Datel’s Action Replay: a Dead End for hackers?

wololo

We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

22 Responses

  1. WalangAlam says:

    there goes another hope. hopefully, something will come out with Abigail’s work

  2. cypriotbro says:

    oh well.. too bad. i’d be interested in a commercial homebrew launcher or even something similar to 5.03 gen for ofw…

  3. Bob says:

    Lawl, now official firmware users can cheat on PSN, shame for the OFW users that do not want to cheat

  4. diesel701 says:

    Hi wololo.. is this good? or like I think it’s only a crash?
    http://img237.imageshack.us/img237/5403/psplink.png

    Thanks! ^^

  5. Pulcini0315 says:

    Hi wololo, do you think that the latest image posted from disel701 works for exploit ? tnk write back soon as possible

  6. wololo says:

    diesel701, Pulcini0315: I am not sure. Earlier I replied that “fp” was related to the FPU, but apparently it is the frame pointer. If you can ask psplink what inside this value, and if you can get control of this value, your crash might be exploitable

  7. thanks for the reply wololo, so the crash could be exploited … If you are interested in sending you the file via private message …

  8. diesel701 says:

    Thanks for the reply wololo… I’ve seen the mips code with psplink through “disasm”:
    http://img43.imageshack.us/img43/2866/disasm.png

    As you can seen the problem is $a0, however there is no “jump”, so I think there is nothing to do. or I’m wrong?

    I’ve done two little mods of the file that make this interesting crashes (but I think nothing exploitable):
    http://img268.imageshack.us/img268/5317/psplink2.png
    http://img716.imageshack.us/img716/7365/crash2.png

  9. wololo says:

    diesel701: I see. From your first screenshot, there could be some hope if you have control on $a0. Can you put whatever you want in $a0? If so, you might be able to go further down the execution of the code and maybe reach a point where a jump is done?
    However this looks difficult since apparently there are at least 10 lines or so without any jump…

    Your 2 other screenshots look interesting too, but the question now is, can you “control” the contents of the variables involved, by changing the png file?

  10. wololo, the file is not in PNG but is in TIF and works on fw from 5.03 to 6.20…
    if you interested I send you the file… 😉

  11. diesel701 says:

    Thanks again wololo.
    I have done some test and I can’t handle the value of $a0 and, however, there is no jump after the crash… so I think there is nothing to do with this file.
    Thanks again for your support and time to reply… 🙂

  12. H@lo World says:

    wololo: hi, i´ve seen something interesting in youtube:Someone shows a crash of an tiff image.Can you test the picture with psplink please?
    Here´s the link: http://rapidshare.com/files/341924769/crash.tif.html
    hopefully it is exploitable 🙂

  13. diesel701 says:

    I reply to you (H@lo World): the file is not exploitable because the problem is a “breakpoint”.. nothing to do.. I’m sorry… 😉

  14. H@lo World says:

    That´s bad.If I had known this i wouldn´t have tried to hex edit it.The picture has 2 code lines (0x17A0 – 0x17C0 and 0x2600) which crashes the psp in the hex editor. And this stupid 0xFFFFFFFFF at v0…, but thank u for your answer =)
    Hopefully someone else find an useful exploit 😉

  15. Pulcini0315 says:

    Hi wololo and everyone, I’ve seen this video : http://www.youtube.com/watch?v=6L6K1a0E42A&feature
    WHat do u think ? Could you try to see if it’s just crash or something more ? tnk

  16. H@lo World says:

    Pulcini0315: This is just a crash, and not exploitable, because of a “breakpoint”.We talked about this in this thread already.
    But I think someone else will find an real bufferoverflow, which lead to an Hello World. I´m sorry 🙂

  17. Pulcini0315 says:

    o’ right bye 🙁

  18. Super Sunshines 101 says:

    Frankly, I just got the new datel version yesterday and all i really wanted was the XYZ mod in SMS… But it sucks because i cant add any codes everyone says there is an add new code button but i checked there is no main menu or add new code. Super jumping is pretty fun though.

  19. TobeyDemon says:

    wololo, what cfw r u running on ur psp? i thought u had pro. my lcfw pro b10 6.60 has psn access & theres the psn lover plugin so you can still enjoy psn.

  1. January 15, 2010

    […] original here: Datel’s Action Replay: a Dead End for hackers? Posted in Download PSP Games | Tags: a-side-note, and-download, com-website, eboot, […]

  2. June 1, 2014

    […] You might remember Datel’s PSP 3000 Pandora battery (which turned out to be vaporware) or the action replay on the PSP (which hackers never – publicly – figured out). A game genie on the PS4 could be […]