Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
"GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file."
"It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh."
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
CFW 6.39 PRO-B9 CFW 6.39 PRO-B9
Here it is folks! From homebrew devs Coldbird, Virtuous Flame (aka Liquidzigong) and the rest of Team Pro comes the long awaited update of their Pro custom firmware for the PlayStation Portable
CFW 5.00 M33-2 CFW 5.00 M33-2
from Dark_AleX:
Changes:
- Popcorn bug fixes
* Fixed bug that caused some games with certain icons not to work, and caused document.dat not to work.
* Fixed critical bug that caused continous corruption of psx games in RAM.
- Core bugfix: Fixed sctrlKernelSetInit* functions not working.
- M33 network update doesn't work in 5.00 M33, fixed
Recovery Flasher Recovery Flasher
- Flashes a fresh M33 CFW (3.71, 4.01)
for recovering semi-bricks or to up-/downgrade CFW
- does not use Pandora, runns from the recovery menu or the XMB
- does not use (as in launch) the original Sony Updater (only extracts
all required files from the original .PBP)
- runns fine on CFWs lower than 3
Downgrader 2.71 LITE Downgrader 2.71 LITE
Just as he did for the 2.50/2.60 Downdater made by Dark_Alex, Mathieulh and Yoshihiro from the SonyXTeam, Xtrusion is once again lifting the weight off our shoulders by eliminating the need to go through all the steps and instructions needed to make a successful downgrade with Downgrader 2.71 LITE
X-Flash X-Flash
On his previous version, Art promised that he'll come up with the v10 of his X-Flash application after a week. Well, in a way he broke his promise; because he's releasing it to us today, just barely six days after v9i. They say "promises are meant to be broken", well if they come in this way, I wouldn't mind it
FastExitGame 2.4.5 FastExitGame 2.4.5
There is a new update released by PSP developer abcang who has released FastExitGame version 2.4.5.A FastExitGame version 2.4.5 provides users with UMD support as well as some additional fixes and updates from the previous releases.A Some features of FastExitGame version 2.4.5 are that you can restart, sleep, shut down or reset
Disk PsP Disk PsP
LogiKz has released version 2 of Disk PsP, an application for Windows XP that lets PSP owners customize their PSP's drive letter and label. Disk PsP can also be used for other types of removable storage devices such as removable disk drives
Installotron 0.6 Installotron 0.6
Fanjita stopped by our forums recently to share some good news to the PSP community. The homebrew developer par-extraordinaire announced the release of his and Alex Richter's creation, Installotron 0.6
Dark Alex's Despertar Cementerio PSP Fat and Slim Dark Alex's Despertar Cementerio PSP Fat and Slim
Good news, folks. DarK Alex has released a new universal unbricker for both the Fat and Slim models of Sony's PlayStation portable handheld gaming console.
First of all, this unbricker will bring your PSP back to 3.71. You'll also need the following Sony firmwares to run it: 1.50, 3.40 and 3.71
Comments on GripShift savegame exploit POC:
Comments not found
If you noted an error or download link is broken, please, report it via this page or use comments.
Please, select device to check if GripShift savegame exploit POC supports it
