Advertising (This ad goes away for registered users. You can Login or Register)

is my game exploitable?

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Kees90
Posts: 79
Joined: Sat Oct 20, 2012 6:09 pm
Location: In Unity 3D

is my game exploitable?

Post by Kees90 »

Hello people i was trying to crash some games a i found one i only need to know if i can do something whit it



IMAGE DELETED SORRY THE NAME OF THE GAME WAS IN IT.....



Greetings kees90
Advertising
Last edited by Kees90 on Sat Nov 03, 2012 6:52 pm, edited 3 times in total.
PS vita:Cfw 1.81 Urbanix Exploit by Coldbird
Psp 3003: 6,60 LME-1,4
Psp 2000: 6,60 LME-1,4
Trying to make my game called "Zombie" Dead
noname120
Developer
Posts: 777
Joined: Thu Oct 07, 2010 4:29 pm

Re: is my game exploitable?

Post by noname120 »

REMOVE THE IMAGE: IT CONTAINS THE NAME OF THE GAME!!!

You got control over a0, s0 and s1.
Can you type this in the console and paste the result?

Code: Select all

disasm 0x08806734 100
Also, this is not in the right category: a mod should move it in 'Security'.
Advertising
Funny stuff
<yifanlu> I enjoy being loud and obnoxious
<yifanlu> rooting an android is like getting a hooker pregnant
<xerpi> I sometimes think I should leave all this stressing **** and be a farmer instead
Kees90
Posts: 79
Joined: Sat Oct 20, 2012 6:09 pm
Location: In Unity 3D

Re: is my game exploitable?

Post by Kees90 »

i can do that command this is what i get
Pic2.png
Pic2.png (105.44 KiB) Viewed 2521 times
Greetings kees90
Last edited by Kees90 on Sat Nov 03, 2012 6:40 pm, edited 1 time in total.
PS vita:Cfw 1.81 Urbanix Exploit by Coldbird
Psp 3003: 6,60 LME-1,4
Psp 2000: 6,60 LME-1,4
Trying to make my game called "Zombie" Dead
noname120
Developer
Posts: 777
Joined: Thu Oct 07, 2010 4:29 pm

Re: is my game exploitable?

Post by noname120 »

Please do a copy/paste, that's a lot better than an image.
Funny stuff
<yifanlu> I enjoy being loud and obnoxious
<yifanlu> rooting an android is like getting a hooker pregnant
<xerpi> I sometimes think I should leave all this stressing **** and be a farmer instead
Kees90
Posts: 79
Joined: Sat Oct 20, 2012 6:09 pm
Location: In Unity 3D

Re: is my game exploitable?

Post by Kees90 »

how can i copy or paste it?

Greetings kees90
PS vita:Cfw 1.81 Urbanix Exploit by Coldbird
Psp 3003: 6,60 LME-1,4
Psp 2000: 6,60 LME-1,4
Trying to make my game called "Zombie" Dead
noname120
Developer
Posts: 777
Joined: Thu Oct 07, 2010 4:29 pm

Re: is my game exploitable?

Post by noname120 »

Right click in the cmd window, then select all and copy.
Funny stuff
<yifanlu> I enjoy being loud and obnoxious
<yifanlu> rooting an android is like getting a hooker pregnant
<xerpi> I sometimes think I should leave all this stressing **** and be a farmer instead
Kees90
Posts: 79
Joined: Sat Oct 20, 2012 6:09 pm
Location: In Unity 3D

Re: is my game exploitable?

Post by Kees90 »

i cant do that

Greetings kees90
PS vita:Cfw 1.81 Urbanix Exploit by Coldbird
Psp 3003: 6,60 LME-1,4
Psp 2000: 6,60 LME-1,4
Trying to make my game called "Zombie" Dead
Kees90
Posts: 79
Joined: Sat Oct 20, 2012 6:09 pm
Location: In Unity 3D

Re: is my game exploitable?

Post by Kees90 »

like this i found the way

Code: Select all

host0:/> disasm 0x08806734 100
0x08806734: 0x8E220300 '..".' - lw         $v0, 768($s1)
0x08806738: 0x2442FFA9 '..B$' - addiu      $v0, $v0, -87
0x0880673C: 0x2C420005 '..B,' - sltiu      $v0, $v0, 5
0x08806740: 0x10400018 '..@.' - beqz       $v0, 0x088067A4
0x08806744: 0x00000000 '....' - nop
0x08806748: 0xAFA00000 '....' - sw         $zr, 0($sp)
0x0880674C: 0x1E4000BA '..@.' - bgtz       $s2, 0x08806A38
0x08806750: 0x44801000 '...D' - mtc1       $zr, $fcr2
0x08806754: 0xC62102F4 '..!.' - lwc1       $fpr01, 756($s1)
0x08806758: 0x3C020891 '...<' - lui        $v0, 0x891
0x0880675C: 0x8FBF0028 '(...' - lw         $ra, 40($sp)
0x08806760: 0x46800820 ' ..F' - cvt.s.w    $fpr00, $fpr01
0x08806764: 0xC44133E4 '.3A.' - lwc1       $fpr01, 13284($v0)
0x08806768: 0x3C020891 '...<' - lui        $v0, 0x891
0x0880676C: 0x8FB50024 '$...' - lw         $s5, 36($sp)
0x08806770: 0x46010002 '...F' - mul.s      $fpr00, $fpr00, $fpr01
0x08806774: 0xC44133E8 '.3A.' - lwc1       $fpr01, 13288($v0)
host0:/>
0x0880677C: 0x8FB3001C '....' - lw         $s3, 28($sp)
0x08806780: 0x46020002 '...F' - mul.s      $fpr00, $fpr00, $fpr02
0x08806784: 0x8FB20018 '....' - lw         $s2, 24($sp)
0x08806788: 0x8FB10014 '....' - lw         $s1, 20($sp)
0x0880678C: 0x8FB00010 '....' - lw         $s0, 16($sp)
0x08806790: 0x46010002 '...F' - mul.s      $fpr00, $fpr00, $fpr01
0x08806794: 0x27BD0030 '0..'' - addiu      $sp, $sp, 48
0x08806798: 0x4600000D '...F' - trunc.w.s  $fpr00, $fpr00
0x0880679C: 0x03E00008 '....' - jr         $ra
0x088067A0: 0x44020000 '...D' - mfc1       $v0, $fcr0
0x088067A4: 0x1A40FFEB '..@.' - blez       $s2, 0x08806754
0x088067A8: 0x44801000 '...D' - mtc1       $zr, $fcr2
0x088067AC: 0x0000A021 '!...' - move       $s4, $zr
0x088067B0: 0x00008021 '!...' - move       $s0, $zr
host0:/> copy
Usage: source destination..<' - lui        $s5, 0x892
host0:/> C: 0x240200C2 '...$' - li         $v0, 194
0x088067C0: 0x10A20067 'g...' - beq        $a1, $v0, 0x08806960
0x088067C4: 0x240200C3 '...$' - li         $v0, 195
0x088067C8: 0x10A20070 'p...' - beq        $a1, $v0, 0x0880698C
0x088067CC: 0x240200E2 '...$' - li         $v0, 226
0x088067D0: 0x50A20094 '...P' - beql       $a1, $v0, 0x08806A24
0x088067D4: 0x26050002 '...&' - addiu      $a1, $s0, 2
0x088067D8: 0x24020024 '$..$' - li         $v0, 36
0x088067DC: 0x10C20025 '%...' - beq        $a2, $v0, 0x08806874
0x088067E0: 0x3C020892 '...<' - lui        $v0, 0x892
0x088067E4: 0x2402007E '~..$' - li         $v0, 126
0x088067E8: 0x10C2006E 'n...' - beq        $a2, $v0, 0x088069A4
0x088067EC: 0x2402005E '^..$' - li         $v0, 94
0x088067F0: 0x10C2007C '|...' - beq        $a2, $v0, 0x088069E4
0x088067F4: 0x2402007B '{..$' - li         $v0, 123
0x088067F8: 0x10C2005F '_...' - beq        $a2, $v0, 0x08806978
0x088067FC: 0x3C020892 '...<' - lui        $v0, 0x892
0x08806800: 0x0E201853 'S. .' - jal        0x0880614C
0x08806804: 0x02202021 '!  .' - move       $a0, $s1
0x08806808: 0x00402821 '!(@.' - move       $a1, $v0
0x0880680C: 0x0E2012AD '.. .' - jal        0x08804AB4
0x08806810: 0x02202021 '!  .' - move       $a0, $s1
0x08806814: 0x0282A021 '!...' - addu       $s4, $s4, $v0
0x08806818: 0x26100001 '...&' - addiu      $s0, $s0, 1
0x0880681C: 0x0212102A '*...' - slt        $v0, $s0, $s2
0x08806820: 0x10400027 ''.@.' - beqz       $v0, 0x088068C0
0x08806824: 0x44940000 '...D' - mtc1       $s4, $fcr0
0x08806828: 0x02132021 '! ..' - addu       $a0, $s0, $s3
0x0880682C: 0x80860000 '....' - lb         $a2, 0($a0)
0x08806830: 0x92A286EC '....' - lbu        $v0, -30996($s5)
0x08806834: 0x3C070892 '...<' - lui        $a3, 0x892
0x08806838: 0x1040FFE0 '..@.' - beqz       $v0, 0x088067BC
0x0880683C: 0x30C500FF '...0' - andi       $a1, $a2, 0xFF
0x08806840: 0x3C080892 '...<' - lui        $t0, 0x892
0x08806844: 0x8D0386E8 '....' - lw         $v1, -31000($t0)
0x08806848: 0x24020002 '...$' - li         $v0, 2
0x0880684C: 0x1062003B ';.b.' - beq        $v1, $v0, 0x0880693C
0x08806850: 0xA0E086EC '....' - sb         $zr, -30996($a3)
0x08806854: 0x24020003 '...$' - li         $v0, 3
0x08806858: 0x1062002E '..b.' - beq        $v1, $v0, 0x08806914
0x0880685C: 0x24A3FF80 '...$' - addiu      $v1, $a1, -128
0x08806860: 0xAD0086E8 '....' - sw         $zr, -31000($t0)
0x08806864: 0x24020024 '$..$' - li         $v0, 36
0x08806868: 0x14C2FFDF '....' - bne        $a2, $v0, 0x088067E8
0x0880686C: 0x2402007E '~..$' - li         $v0, 126
0x08806870: 0x3C020892 '...<' - lui        $v0, 0x892
0x08806874: 0x8C437A9C '.zC.' - lw         $v1, 31388($v0)
0x08806878: 0x3C020890 '...<' - lui        $v0, 0x890
0x0880687C: 0x244203C0 '..B$' - addiu      $v0, $v0, 960
0x08806880: 0x00031880 '....' - sll        $v1, $v1, 2
0x08806884: 0x00621821 '!.b.' - addu       $v1, $v1, $v0
0x08806888: 0x8C650000 '..e.' - lw         $a1, 0($v1)
0x0880688C: 0x3C020892 '...<' - lui        $v0, 0x892
0x08806890: 0x244286F8 '..B$' - addiu      $v0, $v0, -30984
0x08806894: 0x00052880 '.(..' - sll        $a1, $a1, 2
0x08806898: 0x00A22821 '!(..' - addu       $a1, $a1, $v0
0x0880689C: 0x8CA40000 '....' - lw         $a0, 0($a1)
0x088068A0: 0x24050002 '...$' - li         $a1, 2
0x088068A4: 0x0E2012AD '.. .' - jal        0x08804AB4
0x088068A8: 0x26100001 '...&' - addiu      $s0, $s0, 1
0x088068AC: 0x0282A021 '!...' - addu       $s4, $s4, $v0
0x088068B0: 0x0212102A '*...' - slt        $v0, $s0, $s2
0x088068B4: 0x1440FFDD '..@.' - bnez       $v0, 0x0880682C
0x088068B8: 0x02132021 '! ..' - addu       $a0, $s0, $s3
0x088068BC: 0x44940000 '...D' - mtc1       $s4, $fcr0
0x088068C0: 0xC62102F4 '..!.' - lwc1       $fpr01, 756($s1)
host0:/>
Greetings kees90
Last edited by Acid_Snake on Wed Dec 19, 2012 11:03 pm, edited 1 time in total.
Reason: placed code tags
PS vita:Cfw 1.81 Urbanix Exploit by Coldbird
Psp 3003: 6,60 LME-1,4
Psp 2000: 6,60 LME-1,4
Trying to make my game called "Zombie" Dead
SifJar
Posts: 251
Joined: Tue Jan 11, 2011 10:19 pm

Re: is my game exploitable?

Post by SifJar »

For future record, it helps if you put it in

Code: Select all

[code]
[/code] tags (makes it easier to read), but don't worry about that.

It doesn't look exploitable to me, the registers you have influence over aren't used in any useful instructions by the looks of things. One possibility you could try is making $s1 a valid memory address. The reason it crashes with your current value is because it is trying to read from an address in memory that does not exist. If you make it read from an address that does exist, you may be able to make execution continue a bit further, possibly leading to a second crash, and it's possible that one could maybe be exploitable.

Having said all this, I'm no expert in the matter. It could be that what you have there is already exploitable.

EDIT: For the record, anything after this line won't be run:

Code: Select all

0x0880679C: 0x03E00008 '....' - jr $ra
At this point it jumps to the return address. So all the stuff after that can be ignored.
Kees90
Posts: 79
Joined: Sat Oct 20, 2012 6:09 pm
Location: In Unity 3D

Re: is my game exploitable?

Post by Kees90 »

Thank you but how can imake that iknow alittle bit scripting things but not soo muc you know some good tuts

Greetings Kees90
PS vita:Cfw 1.81 Urbanix Exploit by Coldbird
Psp 3003: 6,60 LME-1,4
Psp 2000: 6,60 LME-1,4
Trying to make my game called "Zombie" Dead
Post Reply

Return to “Programming and Security”