Possible Eboot PNG Hack

train2335 · Post by **train2335** » Sun Apr 23, 2006 7:33 am

What this does is, well it's an eboot that displays any image that you have resently(before a hard reset) viewed on your PSP, everything you do on the psp makes it react different, it *COULD* be exploitable but I am unsure as of yet. But I do need some help on getting it even further than it is now!
Ok I made a read me for it and it's all set...

1. extract the "PDPEfile.rar" folder to the games folder on your psp memorystick
2. go to games folder and look at the eboot file..(dont start the eboot)and just watch the *********. *OR. goto step 6*
3. after your psp freezes or seems to be froze press any button but triangle.
4. after you push the any button not counting triangle. the psp will freeze after sound. (psp will only make a sound if you key tones is on)
5. turn off your psp. then turn it back on.
_____________________________________________
6. go to photos folder on the psp. and view a picture of your choice.
7. then exit the photo folder.
8. go to games folder and view the eboot.
9. watch the screen (dont start the eboot)
10. do steps 3-5

What Freeplay has discovered is that this is "attacking" a bug that is in a module, much as the TIFF overflow does. Then it shows choppy pictures of the images you have viewed that are saved in the RAM. If we can figure out which module this is bugging up and try to put some code in it, I think we might have something, I am no expert when it comes to overflows and that's why I came here.***ALL CREDITS GO TO SUPA_SICK, FREEPLAY, TRAIN AND BUTTERBALLER***

You can get the files at http://67.43.9.126/~bob1919a/psp3d/show ... 04&page=59
or a pack including pictures and videos of it along with the ripped eboot will be on my filefront at http://hosted.filefront.com/train2335/ in about 1-2 hours if there are no errors uploading(which I will not know since I am lleaving in about 5 minutes.

Thanks, Train2335!

phant0mspid3r · Post by **phant0mspid3r** » Sun Apr 23, 2006 8:00 am

I've been on the thread at psp3d, and talking with train and supa_sick on MSN. In case you guys for whatever reason dont/cant download the video, here are some screenshots.

The picture I looked at before:

Hovering over the eboot:

(Notice: The left 2/3 of the screen is a scrambled version of the image I viewed, and the right 1/3 is my backround image. The thing in the middle left is the icon for the eboot.

train2335 · Post by **train2335** » Sun Apr 23, 2006 12:28 pm

Any help....? Come on people we need our help, we think this could be something!

HaQue · Post by **HaQue** » Sun Apr 23, 2006 12:50 pm

You probably arent going to get much help until you either explain what the eboot is (how it was coded or post the sourcecode) or tell where the eboot comes from.

It looks like it just displays some of the video ram or cache.

I doubt many people are just going to run an unknoown eboot from an unknown source.

It might help if you also post some of the study you have done on it also.

cheers

Teggles · Post by **Teggles** » Sun Apr 23, 2006 2:30 pm

You've done absolutely nothing to explain what you did to the file. Which part of the PMF did you edit? Did you edit any images? Why did you make a huge image for ICON0.PNG and a small image for PIC1.PNG? You need to explain exactly what you've done.

Teggles · Post by **Teggles** » Sun Apr 23, 2006 3:03 pm

So I dived into this, right? There were some weird things. But nothing exploit-y. Just a normal Wipeout Pure PMF, a ICON0.PNG sized 500x500, a PIC1.PNG sized 500x500, and a PIC0.PNG sized 15x15. All normal... except for PIC0.PNG. He hasn't 'exploited' anything. Do you want to see what he did to it? Here goes:

IEUAIEUAIEUAIEUAIEUAIEUAIEUAIEUAIEUAIEUAIEUA*123456789 II*FILE:\\1.BIN **********************************************************************sbrgntrmrutjy dbrthny tgbrthe hy6y546345 hu7j78k5 465234 thyh7*

ekyt256i34095395=1=-5643-*-+6+56357364*-/*6-876587658765+6675687645461232154ywervs;kmodjqpowue3poi4709573407386037876987604820948908-293=910-872309574084360741-98=1289723089572-981-=048-31957

must|| 1985*TIF.**file:/1.BIN/12345678910 *IEUA HACK*lol:Pfuckyouguysdontstillourshit

That's it. That's the only file modification. Yes, he typed random text. Didn't exploit anything. What a joke...

Post by **Drakonite** » Sun Apr 23, 2006 3:11 pm

This thread is below stupid... I seem to recall there being a rule against idle crap speculation like this...

Locked, moved, roasted over an open fire.