Possible 3.52 Exploit

Discuss the development of new homebrew software, tools and libraries.

Moderators: cheriff, TyRaNiD

Post Reply
burrito
Posts: 3
Joined: Mon Aug 27, 2007 4:28 am

Possible 3.52 Exploit

Post by burrito »

I may have found an exploit for firmware 3.52 and maybe the psp slim when it comes out.

1. Download this
2. Put the mp3 on your psp's memory stick at MUSIC/STUFF/1.mp3
3. Open up the STUFF folder with the psp's xmb mp3 player, but don't play the mp3.
4. Get in a different mp3 (in a different folder), and the psp will crash. Maybe this 2nd mp3 could be coded to load a Hello World or downgrader.

I don't know much about exploits, so if you are familiar with them, please discuss what I found.
Marco_N
Posts: 46
Joined: Sun May 29, 2005 10:27 am

Post by Marco_N »

Burrito,

while this is interesting, if your goal is to downgrade to 1.50 why not just use the free "Pandora" service mode unbricker/downgrader/reflasher made by 'Prometheus Project'?

You can find it here
http://www.noobz.eu/joomla/news/pandoras-battery.html
burrito
Posts: 3
Joined: Mon Aug 27, 2007 4:28 am

Post by burrito »

I already know about the Pandora battery; I have one.
I just found this out when using my psp. And if this works, then the reason for it is to downgrade without needing a homebrew capable psp to flash the battery, and this method could possibly downgrade the slim psps.
Chrighton
Posts: 58
Joined: Wed Jun 15, 2005 8:24 pm

Post by Chrighton »

There's talk that the Pandora battery method won't work on the PSP slim.

It may or may not be true, but I'm not hopeful that it will work.

In that event, we're back to (and should be) looking for exploits.
Art
Posts: 642
Joined: Wed Nov 09, 2005 8:01 am

Post by Art »

Every single firmware bug you might stumble onto isn't an exploit.
Viper8896
Posts: 110
Joined: Thu Jan 26, 2006 6:20 pm

Post by Viper8896 »

Chrighton wrote:There's talk that the Pandora battery method won't work on the PSP slim.
Yeah thats been confirmed and all slims will come with a firmware > 3.50. A faulty bit of Sony code is therefore required for PSP slims to run homebrew unless Sony have anymore tricks up there sleeve for un-bricking.
TyRaNiD
Posts: 907
Joined: Sun Jan 18, 2004 12:23 am

Post by TyRaNiD »

Yah that mp3 file has been kicking around for abit, it does indeed cause a crash in the vsh but last time I looked at it the crash did not look exploitable. Might be though if you could work out exactly what it was doing as if I recall it did look to be a stack smashing exploit of a fashion.
cloudhunter
Posts: 86
Joined: Thu Aug 17, 2006 3:27 am

Post by cloudhunter »

Viper8896 wrote:
Chrighton wrote:There's talk that the Pandora battery method won't work on the PSP slim.
Yeah thats been confirmed and all slims will come with a firmware > 3.50. A faulty bit of Sony code is therefore required for PSP slims to run homebrew unless Sony have anymore tricks up there sleeve for un-bricking.
It won't be fully confirmed that it doesn't work until the PSP Slim has been released.

Cloudy
:)
flatmush
Posts: 28
Joined: Tue Aug 07, 2007 9:15 am
Location: Here
Contact:

Post by flatmush »

It has been tested on a display psp that was on display at some event. I highly doubt they would add the vulnerability back in before release.
zinga
Posts: 11
Joined: Mon Sep 25, 2006 6:13 pm

Post by zinga »

A corrupt ID3v2 tag - I've seen a few before, but haven't seen it do this behaviour yet.
Post Reply