Real! pspjoke’s [insert game name here] buffer overflow exploit

pspjoke and N00b81 were kind enough to contact me regarding the recent game exploit found by pspjoke. As others who’ve been trusted with this information, I swore not to reveal the game’s name  so don’t even ask.

In order to test, I myself created an overflow in a savegame for that game and could confirm the vulnerability (I’m amazed to see that it takes 10 minutes to create that overflow when I spent 3 months crafting mine on the libtiff back in 2009, talk about wasting time :D)

pspjoke2

pspjoke

So, people can stop asking if it’s real or fake, it’s real.

The only question is: will it lead to something useful for users? Maybe, maybe not. N00b81 and pspjoke are actively working on an eLoader (a program that would load homebrews) for this vulnerability, but it is still unclear if this will ever be publicly released.

As usual, it’s not that the devs are selfishly keeping their exploits for themselves, but rather that, as soon as the exploit is made public, the game will be removed from the PSN Store by Sony, making it basically useless. In other words, PSP3000 and TA88v3 owners who can’t enjoy the power of Chickhen may hope for an eLoader in a near future…if they can afford an extensive UMD. PSPGo owners already know that there’s pretty much no hope for them in game exploits, and can try to contact Datel and beg for them to create a signed homebrew Loader, or look for exploits in the firmware itself.

Anyways, as long as no eLoader or HEN is ready for that exploit, knowing the name of the game is useless for most people. People who would have the knowledge to use the information should rather dig their own UMDs and start looking for their own exploits using my awesome guide :)

This post is not to tease people. It’s to confirm that the exploit is real, and if you see people claiming it’s fake, tell them I said it’s real. You can quote me on that :P

  1. WalangAlam’s avatar

    thanks for the quide. I would like to learn that too :D

    Reply

  2. H@lo World’s avatar

    Cool entry wololo,
    but wouldn´t it be better to give an guide how to find/make bufferoverflows in images (i mean with C, C++, Ruby,etc… and where we can can load them into the editor), because there are so many people in this world.I think this will increase our chances and more hope for psp go owners.
    plz correct me if i am wrong =)

    Reply

  3. FrEdDy’s avatar

    Wow…I’ve spent 3 months of my life searching BOF’s in savedata….lol

    Reply

  4. wololo’s avatar

    H@alo World, that’s a good point, but I already have a basic guide here:
    http://wololo.net/wagic/2009/11/08/psp-exploits-finding-crashes-with-fuzzing/

    It’s for mp3, but the basics are the same.
    I’ll try to write something dedicated to images one of these days :)

    Reply

  5. H@lo World’s avatar

    Oh, really?
    This would be great :))
    I´m searching for buffer overflows in libtiff since 4 month , but haven´t found no one( that´s my luck -_-” )
    So hopefully someone else has more luck…

    Reply

  6. Haha lawla’s avatar

    People will still buy this game lol. There are people out there that just post eg “Will this work on GEN-C” even though their question is answered 1 comment down >.>

    My point is that there are stupud people out there that cant do individual work

    Reply

Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>