Anatomy of a cool (undisclosed) kernel exploit

freddy_156

Italian, developer for fun, Android & GNU/Linux user, Microsoft hates me.

You may also like...

43 Responses

  1. BattyCrease says:

    Interesting read, Freddy. Not checking string lengths really should be a fireable offense. ^^

    • Different55 says:

      Don’t say that. The glorious people who allow exploits like this should be praised for making it easy for the devs.

  2. EIREXE says:

    The point on kernel exploits is that they are limited

  3. yosh says:

    “This shows how easy it is to break pspemu security, maybe it’s time to put our resources into something more interesting…”

    Agreed lol, though that’s why it’s so funny xD

  4. yosh says:

    Indeed I just checked and saw it, though it was removed in fw 1.80, only available until 1.67.
    In 1.80 though it doesn’t seem Sony patched it, rather they dummied sceRegRemoveCategory with dummy return values lol so maybe they didn’t even notice this.

  5. wartaf says:

    nice, but i dunno what it is really do :p

  6. Davee says:

    Oh freddy, you don’t give yourself enough credit!

    • yosh says:

      True, nice work freddy

    • SuzieJoeBob says:

      It is still pretty interesting though. Sony didn’t remove the system call, but rather just gave it pre-determined (dummy) return values. If one was able to overwrite this system call with the old one, would the portions of old exploits relating to this system call work yet again???

  7. Adx2 says:

    maybe sony might have done the same mistake in psvita security… my saying is that the key is in the firmware stored in the vita like the psp was hiding but someone discoverd the key and very soon psp was hacked and so if the psvita has the same security and a genius guy finda it the vita might be very hacked soon… ALL IT TAKES A LITTLE PUSH

    • hgoel0974 says:

      same security? Sorry, but no, they do not have the same security.

      • gunblade says:

        still wandering on the vita live screen sony made update in 2.12 think with all the patches sony did since the vitas realse psp xmb with xbox boot sounds cool..i guess would need to get more into the vita side to play with the psp boot screen but did try with ark yet… ark still prety cool..

  8. Adx2 says:

    var is pavit hacked = prompt (“IS PSVITA HACKED”)
    if
    (“psvita is hacked”){
    console.log (“very good”)
    }else{
    console.log (“very bad”)
    {

  9. Vita001 says:

    Time to bring out the vita exploits…

  10. Adx2 says:

    security may nat be the whole same cuz sony is said to be learning from its mistakes … But minor security may be same … we do not know right now waht is same and what,s not lets see it in future when the psvita will be completely hacked then we will se whats same and what not……

    • xoombie503 says:

      all we know is that you need to go back to school, or that you are black.

      • DeathOfChaos says:

        I’ve been contemplating whether to update my TN-V Vita or not and this article really got me thinking about updating, lol. Been tired of not updating my trophies, lol.

      • DeathOfChaos says:

        Pretty racist, but ok…

      • NeonAera says:

        @xoombie503

        Adx2 is just talking Sony’s encryption securities and about the possibilities of hacking the Vita and etc.. So what do you mean go back to school and that racist remark? So what if his spelling and grammar isn’t all that great, this place is not a writing center where everyone’s punctuation has to be right-on all the time. And sometimes people like to use shorter words.. doesn’t mean they need to go back to school.

        So xoombie503 stop being a trolling racist jerk and gtfo man…

        @Adx2

        Don’t take zoombie seriously.. He could just be trolling to try and spark a fire, or just a seriously messed up person in real life that sadly enjoys to curse, hate, bully, and take it out on people hiding behind their computer screen because it’s easier.

        Take care man.

        Anyway nice article, freddy_156.

  11. This is great article but I’m bored with psp emulation. This is history repeating itself. User-mode is great but it is every hard to get a lot of stuff working on it and I’m stuck at 2.10 FW. An like you said Freddy “maybe it’s time to put our resources into something more interesting…” and with all the new Open-source OS’s and ARM development boards. I think you may be right..

  12. Miguel says:

    There is far more development happening with the 3ds side of things versus the vita we need more people to invest time into breaking the security of the vita and actually be able to use the full specs of the vita and not just enough to see it emulate psp stuff :(

  13. Wonderful, I have a 1.67 right now! Sadly I still cant seem to get Open CMA 4.5 to muster on the current vita I have.. Uno still waiting on the ps3 as well… sigh

    • gunblade says:

      looks like u can tweek with ur ps3 i guess was thinking but u need a ps3 with cfw. 1.67 sweet though think the vita iamoncame with 1.80 wich is shity as to the first one i had came brand new n homebrew n outher os ready but i had to update it n not watch youtube first but anyway downgrading the psp was said to go to like 1.51 and 1.50 for japan or sumthing..

  14. DarkenLX says:

    isnt the buffer overflow the same as the stack overflow in windows pc and whatnot?

    • wololo says:

      No. A stack overflow is a specific case of buffer overflow, and none of this is specific to windows vs pc vs psp.

  15. Chuckthetekkie says:

    Nintendo made a similar mistake with Twilight Princess for the Wii where you could edit the save file and make the horse’s name longer than what was allowed and it caused a buffer overflow. Since retail Wii games can’t be updated Nintendo had to patch the bug in the Wii system software by having the system software explicitly check the save file and if the horse’s name was too long it would delete the save file. Although it took Nintendo a few tries to get it right.

    It seems really silly to have a string value and not check to make sure the value is of the right length and if not, do some kind of error. Then again Sony probably outsourced their programmers and don’t pay them enough to check for serious bugs like this.

  16. somthing something something light side says:

    I would really like a actual PSV hack, not for backup games but image the emulating possiblitys i could play Banjo Tooie on it with no lag at all

  17. SSJ-Vita says:

    Go Go Gadget 2035 psv Ecfw!

  18. svenn says:

    Well, saying this string is unchecked and knowing how to use it are two different things; Though this is in no way a proof of the amount of kexploits still in PSP kernel;

  19. gunblade says:

    i still have 2.12 downloaded n ready to install on the vita on 2.06 last i cheack. shity thing would be were u need a vita at like 150 to downgrade a 206 vita last i cheack sony was running the new 2.. on the vita at 1.80 and 2.02

  20. gunblade says:

    i was facebook app need an update…..

  21. nevercall says:

    I hate myself for whenever i see codes, I WANT TO BANG MY HEAD ON THE KEYBOARD and say to myself… WHY DID’nT I KNOW THIS!! Why cant i UNDERSTAND THIS THING!!

    int main(){

    cout << "as of now, this is the only thing i can do and all other arithmetic calculations and some knowledge on variables" << endl;

    return 0;

    }

    I WANT TO LEARN TO CODE.

    • capcomlegend says:

      dont feel bad all I know is su fix_permission in terminal on my android ,makes me look cool when i eat at a dinner with a cute waitress around lol

    • tbh… C and C++ are really horrible and not noob friendly.. I tried coding that in middle school for nds homebrew and it didnt come out too well.

      So I tried with Objective C and learned it relatively much quicker. I think the syntax for Objective C maks more sense and is far more intuitive than that of the older C itself..

  22. Adx2 says:

    @NeonAera thnks for supporting me …

    and

    @xoombie503 are u a grammer teacher u *** ..nAH JST JOIKIG :)

  23. Adx2 says:

    @nevercall
    i think u should visit code.org and u can learn to code..
    i m learning javascript programming on code.org u can learn anything related to coding there its really helpfull

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding