Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
"GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file."
"It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh."
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
TempAR TempAR
Homebrew coder raing3 has released a new version of TempAR, a handy NitePR/MKULTRA mod for all your cheating needs.
Changelog:
[+] Added better support for homebrew, now uses unique Game IDs which are the same as those generated by CWCheat. Big thanks to HARO for the help.
[+] Single select folders are now supported
2.71 Special Edition - Revision A custom firmware 2.71 Special Edition - Revision A custom firmware
These days, Dark_AleX has made it a habit of making big news atleast once every week. And I might add, a great habit at that. Just yesterday, he released a generic downgrader which made it a piece of cake to anyone who wanted to downgrade
Aldo Has New Tools for HDD Reading and Savegame Hacking Aldo Has New Tools for HDD Reading and Savegame Hacking - Like savegame hacking and could stand to backup your hard drive? These updates to two popular Aldo GUIs are exactly what you need!
Aldo is famous for his many tool updates, and today he's got a few more to share
R4iDSN/R4iGold Firmware Update Bugfix R4iDSN/R4iGold Firmware Update Bugfix
This update fixes several bugs with the latest R4i patch. It also bypasses the latest Nintendo DSi firmware.
A
From GBAtemp: "The R4iDSN/R4iGold team has stated that the first firmware update they released to bypass DSi/XL firmware 1.4.2 (1.4.3 for China) was not tested thoroughly enough and can malfunction for users
Half Byte Loader r118 Homebrew coder jjs comes back on the scene to update the infamous open source homebrew loader for the PSP, allowing users who have updated to Sony's latest firmware to run unsigned homebrews on their system
Pronto Codes (2000+ infrared devices) Pronto Codes (2000+ infrared devices)
Developer StoneCut dropped us a line earlier to announce that the latest build for the iR Shell homebrew is primed and ready for use. iR Shell version 3.7's biggest feature is its support for the Team M33's Custom Firmware 3.71 on the PSP Phat. It also carries several other new changes since version 3
PADTEST For Cobra CFW: Test Your DualShock 3 PADTEST For Cobra CFW: Test Your DualShock 3
Want to check if your PS3 remotes are working properly? Try out PADTEST for PS3!
PADTEST started its career as a popular ELF used in the PS2 scene. For those that don't remember it, this small app was used to test the button and vibration functions of your PS2 controllers
RemoteJoy4iRS Easy GUI RemoteJoy4iRS Easy GUI
Developer StoneCut dropped us a line earlier to announce that the latest build for the iR Shell homebrew is primed and ready for use. iR Shell version 3.7's biggest feature is its support for the Team M33's Custom Firmware 3.71 on the PSP Phat. It also carries several other new changes since version 3.62:
* Added support for M33 3
PSP Pandora Deluxe PSP Pandora Deluxe
from DJB:
Release Notes:
Here you have it, an all-in-one solution for your Pandora Needs.
This program is designed to prepare your PSP Memory Stick to be used with the Pandora Battery. Unfortunately this program can not change your Battery to Pandora, however it will copy programs to the Memory Stick in order for you to do this yourself
reActPSN version 2.23 reActPSN version 2.23
PS3 Developer gambaa is back with an update to the reActPSN which was originally created by Hotz8611.A This is version 2.23 and it lets you activate or reactivate your PSN content. It should be noted that this version provides support for CFW 3.41- 4.21 and not Rogero CFW for now.A Check out the developer note below
Comments on GripShift savegame exploit POC:
Comments not found
If you noted an error or download link is broken, please, report it via this page or use comments.
Please, select device to check if GripShift savegame exploit POC supports it
