| Page 1 of 1 |
|
|
 Posted: Fri, 23rd Sep 2005 23:28 Post subject: [PSP] PSP 2.0 Exploited |
|
 |
PSP 2.0 Exploited
Somebody seems to have hacked the 2.0 firmware.
Read below
-----------------------------
First Homebrew Code on 2.00
—————————–
1. Set wallpaper to frame_buffer.png (without overflow.tif present
in the PHOTO directory, or it will crash).
2. Add overflow.tif to the PHOTO directory, and open into the photo
viewer. Custom code to paint the screen! Or to write a homebrew
app! Not to run illegal games.
How It Works?
—————
1. The PNG contains a small amount of code in a known, fixed place
(the VRAM). If to look closely at the wallpaper, sees small
coloured pixels in the right down. The pixels are Allegrex
opcodes, with the highest byte all zero for the ALPHA. These
pixels do:
syscall 0×20C7 ; sceKernelDcacheWritebackInvalidateAll
slt a0, zero, sp ; put 1 into a0
sll a0, a0, 6 ; put 64 into a0
addiu a0, sp, a0 ; get screen painter address over SP
jr a0 ; jump to the screen painter
nop ; branch delay slot
2. The TIFF contains also some code and a buffer to trigger the
known BitsPerSample overflow in libtiff in the photo viewer.
The buffer makes a jump to the VRAM which has the PNG colours
by overwriting the safed ra (return address) on the stack.
The VRAM code uses SP and calculates the address of the buffer
then runs it. Then it jumps there. The screen is yellow as
the colour was 0×12345678 in Hex.
PSP Users:
We didn’t do this so you could steal from Sony and game companies.
We believe in OSS. There are plenty of amazing programs that have
been written for the PSP. Use this as a gift and not as an excuse
to steal.
Sony:
If you wanted to find us i know you could. This release wasn’t
intended as a way to run pirated software on the PSP. We believe
that everyone should be able to compile their own code and run it.
Nothing is kept secret forever and i’m sure you know this.
In the end, if it wasn’t us. It would be some one else.
Fighting it would be like skating up a hill. You did create the
PSP and did an amazing job.
Toc2rta:
To the people of the Toc2rta development network. You’re our phone
a friend. With out your friendship this would never of happened.
I hope this brings you as much happiness as it brings us.
Join us on irc.toc2rta.com.
Most importantly… Have fun!
|
|
| Back to top |
|
|
SycoShaman
VIP Master Jedi
Posts: 24468
Location: Toronto, Canada
|
| Posted: Fri, 23rd Sep 2005 23:51 Post subject: |
|
|
Impressive...we need some of these guys in the pc games scene...
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 24th Sep 2005 00:27 Post subject: |
|
|
i tryed it out and it worked homebrew on 2.0 is very very close!!!
|
|
| Back to top |
|
|
Supino
Posts: 699
Location: Norway
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
Supino
Posts: 699
Location: Norway
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
Mutantius
VIP Member
Posts: 18594
Location: In Elektro looking for beans
|
|
| Back to top |
|
|
Mcs[NBK]
Posts: 341
Location: Germany/Heilbronx
|
| Posted: Sat, 24th Sep 2005 17:28 Post subject: |
|
|
work this now on my PSP Firmware2.0 or not any have test it ?
p.s. i mean work homebrew games now on a psp with firmware 2.0 ?
Last edited by Mcs[NBK] on Sat, 24th Sep 2005 17:42; edited 1 time in total
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 24th Sep 2005 17:38 Post subject: |
|
|
| Mcs[NBK] wrote: | | work this now on my PSP Firmware2.0 or not any have test it ? |
I'm not quite sure what you mean... If you're asking if it works on 2.0 psps, than yes it works... If you want a different answer, rewrite your question...
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
sTo0z
[Moderator] Babysitter
Posts: 7449
Location: USA
|
| Posted: Sat, 24th Sep 2005 18:53 Post subject: |
|
|
Sounds like I can update to 2.0 soon. 
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 24th Sep 2005 18:59 Post subject: |
|
|
|
|
|
| Back to top |
|
|
Supino
Posts: 699
Location: Norway
|
| Posted: Sun, 25th Sep 2005 11:16 Post subject: |
|
|
@sToOz
I would wait some weeks before i did that if I had 1.50. The 2.0 exploit isn't as groundbreaking as it was for 1.0/1.50. As I understand, they need to make a hack that uses this exploit and opens more holes. It's hard to use this exploit as is, they can only access (or controll) 64 Kb of memmory..
|
|
| Back to top |
|
|
[sYn]
[Moderator] Elitist
Posts: 8374
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 25th Sep 2005 14:49 Post subject: |
|
|
| Supino wrote: | | they can only access (or controll) 64 Kb of memmory.. |
but could they not use that 64kb of memory to like launch another file thats bigger?
like make a 1kb (small) app that would launch in that small amount of memory and then inturn that 1kb app launches another app that might be say 200kb??
George W Bush -
'...more and more of our imports are coming from overseas.'
|
|
| Back to top |
|
|
[sYn]
[Moderator] Elitist
Posts: 8374
|
| Posted: Sun, 25th Sep 2005 14:58 Post subject: |
|
|
| Steve-O 2004 wrote: | | Supino wrote: | | they can only access (or controll) 64 Kb of memmory.. |
but could they not use that 64kb of memory to like launch another file thats bigger?
like make a 1kb (small) app that would launch in that small amount of memory and then inturn that 1kb app launches another app that might be say 200kb?? |
In theory, thats the way buffer overflows work. You utilise the small amount of memory you can steal to launch something with a larger memory space. There is work to be done, but someone is without doubt doing it!
However, the way in which this exploit appears to be implimented is not very suited for running applications, the best use for it would be a temp overflow to install something which will allow security bypasses perminantly. This isnt too likely. As far as I can tell you will need to "change wallpaper" in order to run apps, which is a little strange compaired to the current ways. Someone could code a "launcher" which loads up once the wallpaper exploit has been used, this would then be your gateway to launching homebrew/iso's from the memory stick.. Its an interesting topic, if I had a 2.0 I would test it, but I dont, and I'm not upgrading to try ! I wouldn't mind getting into the PSP scene, but I don't have the time with my other projects  .
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 27th Sep 2005 14:20 Post subject: |
|
|
sweet work
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 27th Sep 2005 22:04 Post subject: |
|
|
Exploite in the Media player now (Maybe) -
| Quote: | <xylon5> Looks like a hole has been found in the media player now
* Tamil|css has joined #pspchat
<dan21> any new psp game releases?
<Ibby> lol
<xylon5> Now this is looking promising as it could mean kernal mode
<heXLuth0r> media player?
<heXLuth0r> link?
* NostroMo has joined #pspchat
<S_Tsung> does the button swap operate with kernel priviledge?
<xylon5> Its us who have found it. Guys, this is NOT confirmed as yet... still working on it so stay tuned we'll update soon
<barbapapaz> you have pong tiff please
<S_Tsung> i noticed their authors also made a demo of UMD dumping
<Tamil|css> but trail
* joenewbre has quit IRC (Quit: )
<Tamil|css> nor full version
<xylon5> Yeah its when u open a file to play
<ph0rkeh> http://dingdingdong.ytmnd.com/
<Wursbrot> xylon5: then you can enter kernel mode ? ^^
<skoogis> w00t? ernel mode?
<skoogis> kernel mode
<xylon5> Yes we are hoping its gonna allow us straight into the heart, it's looking good but please just wait till we know more
<skoogis> how long will we wait?
<Wursbrot> xylon5: i dont post shit and rumors ^^ i am calm onto that...
<Wursbrot> its interessting to know though.
<mr_dank> omg ph0rkeh wth is that
<Zillaaa> xylon5 whatever you guys are working on, good luck =)
* isidore has joined #pspchat
* teufel66 has joined #pspchat
<xylon5> I couldn't say, really dont know. A couple of us are working on it now
* ph0rkeh has quit IRC (Quit: Computers are not intelligent. They only think they are.)
* Ethan80 has quit IRC (Quit: Ethan80)
<Wursbrot> xylon5: can i pm u? interessted in principe
* Proc has joined #pspchat
<skoogis> are we talking about hours, days, weeks?
<heXLuth0r> open source!
<xylon5> This is why I am not saying stuff like HACK FOUND!!!!! Because we're just taking it slowly and easily
<skoogis> thats good!
* joeMJ has joined #pspchat
<Tamil|css> ^^
* Blume has joined #pspchat
<xylon5> Lets say a couple of days till we have more info... I'm going 4 now, but feel free to pm me later if u wanna know more |
From http://www.pspmod.com/forums/showthread.php?t=1812
George W Bush -
'...more and more of our imports are coming from overseas.'
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
