Page 1 of 2 1 2 LastLast
Results 1 to 10 of 15

Thread: Info on 3.50 exploit?

  
  1. #1
    Scotch's Avatar
    Scotch is offline -Hacks Guru
    Join Date
    Jan 2007
    Location
    Strawberry Fields
    Posts
    2,226
    Rep Power
    0

    Default

    I'm curious as to how they found the exploit and how it works. Anyone know?
    I know it overloads a buffer or something but any more info?


  2. #2
    Rich's Avatar
    Rich is offline -Hacks Veteran
    Join Date
    Apr 2007
    Location
    Newcastle, England
    Posts
    1,170
    Rep Power
    68

    Default

    Probably do difficult for us to understand lol. I know I sure wouldnt know what they were talking about if they were to explain it to me, but I'd still like to know.


  3. #3
    Erland is offline -Hacks Enthusiast
    Join Date
    Jan 2007
    Location
    Hell
    Posts
    552
    Rep Power
    13

    Default

    Basically the way a buffer overflow works is this.


    When a program runs it's given or takes a certain area of memory. i don't know how much ram the psp has so for arguments sake we'll say 32 mb. Out of this 32mb there are 32 spaces. the xmb runs in spots 1-12 then the game loads in spots 18 -28. then the save game loads in 13 - 17. when you give it a buffer over flow. you load up more information then the area can handle. so when you load the save game it loads up enough space for 13 - 18 meaning it's now out if it's area writing over the game section. From this point you can make it call or run homebrew just by calling the loading of the homebrew in space 18 when you go to give the game the save game file. Now that you have the homebrew running it's loaded in to spot 29-32 and yo u can put in an exploit into the homebrew making it write to a spot in space 1-12 giving you the kernel exploit. at which point you can dump everything in spots 13 - 28 so you have enough space to run the downgrader.

    This is just a rough explanation only meant for you to get the drift of how a buffer over flow works. So don't quote me on it.
    Modded/Downgraded: Classics:65 | Slims:34 | UnBricked:6

    PSP Classic Black = TA-079v1 - 4.01 M33-2 | PSP Slim Silver = TA-085v1 - 4.01 M33

  4. #4
    almost's Avatar
    almost is offline -Hacks Guru
    Join Date
    Apr 2007
    Location
    Puerto Rico
    Posts
    1,706
    Rep Power
    14

    Default

    wow it actually makes sense thanks Erland for explaining that
    been gone awhile

  5. #5
    spacepig101 is offline -Hacks Guru
    Join Date
    Dec 2006
    Posts
    1,582
    Rep Power
    14

    Default

    LOL Erland that is an ok explaination but not 100% correct.
    Ok the way a buffer overflow works is like this.
    A) The file/data being loaded is expected to be so big lets say 32kb. So the program loadding the data sets up 32kb of ram for it to be loaded into. Now the program FAILS to check how big the file really is so any extra data OVERFLOWS into the ram after the 32kb. Now this ram after the 32kb hasnt been set for the program to use a a variable so now we have unsigned code in the ram to be run. (now one of the following 2 things happens I dont know which it is for the lumines exploit)
    B) There is a thing called a stack. Basicly it is assembly code to be executed aka the program running. Stacks follow the first in last out order. The psp has a pointer (a peice of data that tells it where in ram it is executing) The overflow of data also overwrites the pointer to point to the unsigned code (homebrew enabler in this case) that we want to execute.
    C) OR the overflow starts to overflow and overwrite the lumines program in ram so the psp starts to execute the unsigned code because it thinks it is the lumines game.

    And that is an exploit in a nutshell.

    Click here

    # of noob that delete thier flash0 and wonder y they brick (start on 5/29/07): 2

  6. #6
    pirata nervo is offline Programmer -Hacks Titan
    Join Date
    Mar 2007
    Posts
    5,529
    Rep Power
    18

    Default

    i like the two explanations but knew that, lol.
    Console Addicted - The news about your console, every day!
    Console Addicted Forums

  7. #7
    Erland is offline -Hacks Enthusiast
    Join Date
    Jan 2007
    Location
    Hell
    Posts
    552
    Rep Power
    13

    Default

    Space pig....you explanation was what I was getting at...using the "spaces" I just thought it was easier to explain with out going into kb. A and C is what I explained but I guess I didn't do that good of a job....I didn't know about B....well didn't realize it I"m still a newb at programming so..
    Modded/Downgraded: Classics:65 | Slims:34 | UnBricked:6

    PSP Classic Black = TA-079v1 - 4.01 M33-2 | PSP Slim Silver = TA-085v1 - 4.01 M33

  8. #8
    spacepig101 is offline -Hacks Guru
    Join Date
    Dec 2006
    Posts
    1,582
    Rep Power
    14

    Default

    Quote Originally Posted by Erland
    Space pig....you explanation was what I was getting at...using the "spaces" I just thought it was easier to explain with out going into kb. A and C is what I explained but I guess I didn't do that good of a job....I didn't know about B....well didn't realize it I"m still a newb at programming so..
    LOL I have read a lot of books on hacking so yeah. Also I have looked at exploit source codes. Is the lumines exploit open source?
    Also to explain B better for you. B is low level programming. Well most exploits are low level. Any way. There is 2 basic levels of programming. Low level and High level. High Level is things like C, C++, C#, BASIC, PHP, etc. Low level is down at the processor level of programming Assembly, Machine Language. And Erland I guess your explaination is good for people that dont know much about computers. Sorry I just think higher then that.

    Click here

    # of noob that delete thier flash0 and wonder y they brick (start on 5/29/07): 2

  9. #9
    hotrocker is offline Programmer -Hacks Ninja
    Join Date
    Jun 2007
    Location
    yesterday
    Posts
    721
    Rep Power
    13

    Default

    so do you think that team noobz checks all psp games for this exploit?

    (Compliments of Chode)

  10. #10
    Erland is offline -Hacks Enthusiast
    Join Date
    Jan 2007
    Location
    Hell
    Posts
    552
    Rep Power
    13

    Default

    space pig....now you see why my explanation was so bad....I'm a programmer....not someone who can explain a program source code...


    But yes teh exploit is open source...it's in the downgrader package.
    Modded/Downgraded: Classics:65 | Slims:34 | UnBricked:6

    PSP Classic Black = TA-079v1 - 4.01 M33-2 | PSP Slim Silver = TA-085v1 - 4.01 M33

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •