… this little devil of a Firmware patched again some (at least 2) usermode exploits. This time two games were patched, one that wasn’t used at all, it just functioned as a hello world, and one game, that might got leaked some weeks ago. But what about our kernel mode relase and TN-V4? Well …
My friend Jd8531 just wrote an article, that the new Firmware 3.00 will be released very soon, and there it is.
The PS Vita Firmware 3.00 is now LIVE (In the USA and Europe atleast), and adds a bunch of new functions and stuff. Let’s take a look at it.
For those of you still interested in the PlayStation 2, and use the Softmod known as FMCB (Free McBoot) this will come of great interest to you as FMCB has received a huge overhaul from developer SP193.
For those of you who do not know, FMCB is a softmod for the PS2 that allows one to run homebrew applications (including but not limited to various loaders, ftp clients and emulators) and play backups of their games through either a disc based medium* or through a HDDLoader. It’s best asset however comes from the fact that it’s installed on the memory card so once installed it’s available on most PS2 consoles – in essence, you’ve hacked “every” PS2 console you’ve come into contact with. Furthermore, if your friend wants to have it you can place it on their card using your own.
Now here’s a strange turn of events. After all that complaining about the DRM and enforced internet connection, there is now a petition to actually bring back the ridiculous policies that Microsoft had planned to release on the Xbox One.
In my previous article on Charles Proxy many people have been stating that Fiddler 2 is free, and asking for guides regarding that. As I have had time to look into Fiddler, I thought I’d write a quick tutorial for those who wish to use this as an alternative to Charles.
Since the latest firmware is now out, that seemingly leaves us without PSN or any form of Online gaming which does take some of the fun out of the Vita, and with all the Sales and free games coming from Sony at the moment it’s horrible that if you wish to keep your exploit then you have to update, right? Wrong. There is a simple way around this by using a Proxy server.
(Note from Wololo: this was posted a while ago, but we wanted to contact YifanLu to make sure he was ok with us copying the article, and sadly we dropped the ball, with Christmas and everything… but we finally got through! ) A few days back YifanLu posted an entry to his blog explaining where UVL is now, and also speculating on some of the software and system security. For those of you wondering about the current state of this project, or why hacking a console takes such a long period, then it’s most certainly worth reading. It’s rather a long read, but most certainly worth it for those of you with the patience to do so.
Note from Wololo, a bit of context on this article: if you’re running a CFW on your 6.60 PSP such as Pro CFW, you are regularly using the 6.60 kxploit without knowing it. The vulnerability was exploited and released by developers Davee and some1, about a year ago, and pro CFW relies on it. Today jigsaw gives a full explanation of the inner working of this exploit.
660 kxploit is within ifhandle.pfx, which is the PSP port of mbuf. mbuf is the basic unit of memory management for network packets and socket buffers. It’s originated from BSD, and is widely adopted by commercial products due to BSD license. ifhandle is obviously ported from FreeBSD 4 release with slight changes. Some routines of ifhandle are 100% duplication of original mbuf code. Read the rest of this entry »
Let me explain: if an exploit is found (and revealed) in a Game on the PSP, Sony will simply remove the game temporarily from the PSN Store, and it will be available again only if the game’s developers fix the issue. So the only people who will be able to benefit the exploit will be those who downloaded the game from the PSN Store before the exploit was made public. (unless you didn’t know, the PSPGo has no UMD drive, and therefore all games for this machine must be bought on the PSN)
Yep, that’s not cool, and it explains why Freeplay doesn’t want to make the recent hack of the PSP Go public (the exploit is still useful for hackers as it allows to run unsigned code on the PSPGo, and therefore analyze its firmware more precisely). It also explains why we should now be looking for vulnerabilities in the PSP Firmware (such as the laughman tiff exploit that led to chickHEN a few months ago) rather than games.
In this article I will explain how to monitor the PSP Menu with PSPLink. If you haven’t read my previous post on savegames exploits, I suggest you do it, as it is a nice introduction to PSP exploits. Disclaimer: I’m not the best PSPLink user in the world, so this article might be incomplete on some parts.
Imagine you have a file that crashes your PSP. It can be a video file, an mp3, an image, etc… (I will explain later how you can find or create these files). How would you tell if it can become an exploit or not? Well, as usual, the answer is clear: PSPLink.
PSPLink is a very usueful tool to analyze the Ram of the PSP. If you don’t have it yet, google for it. I personally have the version included with the minimalist PSPSDK.
PSPLink has two parts of interest for this: one that goes on the PSP (basically, an EBOOT, as most homebrews), and two executables that run on the PC (they will display the information sent by the PSP to the PC).
Once you have installed PSPLink on your PSP and plugged your PSP to your computer with a USB cable, open 2 command-line windows, in which you will run respectively usbhostfs_pc and pspsh.
When this is done, you can run the PSPLink EBOOT on your PSP. If everything goes well, pspsh on your computer will display “host0:/” and usbhostfs will say “Connected to Device”. It should look like this:
If you need more information on PSPLink, google for it.
Running the XMB/VSH
Now that’s the interesting part. If you’re a developer, you might know how to run your homebrews’ prx files from there. But how can you access the PSP Menu? Well that’s actually very easy, as you only need to type the two following commands in pspsh:
And that’s it! Let me tell you, it is way easier than doing it for savegames, as no plugins are required.
When the crash occurs, pspsh should display the current state of the registers, and lots of useful information.
From here, what you need is MIPS assembly knowledge, and lots of patience. But I can’t teach you that . For the basics, you can still read my article on Savegames, as we are looking for the exact same thing: a way to overwrite $ra
By the way, you need a hacked PSP to run PSPLink, so don’t try this on Official Firmwares.
Do you shop at Amazon?
If you like my work and are an Amazon shopper, please consider using the links below. It won’t cost you anything more, and I will get a small percentage of the sales.
Thanks for your support!