Psp3d Hacking 102 - PSP3D.com - Sony PlayStation Portable News, Homebrew, Hacks, Reviews, Videos, Mods, Forums

butterballer360 · #1 (**permalink**) 11-24-2005, 12:46 PM

I will break down in a diagram of the EBOOT handlers security:

KNOWN SECURITY LOOPHOLES
<icon0>
<icon1>
<pic0>
<pic1>
<param.sfo>
<snd0.at3> (Some reports say)

PSP BOOTUP SECURITY CHECK

param.sfo > data.psp > data.psar

So on 2.5 the sfo stage is the only one passed, the the psp recognizes it has the familiar data.psp file (I'm not quit sure how...)

so I'll explain each files purpose

param.sfo (tells psp how to use a file)
data.psp (runs an updater applet)
data.psar (is a container for the updates files to be flashed

Anyone can break the sfo stage at this point with a few tools, or hell even with notepad.

But of course their are always loopholes so i will show which ones are on each version:

HOMEBREW - 1.0, 1.5
OVERFLOW - 1.0, 1.5 1.51, 1.52, 2.0, (2.01 and 2.5 are partially affected)
VIDEO EXPLOIT - 1.0, 1.5, 1.51, 1.52, 2.0
...there are more but I just said the top 3

PSP 2.5's cracked file handlers...
eboot handler (I say again partially no code running yet)

a.beast · #2 (**permalink**) 11-24-2005, 12:56 PM

So right now you're working on how to get the psp not to recognize the data.psp or take an altered data.psp as the original?? The problem is that we don't know how it is validating that file correct? Cool stuff, I think I'm going to get in on this and quit watching and start doing. Can you recommend an environment to work in or some basic framework or methods/functions that would help me potentially help the community??

butterballer360 · #3 (**permalink**) 11-24-2005, 01:05 PM

a.beast you dont need an environment, shoot I'm a cut and paste coder and I found this stuff.
Just get this program - PBP UNPACKER

dadon · #4 (**permalink**) 11-24-2005, 01:26 PM

Quote:

Originally Posted by butterballer360

a.beast you dont need an environment, shoot I'm a cut and paste coder and I found this stuff.
Just get this program - PBP UNPACKER

I have the program. What do you do with it?

butterballer360 · #5 (**permalink**) 11-24-2005, 01:54 PM

you can use it to disect and then reamake an eboot, and with the right knowledge, hide a few file...

CoderAge12 · #6 (**permalink**) 11-24-2005, 02:38 PM

Actually passes both DATA.PSP & DATA.PSAR steps and executes the update.

Example here:
http://rapidshare.de/files/7975138/E...E_251.zip.html

However, you cant do anything with this "change updater" approach unless you are able to decrypt files, change version information, encrypt files.

Ups, only Sony can encrypt.

So you forgot one last step.

1. SFO
2. DATA.PSP
3. DATA.PSAR
4. Version information in some file within the PSAR archive

metroidblade · #7 (**permalink**) 11-24-2005, 02:44 PM

what happens to your overflow when you hide the 0 pictures.

butterballer360 · #8 (**permalink**) 11-24-2005, 02:45 PM

It's been done and that does not pass the psar and .psp stage those 2 stages are on implemented once you bypass the update screen that says corrupt, not just bypasses the corrupt icon

a.beast · #9 (**permalink**) 11-24-2005, 03:10 PM

Quote:

Originally Posted by butterballer360

a.beast you dont need an environment, shoot I'm a cut and paste coder and I found this stuff.
Just get this program - PBP UNPACKER

Cool, I wasn't sure how you did things, you come across as all professional n' shizzle. I'll download that later and start spankin' out some code.

piru550 · #10 (**permalink**) 11-24-2005, 03:47 PM

i unpacked the eboot file and by repacking without the data.psp file and it went to a 2.50 update instead of the 1.50. the 1.50 is what i unpacked and ended up with a 2.50 update.??????????