Some information pertaining to bruteforcing NIDs on the PS VITA:
The algorithm would fall into two categories:
Category 1: The system used on the PSP was just a sha1 hash with the first few bytes selected and then byte swapped, there are a few libraries that follow this scheme on the PSV
Example:
sha1(ScePowerForDriver) is equal to:
6F16901583C1DFE13731A51CFD2B528845256D2D
The library nid is the following:
0x1590166F
So then, with a quick check, I found that the following libraries can be easily bruteforced with this method:
SceDisplayForDriver
SceFace
SceFios2KernelForDriver
SceIdStorageForDriver
SceLedForDriver
ScePower
ScePowerForDriver
SceSmart
SceVoice
SceVoiceQoS
This means that any syscall within these libraries can be bruteforced with just sha1. Many of the names are shared with the PSP, however they have been already bruteforced.
I think there is another library called something along the lines HPRemote that can also be bruteforced, with most of the known ones being added to the henkaku wiki using this method.
I have also found that modules compiled with the official SDK also use this:
sha1(mono_profiler_install_code_chunk_new)
5bd0d709bda4fc415a90380f1990d51ecea56eee
The functions nid:
0x09D7D05B
Thus, every module included in official games can have their function names bruteforced as long as they actually are exported. Ex: Unity modules and the modules included with PSO2.
You
CANNOT bruteforce function names that are not exported such as internal functions or any function within the main eboot. This is how the mono NIDs I had posted earlier were found.
Category 2: These NIDs have a suffix which is concatenated to the end of the name before they are hashed. The methodology of obtaining these generating these suffixes are yet to be found.
However, we do have an example of one suffix:
c1b886af5c31846467e7ba5e2cffd64a
Found here:
https://playstationdev.wiki/psvitadevwiki/index.php?title=Keys#NID_generation_suffixesThis specific suffix is used in generating function NIDs for functions with no library, such as module_start:
module_start + suffix (binary data) as hex:
6D 6F 64 75 6C 65 5F 73 74 61 72 74 C1 B8 86 AF 5C 31 84 64 67 E7 BA 5E 2C FF D6 4A
Yields the results:
96D15C936510321C7D607B4DFC06BC73063E2561
The actual NID is:
0x935CD196
It is theorized that the majority of NIDs are generated using a suffix, however, again, the methodology of generating this suffix is unknown.
Special thanks to CelesteBlue and Princess of Sleeping.
Further thanks to SocraticBliss and ChendoChap for working on a hashcat bruteforcer, and SilverSpring.