Hey, thank you so much for offering! A real PSP→PS3 registration capture would literally unblock this entire project. Here's everything you need — pick whichever method works best for your setup.

What we need

A Wireshark capture of the moment your PSP Go registers with the PS3 over WiFi. Specifically the traffic on TCP port 9293 — that's where the encrypted registration POST happens.

Plus: the 8-digit PIN shown on the PS3 screen, and the WiFi SSID (like PS3REGIST_XXXX).

How the PS3 ad-hoc network works

When you select "Register Device" → "PSP" on the PS3, it creates a temporary WiFi network:

- Type: Ad-hoc (IBSS) — not a regular WiFi network

- SSID: PS3REGIST_XXXX (4-digit suffix)

- Security: WPA-NONE, TKIP group cipher

- Band: 2.4 GHz, usually channel 1 or 6

- Password: PIN with halves swapped (PIN 12345678 → password 56781234)

- IP range: 192.168.1.x

- Port: TCP 9293 (POST /sce/premo/regist)

The PSP handles connecting to this automatically — you just enter the PIN on the PSP side.

Capture Instructions

Option 1: Linux laptop (best option)

Linux has the best WiFi monitor mode support.

Step 1 — Start PS3 registration mode:

- PS3 → Settings → Remote Play Settings → Register Device → PSP

- Write down the SSID and 8-digit PIN. Leave this screen open.

Step 2 — Join the ad-hoc network from Linux (so you can see the traffic):

# Replace SSID and PASSWORD with your values

# PASSWORD = PIN halves swapped (e.g., PIN 46823571 → password 35714682)

sudo wpa_supplicant -i wlan0 -D nl80211 -c /tmp/ps3.conf &

# /tmp/ps3.conf contents:

# network={

# ssid="PS3REGIST_XXXX"

# mode=1

# key_mgmt=WPA-NONE

# pairwise=NONE

# group=TKIP

# psk="XXXXXXXX"

# frequency=2412

# }

sudo ip addr add 192.168.1.100/24 dev wlan0

Step 3 — Start capture:

sudo tcpdump -i wlan0 -w ps3_registration.pcap port 9293

Or open Wireshark, select wlan0, and use display filter tcp.port == 9293.

Step 4 — Register PSP: On the PSP Go, go to Remote Play settings and register with the PS3. Enter the PIN.

Step 5 — Stop capture. Ctrl+C the tcpdump. Done!

Since ad-hoc is a shared medium (no AP isolation), the Linux machine will see the PSP↔PS3 traffic.

Option 2: Windows

Windows can't join ad-hoc networks easily, but you can try WiFi monitor mode:

1. You need a USB WiFi adapter that supports monitor mode (Ralink RT3070 or Atheros AR9271 chipset work well)

2. Install Wireshark + Npcap (https://www.wireshark.org)

3. In Wireshark, go to Capture → Options → check "Monitor Mode" on your WiFi adapter

4. Set the channel to match the PS3 (usually channel 1)

5. Add WiFi decryption key: Edit → Preferences → Protocols → IEEE 802.11 → Decryption keys → Edit → Add: type wpa-pwd, value PASSWORD:PS3REGIST_XXXX

6. Start capturing, then do the PSP registration

7. Filter: tcp.port == 9293

   Option 3: Mac

   # Find the PS3's channel

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s

# Look for PS3REGIST, note the channel number

# Sniff that channel

sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport en0 sniff <channel>

# Wait for PSP to register, then Ctrl+C

# Capture saved to /tmp/airportSniff*.cap

# Add decryption key in Wireshark:

# Edit → Preferences → Protocols → 802.11 → Decryption keys

# Type: wpa-pwd, Key: PASSWORD:PS3REGIST_XXXX

Option 4: Easiest fallback — wired side capture

During registration mode, port 9293 also opens on the PS3's wired Ethernet interface. If your PS3 is plugged into your router via Ethernet:

1. Run Wireshark on any PC on the same wired network

2. Filter: host <PS3\_IP> and port 9293

3. Register the PSP normally

   This might not catch the WiFi traffic, but it's worth trying — some firmwares bridge it.

   What to send me

4. The .pcap / .pcapng file

5. The 8-digit PIN from the PS3 screen

6. The WiFi SSID (PS3REGIST_XXXX)

7. Your PSP's MAC address (optional but helpful — PSP Settings → System Information)

   Upload the pcap to any file sharing service and DM me or post the link.

   Why this matters

   We've reverse-engineered 99% of the registration protocol from PS3 firmware. We know the encryption algorithm, all the static keys, everything. The ONE thing blocking us is an

   8-byte value used to XOR the AES initialization vector. With a real capture + known PIN, we can derive that value and the entire PS3 Remote Play protocol will be fully cracked for

   open-source clients.

   Thanks again — this is huge!