Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
"GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file."
"It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh."
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
USBcam.prx patch executable USBcam.prx patch executable
The first question popping out from PSPU readers, after we started posting up all that stuff about the Chotto Shotto, was if it would work on emulated firmware (DevHook) or custom firmware (SE-B/C)
3.10 Firmware Decrypter by Team C+D 3.10 Firmware Decrypter by Team C+D
Yes guys, I'm not kidding! Remember when I said that the newest firmware required some magic on the part of Team C+D? Well, I guess it didn't take them very long to finish their work. And in this case, it was another fine piece of work- You can call it the Firmware 3
PSP Power Saver PSP Power Saver
Changelog:
-Fixed compatability issue with the 5
Signed 5.03 kxploit Signed 5.03 kxploit
Now last but not the certainly not the list is the latest release from homebrew dev Virtuous Flame (aka Liquidzigong) as he resumed work on his signed 5.03 kxploit, which let's you run the Hen loader straight from the XMB of your PSP.
Changelogs (translated):
Version 7
Streamlining the code, reducing execution time
PSP Homebrew: No Bugs Allowed PSP Homebrew: No Bugs Allowed - Want to squash some bugs on a PSP FPS? No Bugs Allowed is back with a fresh beta that features maps, weapons and bonuses!
It's been a long time since No Bugs Allowed has received any changes, but Shpuld is back again with a pretty substantial update
PSP Installer PSP Installer
ADePSP has just released his uber-simple homebrew app for the PSP which makes copying files and folders onto a PSP a lot easier. All you'll have to do is place the target files in the MS_ROOT folder and distribute with the Install.exe.
Once connectied, this app will automatically detect the PSP so that all you'll have to do is click the Install button
Custom Firmware Enabler Changelog:
- Fixed a bug related to games online
- Improved system of flashing Pops
Psardumper 3.00 extract mod Psardumper 3.00 extract mod
The excitement keeps on coming this week, with the release of firmware 3.00, the emergence of flashing applications for firmware 2.80 and rumors that Dark_Alex is on the brink of releasing 2.71 SE-C and his Hen D loader
Ultimate Recovery Menu Tired of your plain old recovery menu? Well thanks to the latest efforts of coders Ceikor, Blue7, Nameless, Hackman and Total_Noob, we now have a full pledge alternative solution, the Ultimate Recovery Menu
Extended Pandora Bootmenu Extended Pandora Bootmenu
PSP homebrew developer Hellcat dropped by the forums earlier to announce that a new build has arrived for the Extended Pandora Bootmenu. This application, in case you missed out on its previous release, adds a menu to the Pandora memory stick that was developed by Noobz and C+D. Here reads version 0
Comments on GripShift savegame exploit POC:
Comments not found
If you noted an error or download link is broken, please, report it via this page or use comments.
Please, select device to check if GripShift savegame exploit POC supports it
