PI.WAD - data of game update/new levels?
TEST.BIN - key?
ICON0.PNG - icon
PIC1.PNG - background image

Update Files (eboot.pbp)
PARAM.SFO - PSF Formatted metafile
ICON0.PNG - icon
ICON1.PMF
ICON1.PNG
PIC1.PNG - background image
SND0.AT3 - background sound (ATRAC-3 format)
DATA.PSP
DATA.PSAR


The PARAM.SFO gives instructions on how the program is to be executed, including as a program-game running on the OS, or bootable code ran "under" the OS. (this file should present in any of the file-clusters, packed in PBP or not, including Game-saves, demo-games, os-updates, UMD disks). NOTE: we have seen cases of non PBP packed file-clusters, like in the Whipeout-expasnion, where we have the files simply set in own directory.


PARAM.SFO contents:

---------GAME SAVE--------------------
Fields: __________________Values (found):
CATEGORY_______________MS {MemoryStick Save}
PARENTAL_LEVEL _________1 ; 3 ; 5
SAVEDATA_DETAIL________
SAVEDATA_DIRECTORY____{location on MStick}
SAVEDATA_FILE_LIST______{Binary Data}
SAVEDATA_PARAMS_______{Binary Data}
TITLE___________________

-------------EBOOT--------------------
Fields: __________________Values(found):
BOOTABLE_______________1 {1-Yes-bootable on restart; 0-No-Runs only when started from OS ?}
CATEGORY ______________MG {MemoryStick Game}
DISC_ID________________ABCD-00000
DISC_VERSION___________1.00
DRIVER_PATH ____________
LANGUAGE_______________JP
PARENTAL_LEVEL__________1
PSP_SYSTEM_VER_________1.00 {required OSver to execute?}
REGION_________________32768 {why do they even bother...?}
TITLE___________________APP00(balloon)

(more info at http://xxxx.org/viewtopic.php?t=923 )

as ooPo researched... even if you have EBOOT that shows a damaged content, it may be possible (at least on some occasions) to Execute it when restarting the system.
That means that some of the "safeguards" of the system can be bypassed with booting-SFO and restarting the system (first step to modding). WARNING! Do not try this if you do not know what you are doing, or you may end up with a dead PSP!

PSAR
First 16 bytes of the PSAR file
00 to 03 == "PSAR" (magic for this file)
04 to 07 == 01 00 00 00
08 to 0B == NN NN NN NN (size of encrypted section, not including PSAR header)
0C to 0F == 01 00 00 00

PSAR-structure
1. Header
2. type 1 section
__a. Header
__b. Data
3. type 1 section
__a. Header
__b. Data
4. type 2 section
__a. Header
__b. Data
....
N-1.type 1 section
__a. Header
__b. Data
N. type 2 section
__a. Header
__b. Data


Type 1 : 272 bytes (0x110) One at the start with info for the whole PRX file and one for each ecrypted block?

Type 2 : Variable size data (encrypted packets of the ELF/PRX file)

(more on: http://xxx.xxx.org/viewtopic.php?t=931)


from WhipeOut Update info:

web transfered:
download.pspdif (probable redirection for file download?)
data.pspdat (archive)

in pack (NEW) file-types in WhipeOut Update archive:
.BIN
.WAD

new protocol link to play with
proc://command/http:xxxxx.xxxxx

Discovered error codes:
80020130 - File Read Error (ex. length is 0)
80020001 - Generic Kernel Error - default (ex. executable is invalid)
80020148 - PRX type unsupported / Missing PSAR file
800200D9 - Failure to allocate memory block (ex. missing PSP)

If error code (80020148) "PRX type unsupported" is triggered when we have missing PSAR file, now we have confirmation that the PSAR file is an ecrypted ELF or PRX program file.

ELF/PRX files are build when using (for example) CodeWarrior and Sony GCC to compile C or C++ code.

When using the packer for ELF/PRX we will be setting additional information as BOOTABLE = 0;1 PARENTAL_LEVEL = 1;3;5... etc.
This information will be contained in the SFO, and the actual ELF/PRX will be partitioned in packets, which will be encrypted with keys, and the packets will be stored in the PSAR. The keys' code will be stored in tables in xxxx.PSP.

At runtime, the PSP allocates memory blocks, loads Public Key, decrypts the public key with the private key using AES encryption, corresponding packet from the PSAR is loaded and decrypted with the (now decrypted) public key.

Encryption
As far as I understand so far there public keys and a private key which is in the PSP system.
The only algorithm I saw licensed for PSP is AES. So the public keys are AES encoded with the private key hardcoded in the PSP.
(If the private key is in the OS, then the EBOOP will have to contain both keys (private and public), and that's very doubtfull). Both keys will be required in order to be able to start and decrypt itself (PSAR) on reboot.)
Public keys are stored in tables in xxxx.PSP. Each key is decrypting one of the packets (type 2 section) of the PSAR file.

Where are the Public Keys of the GAMESAVEs?
It looks like there is NO public key for gamesaves.
As the game develpers do not set the public keys, it's the dev-toolkit that does it, so the gamesaves will not have a public key pre-set by the developer, but rather have the OS encrypt the "data" files as games save them in the gamesave directory. It would use AES encryption using ONLY the private key or combination if there is a second hard-coded key for all games' saves.
PI.WAD is encrypted (data for whipeout-expansion), so is the data stored in the test.bin. The data is 128bit AES-encrypted block.
It is more than likely a test file some developer was using for testing the encoding of the PSP-dev kit.
some AES info: http://xxx.xx.xxxxx/crypto/co040401.htm
more on RSA Security Solutions Adopted for PSP™ : http://www.xxx.com/press_release.asp?doc_id=5648


"RSA Security Inc. (Nasdaq: RSAS) announced today that it has licensed RSA BSAFE® Secure Sockets Layer (SSL) and public key infrastructure (PKI) products to Sony Computer Entertainment Inc. (SCEI), to provide a secure interactive environment for software title developers and publishers creating game titles for its new PSPTM (PlayStation®Portable) handheld entertainment system. "

BSAFE Standards and Compliance
Product Standards Compatibility
Product ______________________-Supported Standards
RSA BSAFE Cert-C, Cert-J _________-PKCS: 7, 10, 11, 12.
RSA BSAFE Crypto-C
(formerly BSAFE)_______________- ANSI: X9.30, X9.31, X9.32, X9.42, X9.56, X9.62, X9.63, and X9.80.
______________-______________-PKCS: 1, 5, 8, 11.
______________-______________-NIST (FIPS): 46-2, 81, 140-1, 180-1, 186.
RSA BSAFE Crypto-J
(formerly JSAFE)_______________- ANSI: X9.31.
______________-______________-PKCS: 1, 5, 8, 11.
______________-______________-NIST (FIPS): 46-2, 81, 140-1, 180-1, 186.
RSA BSAFE SecurXML-C IETF:____- Standards Track RFC 3275
RSA BSAFE S/MIME-C
(formerly S/MAIL) _____________-IETF: S/MIME,X.509.
______________-_____________-PKCS: 7, 10.
RSA BSAFE SSL-C, SSL-J________- Protocols: SSL v2, SSL v3, TLS v1

It looks like Sony licensed "RSA BSAFE SSL-C, SSL-J" and "RSA BSAFE Crypto-C". PKI is a part of the Crypto-C package.

the PKI offer has/could have:
RSA®, DSA
MiltiPrime™ technology (Compaq's patent, probably not used or else there would have been paper-trail)
Diffie-Hellman
Elliptic Curve DSA, Diffie-Hellman and AES
more here: http://www.xxxx.com/products/bsafe/datashe...CRC_DS_0503.pdf

The only proof I can find that only AES is used is the fact that the test.bin was 128bit which would be the result of encoding a few symbols with AES -128bit block standard, and it is the only symmetric cipher they offer for the PKI, and the game-saves do not have a public key and require enbeded symmetric algorithm. (and encryption algorithms take space and this is something that the PSP is short of, to have A few implemented).


more PSP stuff...

---direct memory access---

broken png header = view uninitialized video memory
http://xxxx.org/viewtopic.php?t=1215

broken sfo header = view uninitialized memory as a string
http://xxxx.org/viewtopic.php?t=1326

Web Browser in Wipeout Pure
using javascript to access unintended memory areas
http://xxxx.org/viewtopic.php?p=10213#10213
Quote:
"You can write the document with JavaScript, the timer function works and if you change the text of a button in a form with document.button.value="x", the old length of the text is used, showing memory garbage after the x."

-----PSP connection--------------------
There are a reports for a response of PSP when scanned (languard), including 21. There was a report that after connecting and 2 chars send to 21 the system got reset and person had to remove tha battery to get it working again. Similar reports for rebooting surface when the PSP is scanned with nmap and at the time whipeout's browser's refreshed.

more on: http://xxx.org/viewtopic.php?t=1274

on a similar note the file from here: http://xxx.org/networktest/trial.txt
has only 1 char "p"

As we can write off the chance of FTP, could the PSP expect a single "p" sent to an open port in order to confirm "friendly intentions"? =)
(how's that for a "handshake"? )

Sony's protocol http://standards.ieee.org/regauth/ethertype/eth.txt
"In our protocol, only one field must be required. It is two byte "sub-type" field. We manage this sub-type and buns it to each application. Acutual
protocol in each application may be vary. If sub-type is allocated, its protocol and data format can be freely designed."
more on: http://xxxx.org/viewtopic.php?t=1264

how did you come apon this info?

djp posted this info on his latest news a few days ago

ya i just realized this...why do people waste time with those things by reposting older news

Because people try to spread information to ungrateful bumms like you.

lol im guessing unlesss it was a comment to put ppl down

you're a senior and you're gonna take it like that? respect your elder neila *shakes hand at neila*

and yea posting things that is already posted is just gonna make more topics and more topics mean it'll take longer to look through, and because the topics are the same, related info are scatered and harder to analyze. that's why you should post in the topic that already exist if they're the same.

nice analysis