Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
"GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file."
"It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh."
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
Wii Home Wii Home
Wii Home is a "plugin" for Preloader.
1.3
* The default font was changed.
* Added UTF-8 characters support with the new font.
* Better English translation.
* Better French translation.
* Better Spanish translation.
* Using Dollz 3.0 to have a little size (943 ko -> 559 ko : 384 ko earned)
CFW 3.51 M33-6 CFW 3.51 M33-6
Team M33 just came up with a new build to their custom firmware 3.51 M33. This should be the sixth development update ever since this particular custom firmware came out. We have to say that the additional notes included in this release are far more interesting than the changelog itself
LCFW 6.39 ME LCFW 6.39 ME
Homebrew coder neur0n's LCFW 6.39 LME installer for the official firmware 6.39 has been updated.
Changlog:
Fixed a license error when execute resumed POPS game.(05g only)
Fixed a bug in POPS plugin when M2 card is not inserted.
Added a 166/83 CPU clock
VSHExtender VSHExtender
With all talks of Custom Firmwares rounding the PSP scene, jas0nuk has thought of making apps that will make the contribute to the hype. First, he came up with the Custom Firmware Recovery.ELF Tester that allowed custom firmware users to test a recovery.elf file in the memory stick before doing it in the flash memory
Bannerbomb Alpha 1 Bannerbomb Alpha 1
is an exploit capable of launching homebrew from any version of the System Menu. It was created to replace the Twilight Hack, which does not work on System Menu 4.0.
The exploit works by using a malformed banner to crash the Wii and run code to load the boot.dol placed in the root of the SD card
ChickHEN Mod ChickHEN Mod
from m0skit0:
Well, now that CFW Enabler is available for TA88v3 mobos, it's becoming interesting to load the ChickHEN smoother.
Here's a slightly modified version that works almost at 100%, tested on PSP 2000. I don't guarantee any results on PSP 3000 (but this do not mean it will not work)
Neoflash MK2 / 3 Menu Neoflash MK2 / 3 Menu Neo Flash has just released their Neoflash MK2 / 3 Menu v0.4. Additions to this version include:Support more MMC/SD cards.Add the initial touch panel supporting
Wasabi Firmware Correction Wasabi Firmware Correction
Team Wasabi has released a firmware correction now bringing the release to version 1.2 B3. This correction fixes a bug associated with the key to backup dvd. Supports files AP25/26 topology for LT +V3.00 from iso.
Source: http://wasabi360
NetCheat 4.23: Faster Ways to Mod Your Games NetCheat 4.23: Faster Ways to Mod Your Games - If you have a DEX PS3, this app is a must for your cheating needs. Check out this brand new real-time hack interface!
Dnawrkshp has been at the helm of thr NetCheat project for some time now, and that doesn't look to be changing. Just like always, this tool can be used alongside the ps3tmapi_net
Multi Password Boot Protector 1.0 Multi Password Boot Protector 1.0
PSP homebrew developer, Cheater360, passed by our forums recently to tell us about the release of his homebrew application called Multi Password Boot Protector 1.0. So what is this? Well, according to the dev, this app will enable you to turn on your PSP by using a "special memory stick"
Comments on GripShift savegame exploit POC:
Comments not found
If you noted an error or download link is broken, please, report it via this page or use comments.
Please, select device to check if GripShift savegame exploit POC supports it