How to avoid two crashes?

[Acid_Snake]

hey all, I've been working various games to generate crashes, recently I came across a game with two consecutive crashes, the crashes themselves don't appear to be of any use, but I want to know how to deal with such a thing.
This is the first crash:

Code: Select all

Exception - Bus error (data)
Thread ID - -spoof-
Th Name   - -spoof-
Module ID - -spoof-
Mod Name  - mcp
EPC       - 0x08806850
Cause     - 0x1000001C
BadVAddr  - 0x8E0995A4
Status    - 0x60088613
zr:0x00000000 at:0xDEADBEEF v0:0x61616161 v1:0x00080000
a0:0x69ED7161 a1:0x088C1000 a2:0xDEADBEEF a3:0xDEADBEEF
t0:0xDEADBEEF t1:0xDEADBEEF t2:0xDEADBEEF t3:0xDEADBEEF
t4:0xDEADBEEF t5:0xDEADBEEF t6:0xDEADBEEF t7:0xDEADBEEF
s0:0x00000004 s1:0x08840000 s2:0x00000005 s3:0x08840000
s4:0x08840000 s5:0x088C1000 s6:0xDEADBEEF s7:0xDEADBEEF
t8:0xDEADBEEF t9:0xDEADBEEF k0:0x09FFFB00 k1:0x00000000
gp:0x0885C010 sp:0x09FFF610 fp:0x09FFFA90 ra:0x0880699C
0x08806850: 0x90821EE0 '....' - lbu        $v0, 7904($a0)

As you can see I have full control over $v0. The other crash happens seconds later:

Code: Select all

Exception - Address load/inst fetch
Thread ID - -spoof-
Th Name   - -spoof-
Module ID - -spoof-
Mod Name  - mcp
EPC       - 0x08807638
Cause     - 0x10000010
BadVAddr  - 0x8E0995A4
Status    - 0x00088613
zr:0x00000000 at:0xDEADBEEF v0:0x00000001 v1:0x00000000
a0:0x8E0995A4 a1:0x08841020 a2:0xDEADBEEF a3:0xDEADBEEF
t0:0xDEADBEEF t1:0xDEADBEEF t2:0xDEADBEEF t3:0xDEADBEEF
t4:0xDEADBEEF t5:0xDEADBEEF t6:0xDEADBEEF t7:0xDEADBEEF
s0:0x08840000 s1:0xDEADBEEF s2:0xDEADBEEF s3:0xDEADBEEF
s4:0xDEADBEEF s5:0xDEADBEEF s6:0xDEADBEEF s7:0xDEADBEEF
t8:0xDEADBEEF t9:0xDEADBEEF k0:0x09FCDB00 k1:0x00000000
gp:0x0885C010 sp:0x09FCDAA0 fp:0x09FCDAC0 ra:0x0880761C
0x08807638: 0x8C900000 '....' - lw         $s0, 0($a0)

Again: I don't what to know if these are exploitable, I want to know how to prevent this.

[frostegater]

1 crash: try to skip error in useless instruction. Change $v0 to right value for first arg of lbu instruction.
2 crash: useless crash, but its overbuf exception. Try to increase string.

P.S. Please spoof Thread ID and Module ID. Sony can read this topic and fix potential exploited games.

[Acid_Snake]

Change $v0 to right value

I'll try that

2 crash: useless crash

I know

Try to increase string.

I didn't crashed it this way, I just replaced all data in SDDATA.BIN to random stuff:

Code: Select all

import random, os, sys
size = int(os.path.getsize("SDDATA.BIN"))
letters = "qwertyuiopasdfghjklzxcvbnmñQWERTYUIOPASDFGHJKLZXCVBNMÑ1234567890!$%&/()=?¿<>,.;:-_Ç*+"*size
open("SDDATA.BIN","wb").write("".join(random.sample(letters, size)))
print "Random data injected"

Is this a bad approach?

[frostegater]

I just replaced all data in SDDATA.BIN to random stuff

It's bad idea.
Recommend to use the SED. The SGDeemer can prevent normally result of crash.