dinamico wrote:I must have my psp already hacked to do that by software
Yes. I meant by hardware.
dinamico wrote:by a bus request and looking the return values with an extern hardware, for example) the data is encrypted so i can't get very much information
Data is not encrypted on RAM on PSP. And also if you're trying to figure out the memory map layout, actual data is useless.
dinamico wrote:There is no need to know the memory map to hack it, right? At least, not in the first time.
Depends on what you mean by "hack it", and depends on the system and the type of protection set up.
dinamico wrote:It's the same, you have to take the control of the system to get info from the kernel.
Nope. If you peek by hardware you don't need software control. You can simply dump kernel memory once you've figured out the memory layout and what part should be the kernel (if any).
dinamico wrote:What I'm trying to ask is if we don't get a gap in the system testing blindly, we can't move forward because we have no information about it, so we have to have luck after all. It's that true?
I do not agree. Usually hardware hacks are the first, because they expose the internal device architecture, which then can be tried to be exploited by software (using hardware to inject the code, checking what's happening when some code is executed/vulnerability found, etc...). IMHO there's no such thing as luck but knowledge and experience. Of course you can be lucky and Sony made a big mistake which allows easier cracking of the system's protection (like PSP's 1.00 executing unencrypted ELFs, PS3 return 4 and such), but you have to know where to look or luck has really no meaning. Nobody cracks a system's protection with luck only.