| Page 1 of 1 |
|
|
 Posted: Wed, 28th Jun 2006 02:02 Post subject: [PSP] Breaking News: 2.60 Firmware Exploit Found - Kernel Ac |
|
 |
Break out your calendars folks, because this may be a day that you want to mark as a pivotal day in the history of PSP homebrew. A developer known as hitchhikr of "hitchhikr SoftWorks" and coder companion Neural have come out with a Proof of Concept of a 2.50/2.60 Firmware Exploit! Once implemented and fine tuned for "normal user" use, this will bring 2.50 and 2.60 Firmware up to the same homebrew capability that 1.50 PSP owners enjoy with FULL kernel mode access - although Grand Theft Auto: Liberty City Stories will still be required, just like with eLoader.
Speaking of eLoader, Fanjita is already working with hitchhikr on incorporating this new exploit into an easily executable means via eLoader. After a brief chat with Fanjita, he's told us that you can expect some generic application for developers to hopefully be released in the next 24 hours. It will take a bit longer before something useable for non-devs will be released.
The exploit takes advantage of an added security check in 2.50/2.60 Firmware for sceKernelLoadExec, which is responsible for loading EBOOTs, but Sony also accidentally added an overflow bug, which means this exploit will not work with 2.0 and 2.01 Firmware.
Below you will find a download of hitchhikr's & Neural's Proof of Concept - this is not intended for the casual user. It creates dump files containing kernel memory dumps in the root of the memstick (boot.bin, kmem.bin, klib.bin). It also creates writeaccess.bin which contains just the hex (12 34 56 7 to prove that kmem CAN be written to.
But don't start upgrading those PSP's yet until a viable means of implementation is released! Also, this breakthrough does not open up the possibility of a downgrader due to the protection in the IPL in 2.50+ firmware. Although speculation has already begun that this will open the door to the decrypting of 2.70+ Firmware, allowing it to be emulated a la Devhook.
We will stay on top of this breaking news all day long and be constantly updating this news post with information as soon as we get it! Stay with QJ.NET and PSPUpdates for all the latest
http://pspupdates.qj.net/Breaking-News-2-60-Firmware-Exploit-Found-Kernel-Access-/pg/49/aid/57216
|
|
| Back to top |
|
|
arw
Posts: 1281
Location: Barry - Wales - (UK)
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 28th Jun 2006 02:12 Post subject: |
|
|
| arw wrote: | Cool..Just got a PSP today with FW 2.60...  ..Will be keeping an eye on this. |
fag
I never get that luck  |
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
[sYn]
[Moderator] Elitist
Posts: 8374
|
| Posted: Wed, 28th Jun 2006 09:55 Post subject: |
|
|
|
|
|
| Back to top |
|
|
sTo0z
[Moderator] Babysitter
Posts: 7449
Location: USA
|
| Posted: Wed, 28th Jun 2006 16:51 Post subject: |
|
|
I'm still on 1.5, lol. Fun fun. 
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 28th Jun 2006 16:56 Post subject: |
|
|
neat stuff man 
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 28th Jun 2006 16:58 Post subject: |
|
|
I'm on 2.0 never really mess with homebrew :/
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
[sYn]
[Moderator] Elitist
Posts: 8374
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
[sYn]
[Moderator] Elitist
Posts: 8374
|
| Posted: Thu, 29th Jun 2006 00:58 Post subject: |
|
|
| Quote: | To be used at your own risk. It is an UNTESTED software!
This is an *experimental* downgrader for 2.50/2.60. Experimental means here that it has not been tested on a real device, althought it has a theoretical base that it could work.
This software is free and untested, and i'm not responsable if it causes damages to your PSP. If you use this software, you agree that you are using this program at your own risk and that you won't blame the author for that.
"Someone told me that a downgrader for 2.50/2.60 was impossible. How does this work?"
This one uses another more risked technique (and i repeat: untested) than the MPH downgrader. It uses some sony libraries found in the 1.50 updater to perform the most critical steps, the logical format of the flash, and the ipl writing. See technical details for more info about how it works.
This software requires that someone with a 1.50 runs a little program and send you the output so you can init the downdate process. The 1.50 program is TOTALLY safe, it only dumps the flash of a 1.50 user and it also extracts some special prx's found in the 1.50 updater.
If you do not wish to have someone with a 1.50 do it for you, you can use the included MS_ROOT folder with the files in it instead. Inside is the "DOWNDATER" folder you can use with a 2.50/2.60 PSP to test the downgrade.
Instruction for the 1.50 user
-----------------------------
1) Copy the folders downhelper and downhelper% from the folder 1.50 HELPER folder to
/PSP/GAME/ in your memstick.
2) Obtain the 1.50 update EBOOT and put it in /PSP/GAME/UPDATE in your memstick.
3) Init the downhelper program.
It will dump your flash and some files from the updater eboot to the memstick.
4) After that, the program will exit. You can now delete the updater from /PSP/GAME/UPDATE
5) You'll notice that you have a new folder in the root of your memstick called "DOWNDATER".
That's the folder you'll have to send to a 2.50/2.60 to let him test the downgrade.
Instructions for the 2.50/2.60 user
-----------------------------------
1) Copy the folder the DOWNGRADER/2.50/DOWNDATERTEST if you have 2.50
or DOWNGRADER/2.60/DOWNDATERTEST if you have 2.60 to /PSP/GAME/ in your memstick
2) Wait someone with 1.50 to pass you a folder called DOWNDATER and copy it to the root of your memstick.
3) Init GTA and the GTA Loader
4) In the GTA Loader menu, choose the downdater test. WARNING: the program won't output any display and any warnings, it will init the downgrader process inmediatelly.
5) You'll see the your memstick flashing. That means that your PSP is being flashed from the memstick.
You won't see any type of output in the screen (this is for safety). When the memstick finishes of
flashing, WAIT at least a minute, and then reinit your PSP by holding the power button.
6) That's all. If all went right, you'll have 1.50. If it went less good, you'll still have
2.50/2.60. If all went wrong, you'll have a broken PSP (except in the case you have
the mod-chip) Remember that you have accepted that risk.
Technical details
------------------
This program performs the following operations.
- It loads the ipl_update.prx and lflash_fatfmt.prx from the 1.50 updater.
- It performs a logical format of the flash0 partition using the function
sceLflashFatfmtStartFatfmt found in the lflash_fatfmt.prx
- It writes a dump of the 1.50 flash0 to the flash0.
- It writes the Initial Program Loader (Ipl) using the functions sceIplUpdateClearIpl
and sceIplUpdateSetIpl from the ipl_update.prx module. The ipl is embedded in that module.
Other considerations:
--------------------
- Users with TA-082 psp's shouldn try this. Also, it may be better that at the beginning, only users with a 2.50/2.60 NOT from factory (they updated from a below firmware) try this.
-Dark_AleX |
Its said to have been tested now with sucess!
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 29th Jun 2006 01:16 Post subject: |
|
|
yeah and 2 people have bricked there psp apparently from max console . Its been Done in theory , But not Tested practically. The person who applied it succesfully was plugging his forum which died on its arse under the strain
| sabin1981 wrote: | but you know what Chinese whispers are like; some newbie will read your comment and suddenly run and spread it all over the internet that the new 2010 Banwave disables all your XBLA games when you're banned.
Ironic Statement #4756 from sabin |
|
|
| Back to top |
|
|
[sYn]
[Moderator] Elitist
Posts: 8374
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
