Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file.
It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh.
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
103 6.XX PSP Plugins: All The Best In One Collection 103 6.XX PSP Plugins: All The Best In One Collection - Looking for a popular PSP plugin but can't find a working link? It's probably part of this collection!
Over the last decade, hundreds of custom PRX files have been made for PSP custom firmware. A few avid sceners recently decided to group 103 of the best ones designed for 6
CFW PSP 3.80 M33-2 CFW PSP 3.80 M33-2
3.80 M33-2
Requeriments:
3.80 M33
Instructions: Copy UPDATE folder to /PSP/GAME folder
This update fixes a couple of issues.
- Function scePowerGetClockFrequency/scePowerGetClockFrequencyInt was not resolved properly due to a
confussion between the two nids applying to the same function
Custom Firmware Extender 3.1 Custom Firmware Extender 3.1
from Cpasjuste:
Hi, here is a new "Custom Firmware Extender" release.
It took me some time to release it since i have a lot of work to do in my real life, but i think i have fixed a few bugs that will make it more stable. I have also added some features that was requested, thanks for all the support
Cwcheat for Devhook 0.51 and firmware 3.02 Cwcheat for Devhook 0.51 and firmware 3.02
Today Weltall has updated his Cwcheat homebrew in-game cheat application for the PSP to make it compatible with DevHook v0.51 and firmware 3.02. For some reason which Weltall can only put down to new protection methods in firmware 3.x, Cwcheat would not function correctly and would crash when using DevHook 0.51 and 3
Modo (September 3, 2007 update) Modo (September 3, 2007 update)
PSP homebrew developer wbb dropped by the QJ.NET Forums to announce a new update for the Modo ultra simple mod player application
Info Portable 2.5 Info Portable 2.5
show a good variety of data in your psp, battery, motheboard, umd, Cpu etc... and in this version it have an "Settings menu" with Usb, ShowerHider, format flash1, code error list, delete history data, and all with music.
________________________
CHANGES:
1. Added Settings Menu
2. Fixed bug when exit
3
FreePlay's PSP Go exploit FreePlay's PSP Go exploit from FreePlay:
I told you it wasn't fake, but some of you still didn't believe me. You need firmware 6.10 or below, and the game of course. The exploit was patched in 6.20, and the PSN version of the game was updated to require 6.20. The eLoader isn't happening at all unless I can get a 6.10 firmware dump from the Go, which this exploit can't do
Devhook 0.44 Devhook 0.44
The PSP 'scene' is having some of its best times lately, what with the recent deluge of downgraders, and one of the most awesome homebrew, Devhook. And guess what? Booster has just raised the bar with his latest incarnation of Devhook. Apparently, the latest release supports 2.71 reboot. Or in other words, 2.71 Emulation
PSPInstaller 7 Homebrew developer spike_132000 is back on the scene to release a new version of his nifty app, PSPInstaller, a Cydia-like app for your homebrewed-enabled PSPs that allows you to install homebrews, themes and plugins easily
MotionKitXMBAudioPatcher RC1 MotionKitXMBAudioPatcher RC1
A while back, the NeoFlash Team released their PSP Motion Kit for use among the community. This interesting little dongle gave the PSP motion sensing capabilities similar to the Wiimote or SIXAXIS controller.
But while this proved to be a promising concept for future homebrew projects, it did have some quirks
Comments on GripShift savegame exploit POC:
Comments not found
If you noted an error or download link is broken, please, report it via this page or use comments.
Please, select device to check if GripShift savegame exploit POC supports it
