PSP V2.0 Exploit Found

[wraggster]

Theres a real exploit been found in V2.0 PSPs, the group who are behind it are unknown at this time and sites are claiming its there find when thats rubbish but anyway heres the full readme.txt:


First Homebrew Code on 2.00
-----------------------------

1. Set wallpaper to frame_buffer.png (without overflow.tif present
in the PHOTO directory, or it will crash).
2. Add overflow.tif to the PHOTO directory, and open into the photo
viewer. Custom code to paint the screen! Or to write a homebrew
app! Not to run illegal games.

How It Works?
---------------

1. The PNG contains a small amount of code in a known, fixed place
(the VRAM). If to look closely at the wallpaper, sees small
coloured pixels in the right down. The pixels are Allegrex
opcodes, with the highest byte all zero for the ALPHA. These
pixels do:

syscall 0x20C7 ; sceKernelDcacheWritebackInvalidateAll
slt a0, zero, sp ; put 1 into a0
sll a0, a0, 6 ; put 64 into a0
addiu a0, sp, a0 ; get screen painter address over SP
jr a0 ; jump to the screen painter
nop ; branch delay slot

2. The TIFF contains also some code and a buffer to trigger the
known BitsPerSample overflow in libtiff in the photo viewer.
The buffer makes a jump to the VRAM which has the PNG colours
by overwriting the safed ra (return address) on the stack.
The VRAM code uses SP and calculates the address of the buffer
then runs it. Then it jumps there. The screen is yellow as
the colour was 0x12345678 in Hex.

PSP Users:

We didn't do this so you could steal from Sony and game companies.
We believe in OSS. There are plenty of amazing programs that have
been written for the PSP. Use this as a gift and not as an excuse
to steal.

Sony:

If you wanted to find us i know you could. This release wasn't
intended as a way to run pirated software on the PSP. We believe
that everyone should be able to compile their own code and run it.
Nothing is kept secret forever and i'm sure you know this.
In the end, if it wasn't us. It would be some one else.
Fighting it would be like skating up a hill. You did create the
PSP and did an amazing job.

Toc2rta:
To the people of the Toc2rta development network. You're our phone
a friend. With out your friendship this would never of happened.
I hope this brings you as much happiness as it brings us.
Join us on irc.toc2rta.com.

Most importantly... Have fun!

There you have it, the files can be downloaded below (via the comments)

[ForteGSX]

Wait so does that mean.... Finally homebrew on 2.0?

I don't think I fully understand this...

[Black Panther]

Im Having troubke my psp screen goes brown or when i hit X on photo it just freezes i m doing everything right but its not working any 1 willing to help a n00b

[xuphorz]

i'll get how to do this, and add a section for 2.00 to my guide, if it really works

[*o*]

it doesnt work (yet) this is an exloit to run an eboot ( i think)

[wraggster]

this is more a proof of concept at this time and ive been told from respectble coders that " someone needs to write a loader or something to insert into the image"

its a major step in the right direction though

[xuphorz]

ah, now i see
i just followed the instructions (fairly simple actually, simpler than it looks)
ya, they're right, it's not homebrew/emulation 2.00 yet

[*o*]

meh im happy

[oldsage]

Wow... How the hell did they figure that out?!
Wow... Hopefuly the messages in the bottom of the readme will have some effect...

Wow...

My respect (as well as a lot of others here, i'm sure) is eternally theirs...

Wow...

[Cap'n 1time]

You know how... when somthing youve been wanting for a while just comes... and your not exactly sure how to feel at the moment? ...

Anyways, I dont think it would be too difficult to take advantage of this. Im willing to bet we will here from these people again in the very near future.