Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
"GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file."
"It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh."
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
PSARDumper for OFW 6.39 PSARDumper for OFW 6.39
PSARDumper lets you extract and decrypt official PSP firmware. It's a very useful tool when you want to look for keys or write plugins and other homebrew apps. If you're a casual homebrew user, chances are this software isn't for you.
This release has been updated by neur0n with support for OFW 6.39
1.50 kernel add-on for Custom Firmware 5.02 GEN-A 1.50 kernel add-on for Custom Firmware 5.02 GEN-A
This small add-on can add to your Kernel 1.50
Custom Firmware 5.02GEN-A.
This allows the launch of the Homebrew that have not been updated and require Kernel 1.50 to operate.
The PSP Slim & Lite does not support the 1.50 kernel to date, this add-on is reserved for PSP "Fat" (PSP1000)
DevHook alternative package: DevHook 0.50, 0.46, DevHook for 2.71, and 0.45 DevHook alternative package: DevHook 0.50, 0.46, DevHook for 2.71, and 0.45
Happy with DevHook v0.50 but want to keep previous versions of DevHook on your PSPs? Nah, it's not being greedy, it's being practical - after all, older DevHooks do have better compatibility with older PSP games. And so dodswm granted your wishes yesterday with his hex-edited DevHooks for 2
CheatDevice CheatDevice
For all firmware versions
Unzip the archive to your memory card so the files go in PSP/SAVEDATA/ULUS10041S0 if you're installing the US version, PSP/SAVEDATA/ULES00151S0 for the UK version. This replaces the first game save on the card.
Disclaimer: THIS CAN CRASH YOUR GAME. USE AT YOUR OWN RISK
Custom Firmware Extender 2.0 Users of homebrew developer Cpasjuste's Custom Firmware Extender should better get ready to update their PSPs: The latest version of this application (check out the previous version here) now supports cfw 3
PSysP Info PSysP Info
A Lua program similar to the Windows Task Manager. Improving on the previous version, this package has more skins, an updated battery meter to show life left in minutes, and it now includes a battery voltage meter as well. Also doesnt display errors while charging or running without battery. Some great skins included too
PSP Pandora Deluxe PSP Pandora Deluxe
Changelog:
v2.6 (2008-10-30)
- Revert back to style of compression used in v2.3 for 64-bit compatibility.
- Removed AutoStart PRX from the Support Tools and added Custom FW Extender.
- Updated the following Support Tools:
Hellcat's Recovery Flasher 1.41 (Pandora)
CXMB 3
SD-Boot SD-Boot
Wiibrew program from Emu_Kidid. Allows you to boot .GCM files from your SD card using your GameCube or Wii with an SD->GC adapter
GTA LCS Cheat Device for FW2.00-3.03 GTA LCS Cheat Device for FW2.00-3.03
Looks like PSP fans can get their tanks for free on some of the more recent firmwares as Freeplay decided to give us word of his unofficial upgrade for for the Liberty City Stories CheatDevice. This version should allow you to use the cheat device on different firmwares from 2.00 to 3.03
Ultimate VSH Menu Ultimate VSH Menu
What's this?
It's an Ultimate VSH Menu like the M33 VSH Menu with other features!
Changelog v1.06:
- Now, "RECOVERY MENU" work PERFECT
- Now you can select "EXIT" to exit recovery menu with save
- "Run program at /PSP/GAME/RECOVERY/EBOOT
Comments on GripShift savegame exploit POC:
Comments not found
If you noted an error or download link is broken, please, report it via this page or use comments.
Please, select device to check if GripShift savegame exploit POC supports it
