The Hidden Web Browser
This page is always a work in progress. Keep watching.
HUGE thanks to FuMan for hosting the main mirror! I OWE YOU ONE!
Update
(+rant):
I made Slashdot/HackADay/Engadget! Yippee...thanks guys! And thanks to the PS2/PSP dev'rs! http://www.pspdev.org and http://www.ps2dev.org ! Thanks for all your positive/negative comments. I'm not removing the "PWNT" pictures. They stay. The "PWNT" pic is a 480x272 .jpg (which was linked from my main page) it not an HTML file rendered. The second link was to /.
Uhm...yes the video sucks, I didn't expect that many people to see it. Yes I take credit for doing this on my own, but NO I don't pretend to be the only one to have done this. I might be all over the web now and I won't pretend that I don't like it in some small way; but I'm happy to see the PSP scene take greater steps forward. I'm only a tinkerer, I don't pretend to have an in depth-knowledge of all aspects of the PSP.
This page is ugly and thats the way it will stay.
One final thing, I'm happy to see so many people interested in this topic. For the people who say this is only a proof-of-concept: you're right. For those who think this will go nowhere you're wrong. fugimax has already set up a portal and DNS server that is (so far) accessible by everyone who wants it. Yes this browser is not meant to be a full fledged piece of code...it won't do what your PC browser does, but who are we kidding? You dind't actually expect that, did you? It does what it does, and it does it just fine. The "keyboard" is a bitch to use (for those of you still wondering how you enter text...just go change your nick on the PSP or go enter a name for a network connection..same interface). With a little ingenuity and a bit of code, it could be used to read news/texts/etc just fine....and it won't take forever to load the pages. The PSP was never meant to replace PDA's. This is only a small step and it might not be the holly grail. But its a step nontheless. I'm starting to ramble on so basically this is the point: don't like it? Move along. OMGWTFBBQ! - roto
I made Slashdot/HackADay/Engadget! Yippee...thanks guys! And thanks to the PS2/PSP dev'rs! http://www.pspdev.org and http://www.ps2dev.org ! Thanks for all your positive/negative comments. I'm not removing the "PWNT" pictures. They stay. The "PWNT" pic is a 480x272 .jpg (which was linked from my main page) it not an HTML file rendered. The second link was to /.
Uhm...yes the video sucks, I didn't expect that many people to see it. Yes I take credit for doing this on my own, but NO I don't pretend to be the only one to have done this. I might be all over the web now and I won't pretend that I don't like it in some small way; but I'm happy to see the PSP scene take greater steps forward. I'm only a tinkerer, I don't pretend to have an in depth-knowledge of all aspects of the PSP.
This page is ugly and thats the way it will stay.
One final thing, I'm happy to see so many people interested in this topic. For the people who say this is only a proof-of-concept: you're right. For those who think this will go nowhere you're wrong. fugimax has already set up a portal and DNS server that is (so far) accessible by everyone who wants it. Yes this browser is not meant to be a full fledged piece of code...it won't do what your PC browser does, but who are we kidding? You dind't actually expect that, did you? It does what it does, and it does it just fine. The "keyboard" is a bitch to use (for those of you still wondering how you enter text...just go change your nick on the PSP or go enter a name for a network connection..same interface). With a little ingenuity and a bit of code, it could be used to read news/texts/etc just fine....and it won't take forever to load the pages. The PSP was never meant to replace PDA's. This is only a small step and it might not be the holly grail. But its a step nontheless. I'm starting to ramble on so basically this is the point: don't like it? Move along. OMGWTFBBQ! - roto
A little precursor:
I was not the first person to successfully do this, nor do I claim to be. I am on the other hand one of the only ones willing to share everything I know. This is why this page is here. The more people we have working on things like this the quicker we can reach our goal (homebrew). Every little bit helps...right?
Summary:
As far as I can figure out, its NOT part of the firmware...But this can be made into a general purpose browser if you create a portal-like site to jumps to links. When you select "Go to home page" it returns you to the portal site (index.html). So thats an easy way out.
Yes you can use input (we googled stuff), when you enter a textbox and press X the PSP pops up the Keyboard API (remember there's alot of API to be taken advantage of with the PSP). After that its as simple as any other input on the PSP.
The way I loaded up my own "page" is by setting up my FreeBSD machine with some DNS entries that point ingame.scea.com and webcluster.scea.com and all NS's for scea.com to my internal LAN machine. So then I changed the PSP's NameServer settings to point to the server on my local LAN (FreeBSD machine). When the Wipeout client accesses http://ingame.scea.com/wipeout/index.html it gets my LOCAL file because of the DNS mapping.
It's all pretty simple after that. I made a static page with a bunch of spring-board (or portal-like I guess) links to access from the PSP.
Browsing is simple enough, up and down to move from link to link. D-Pad only though. Also there is no cursor anywhere, and no title-bars. If there is no link in the nearest vicinity, the PSP just scrolls the page (awesome). Entering links is X, refresh page is []. L+R buttons are BACK and FORWARD. Start->Go To Homepage...goes to home page. Again entering text into boxes pops up the API.
JavaScript works (Again API for Alert boxes, NEAT feature), Java is yet to be tested. Frames don't work. Large pictures are to be tested too. Uhm I think thats it for now. Most of HTML works (no H1's and stuff). Background colors and pics etc work fine.
Info:
Once the network connection is established and the PSP gets an IP, it sends a request (specifically a GET for US_holding_page.jpg from http://ingame.scea.com/wipeout/index.html?serviceId=wipeoutpure_ingamesupport_main&hostId=ucus98612_wipeoutpure_psp_umd_1
&hostLanguage=en&pspId=<REMOVED>&skin=Default) to http://ingame.scea.com/wipeout/index.html using User Agent "SCEJ PSP BROWSER 0102pspNavigator", its Wipeout's webbrowser but it looks as if it's a Sony (Sony Computer Entertainment Japan) piece of code, so this might be a standard browser we'll be seeing. PHP rendering works great, I browsed phpinfo(); and there's not much in there to gush about. Since there are no links on that page, the browser lets you scroll up, down, left and right freely.
As Awhite (Ioannis KarAvas) suggested, I gave Opera and The Proxomitron a try. Set the USER AGENT and bingo,we spoof the PSP browser (there's no need to use Opera specifically...you can use just the Proxomitrom or just edit your registry):
Heh...what do we have here? Nothing but Wipeout...and nothing but an image if you go in there..
pdc^ thought up of an idea to use a proxy for Wipeout's web browsing. Now to set up a proxy and change it's requests...*UPDATE* I hear people have done this and it works awesome.
What works and doesn't:
A nice chat session in #pspdev brought about these results:
*NEW* How-To "Summary" and other junk:
This is the same stuff as the e-mail I sent to hackaday:
Wipeout Pure for PSP has a feature that lets you access updated content online (such as grabbing new textures or levels). This little feature has been reversed and “exploited” to our benefit. Note I am NOT the first person to do this, nor have I ever claimed to be. I did however figure this out on my own (as did the 4 or so other people who’s links you can find on the forum posts).
Anyway, accessing the “Download” section in Wipeout brings us to a hidden but full-featured web browser which at this time is obscured by a “Coming Soon” logo from SCEA’s webservers.
Taking the access requests apart I figured out (like many other people did) that this can be "exploited" by simple “spoofing”
The way I loaded up my own “page” is by setting up my FreeBSD machine with some DNS entries that point ingame.scea.com and webcluster.scea.com and all NS’s for scea.com to my internal LAN machine. I also created some files for Apache to serve. So then I changed the PSP’s NameServer settings to point to the server on my local LAN (FreeBSD machine). When the Wipeout client accesses http://ingame.scea.com/wipeout/index.html it gets my LOCAL file because of the DNS mapping. It’s all pretty simple after that. I made a static page with a bunch of spring-board (or portal-like I guess) links to access from the PSP. When you select “Go to home page” by pressing start it returns you to the portal site (index.html). So thats an easy way back. This can be done in NUMEROUS other ways so don't go hating on me because I had a FreeBSD box at my disposal and decided to go this way.
While browsing, you can enter input (we googled stuff!), when you enter a textbox and press X the PSP pops up the Keyboard API (remember there’s alot of API to be taken advantage of with the PSP). After that its as simple as any other input on the PSP.
Browsing is simple enough, up and down to move from link to link. D-Pad only though. Also there is no cursor anywhere, and no title-bars. If there is no link in the nearest vicinity, the PSP just scrolls the page (awesome). Entering links is X, refresh page is []. Again entering text into boxes pops up the API.
JavaScript works (Again API for Alert boxes, NEAT feature…my friend MomDad gave me a scare with a “PANIC!” joke which turned out to be PSP’s Dialog box API kicking in).Frames don’t work. Large pictures are to be tested too. Uhm I think thats it for now. Most of HTML works (no H1’s and stuff). Background colors and pics etc work fine.
This is an actuall log of me typing stuff up for my own notes as I was doing it all, i just found this on my USB key:
HAH!Don't say anything about the Apache version.
Slightly Older stuff:
Wipeout Pure's "Download" section is a full-featured WEB BROWSER! Here's proof:
Here's what you'd typically see if accessing that option from the PSP (I snarfed this image while packet sniffing):
BTW, you can't access the URL that this browser seeks directly using any kind of PC browser.
Here's me browsing my own stupid quickly created page:
Here's how links work (you can move left and right and hit X to go to the links):
Just a joke...nothing got "PWNT"
Here's how you go back to the main page:
Returning to main index.html
Here's another link:
And here's one for the masses:
Proof by roto/mozy (Again, I'm NOT the first person to do this. I am one of the first to spread the wealth though.)
Full writeup of how I did this is coming soon...lets just say it involved FreeBSD, BIND, and a LOT of packet sniffing and rebuilding...those of you that understand that already know how I did what I did. It was easy once I figured out what the Wipeout browser was seeking (/wipeout/US_holding_page.jpg). Basically I sniffed the packets that the browser was seding out and receiving. I then fired up my own DNS/HTTP servers and redirected the PSP's access to my data. I changed the PSP's default nameservers to the one on my LAN. Etc, etc.
Forgive me for the sucktacular HTML and ugly pics/etc...it's 3am and I wanted to finish this up today.
Small (10mb, 3min) video of this stuff in action: psp_haxxed_by_roto-xvid.avi
Yes, the video sucks...its shaky...its blurry. Don't like it? Don't watch it again.
Find me in #pspdev @ EFnet.
Thanks to (in NO order at all):
Awhite (Ioannis KarAvas)
FuMan
pdc^
ooPo
MomDad
DarkFader
fugimax
omlette
RtiGHeR
LudaCris
TrAcER_
psdo
elz
amptor
SupAshaD
masta
warren...
And anyone else I might have forgotten (mirror people/etc, sorry! you know i'm thankful)
Created by roto/mozy
03/26/05 - 2am
I was not the first person to successfully do this, nor do I claim to be. I am on the other hand one of the only ones willing to share everything I know. This is why this page is here. The more people we have working on things like this the quicker we can reach our goal (homebrew). Every little bit helps...right?
Summary:
As far as I can figure out, its NOT part of the firmware...But this can be made into a general purpose browser if you create a portal-like site to jumps to links. When you select "Go to home page" it returns you to the portal site (index.html). So thats an easy way out.
Yes you can use input (we googled stuff), when you enter a textbox and press X the PSP pops up the Keyboard API (remember there's alot of API to be taken advantage of with the PSP). After that its as simple as any other input on the PSP.
The way I loaded up my own "page" is by setting up my FreeBSD machine with some DNS entries that point ingame.scea.com and webcluster.scea.com and all NS's for scea.com to my internal LAN machine. So then I changed the PSP's NameServer settings to point to the server on my local LAN (FreeBSD machine). When the Wipeout client accesses http://ingame.scea.com/wipeout/index.html it gets my LOCAL file because of the DNS mapping.
It's all pretty simple after that. I made a static page with a bunch of spring-board (or portal-like I guess) links to access from the PSP.
Browsing is simple enough, up and down to move from link to link. D-Pad only though. Also there is no cursor anywhere, and no title-bars. If there is no link in the nearest vicinity, the PSP just scrolls the page (awesome). Entering links is X, refresh page is []. L+R buttons are BACK and FORWARD. Start->Go To Homepage...goes to home page. Again entering text into boxes pops up the API.
JavaScript works (Again API for Alert boxes, NEAT feature), Java is yet to be tested. Frames don't work. Large pictures are to be tested too. Uhm I think thats it for now. Most of HTML works (no H1's and stuff). Background colors and pics etc work fine.
Info:
Once the network connection is established and the PSP gets an IP, it sends a request (specifically a GET for US_holding_page.jpg from http://ingame.scea.com/wipeout/index.html?serviceId=wipeoutpure_ingamesupport_main&hostId=ucus98612_wipeoutpure_psp_umd_1
&hostLanguage=en&pspId=<REMOVED>&skin=Default) to http://ingame.scea.com/wipeout/index.html using User Agent "SCEJ PSP BROWSER 0102pspNavigator", its Wipeout's webbrowser but it looks as if it's a Sony (Sony Computer Entertainment Japan) piece of code, so this might be a standard browser we'll be seeing. PHP rendering works great, I browsed phpinfo(); and there's not much in there to gush about. Since there are no links on that page, the browser lets you scroll up, down, left and right freely.
As Awhite (Ioannis KarAvas) suggested, I gave Opera and The Proxomitron a try. Set the USER AGENT and bingo,we spoof the PSP browser (there's no need to use Opera specifically...you can use just the Proxomitrom or just edit your registry):
Heh...what do we have here? Nothing but Wipeout...and nothing but an image if you go in there..
pdc^ thought up of an idea to use a proxy for Wipeout's web browsing. Now to set up a proxy and change it's requests...*UPDATE* I hear people have done this and it works awesome.
What works and doesn't:
A nice chat session in #pspdev brought about these results:
- Dialog box input
works (eg google search) (fires up PSP's Keyboard API)
- JavaScript works,
with Alert's and \n newlines and stuff (thanks MomDad) (again, API for
MSG boxes [alerts])
- Frames don't work.
- Tags like H1/H2 don't work.
- Loading huge images doesn't render them (red X). Big but not huge images (eg 640x480 render and are scrollable (thanks fugimax).
- SSL is hit and miss...works for some..not for others...
- Simple .txt files
open up fine. (they're just text/html streams...so..duh)
forums.ps2dev.org has more info.
- Java doesn't work.
- Large images (>2.9? MB don't load...get a nice red X). 640x480 is ok..scrolls.
- ftp:// disconnects the connection. (pdc^)
- file upload dialogs don't show up, it just freezes the browser
- Flash (third party) doesn't work.
- JavaScript works pretty nicely with some limitations (http://www.allxboxskins.com/phpbrowser.php for your PSP, thnx MomDad)
- Great portal site
made by fugimax == http://www.andrew.cmu.edu/user/jterlesk/psp/ (props fugimax).
- Alot of stuff. Stuff that I forgot but is probably on http://forums.ps2dev.org in the PSP section.
*NEW* How-To "Summary" and other junk:
This is the same stuff as the e-mail I sent to hackaday:
Wipeout Pure for PSP has a feature that lets you access updated content online (such as grabbing new textures or levels). This little feature has been reversed and “exploited” to our benefit. Note I am NOT the first person to do this, nor have I ever claimed to be. I did however figure this out on my own (as did the 4 or so other people who’s links you can find on the forum posts).
Anyway, accessing the “Download” section in Wipeout brings us to a hidden but full-featured web browser which at this time is obscured by a “Coming Soon” logo from SCEA’s webservers.
Taking the access requests apart I figured out (like many other people did) that this can be "exploited" by simple “spoofing”
The way I loaded up my own “page” is by setting up my FreeBSD machine with some DNS entries that point ingame.scea.com and webcluster.scea.com and all NS’s for scea.com to my internal LAN machine. I also created some files for Apache to serve. So then I changed the PSP’s NameServer settings to point to the server on my local LAN (FreeBSD machine). When the Wipeout client accesses http://ingame.scea.com/wipeout/index.html it gets my LOCAL file because of the DNS mapping. It’s all pretty simple after that. I made a static page with a bunch of spring-board (or portal-like I guess) links to access from the PSP. When you select “Go to home page” by pressing start it returns you to the portal site (index.html). So thats an easy way back. This can be done in NUMEROUS other ways so don't go hating on me because I had a FreeBSD box at my disposal and decided to go this way.
While browsing, you can enter input (we googled stuff!), when you enter a textbox and press X the PSP pops up the Keyboard API (remember there’s alot of API to be taken advantage of with the PSP). After that its as simple as any other input on the PSP.
Browsing is simple enough, up and down to move from link to link. D-Pad only though. Also there is no cursor anywhere, and no title-bars. If there is no link in the nearest vicinity, the PSP just scrolls the page (awesome). Entering links is X, refresh page is []. Again entering text into boxes pops up the API.
JavaScript works (Again API for Alert boxes, NEAT feature…my friend MomDad gave me a scare with a “PANIC!” joke which turned out to be PSP’s Dialog box API kicking in).Frames don’t work. Large pictures are to be tested too. Uhm I think thats it for now. Most of HTML works (no H1’s and stuff). Background colors and pics etc work fine.
This is an actuall log of me typing stuff up for my own notes as I was doing it all, i just found this on my USB key:
| Wipeout connects to WAP, grabs
DHCP info and attempts to connect to ingame.scea.com (also
webcluster.scea.com) after which it grabs the index.html that holds the
"US_holding_page.jpg" image. Got on FreeBSD, added SCEA.com zone with all the goodies (NS1-NS4, ingame, webcluster). Gave fake values to double check. 192.168.2.XXX is my router. Connected to my FreeBSD BIND server (on 192.168.2.1) to double check, everything works: C:\>nslookup Default Server: UnKnown Address: 192.168.2.XXX > webcluster.scea.com Server: UnKnown Address: 192.168.2.XXX Name: webcluster.scea.com Address: 160.33.44.80 > server 192.168.2.1 Default Server: [192.168.2.1] Address: 192.168.2.1 > webcluster.scea.com Server: [192.168.2.1] Address: 192.168.2.1 Name: webcluster.scea.com Address: 44.44.44.44 > When checking with PSP's Network Test app, it says "Internet Connection Failed" but everything else is ok.. Apache Log: [Sat Mar 26 01:16:32 2005] [error] [client 192.168.2.33] File does not exist: /usr/local/www/data/wipeout/US_holding_page.jpg Created US_holding_page.jpg and accessed it via PSP. PSP loaded that pic as expected. Then as I exited from the PSP browser it said "cannot find index.html", actually my Apache server spat out that message. So I went ahead and created index.html with some random junk. Loaded up Wipeout's browser again and now instead of seeing "US_holding_page.html" i saw my index.html!! Can't use the usual markup....but WOW! Links work..they're highlighted blue and you can access them by clicking X. ---------------------------- Sniffed HTTP Connection: ---------------------------- Date: Sat, 26 Mar 2005 08:07:05 GMT Server: Apache/1.3.27 (Unix) Last-Modified: Wed, 16 Mar 2005 19:13:50 GMT ETag: "43a6e-199-4238856e" Accept-Ranges: bytes Content-Length: 409 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Wipeout Pure</title> <style> body { margin: 0; padding: 0; } </style> </head> <body> <img src="US_holding_page.jpg" width="480" height="272" hspace="0" vspace="0" border="0"> </body> </html> ---------------------------- The image request: ----------------------------- HTTP/1.1 200 OK Date: Sat, 26 Mar 2005 10:37:54 GMT Server: Apache/1.3.27 (Unix) Last-Modified: Wed, 16 Mar 2005 22:04:06 GMT ETag: "2bcac-276b9-4238ad56" Accept-Ranges: bytes Content-Length: 161465 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/jpeg <wipeout image> ---- DNS ---- ingame.scea.com (alias to webcluster) webcluster.scea.com ns1-ns4.scea.com (give all of these local IP's) |
Slightly Older stuff:
Wipeout Pure's "Download" section is a full-featured WEB BROWSER! Here's proof:
Here's what you'd typically see if accessing that option from the PSP (I snarfed this image while packet sniffing):
BTW, you can't access the URL that this browser seeks directly using any kind of PC browser.
Here's me browsing my own stupid quickly created page:
Here's how links work (you can move left and right and hit X to go to the links):
Just a joke...nothing got "PWNT"
Here's how you go back to the main page:
Returning to main index.html
Here's another link:
And here's one for the masses:
Proof by roto/mozy (Again, I'm NOT the first person to do this. I am one of the first to spread the wealth though.)
Full writeup of how I did this is coming soon...lets just say it involved FreeBSD, BIND, and a LOT of packet sniffing and rebuilding...those of you that understand that already know how I did what I did. It was easy once I figured out what the Wipeout browser was seeking (/wipeout/US_holding_page.jpg). Basically I sniffed the packets that the browser was seding out and receiving. I then fired up my own DNS/HTTP servers and redirected the PSP's access to my data. I changed the PSP's default nameservers to the one on my LAN. Etc, etc.
Forgive me for the sucktacular HTML and ugly pics/etc...it's 3am and I wanted to finish this up today.
Small (10mb, 3min) video of this stuff in action: psp_haxxed_by_roto-xvid.avi
Yes, the video sucks...its shaky...its blurry. Don't like it? Don't watch it again.
Find me in #pspdev @ EFnet.
Thanks to (in NO order at all):
Awhite (Ioannis KarAvas)
FuMan
pdc^
ooPo
MomDad
DarkFader
fugimax
omlette
RtiGHeR
LudaCris
TrAcER_
psdo
elz
amptor
SupAshaD
masta
warren...
And anyone else I might have forgotten (mirror people/etc, sorry! you know i'm thankful)
Created by roto/mozy
03/26/05 - 2am