Aah, yes, new exploit, old game. It's so cool to actually see this beauty working - and on a PSP-3000 no less! The PSP scene was buzzing the other day when MaTiAz found an exploit (read: buffer overflow!) in the three year old game, GripShift.
MaTiAz says that they've yet to find any further use for this, but it's still a new exploit. It could lead to further hacks, and for now, it's merely a proof of concept. Be that as it may, this is a great start, and a rather sweet find! Here's MaTiAz explaining the exploit:
"GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra. The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ). The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file."
"It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. ). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. EDIT: yeah, don't forget to have Savegame-Deemer working, duh."
Like it? Share with your friends!
If you got an error while installing Themes, Software or Games, please, read FAQ.
Similar Software:
CXMB for CFW 3.71-6.39 CXMB for CFW 3.71-6.39
Homebrew coder patpat is back on the scene to release a revised version of CXMB for custom firmwares 3.71-6.39, a handy homebrew plugin that allows users to load custom PSP themes directly from the memory stick. As the latest update suggest, patpat's version of CXMB is compatible with all custom firmwares starting from 3.71 M33 up to the latest 6
EDecrypt 1.3.2 EDecrypt 1.3.2
Homebrew coder MC707 has released a new version of EDecrypt, another handy games decrypter for the PSP, based on PSARDumper.
How to use:
1. Copy EDecrypt folder to ms0:/PSP/GAME
2. Copy encrypted file(s) to ms0:/enc/
3. Execute EDecrypt on PSP
4
DayPR Rev.5 Hello lilmnm From Team Red Phoenix (TPR) here with the new and updated DayPR with A LOT of updated and new features and will also have and Easy Installer
VCS CheatDevice VCS CheatDevice
It seems that no amount of protest or banning could stop Edison Carter from improving his creation, VCS CheatDevice. Yup, the dev just released version 2.2 of his CheatDevice that has made GTA:VCS more exciting to lpay with
PSARDumper for OFW 6.60 The cat and mouse game between Sony and PSP underground community continues as some1 together with Proxima releases today an updated version of the PSARDumper that comes with new keys allowing users to fully dump or decrypt the modules of the latest PSP firmware update 6
2.80 - Kernel Access Proof-of-Concept 2.80 - Kernel Access Proof-of-Concept Team C+D just came out of the blue today and posted about kernel access on 2.80 (which only previously had user-mode access from the Tiff exploit)
PSP Homebrew: PSP CFW 6.35 PRO-C2 PSP Homebrew: PSP CFW 6.35 PRO-C2
Its been a little while since we've had a PRO Team update but today the developers have released PSP CFW 6.35 PRO C-2.A The bug that was happening in the NoDRM Engine has been fixed and there are plenty of other great features like ISO/CSO game dump playback that lets you backup your UMD discs to a USB and play from Flash
TOTALNewbi easyInstaller TOTALNewbi easyInstaller
Homebrew developer Xi-Bit brought forth another version of Pandora easy installer, this time one that runs via batch type procedures entirely through the command shell. Called TOTALNewbi easyInstaller, the project was a collaboration job between Xi-Bit and a pal of the developer
LCFW 6.39 ME LCFW 6.39 ME
Homebrew coder neur0n's LCFW 6.39 LME installer for the official firmware 6.39 has been updated.
Changelog:
Fixed a ISO Parental Level.
Fixed a bug in OE driver(again).
Fixed a bug that failed to sleep when you change the CPU clock.
Added a page controll in RecoveryMenu->Plugin.
Updated UMD Video mount
eMenu eMenu #
eMenu-- is meant to be a simple, fast, stable no bs alternative to the standard eLoader menu.
# This is intended for use with eLoader v0.95+
The reason we desided to make a new menu, was the increasing trouble the old menu gave us. It had become hard to maintain and was rather slow when having more than a page of homebrew
Comments on GripShift savegame exploit POC:
Comments not found
If you noted an error or download link is broken, please, report it via this page or use comments.
Please, select device to check if GripShift savegame exploit POC supports it
