The NEW 2.xx+ Image glitch/exploit thread

[phant0mspid3r]

The File is at
http://psp3d.com/attachment.php?atta...3&d=1145708961


From Train:

Quote:

What this does is, well it's an eboot that displays any image that you have resently(before a hard reset) viewed on your PSP, everything you do on the psp makes it react different, it *COULD* be exploitable but I am unsure as of yet. But I do need some help on getting it even further than it is now!
Ok I made a read me for it and it's all set...

1. extract the "PDPEfile.rar" folder to the games folder on your psp memorystick
2. go to games folder and look at the eboot file..(dont start the eboot)and just watch the [image]. *OR. goto step 6*
3. after your psp freezes or seems to be froze press any button but triangle.
4. after you push the any button not counting triangle. the psp will freeze after sound. (psp will only make a sound if you key tones is on)
5. turn off your psp. then turn it back on.
_____________________________________________
6. go to photos folder on the psp. and view a picture of your choice.
7. then exit the photo folder.
8. go to games folder and view the eboot.
9. watch the screen (dont start the eboot)
10. do steps 3-5


What Freeplay has discovered is that this is "attacking" a bug that is in a module, much as the TIFF overflow does. Then it shows choppy pictures of the images ySUPA_SICK, FREEPLAY, TRAIN AND BUTTERBALLER [and phant0mspid3r helped a little!]***ou have viewed that are saved in the RAM. If we can figure out which module this is bugging up and try to put some code in it, I think we might have something, I am no expert when it comes to overflows and that's why I came here.***ALL CREDITS GO TO SUPA_SICK, FREEPLAY, TRAIN AND BUTTERBALLER [and phant0mspid3r helped a little!]***

My pictures from before (note these were taken with the first version of the eboot, not the one posted above):

Quote:

The picture I looked at before:


Hovering over the eboot:

(Notice: The left 2/3 of the screen is a scrambled version of the image I viewed, and the right 1/3 is my backround image. The thing in the middle left is the icon for the eboot.

Please do not post "how does this work" or "who is working on this" questions in this thread, we want to keep it clean and not 65 pages long.
Thanks, phant0mspid3r.

[The_Lead_Factor]

Since it doesnt crash it seems to be a legit overflow. Have you guys tried inserting arbiterary code into the file and seeing if it executes yet?

[The_Lead_Factor]

Here is the same Eboot only with the SFO edited.

[El3M3nT]

the lead facter i switched ur sfo with my eboot and it corrupted it

[The_Lead_Factor]

I know, I messed up the old SFO. Download the file in the post below.

[The_Lead_Factor]

Here try this.
And Im trusting that the original people working on this know enough to make an SFO that will force through the Update.

[El3M3nT]

*cough* *cough* of course we do *cough*

[Homer]

Just wondering, how would you be able to boot a PSP update through this? I mean, if we're going to do something we'd have to insert some code in the eboot that'll let us run homemade code.

[train2335]

Guys...honestly, none of you have a CLUE what you are talking about, this EXACTLY the same as anyother eboot, but the png is buggy with causes the glitching, if you hex edit the param or .psp NOTHING will happen but say "Update is Currupted" if anything comes of this, its not going to be like KX-ploit, it's going to be similar to the TIFF overflow...

[The_Lead_Factor]

Weve goten a 2.00 EBOOT to load the boot screen but then shut off. And what are you talking about this being like Kxploit...We never tried anything remotely similar to Kxploit or the tiff overflow! And we never Hex eddited anything....we took IEUA's image glitch eboot, hoped it would cause an overflow (not like the tiff though) that would let the PSP bypass its security checks, made an SFO that would load the Eboot, and then hope it force loaded the 2.00 update we included in the Eboot.