PSN Game Exploit Project! [For PSP & PSVita]

[FoX]

Hello Devs i'm working on new hbl port.I can controll my crash who want help me? I can give my files to devs THX

This game available on all PSNs.


Image;


Sorry for my english...

Advertising

[fate6]

let me show you a little convo I and yosh had about your crash

[01:58:12 PDT] NoKi: lolz oh there is a guy asking for help on a exploit
[01:58:14 PDT] NoKi: viewtopic.php?f=6&t=12187&p=151249#p151249
[01:59:00 PDT] yosh: oh good
[01:59:06 PDT] yosh: but I have no time for now lol
[01:59:13 PDT] NoKi: is it a good crash ?
[01:59:37 PDT] yosh: ah xD is that really all he has ?
[01:59:40 PDT] yosh: the it's useless lol
[02:00:04 PDT] NoKi: someone should give him the bad news >__<
[02:00:13 PDT] yosh: or at elast doesn't look like he got any control
[02:00:28 PDT] yosh: well maybe he woud be able to exploit that with a lot of luck xD
[02:01:09 PDT] NoKi: hmm I think he is giving away to much info on his thread :/

Advertising

[m0skit0]

What do you mean by "I can control my crash"?

[hippi97]

Here is one game to "Don't try" -list: Sega Rally Revo. It only crashes. No control of registers.

[some1]

First of all, you are not even showing the crash (the delay slot is what is crashing, not the jump).
Second of all, this is C0der-d or w/e.

[m0skit0]

Second of all, this is C0der-d or w/e.

Wow and he still hasn't learn anything? What a waste-of-time guy...

[Yoti]

Second of all, this is C0der-d or w/e.

Fakers must die.

[m0skit0]

Unlocking per n00neimp0rtant's request.

[n00neimp0rtant]

I'm almost positive I know exactly which game he is talking about: I have been working with the same one. The crash posted by OP in the screenshot is NOT the overflow crash; it is a strange side effect that arises from having psplink.prx loaded into memory.

If you overflow a certain field in the save game file and load it, it totally crashes the game (which, by the way, is very very buggy and poorly written) once you go through the main menus and try to start up a game session. HOWEVER, if you have psplink.prx set to load into the game, something happens that the game doesn't like and it crashes out way early, giving that atrac3-related crash you can see in the screenshot. This presents a problem: I know that some vulnerability exists because the doctored gamesave crashes the game, but I cannot get the crashlog using psplink because psplink itself causes a totally unrelated crash, even if you're not trying to load a modified save file. The game is so buggy, it breaks if psplink is loaded into memory, so psplink outputs that good-for-nothing, bogus crashlog in OP's screenshot.

With psplink.prx disabled:
[Game loads] → [Plugins loaded into game] → [Game exec begins] → [Doctored gamesave loads into memory] → [Navigate in-game menus] → [Start session in-game] → [CRASH]

With psplink.prx enabled:
[Game loads] → [plugins (including psplink.prx) loaded into game] → [Game exec begins] → [CRASH]

So here's what I need to know: are there other methods to dump crashes other than PSPLink? Or ways I could modify the gamesave to determine if any critical registers are being overwritten? Or, ideally, suggestions on how I could figure out how/why PSPLink is causing it to crash?

[m0skit0]

PSPLink does not affect the game in any way. The game doesn't even know PSPLink is loaded, since PSPLink PRX is loaded into kernel space and not user space. So PSPLink cannot affect a game execution except if an exception is thrown. So, that's not a bogus crash. PSPLink captures all exceptions, and it seems that, if the game is so buggy, there will be quite a few exceptions thrown, so PSPLink simply captures them. Using gdb you can continue, which means the exception is ignored and you will get your crash. When not using PSPLink only an unrecoverable exception will froze the console.