Check out this video and discuss if legit:

http://www.youtube.com/v/RUJnXADjxsw

This is true, just not that video.



So, happy new year. I think presenting a new usermode exploit on the PSP is a good way to start 2009 ;)

GripShift has a buffer overflow vulnerability when loading savegames. The savegame contains the profile name which can be easily used to overwrite $ra.
The savegame file is pretty big (25kB) so you have lots of space to put your code there. I wrote a simple blob of code to paint the framebuffer completely white (to just indicate that arbitrary code is running ).
The return address is located at offset 0xA9 in the file. In this poc it points to 0x08E4CD50 (which is only a few bytes after the return address), and the code starts at 0xCC in the file.

It was tested on 4.01M33-2 with US version of GripShift (ULUS10040), and psplink.prx, usbhostfs.prx and deemerh.prx loaded (also without psplink and usbhostfs). The decrypted savegame (sorry, couldn't [be bothered to] get Shine's savegame tool working so it's in plaintext form) is in the SDDATA.BIN form which Hellcat's Savegame-Deemer produces (thanks to him, if the program didn't exist I wouldn't have bothered with this. :)). Just copy the ULUS10040SAVE00 directory to /PSP/SAVEPLAIN/ and run the game. :) EDIT: yeah, don't forget to have Savegame-Deemer working, duh.

Video POC on PSP 3000 via FreePlay.

I'm keeping the source link out, because they wouldn't be happy with non dev's flooding the forums.

HAoZWymTySw

So, go buy GripShift now, if this gets fully worked out. You never know ;)

Dude!!! I resent that comment about Gripshift being one of the worst games. It has always been one of my favourite games for PSP!

**** that dude, I hope is exploit never works!

Wow this is great news for the psp 3000 :D

Good for the homebrew scene, but not for Sony, if this leads to this machine being cracked open, then we will all lose out, because no developers will bother releasing any new AAA Titles, knowing that they are just going to be copied as .ISO's for Free, on Custom Firmware's :eek:

@tinman : The libtiff vulnerability and the GripShift exploit are two different things

I can say the libtiff thing is legit (since I'm the one who created the files), although not very useful. You can see my posts here : http://lan.st/showthread.php?t=1856

I'm pretty sure the GripShift thing is real (the people who created/confirmed it are trusty sources), and definitely more promising than my libtiff finding

This is true, just not that video.



Video POC on PSP 3000 via FreePlay.

I'm keeping the source link out, because they wouldn't be happy with non dev's flooding the forums.

HAoZWymTySw

So, go buy GripShift now, if this gets fully worked out. You never know ;)

Yea i read that on the PSPUPDATES.com webpage this morning. I immediately sent a email to sony to tell them about it and they should keep an eye on this new exploit. Really dont want to see the psp 3000 hacked leading to more piracy.

no offense guys (And I seriously don't want to start a flame war)

I think an image just crashing won't prove anything but if it crashes and then something like a hello world pops up, that's a whole different story (And we have to put in account that, even if this works, you might only have user level access not kernel level access which you need for hacking or replacing the firmware).

Again, don't want to start a flame war. but to me, this was useless.

About gripshift... Never played it nor care (doesn't make a difference to me) but if by any chance there is an exploit found, it happens.

Sooner or later pirates find their way to hack the console.

Deal with it.

This is kind of exciting yet kind of sad

Is good to see people still trying and working for the homebrew scene, but at the same time is very sad that this might kill the platform for good as it happened to the dreamcast. Only part-good thing is that there is a bunch of AAA titles already on their way.

Either way I'll go hunting for a gripshift umd :)

This looks extremely promising.
There's also downloads on QJ for any developers that want to try and make a hello world or anything like that.

interesting, it didn't take long for exploits to be found!
hopefully some of them prove to be true. i've given up waiting for A star titles crisis core is the only psp game i've bought in the last year!

good news for the PSP.
It's instantly a more desirable item, and Sony should still have a lock on
homebrew by shipping with OFW 5.01

Excellent! I hope more devs get excited about the future of PSP homebrew.

no offense guys (And I seriously don't want to start a flame war)

I think an image just crashing won't prove anything but if it crashes and then something like a hello world pops up, that's a whole different story (And we have to put in account that, even if this works, you might only have user level access not kernel level access which you need for hacking or replacing the firmware).

Again, don't want to start a flame war. but to me, this was useless.

About gripshift... Never played it nor care (doesn't make a difference to me) but if by any chance there is an exploit found, it happens.

Sooner or later pirates find their way to hack the console.

Deal with it.

a hello world will only pop up if somebody programs it to. this is just to show a possible exploitable error in the sony firmware code. So a hello world means just about nothing, other then to prove it can be exploited. And sony obviously did not code the firmware to display hello world whenever an exploit is found. And its not "pirates" who hack the console. The sole reason the console is hacked is to give people the ability to do as they choose with their hardware. I have a hacked psp, and i dont pirate games, i simply use iso's of games i already own (carrying around UMD's is a pain) and emulating games i already own. Therefore you clearly have no clue what you are talking about, so please refrain from posting about things you arent experienced in in the future.

good news for the PSP.
It's instantly a more desirable item, and Sony should still have a lock on
homebrew by shipping with OFW 5.01

yes, agreed. as long as a pandora battery like item doesnt come out in the near future, they should have a good grip on homebrew and piracy.

a pandora battery like item? what- like datels battery? lol. but seriously, maybe we should just leave the 3000 alone. focus on the 4000 thats rumored to be coming out this year. let sony win this one. the 2000 is just as good anyway...

a hello world will only pop up if somebody programs it to. this is just to show a possible exploitable error in the sony firmware code. So a hello world means just about nothing, other then to prove it can be exploited. And sony obviously did not code the firmware to display hello world whenever an exploit is found. And its not "pirates" who hack the console. The sole reason the console is hacked is to give people the ability to do as they choose with their hardware. I have a hacked psp, and i dont pirate games, i simply use iso's of games i already own (carrying around UMD's is a pain) and emulating games i already own. Therefore you clearly have no clue what you are talking about, so please refrain from posting about things you arent experienced in in the future.

Like I said ._. don't want to start a flame war

but, if no one programmed a hello world, then what does this proove? that someone found someway of crashing the PSP through Tiff?

but let me tell you this, i DO know what I'm talking about.

don't care if you think otherwise.

and yes, I do know that its not pirates who hack the PSP, but experienced hackers. Chose the wrong words. sue me.

and yes, I know the various uses of the custom firmware for DAX, heck I've used it since I got my PSP-1001

now, lets just stop this before it gets worse

a hello world will only pop up if somebody programs it to. this is just to show a possible exploitable error in the sony firmware code. So a hello world means just about nothing, other then to prove it can be exploited. And sony obviously did not code the firmware to display hello world whenever an exploit is found. And its not "pirates" who hack the console. The sole reason the console is hacked is to give people the ability to do as they choose with their hardware. I have a hacked psp, and i dont pirate games, i simply use iso's of games i already own (carrying around UMD's is a pain) and emulating games i already own. Therefore you clearly have no clue what you are talking about, so please refrain from posting about things you arent experienced in in the future.

exactly, a hello world shows theres a real exploit there, i can phase the voltage on my psp and get it to whitescreen, doent mean i can turn around and run super nintendo on it, just like i can bluescreen windows, doesnt mean i can magically hit enter 3 times and run mac os programs on it

also if you hadnt had your head up your ass for the last year and a half, MOST developers have sited custom firmwares and piracy linked together of why they are not making games for the psp

i suggest you take your own advice, and not post about stuff you dont know about

i agree with the person you quoted, so what you crashed a psp, show that the unlock codes are still in memory, show a hello world, then you might have something more than passing bad bits tru a tiff or a corrupted save file that does nothing



yes, agreed. as long as a pandora battery like item doesnt come out in the near future, they should have a good grip on homebrew and piracy.

they already have, almost instantly after the 3000 came out, same thing, doesnt DO anything other than put the psp into service mode, without the software, even a simple hello world, its worthless

Whoa, totally off topic guys, lets keep it to the topic.

Finally an exploit has come out, its time to put all those 3000 owners out of misery.

I agree with you wally 3000 owners need to be pulled out of their misery

my gripshift hunting ended up pretty bad, as the only copy I've seen is in the hands of that awful MF that moded my PS2 and he wants around 34 bucks for it not even knowing there might be a exploit for it. Ignorance is bliss, and it really sucks

I shall continue my quest tomorrow as the flea market runs every sunday, happy new year to everyone BTW.

edit: I knew there were some savegame exploits that were nerver released, and they're maybe our last chance to run homebrew on the 3000

Whoa, totally off topic guys, lets keep it to the topic.

Finally an exploit has come out, its time to put all those 3000 owners out of misery.

we should leave psp 3000 owners alone, seriously. Do we really need more people downloading isos? Its bad enough as it is already. I really really want to see the psp pick up already.

Yea i read that on the PSPUPDATES.com webpage this morning. I immediately sent a email to sony to tell them about it and they should keep an eye on this new exploit. Really dont want to see the psp 3000 hacked leading to more piracy.
I hate you, sorry I just do. In my opinion the PSP is finished. Ready at Dawn packed up their bags and left and so are other developers. Only thing left for it is homebrew, so I'm glad people are finding more ways to use it. For people saying this is useless, it isn't. If you find something like this that crashes the system then you can code something to launch when it crashes, so this is very useful. I just don't know if this is legit or if that game exploit is.

Here it is "hello world" all thanks to freeplay's mod of MaTiAz exploit.

ZsJrdLqznOA

http://elementfx0.com/img/gx.bmp

Sorry, my camera sucks :(

now this is something awesome :)

I hate you, sorry I just do. In my opinion the PSP is finished. Ready at Dawn packed up their bags and left and so are other developers. Only thing left for it is homebrew, so I'm glad people are finding more ways to use it. For people saying this is useless, it isn't. If you find something like this that crashes the system then you can code something to launch when it crashes, so this is very useful. I just don't know if this is legit or if that game exploit is.

The psp is tumbling over not because it is a bad system, but because a lot of people are using their psp for the wrong things. And by a lot....i mean go look up some numbers on the net and see how many times a certain game is downloaded..sickening. While home brew is ok, questionable, but ok.. having the ability to download psp isos isnt. This is a big reason why the system is heading in a bad direction and has been for the last couple years. So no, hombrew aint the last option for keeping the psp alive, that's stupid. I didnt pay 150, nor did thousands of other people, for a system that plays 10 year old games =/.... People actually want to play legit and good PSP games.

We need a psp that cant be hacked so that developers go "Hey...the new psps have sold well, and they cant be hacked....lets actually put time and love into a new game that people will ACTUALLY buy!". We already have a nice homebrew community as it is...lets leave it like that. Now we need a nice community of psp game developers that can happen if they see the psp progressing and not getting any CFW in new systems. Im looking at you PSP-3000.

I hate you, sorry I just do. In my opinion the PSP is finished. Ready at Dawn packed up their bags and left and so are other developers. Only thing left for it is homebrew, so I'm glad people are finding more ways to use it. For people saying this is useless, it isn't. If you find something like this that crashes the system then you can code something to launch when it crashes, so this is very useful. I just don't know if this is legit or if that game exploit is.
Actually, Ready At Dawn have publicly stated that they believe they were too hasty in making this statement and may produce future PSP projects.

I will get a PSP 3000 tomorrow, its only a matter of time for homebrew. Let the good old days of cat and mouse with firmware and exploits begin.


"Hey...the new psps have sold well, and they cant be hacked....lets actually put time and love into a new game that people will ACTUALLY buy!".

How long would it take to make a decent game? 2 years? So if they decided to do that now it will be released in 2011? You honestly think PSP will still be going or there wont be a PSP2 by then?

The PSP is a wondeful machine for homebrew, but its run its course. I cant even think of the last time i actually played a PSP game in it.

The Nintendo Ds home brew scene is in many ways just as piracy inviting. It cost a little more but in the end piracy is piracy and has been around since the days of the IIe and Amiga with kids swapping disks in the lunchroom, or downloading on private BBS's. Yes I am saying that piracy is a non issue.

Another point is that Sony obviously underestimated the capabilities of the PSP. I doesn't need to be a cell phone, but many of the homebrew products I subscribe to are PDA based as well as even the WiFi Furikup.

Games stopped coming out because Sony asked more of the developers in the way of content and quality.

For as good as the PSP is, Sony's failure to have a innovative gimmick is what is killing them.

Sony really needs to add a second analog as well as a keboard, maybe a touch screen, maybe an even larger screen that can be divided into two normal aspect screens. Something anything.

I will get a PSP 3000 tomorrow, its only a matter of time for homebrew. Let the good old days of cat and mouse with firmware and exploits begin.



How long would it take to make a decent game? 2 years? So if they decided to do that now it will be released in 2011? You honestly think PSP will still be going or there wont be a PSP2 by then?

Like a movie, a good game doesn't need that much time to be made. You simply need a good idea and a good team to work around it. There are cult movies that have been shoot in a weekend and crappy ones in years.



The PSP is a wondeful machine for homebrew, but its run its course. I cant even think of the last time i actually played a PSP game in it.

Then the pandora will arrive and beat the psp in every aspect of this, retro-gaming.. How it has come to this ? The homebrew scene killed none directly the psp. Iso playback shouldn't have been able trough custom firmware from the beginning. Honestly, how many use it legally? How many use iso's of UMD games that they own? They are marginal, negligible.

It is hard for me to buy the argument that pirates are killing the PSP. I think it is because of weak support from Sony North America.
I say this because of 2 main reasons.
1. The piracy scene on the NDS is WAY worse than on the PSP. There is a whole industry build around the DS "flash cards". While piracy is never good for any platform, I don't see people saying it is killing the DS.

2. PSP games CAN sell games in the millions in both the US and Japan.
Japan:
http://blog.wired.com/games/2008/08/psp-sales-top-1.html
North America:
http://www.gamasutra.com/php-bin/news_index.php?story=21247

In Japan, games like Dissidia: Final Fantasy and Monster Hunter 2 sell almost 500K copies the first week they are out! Now that is excitement!
What do we get over here in the US? A small handful of weak games released for the 2008 Christmas season and no excitement.

So, what do I think needs to be done?
Well, the old saying "content is king" is of course correct. We need more good games and steady stream of games released during the year. Sony needs to help the developers in order to get them to invest in the platform. Once again, I scratch my head here. I mean, they have all the pieces to distribute the software completely online through the PlayStation Store online. It can't be hard for a developer to build for the PSP.
Here is the fix that I wish they would do. Build cross platform development tools for the PS3 and the PSP. Make it easy to build images for either platform from a common code base. Dollars invested here will pay off big time in the long run. Go ahead and give the PSP tools away to anyone that wants to develop for the PS3. Build your game for the PS3, and the hard work is done, and since distribution could (but does not have to be) done online, you would not have huge costs getting the game out.
I am still trying to understand why Sony released the 3000, unless it costs much less for them to produce than the 2000. I don’t think your normal consumer cares one way or the other about which platform they bought. In fact, all of the PSP displays I have seen in stores still use PSP-1000s as the actual PSPs that you can hold in your hands and play.

I love the PSP and I want to see it do well. The hardware is still super, even 3 years after its release. And to be honest, I find that I still play the PSP more than I play my PS3 or 360. The consoles are great, but it is nice to be able to play a game while I watch the football game on the TV!

Let us do what we want with our console. I've only gotten ISOs of games from Japan. I'll buy them when they localize them.

I think they just need to make a Devkit like the iTunes store. Granted emulators wouldn't be supported, but there would be at least a given venue for homebrew.

If you tell them they can't, they will just to prove you wrong.

Maybe Sony should go fund the Pandora project, we'll all buy Pandoras and leave their PSP alone.

Here it is "hello world" all thanks to freeplay's mod of MaTiAz exploit.

Sorry, my camera sucks :(

now theres something to be excited about

this is great for the psp scene

Let us do what we want with our console. I've only gotten ISOs of games from Japan. I'll buy them when they localize them.



BIG FAT FAIL

PSP games are NOT region locked, only movies are. I own Japanese UMDs and they play fine on a US PSP.

Try again for another lame excuse... PIRATE!

But more on topic, the UMD format is Killing the PSP, not Pirating. Nintendo DS is the #1 example and you can't argue with that.

BIG FAT FAIL

PSP games are NOT region locked, only movies are. I own Japanese UMDs and they play fine on a US PSP.

Try again for another lame excuse... PIRATE!

It should come to your mind that japanese games are in japanese...you can understand localization as "translation" here.

People who say piracy is killing the PSP should cross-reference their bulls**** with the DS figures. As it's been said, the Nintendo DS has far more piracy issues and yet nobody's complaining about piracy killing it...
In Akihabara you can find a R4 for the nintendo DS in less than 10 minutes. Finding a pandora battery, on the other hand, is a sport.
Also, alek frequently publishes figures of people connecting to PSN with CFW. The numbers represent something like 1% of the total...

Back to the topic, people are making a confusion between the Gripshift exploit and my poor attempt at working on libtiff. More details on LAN.st, but so far this libtiff crash, despite being completely legit, leads nowhere. There is a possibility of a buffer underflow but it hasn't been worked on yet.