Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file.
It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh.
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
KeyCleaner KeyCleaner
A little over a week ago, hombrew dev Chilly Willy released version 1.2 of KeyCleaner. Today, the dev upgraded the application to version 1.3, which sports a number of fixes from the previous version and other changes.
Basically, KeyCleaner is a PSP application that enables you to see the state of the IdStorage on your PSP
SMB Turn off the backlight after 4 secondes if no key is pressed
turn off the screen after 15 secondes and down the CPU to 111Mhz if no key is pressed
Flash copy Flash copy
Another day and another flash copy update! Gracz54 has updated his flash copy homebrew application to v1.2. Flash copy is a program that allows you to copy the full contents of flash1 and flash0 on your PSP to your memory stick . It's a pretty simple program, but very useful for anyone wanting to dump their firmware to memory stick
AutoStart AutoStart
Developer's note:
Here's another update to both the prx and the configurator. I've fixed an issue some people have been having with being unable to turn back on their screen after it goes black and the "LED light blinking non-stop" problem
IDC 1.00: Create PKG Install ISOs for ODE IDC 1.00: Create PKG Install ISOs for ODE - Are you using an ODE to run your mods? Check out this great tool that converts PKG files into bootable ISOs!
If you're using an ODE by the likes of 3K3Y or Cobra to get your PS3 modding fix, you're in luck
X-Flash X-Flash
The X-Flash thread in the QJ forums has been updated once again, and this time it's to announce that the latest version of X-Flash - version 18f - is now available. So, what has Art added to his PSP firmware mod app this time? Read on for the changelog.
Changelog:
* Implemented flasher with write verify for topmenu_plugin
REPOPrep 1.0.6 for PSPInstaller v3 UPDA REPOPrep 1.0.6 for PSPInstaller v3 UPDA - Homebrew coder spike_132000 has dropped by our forums to release a new version of REPOPrep, a file repository for his "Cydia" like homebrew file downloader for the PSP, PSPInstaller
Cobra USB Firmware Cobra USB Firmware
Team Cobra is back with another update to the Cobra USB Firmware bringing it to version 5.0.A If you are utilizing the cobra dongle you can now run PS3 games from a PC.A Version 5.0 also supports files such as PSX/ cue/bin Blu-Ray/DVD ISO's and they not that additional formats will be available in the future
LuaPlayer Euphoria LuaPlayer Euphoria
from Zack:
Ciao!
So I finally got motivated enough on my one day off this week to do at least something. (Don't know what was wrong with me today :/)
So I got a few complaints about basing LuaPlayer Euphoria off v.20 as opposed to v.16 which had no module loading and thus had more free ram
CFW 5.00 M33-4 CFW 5.00 M33-4
from Dark_AleX:
Changes:
- Speed selected for umd/iso was not properly locked in some new games that used scePower_EBD177D6 instead of scePowerSetClockFrequency to change speed.
- UMD/ISO speed settings now apply to PSN games too.
- Fixed libupdown.prx connecting to dark-alex
Comments on GripShift savegame exploit POC:
Comments not found
If you noted an error or download link is broken, please, report it via this page or use comments.
Please, select device to check if GripShift savegame exploit POC supports it
