PSVita Buffer Overflow...?

[n00neimp0rtant]

Does the Vita use ASLR? If so, I can't imagine ANY user-level buffer overflow being of significance without kernel access to disable it.

I have no idea, but Sony would be really dumb not to imho no

https://twitter.com/cmwdotme/status/189549632379035648
https://twitter.com/cmwdotme/status/189553518879834112

(that's the guy who found the original PSP TIFF vulnerability)

[konit_oo]

If that would help you see what I've found (it's PDF)

http://www.arm.com/files/pdf/armcortexa-9processors.pdf

http://en.wikipedia.org/wiki/ARM_Cortex-A9_MPCore (yeah wikipedia, they say that vita uses 4-core Cortex-A9 MPCore)
I had that picture (below) from maybe half year or somehthing like that and I just ca'n't remember which part of vita was it, I'm nearly 100% that it was something for vita but I just can't remember what exactly.


I'm not sure how usefull is this information but as you can see I'm doing it to help you and my point isn't to spam here, so sorry if I'd post info that you already know.

I hope I helped you a bit...

Does vita need hardware hackers for that or it could be done just with software somehow?

oh... and sorry for my English

[wth]

https://twitter.com/cmwdotme/status/189549632379035648
https://twitter.com/cmwdotme/status/189553518879834112

(that's the guy who found the original PSP TIFF vulnerability)

ah looks like good news

[Davee]

Yeah but then there is still XN bit and such, that'd be a pain.

[n00neimp0rtant]

Does vita need hardware hackers for that or it could be done just with software somehow?

I really we need a lead through hardware hacking. The PS3 hacker community has all but resorted to hardware flashing and dumping at this point, and it really seems like the Vita is heading in the same direction. (Which isn't a real problem as long as there are talented, risk-taking hardware hackers in the scene, and the rest of us aren't afraid to get our hands dirty.)

Look at the iPhone: almost every jailbreak released recently has been discovered using already-jailbroken devices. Obviously, vulnerabilities do exist in the system, but without the ability to do things like take a look at the memory layout, it's extremely difficult to exploit them "in the dark."

Sometimes I really wish I was a CoE major instead of CS.

[Davee]

Does vita need hardware hackers for that or it could be done just with software somehow?

I really we need a lead through hardware hacking. The PS3 hacker community has all but resorted to hardware flashing and dumping at this point, and it really seems like the Vita is heading in the same direction. (Which isn't a real problem as long as there are talented, risk-taking hardware hackers in the scene, and the rest of us aren't afraid to get our hands dirty.)

Look at the iPhone: almost every jailbreak released recently has been discovered using already-jailbroken devices. Obviously, vulnerabilities do exist in the system, but without the ability to do things like take a look at the memory layout, it's extremely difficult to exploit them "in the dark."

Sometimes I really wish I was a CoE major instead of CS.

Not necessarily, you just need to think rationally and work slowly with software. It's predictable. Gotta love that EE

[thecobra]

Does vita need hardware hackers for that or it could be done just with software somehow?

I really we need a lead through hardware hacking. The PS3 hacker community has all but resorted to hardware flashing and dumping at this point, and it really seems like the Vita is heading in the same direction. (Which isn't a real problem as long as there are talented, risk-taking hardware hackers in the scene, and the rest of us aren't afraid to get our hands dirty.)

Look at the iPhone: almost every jailbreak released recently has been discovered using already-jailbroken devices. Obviously, vulnerabilities do exist in the system, but without the ability to do things like take a look at the memory layout, it's extremely difficult to exploit them "in the dark."

Sometimes I really wish I was a CoE major instead of CS.

Not necessarily, you just need to think rationally and work slowly with software. It's predictable. Gotta love that EE

Agreed, Gotta love that "NO ASLR"

n00neimp0rtant@ Yeah just read it, i responded.

Does the Vita use ASLR? If so, I can't imagine ANY user-level buffer overflow being of significance without kernel access to disable it.

I have no idea, but Sony would be really dumb not to imho no

lol, i guess Sony is dumb or brilliant, depend on what view you look at it. Anyway, It good news that There no ASLR in it else i don't think my buffer overflow will be exactly the same every-time that i restart the PSVita and test it out. I think tonight i gonna try something to see if i can get data before this strings Because i think maybe Sony read all of these information into those string before showing it to the user since when i try to read this string from another file, it also take no time to load it. Maybe if this work, I could somehow read data in between and other stuff or have some fun and change something lol.

[4ich]

hehe then good luck

[garrei]

Well, if something is comes up but is risky to test, i never use my vita so I dont mind If you would like to test something dangerous on it. I got firmware 1.61 on it still and im keeping it there until there is some sort of breakthrough.

[n00neimp0rtant]

thecobra, why not try playing with format strings? Even though you can't actually see the vita's console/syslog, that doesn't mean you can't try tossing in some %n or %hhn format specifiers to potentially jenk around with the instructions. The past 2 iOS jailbreak untethers (sigcheck patches applied at boot time) use format string vulnerabilities =P