Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
"GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file."
"It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh."
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
Gameboot Path Modifer Gameboot Path Modifer
pspThere is a hot-of-the-grill homebrew application in our forums right now. Homebrew developer Kando informed us that Team FWI (composed of himself, LordSturm, Birdman and JamesBDX) just came up with the first version of Gameboot Path Modifier. This release probably trace it roots from the 2.71 EBOOT. It does exactly what that eboot does
Modo (September 3, 2007 update) Modo (September 3, 2007 update)
PSP homebrew developer wbb dropped by the QJ.NET Forums to announce a new update for the Modo ultra simple mod player application
pergame.prx pergame.prx
Homebrew coder AtomicDryad has released a new version of his nifty module, pergame, a simple plugin that allows you to load "other modules as if they were in /seplugins/game.txt. The difference here is that pergame.prx loads on a per-eboot basis
TempAR TempAR
Homebrew coder raing3 has released a new version of TempAR, a handy NitePR/MKULTRA mod for all your cheating needs.
Changelog:
[+] Added better support for homebrew, now uses unique Game IDs which are the same as those generated by CWCheat. Big thanks to HARO for the help.
[+] Single select folders are now supported
warPSP^xmb warPSP^xmb
PSP coder califrag dropped by the QJ.Net Forums earlier to announce a quick update for the warPSP^xmb Alpha prx plugin. In case you're wondering what this application does, it's a wireless hotspot scanner that displays its results on your PSP's XMB browser
FuSa FuSa
Here's some good news for all of you who've been excited about FuSa Build 032. We've just learned that it's now available for people to download.
For those who haven't heard of FuSa, it's an application that allows users to play PSP games on a TV over all cable types. Sweet, right?
Here's the changelog for FuSa v1
StacklessPython OSLib MOD StacklessPython OSLib MOD
from Sakya:
Hi!
I modified the StacklessPython PSP source to link it against OSLib MOD (faster rendering and support to dialogs and Sony OSK).
I also replaced the mp3 module to use the Media Engine.
The patch contains also some samples
3.03 OE AutoBoot Plugin 3.03 OE AutoBoot Plugin
There's a minfield of different plugins for Dark_Alex's 3.03 OE custom firmware right now, and here's another pretty useful one from developer Kajo5 to add to your custom PRX arsenal. As the title probably gives away, this plugin allows you to autoboot a homebrew application or game on startup of your PSP with little effort
Dark_Alex 2.71 SE-C Easy Installer 1.0 Dark_Alex 2.71 SE-C Easy Installer 1.0
In the wake of the explosion that was Dark_Alex's 2.71 SE-C, other devs have started popping up with their own add-ons, mods, installers, and the like to complement the new custom firmware. Especially the auto-installers, those one-click time saving godsends that automatically load a homebrew into your PSP
POPSLoader patch Developer's note:
A
This is a patch plugin for CFW ME
Comments on GripShift savegame exploit POC:
Comments not found
If you noted an error or download link is broken, please, report it via this page or use comments.
Please, select device to check if GripShift savegame exploit POC supports it
