Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file.
It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh.
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
MMMHX Cheat Device PRX for 3.71 M33 MMMHX Cheat Device PRX for 3.71 M33
Homebrew developer Durka Durka Mahn dropped by QJ.NET PSP Development Forum and released an updated version of Maverick Hunter X Cheat Device v1.0. Like what its name implies, this handy program is to be used with Capcom's Mega Man: Maverick Hunter X on the Sony PlayStation Portable.
When version 1
LuaPlayer for Team M33's 3.71 CFW LuaPlayer for Team M33's 3.71 CFW
With the arrival of the PSP Slim, a lot of homebrew developers have been playing catch up to release more and more homebrew games and applications that work with the redesigned PlayStation Portable.
This piece of homebrew should help make the process a lot easier
LuaPlayer Euphoria LuaPlayer Euphoria
LuaPlayer Euphoria is a continuation of the LuaPlayer project created by Shine. It offers a host of improvements (mainly speed) and maintains the original LuaPlayer syntax, so it's easy for people who use the old LuaPlayer to migrate to LuaPlayer Euphoria.
Changelog:
[+] Added Zip file System.
[+] Wrote a new IntraFont system
Mootjeuh/PCT's Screenshot Plugin Mootjeuh/PCT's Screenshot Plugin
Developer's note:
Hi all,
today the Team PCT contacted me and asked me if I could create a plugin that takes screenshots while in the XMB and in-game. This one takes screenshots in jpeg format, because it's in a much better quality than png images and almost the same size
PSPInstaller 7 Homebrew developer spike_132000 is back on the scene to release a new version of his nifty app, PSPInstaller, a Cydia-like app for your homebrewed-enabled PSPs that allows you to install homebrews, themes and plugins easily
GripShift Binary Loader : Euro version GripShift Binary Loader : Euro version from MaGiXieN
Here is the version of the backup EURO tampered GripShift of which can launch an executable (h.bin) develloppe through Sparta Sdk V1 that had Freeplay online but only works with the U.S. version.
All credit SDK and the discovery of the fault are to be attributed to Freeplay and Matiaz
PSPdisp PSPdisp
Information
So what is this about? Well, it basically gives you an additional monitor with a 960x544 resolution (four times the area of the PSP display). There are four components working together, on Windows a display driver, an usb driver and the interface application which captures the screen, compresses it and sends it over USB to the PSP
Prometheus-4 for Custom Firmware 5.50 Prometheus-4 for Custom Firmware 5.50
Homebrew coder Liquidzigong has released the final build of his custom firmware, based on CF 5.50 GEN-D3, CFW 5.50 Prometheus. It is designed for PSP-1000 and PSP-2000 (TA88v2 or below) and allows users to run all the latest 6.XX-required games without any plug-ins
CFW 6.35 PRO-B9 CFW 6.35 PRO-B9
Here it is folks! From homebrew devs Coldbird, Virtuous Flame (aka Liquidzigong) and the rest of Team Pro comes the long awaited update of their Pro custom firmware for the PlayStation Portable
