Help the PSP 3D community grow!
Vote for us below:
| | Homebrew/Hacking - Discuss the latest available homebrew applications and games. |
Welcome to PSP3D.com - Sony PlayStation Portable News, Homebrew, Hacks, Reviews, Videos, Mods, Forums!
You are currently viewing our website as a guest, which gives you limited access to reply and interact to discussions and other members. By joining our free community, you will be able to post topics in the forums, communicate privately with other members, vote in polls, and access many other special features.
Registration is fast, simple, and absolutely free so join our community today!
|
 | | 
12-08-2005, 04:08 PM
|  | Member | | | | | Libungif Exploit Found!!!
OK
On pspupdates its been anounced that appearantly an exploit has been found in libungif, in versions below 4.1.4(released 10-19-2005)
Heres the link to the thread---> http://forums.qj.net/showthread.php?t=28627 Heres a link to Info about the exploit: http://www.frsirt.com/english/advisories/2005/2295
..and some "proof-of-concept" GIFs http://scary.beasts.org/misc/bad1.gif http://scary.beasts.org/misc/bad2.gif http://scary.beasts.org/misc/bad3.gif Heres what is known:
GIFs "bad1" and "bad2" cause fw versions 2.01 and 2.5 to "freeze" and shut themselves down.
GIF "bad3" doesnt cause 2.01 to crash but once you select it you get error code 00000001(I dont know about 2.5)
These dont work on 2.6. That fw has been patched.
This exploit has led to code execution on computers. Fanjita on pspupdates wrote this: Quote:
Exploiting this one isn't straightforward.
It's being looked at, but due to the nature of the vulnerability (heap vs stack overflow, for a start), it's far from simple.
I'm hoping something will come of this, but don't hold your breath.
Incidentally, it looks like if it can be made to work, it would be good for at least 2.01 and 2.5. 2.6 seems to have fixed it, from what I remember.
| And this: Quote:
It's been confirmed as fixed on 2.6 (and it makes sense, since the publicly-known vulnerability was fixed in libungif between the 2.5 and 2.6 release dates).
To my knowledge it's not been discussed in any open forums. Most of the places that house sufficient knowledge to discuss this sort of thing productively don't like discussing exploits. And most decent hackers don't like to raise people's hopes before something has come of their ideas .
Rest assured that it is being explored by talented coders, and that there's a decent chance of it turning out to be useful. But it's far from pretty to work with.
|
Just thought everyone should see this.......
-Peace  |
12-08-2005, 04:15 PM
|  | Senior Member | | Join Date: Nov 2005
Posts: 153
Points: 0.05 Donate | | Quote: |
Originally Posted by Twitch | could anything be done with this then?
it looks legit
__________________ U either Ride wiv me or Collide wiv me- Kiss me, Tease me, u cud neva please me!!
""Ĉħųяĉħ Ĉяέω""
/ `--"""""""""""""""""| ]
/_==o ____ __|""
),---.(_(___) /
// (\) ),-----"
// //
'-----'
>>>"I Liv By Da Gun,<<<
>>>I Die By Da Gun"<<< |
12-08-2005, 04:38 PM
| | | Member | | | | Quote: |
Originally Posted by dadon could anything be done with this then?
it looks legit | Well, this exploit has been used to execute code on computers.
so.....
If we can use this to get code to run on a PSP then we could have a possible downgrader in our hands, but like Fanjita said, its not a simple matter(google 'smash the stack for fun and profit') this is a "heap" overflow, not "stack" like the .tif exploit.
So dont hold your breath. It may be a while......if ever.
Heres to hope  |
12-08-2005, 04:45 PM
| | | Senior Member | | Join Date: Nov 2005
Posts: 153
Points: 0.05 Donate | | Quote: |
Originally Posted by Twitch Well, this exploit has been used to execute code on computers.
so.....
If we can use this to get code to run on a PSP then we could have a possible downgrader in our hands, but like Fanjita said, its not a simple matter(google 'smash the stack for fun and profit') this is a "heap" overflow, not "stack" like the .tif exploit.
So dont hold your breath. It may be a while......if ever.
Heres to hope | ooohhh. kk. hope for the best
__________________ U either Ride wiv me or Collide wiv me- Kiss me, Tease me, u cud neva please me!!
""Ĉħųяĉħ Ĉяέω""
/ `--"""""""""""""""""| ]
/_==o ____ __|""
),---.(_(___) /
// (\) ),-----"
// //
'-----'
>>>"I Liv By Da Gun,<<<
>>>I Die By Da Gun"<<< |
12-08-2005, 04:49 PM
| | | | It is legit. It freezed my 2.01 and my 2.5.
Hope any codes will come quickly.
Last edited by pcfil : 12-08-2005 at 04:52 PM.
|
12-08-2005, 05:13 PM
| | | | it just freezed my psp, and it done. so what can i do with this one...... |
12-08-2005, 05:22 PM
| | Junior Member | | Join Date: Dec 2005 Location: Clacton On Sea, Essex, UK Age: 23 | | | weyhey, gd work. basically wat happends next? n e 1 wanna exp |
12-08-2005, 05:26 PM
| | | Member | | | | Quote: |
Originally Posted by psplover it just freezed my psp, and it done. so what can i do with this one...... | With a known exploit (on computers) already lined out, this is good news for coders. The version of libungif that's exploitable is used on PSP fw 2.0-->2.50
With a general concept of how this exploit works it is easier for coders to determine whether or not this is usable on PSP.
The fact that this "exploit" crashes firmwares 2.00->2.50, but was patched for the 2.60 release is promising, as far as this being a possible security flaw goes.
But to answer your question, what can you do with this one?
Right now.....nothing |
12-08-2005, 05:27 PM
| | | Quote: |
Originally Posted by psplover it just freezed my psp, and it done. so what can i do with this one...... | Nothing atm.
It could serve for making a downgrader for example. |
12-08-2005, 05:31 PM
| | Junior Member | | Join Date: Dec 2005 Location: Clacton On Sea, Essex, UK Age: 23 | | | thak u, that sounds good. this is the 1st bit of good news i ad since i got my 2.5 on the 2nd lol. | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Thread Tools | | | | Display Modes |  Linear Mode | 
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off
Points Per Thread View: 0.00 Points Per Thread: 1.00 Points Per Reply: 0.10 | | | | |
