PSP 3000 Hacked?!

Status
Not open for further replies.

itsRANDELL

Well-Known Member
OP
Member
Joined
Jun 23, 2007
Messages
134
Trophies
0
Age
33
Location
Hercules,CA
Website
Visit site
XP
96
Country
United States
According to PSP Slim Hacks, the PSP 3000 has been hacked! But first, you gotta find a copy of the game GripShift.

QUOTE said:
GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running). The return address is located at offset 0xA9 in the file. In this poc it points to 0×08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file.

It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn’t [be bothered to] get Shine’s savegame tool working so it’s in plaintext form) is in the SDDATA.BIN form which Hellcat’s Savegame-Deemer produces (thanks to him, if the program didn’t exist I wouldn’t have bothered with this). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don’t forget to have Savegame-Deemer working, duh.

Source:PSPSlimHacks
Credit to: MaTiAz for finding the exploit



Posts merged

Oops, this news is old. Close please? Sorry.
 

kobykaan

Well-Known Member
Member
Joined
Aug 27, 2007
Messages
2,993
Trophies
0
Website
Visit site
XP
196
Country
NOT EXACTLY HACKED its achievements so far homebrew PONG and a screen wash of color and a HELLO WORLD MESSAGE! not exactly running CFW!

this may thread need merging / closing!
 
Status
Not open for further replies.

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    SylverReZ @ SylverReZ: No need to apologize. +1