Print

[snake3k1]

What the title says ^^^^ . My buddy upgraded via the wireless network upgrade and now he wants to do these hacks/mods. SO do the exploits work on 1.52 psps, and/or is there a way to downgrade?

[wasting]

no and no

[snake3k1]

lol, great

[Flexmaster Frag]

QUOTE

It appears that the reason the single-card KXploit works on 1.5 is twofold:

1. Treating the filename as a format string causes the HELLO% folder name to be translated to HELLO when being passed to the bootstrap code
2. The 1.50 bootstrap executes a bare ELF if it’s been passed one

Of course, the bare ELF execution was fixed on 1.51 and 1.52, so it no longer works there, failing after boot with 80020148 (”file type unsupported”). But this would only work if the format string vulnerability were still there. Experimentation verifies this:

When danj tried using %p etc, the error changes to 80010002, which would be because HELLO%p changed to e.g. HELLO12345678, and 80010002 is ENOENT.

When Nick Fury tried %c, the error is 8001000D, which is EACCESS and could be caused by %c generating an invalid character in the filename.

When danj tried using %n, it crashes his PSP, because %n causes writes to memory. That’s the vulnerability.

I convinced a friend to upgrade 1.51 -> 1.52 and verified that this bug does still exist on 1.52. Writing an exploit is non-trivial, partially because we can’t see the result of the format string expansion, and partially because MIPS exploits could be annoying (need to flush dcache)… but it’s definitely got potential.

[tonloc79]

re already able to boot games off a pro duo w/o any modification to your hardware! The psp scene is awesome and if your firmware is 1.5+ then its only time!

[Master-Chief]

All I have to say is STOP UPGRADING!!!

"If it ain't broke, don't fix it."