Finding gamesaves exploits on the PSP

wololo

We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

You may also like...

100 Responses

  1. Fadl says:

    wololo i saw you are using xvi32 can this program modify save games or you used it for explanation only ?? and was patapon exploit discovered that way ??

  2. Query says:

    How exactly does Savegame deemer work? Everytime I edit the data in my saveplain folder it doesn’t seem to load the edited version, it instead loads the original savedata. Am I supposed to move the content from my saveplain folder to savedata, or just leave it alone in the saveplain folder?

  3. CoOL KiD says:

    @wololo If i find a crash how will i report it to you since i am working on Test Drive Unlimited

  4. Hobo DAni says:

    wololo i think i found something
    see i install 6.31 pro i run the lastest daedalusx64 i press right then left and crashes the psp and says some thing like the phantasy star crashed the exception is bus error (data) pls email me at danielderlio12@yahoo.com if you think i found somethimg

  5. kiddyshaq34 says:

    I found a crash on a game(which that game I cannot reveal because sony will patch it which means we(even me) will get more annoyed)! I crashed it a few times. The very first crash was Bus error: Data and a few frustrations and crashes later, I found a proper crash with ra as 0x61616161! The crash before this crash the ra was 0xFFFF62 which is kind of no use. So now I found a crash in my game, do I actually move on to making a binary loader?

  6. Nickolas says:

    Hi i ran the savegame deemer tool and i now have a decrypted save game i try this method and it crashed how can i reencrypt it so that it runs without the need of savegame deemer?? somebody please help me!!!!!!!!!!

  7. Nickolas says:

    ok nvm i found out how to do it now i need an experienced developer to tell me if this is exploitable : http://wololo.net/talk/viewtopic.php?f=6&t=2607

  8. Hi there Could you tell me precisely what template it is your working with for your site? i have used to use shopperpress to promote acne products however i can not seem to convert my website traffic with it here is a example of an acne product we are advertisingIn case you could sent me contact info to your developer or style company that would be wonderful, ill even pitch in a link for your site for helping me outCheers Anna

  9. dntEat.SmokeMore says:

    to learn how to break WEP/WPA security took me 4 days,but this sounds that gonna takes me a bit longer, looks more advanced.

    anyway great work wololo, unfortunately i was too late to get my copy of motorstorm arctic age on my psv, and i cant run homebrew, but is it any possibility that some demo for psv would have an exploitable vulnerability and build working homebrews with that??

  10. psp says:

    Hey Wololo. I was wondering if it’s possible to exploit the PSP with an mp3 file? I created an mp3 file with a hex editor and was able to crash the PSP, I also modified it to bring up “Buffering…” on the screen and have it stay there, and only on certain modifications that I do it brings up an error. While the PSP is saying “Buffering…” and I press the Home button to go back to the music list in the XMB the two white things that circle eachother on a currently playing song is a fuzzy square instead.

  11. Andre says:

    Did anybody ever tried with the psp games that sony allow to free download when the psn stayed offline almost one month

  12. npissoawsome says:

    I might take a look at this, who knows I’ve been researching C++ and Assembly a lot lately, maybe this will help my skills, and I could contribute to the scene :)

  13. MaxPower007 says:

    Hey Wololo can this be used to find save game exploits also for the PS3?

  14. Hassan says:

    On the ps vita can u put ISO games on it

  15. mannyshame says:

    Ok i have a possible psvita game exploit, everytime a try to do a specific this in the game it crashes, how can i tell if its a possibele exploit, a saved the game to the pc.

  16. ProCyoN says:

    @wololo I have a pspgo with cfw 6.35PRO-B8 and obviously my PSVita. I bought several games on Vita just to play my favorite games on both consoles (originals on Vita though) but now I realized that I might retribute a bit of the joy I got with CFW and that I can take the chance to test a few things like you said using my purchases. I’m a programmer since I was 11yr old, so I quite understand what you explained us and I thought it’s pretty interesting. Am I right if I think you use $ra to point to a compiled routine embedded in the savegame the same way as you put the garbage in the example? I’d like you to guide me a bit to maybe help everybody, even if it’s just a bit ;)

  17. Spot on with this write-up, I truly believe this website needs far more attention. I’ll probably be back again to read more, thanks for the info!

  18. 200C under says:

    Wooooooh!That was a BIG one!I should probably try it.Maybe that could alternatively replace what was called ‘Ninja release’ for which I’m waiting for.

  19. Joe says:

    How do I know if the exploit I found works on PS Vita?

  20. mejakola says:

    Can someone please explain the index.lua file to me?
    I have psplink running and all good then in the readme file it tells how to start luae but I’m missing the index file.
    So I created it in the PC folder for psplink

    My problem is the readme file then says “then have it [index.lua] dotfile, your project script in a project folder somewhere on your pc.
    Idk how to do this and not completely sure I know what that means.

  21. hi wololo!
    I’m trying to find my own exploit and using a PSP will be way better (I gues…) than Vita or jPcSP/PPSSPP
    I wanted to ask: Wich one is better to use nowasays? or all the PSP versions works the same? I mean, does PSP1000 has any advantage over other models? or PSP2000 (since it has 64mb on Ram). Is it different with a PSPGo (AFAIK, system changes a little bit due to PSP Go having features other PSP don’t have)
    Please, i’ll wait for your answer, also, I will post this twice, one of the with a “bad word” so I make sure you’ll see it.
    thanks in advance!

  22. wololo says:

    Nice way of getting my attention, it worked :)
    I’d personally recommend a PSP1000: cheaper, guaranteed compatibility with pandora batteries (which are extremely useful when you start looking for exploits and mess things up), sturdy, and closer to the psp emu within the Vita (32MB, etc…)

  1. March 11, 2009
  2. March 14, 2009
  3. March 15, 2009

    […] Subscribe to feed ‹ Finding gamesaves exploits on the PSP […]

  4. March 27, 2009

    […] original source, that’s why their article is much more close to the real thing than what you said. Original article here Don’t get me wrong, I’m happy you wrote a news about this, but with such biased articles I’m gonna […]

  5. March 30, 2009

    […] of gamesave files and various crash notifications to test with psplink since I’ve published this article on how to look for gamesave exploits. I’m happy to get those, so keep’em coming, but […]

  6. April 13, 2009

    […] I know, my post about vulnerabilities was inspirational, aw, please stop flattering me, it makes me […]

  7. October 10, 2009

    […] described in a previous article how to look for exploits in games on the PSP. But as you may or may not know, the new PSPGo’s business model made game exploits useless […]

  8. October 18, 2009

    […] In this screenshot, the addresses I show you are random (because I already investigated this crash a few months ago and I knew what I was looking for), but in reality what you have to do, rather than randomly browsing the memdump, is to understand where the contents of $a1 come from. This is done by disassembling the code around the address of the crash, and understand (through MIPS assembly) where in Ram it read its content. To disassemble code, use the command disasm. I give a few hints on how to do that in my previous articles. […]

  9. November 9, 2009

    […] said it numerous times, finding crashes is the first step to finding exploits on the PSP (and on other devices as well, by the way. It is just easier on the PSP since we already have lots […]

  10. February 27, 2010

    […] find a user mode exploit, which is done by taking control of the Ram through techniques such as a buffer overflow in a game or crafted images. Imagine that you’ve found such a vulnerability, and have full control of […]

  11. July 29, 2010

    […] […]

  12. September 22, 2010

    […] […]

  13. December 22, 2010

    […] a bajo nivel. Igualmente te dejo un par de tutos de wololo sobre el tema, muy interesantes. http://wololo.net/wagic/2009/03/11/f…ts-on-the-psp/ http://wololo.net/wagic/2010/02/27/w…binary-loader/ Si tienes alguna duda, te la resuelvo por […]

  14. December 18, 2011

    […] on the PS Vita.For those who join this blog for the first time, basically how this works is that a special save data file is crafted for a specific game. When the game is asked to load the save data, through a flaw in the game code we manage to […]

  15. March 31, 2012

    […] updated the main file needed to create the exploit, so the timing is right.This guide assumes that you found a user mode exploit in a game, and that you were able to write a binary loader.So now what’s next? Well, as you probably […]

  16. June 13, 2014

    […] You’ll need a PSP, lots of games, and a few tools. The whole process is described here: Finding Gamesave exploits on the PSP (wow, I wrote this 5 years ago, and it is still very relevant today). I estimate that 10% of PSP […]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding