Exploit Idea? - PSP3D.com - Sony PlayStation Portable News, Homebrew, Hacks, Reviews, Videos, Mods, Forums

VariableSanity · #1 (**permalink**) 01-17-2006, 01:31 AM

Hey, I have an idea and was wondering if anybody has looked into it. Maybe an exploit can be found by looking at the way that backgrounds are changed. I noticed that when you set a custom background in the 2.0+ firmware and remove you mem stick, it stays. So does that mean it is written to the flash in the PSP? If so, maybe you can use that to downgrade or something along the lines of that. I'm a newb at that stuff, so I don't feel bad if I sound stupid, its just an idea.

warrior_1024 · #2 (**permalink**) 01-17-2006, 01:44 AM

yes, it does access the flash, however i think it would be difficult to run code through the image itself.
this should be looked into a bit further, maybe theres a way have constant access to the flash , by implementing something similar to the overflow, that will leave the gap open, in which the image is flashed to memory, and we can from there run our own code
nice work VariableSanity
either nobody's really thought about this, OR it was ruled out impossible, but i haven't heard anything about it
so let's see wot the pro's have 2 say bout this

Ihateusing2.5 · #3 (**permalink**) 01-17-2006, 01:48 AM

I think someone already came up with this exact thread, and this idea goes into the tif exploit, which has been completely patched up. So your answer is no...
Welcome to PSP3D.

DreaDNoughT · #4 (**permalink**) 01-17-2006, 02:14 AM

well we have tested it and isn't really finished testing it although we have been testing it for a long time now.... but we thought that if the mem is 32 meg then a bigger image would crash the flash when it put into the background... but wither we came up with a unreadable pic, a pic that wouldn't stop loading... or a pic that weren't able to set as background so i guess this has been looked into... but it may be able to work on 2.01 as we only have tested it on 2.5 and 2.6.... and btw we still got some good ideas that we will look into....

Zianna123 · #5 (**permalink**) 01-17-2006, 02:24 AM

but the problem still remains , that even if you do get it to expliot.
it is still gonna be a bugger to find index.dat and decrypt it, let alone
let you overwrite it! like they done with 2.0

hardware flashing seems the route for now.. it will serve 2 good deads, allowing downgrading, and repairing bricked console's

has ne one lewked into using a pc to format a 32mb to fat12, then crafting a special ipl formated disk to do the update, it puzzles me that the psp reads the ms0:// for a few seconds before booting...

i need to write a debugger for this damn thing

DreaDNoughT · #6 (**permalink**) 01-17-2006, 02:27 AM

well yeah but as u may know 2.01 and up does not have the index.dat file.. it's implanted into another file in the firmware.... and well yeah it would be pretty hard to exploit that thing...

warrior_1024 · #7 (**permalink**) 01-17-2006, 02:31 AM

Quote:

Originally Posted by DreaDNoughT

well yeah but as u may know 2.01 and up does not have the inde.dat file.. it's implanted into another file in the firmware.... and well yeah it would be pretty hard to exploit that thing...

the firmware version is located within something called the IPL, not really sure what it is

VariableSanity · #8 (**permalink**) 01-17-2006, 02:44 AM

aww man, I totally did not see the earlier post with the same idea, and here I thought I was being original, it even sounds like I copied the words! but whatever, I do like Zianna123 idea about the special format mem stick.

Zianna123 · #9 (**permalink**) 01-17-2006, 02:44 AM

dats woot i saids

VariableSanity · #10 (**permalink**) 01-17-2006, 02:51 AM

Quote:

Originally Posted by Zianna123

has ne one lewked into using a pc to format a 32mb to fat12, then crafting a special ipl formated disk to do the update, it puzzles me that the psp reads the ms0:// for a few seconds before booting...

i need to write a debugger for this damn thing

Just wondering here, why format the card into fat12?