Crazy hacks #1 – What do you mean I have to die to hack my PSP?
Wait, don’t go! I’m not talking about real life murder here, just read along…
Crazy Hacks – What’s this all about?
In this new series of articles, we’ll be discussing imaginative hacks for various consoles and devices. Some became instantly popular at the time of their release, others were a bit obscure or got forgotten with time, but all of them were really crazy in this writer’s humble opinion. From “It’s so dumb it can’t possibly work” to “wait, how did they even think of that?” and everything in between, we hope you’ll enjoy this series.
A PSP Hack in which you have to die to get the goods
The year is 2009. The cat and mouse war has been raging between Sony and hackers. Sony just released Firmware 5.51, patching yet another exploit used by the Homebrew community to run unofficial games and tools.
Sure, all PSP-1000 models (the original “phat” PSP) are hackable in perpetuity thanks to the Pandora Battery. But newer models such as the PSP-2000, the PSP-3000, and the upcoming PSP Go all need software vulnerabilities in order to be hacked. It’s a never-ending struggle for the scene to find new ways to hack the console.
Some of these vulnerabilities can be found in the image processing libraries of the console (libtiff was a favorite of hackers back when consoles didn’t ship with Webkit), or in videogames, where injecting malicious data into save files could trigger buffer overflows to trick the device.
The most typical way to modify a game save file was to hijack a variable that most game developers didn’t bother to check for boundaries: the player’s name. Typically, the UI of a game would prevent you from entering, say, more than 8 characters for your name, but by manually editing the save file, one could enter much longer strings as the player name. This string would then often overflow into other variables of the code, allowing to take control of the execution pointer when done properly.
This is where hacker kgsws comes into the picture, with a very particular way to trigger such a buffer overflow exploit. You could hack your console alright, but you’d have to die first. We’re not talking about signing a deal with the devil, though.
The hacker created a typical “player name buffer overflow” exploit, but the exploit would only trigger when the game attempted to display your name. In Medal Of Honor Heroes, the easiest way to get the game to display your name on screen, was to die.
And this is how, in order to run this exploit, you’d have to nicely throw a grenade at your feet, and wait for it to blow you up.
The Medal of Honor Heroes exploit was used as the “base” for the creation of Half-Byte Loader, a popular Homebrew loader for the PSP. Before that Homebrew Loader was fully functional though, the exploit was replaced by the much more convenient Patapon 2 exploit, which used a similar buffer overflow vulnerability in a Demo, meaning the game was free, easy to find, and therefore a much better entry point than Medal Of Honor heroes.
PSP Medal Of honor Heroes – Where are they now?
Buffer Overflows in PSP games became such a prevalent way to hack the console in its late days (and the early days of the PS Vita) that at one point, a hacking team leaked 50 of them after an internal argument.
The MOHH hack itself never became widely used, having been replaced by more convenient options before it became really useful, but it certainly was one of the most shocking ways to trigger an exploit on the PSP!
kgsws remained active in the hacking community for years after this release. He became the first hacker to sign PSP Homebrews (allowing unofficial code to run on non-modified consoles),then more recently worked on the Nintendo Switch and also ported Doom to… Doom!
More from the “Crazy Hacks” Series
If you enjoyed this article, please check all articles in the series:
- Crazy hacks #1 – What do you mean I have to die to hack my PSP? (PSP)
- Crazy hacks #2 – Drill a hole in your chip and find out (XBox 360)
- Crazy Hacks #3: How 3 of Nintendo’s consoles got defeated by everyday-life household items (Wii, 3DS, Nintendo Switch)
- Crazy Hacks #4: When the PS3 was so weak you could even hack it with a Ham and Cheese sandwich (PS3)
What other crazy hacks have you witnessed? Let us know in the comments!
There was any case of string format attack?
This a pretty cool idea for the series for sure. Waiting for more 🙂
dies irae dies illa
Firstus Masters.
Great article, bring more of it to us.
I remember old days PS Vita hack with mail trick, that allowed to modify system…
Mon, I genuinely love this blog. You know how to keep us engaged, thanks a bunch. Loving this series.