Possible 2.0 Exploit

godtabh

http://www.psp-hacks.com/2005/09/23/possible-20-exploit/


look like it wont be long before it s properly hacked

If this has be posted all ready sorry but I didnt find any metion of it (search is turned off)

Placebo

sweet !

all i want is mame and street fighter rainbow ed.
and cadillacs and dinasours.

Tank Top Fever!

Here's hoping!

Snes emu here I come!

projectmayhem

sonic on the go! teeheehee (that's my giggling-like-a-schoolgirl laugh)

Placebo

metal slug !
also gameboy advance games.

faster loading times on burnout too !woohoo

Chardee MacDennis

there is a firmware dumper, a hello world, and a scrolling starfield - a first graphical exploit - programme up on psp hacks

NICE...

Mac daddy

its starting look good at the moment

Won't be long now say max three/ four days and will be able to run emu's

Mario kart here i come

qz

/me salivates at the idea of homebrew on 2.0

lee_baby_simms

2.0s' security seems to be coming apart bit by bit. delly buzz.

Placebo

i havent updated to 2 yet, 1.52.

shall i ?

techguy

Yipee, now I can upgrade to 2.0 or should I stay at 1.52 for the time being.
My PSP is lying redundant at the mo cause I only have a 32mb card and no games cause I'm not sure what to get.
Neway I hope I can run HB on my psp soon..
Looks like WAB have hit the wall too.

Hakko

kaisersose77

dont upgrade just yet! wait till its being 100% confirmed that proper homebrew runs as this exploit might not get any further than it has atm. Hopefully they have everything working soon enough but for now stick with ur 1.52.

Franky Boy

Ahhh...I'm so happy I hope it happens soon.

Tusky

yay !!! Cant wait to get a snes/GBA emu up and running!

4Xcut

what about when we get v2.5

lee_baby_simms

ah mickeys! :mad: just read this from pspupdates:

Guys, some people are getting really excited and thinking this is all going to happen tomorrow. Read this. You might not understand it but read it anyways.

It is correct that unsigned code is now running on 2.00 PSPs. However the code is running in USER mode not KERNEL mode.

For those who don't know what this means, code that runs in kernel mode (i.e. the PSP OS/firmware) is protected by the PSP hardware (CPU). Code running in user mode (games, apps) cannot access memory used by the kernel.

This means that at the moment, unsigned code can only access things that games/apps can access, such as the screen output, sound output and button/d-pad input. Unsigned code can only be run in the area of memory exploited by the buffer overflow (64Kb). In order to allocate enough RAM to run proper homebrew (e.g. emulators) kernel access is required. Only kernel code can allocate memory to user processes (homebrew). This is where we are at the moment. In order to get a fully exploited system, the kernel needs to be attacked. Then the PSP will be under total control of the homebrew code.

There are different layers of protection between user mode and kernel mode. Think of it as an onion where kernel mode is the core and user mode is the outer layer. As you remove the layers and move up privilige levels, you get closer to the kernel. You can make system calls in user mode which instruct the kernel to do various things but these calls are always controlled by the kernel and are not easy to exploit. By using system calls, it is possible to increase your privilige level and get closer to the kernel (peeling the layers from the onion). This will however take time and a lot more hardcore hacking to achieve.

Too many people who dont really know the technical side believe that this is a huge discovery, and it is. But its a very small step if you consider that theres still so much to do. Its like managing to unlock a door but finding that its chained from the inside...

http://forums.qj.net/showthread.php?t=17882

kaisersose77

Yep ppl are getting a bit too excited, this exploit could be over before it has even started. Already theres lot of threads on various forums about " what homebrew apps are you gonna try on 2.0" and im sure ppl have upgraded already to 2.0 in antcipation of something that mightnt happen yet. Best to forget about it until something actually worthwhile comes out of it.

Placebo

i seemed to have missed that with all my excitement, oops.
damn,

Chardee MacDennis

but basically all they have to do is pop code on to the stack that gives access to the kernal, the issue is coding it right and it could take a while. but this is a massive step in the right direction.

its like finding a chip in a wall around a fortress and finding a way to chip at it so we can get in.

ah i love analogies..

delly

lee_baby_simms wrote:

2.0s' security seems to be coming apart bit by bit. delly buzz.

buzz where?

lee_baby_simms

delly wrote:

buzz where?

heh! it was meant to sound like 'deadly buzz'. it wasnt anything to do with you.

funny coincidence though.

lee_baby_simms

Call_me_al wrote:

its like finding a chip in a wall around a fortress and finding a way to chip at it so we can get in.

i thought of it like a crack in a dam. or levy. or a house of cards maybe?

analogies do kick ass.

Tank Top Fever!

I'm probably wide of the mark here, but aren't buffer overflows likely to mess up the psp?

I wouldn't be rushing to install any emu's until I'm sure it's safe

Tank Top Fever!

well it looks like further progress has been made. Pspupdates now has a button swapper homebrew app for version 2.0.

Placebo

http://mediafour.com/psp/

weird.

Chardee MacDennis

its a software exploit no harm done to psp at all.

weemcd

Zapp Brannigan: All the dominoes are falling into place like a deck of cards. Checkmate.

projectmayhem

anyone tried the downgrader yet? does it erradicate the browser, because tbh i like having that

sound_wave

i just downgraded this min and it works perfectly. The browser is gone unfortunatly, however i never used it that much.

techguy

Downgrader, what?!! How come nobody told me about this? Where can I get it this instant?

Soundwave, you sure your PSP wasn't effected? I don't wanna fook up mine...
Does this also mean a UMD dumper will work(If legal,If not just Dismiss)??

Hakko

Chardee MacDennis

all 1.5 homebrew will work

sound_wave

Call_me_al wrote:

all 1.5 homebrew will work

what he said!