Kernel mode under firmware 2.6 * The proof of concept *

[hitchhikr]

http://perso.orange.fr/franck.charlet/Exploit_2.6.zip

There you have it boys.

[Zettablade]

eh? What is it? Is it safe?

[harleyg]

Yes, it is. :)

[jas0nuk]

This works?

[moonlight]

Awesome.

Kernel mode on 2.6. The keys will be with us soon :)

Congratulations.

[Dragonuk]

amazing, is it full kernal mode

[zshadow]

Awesome.

Kernel mode on 2.6. The keys will be with us soon :)

Congratulations.

indeed :)

nice work hitchhikr

[hitchhikr]

For those who're wondering: the only thing this program does is to dump the kernel memory on the memory stick, thing that is impossible to do in user mode. It *does* need GTA to run on 2.6, of course.

[Dragonuk]

hitchhikr -

Is it full kernal mode? Does it mean we can access read/write flash? And we can run apps with full kernal mode?

[hitchhikr]

There's read & write access to kernel space, take a wild guess ;D

[_00_]

hitchhikr:
is this ':' at the end of filename crucial for this to work? Something like 48 bytes buffer for device(drive) name?

[hitchhikr]

hitchhikr:
is this ':' at the end of filename crucial for this to work? Something like 48 bytes buffer for device(drive) name?

Yes it is, we need to break the loop at the right time.

[_00_]

hitchhikr:
is this ':' at the end of filename crucial for this to work? Something like 48 bytes buffer for device(drive) name?

Yes it is, we need to break the loop at the right time.

Congratulations! You are making history...

[Dragonuk]

Yes well done m8! :)

[Muhu]

This 2.60 user is starting to get his hopes up. Great job.

[pspwill]

the n00bs will love you for this. well done!

[FreePlay]

Excellent and encouraging work! Congrats on finding the hole. It seems so obvious, now, of course :)

[Brad89]

Hmm..Can't wait until iRShell for 2.6! So, can anyone give a guestimate of how long it will take for coders to incorporate this into their work & such?ie:How long until certain programs(like iRshell) are released for 2.6?

[sg57]

If you read over at PSPU, the founder and Fanjita are working on somewhat of an 'eLoader' for this new exploit/hole. So Im assuming the first release of it will allow full access and all those '1.5' only apps will now be 2.5-2.6 apps as well.

But I for one do not have GTA so I guess Ill stick with 1.5 til this is actually turned into something.

[Maxime]

OMG this is awesome!
I Hope PSPUpdates isn't speculating about it...
You're gonna make thousand of people cry of hapiness lol.
1 question : are you french ? (perso.orange.fr)

[Raphael]

Great finding :) Keep up the good work

@Maxime: The kids over at PSPU are going crazy about this, already starting to yell for a loader without GTA, downgraders and isos... meh

[lS[UMD/2kdlSU]]

Great work!
But what I am worrying is... that we have full access to flash..

We can downgrade 2.60 to 1.50 (or 1.00) maybe,
but some harmful program will be created for 2.60 users.
# In Japan, the "trojan horse" hiding in programs, or illegal ISOs
# is threat for "normal users"....

I'm creating new PSP Antibrick and I'll add 2.60 method.
# PSP Antibrick is protection software from harmful programs.
# And new version uses "debug registers" :P

[laichung]

Thx very much at all , what a great news~!
But could you pls explain what's the secret inside? thx ~

[dot_blank]

just check out the source that is with the zip
the exploit is so simple ...its all there and as you
can see it require 48 byte length path and that
will create a buffer overflow quiet easily ...something
so small i do not think i or anyone really bent on finding
could have found but hitchhikr has very good eyes :)

this is truely an exploit and not speculation

[laichung]

I just want to know more about how they found it or the theory behind~

just check out the source that is with the zip
the exploit is so simple ...

[groepaz]

I just want to know more about how they found it or the theory behind

2.5 memory dump disassembly, time, skill. thats the theory pretty much :=)

[UsefulIdiot]

bravo! i applaud thee!

[Viper8896]

owned!

[Barts_706]

Respect. This really is something. I have almost lost hope for kernel access on 2.00+ - and there it is. I have a feeling that there will be a surge of programs to follow, including some that we do not talk about in these forums... ;)

Congratulations. Hitchhikr's guide to the PSP.

[Brunni]

Excellent work :)
Hmm... something I was wondering, how is kernel space protected on PSP, as there is no MMU?