| View previous topic :: View next topic |
| Author |
Message |
Blade
Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.
|
 Posted: Sun Mar 07, 2010 5:28 am Post subject: PSP exploits: 3k 5.50 - 6.xx+... |
 |
|
| I've seen many posts on other forums -n- stuff about exploits on 6.20. there is a psardumper that decrypts the firmware, could this be of use on psp 3k? i managed to decrypt 6.20 using psp 1000 5.00 m33, but idk if it will do any good for 3k... there are also claims for 6.20 exploits that are said not to be released by some devs on other forums... |
|
| Back to top |
|
 |
Davee
Joined: 22 Jun 2009
Posts: 59
|
| Posted: Mon Mar 08, 2010 2:54 am Post subject: |
|
|
| ...wat |
|
| Back to top |
|
|
adrahil
Joined: 16 Mar 2006
Posts: 277
|
| Posted: Mon Mar 08, 2010 3:46 am Post subject: Re: PSP exploits: 3k 5.50 - 6.xx+... |
|
|
| Blade wrote: | | I've seen many posts on other forums -n- stuff about exploits on 6.20. there is a psardumper that decrypts the firmware, could this be of use on psp 3k? i managed to decrypt 6.20 using psp 1000 5.00 m33, but idk if it will do any good for 3k... there are also claims for 6.20 exploits that are said not to be released by some devs on other forums... |
If you can find an exploit in the 6.20 firmware for psp 1k or 2k, it will work on the 3k and go. The firmware is the same (except for some hardware drivers).
Yes, there are some people who have already got exploits, and, as you might have seen in a recent video, a working homebews enabler. My guess is that they will not release it until they get another backdoor into the firmware - finding other user or kernel mode exploits, getting the aes256cbc keys for KIRK, etc - as they would not want Sony to lock them out in a subsequent firmware update... :) |
|
| Back to top |
|
|
Blade
Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.
|
| Posted: Tue Mar 09, 2010 11:30 am Post subject: |
|
|
| since i have decrypted the 6.20 firmware and have its security certificate, do You think it would be possible to change the code within its files and maybe access the kernel when i run it on my psp? or even a spoofed "upgrade", like implying code from the GEN or M-33 updates? |
|
| Back to top |
|
|
m0skit0
Joined: 02 Jun 2009
Posts: 226
|
| Posted: Tue Mar 09, 2010 1:45 pm Post subject: |
|
|
No
_________________
| The Incredible Bill Gates wrote: | | The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers. |
|
|
| Back to top |
|
|
arnie
Joined: 11 Apr 2009
Posts: 16
|
| Posted: Tue Mar 09, 2010 3:29 pm Post subject: |
|
|
| Blade wrote: | | since i have decrypted the 6.20 firmware and have its security certificate, do You think it would be possible to change the code within its files and maybe access the kernel when i run it on my psp? or even a spoofed "upgrade", like implying code from the GEN or M-33 updates? |
Security Certificates? O_O
Last time I checked, there was that netfront browser which needed that mega CERT file. :D
:P
-Arnold |
|
| Back to top |
|
|
Blade
Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.
|
| Posted: Wed Mar 10, 2010 7:12 am Post subject: |
|
|
| arnie wrote: |
Security Certificates? O_O
Last time I checked, there was that netfront browser which needed that mega CERT file. :D
:P
-Arnold |
it was a file in the folder after i decrypted it lol... i also remember seeing that a vsh menu was saved to the fw while decrypting it (?) |
|
| Back to top |
|
|
Blade
Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.
|
| Posted: Wed Mar 10, 2010 7:25 am Post subject: |
|
|
| does anyone think the decrypted fw could be modded in any way, to execute unsigned code? |
|
| Back to top |
|
|
jimparis
Joined: 10 Jun 2005
Posts: 1179
Location: Boston
|
| Posted: Wed Mar 10, 2010 8:11 am Post subject: |
|
|
| No |
|
| Back to top |
|
|
arnie
Joined: 11 Apr 2009
Posts: 16
|
| Posted: Wed Mar 10, 2010 3:30 pm Post subject: |
|
|
| Blade wrote: | | arnie wrote: |
Security Certificates? O_O
Last time I checked, there was that netfront browser which needed that mega CERT file. :D
:P
-Arnold |
it was a file in the folder after i decrypted it lol... i also remember seeing that a vsh menu was saved to the fw while decrypting it (?) |
-_________________________- |
|
| Back to top |
|
|
arnie
Joined: 11 Apr 2009
Posts: 16
|
| Posted: Wed Mar 10, 2010 3:38 pm Post subject: |
|
|
| Blade wrote: | | arnie wrote: |
Security Certificates? O_O
Last time I checked, there was that netfront browser which needed that mega CERT file. :D
:P
-Arnold |
it was a file in the folder after i decrypted it lol... i also remember seeing that a vsh menu was saved to the fw while decrypting it (?) |
-_________________________- |
|
| Back to top |
|
|
marteljorge
Joined: 26 Jan 2010
Posts: 4
Location: marteljorge.no-ip.org
|
| Posted: Tue Mar 16, 2010 9:00 pm Post subject: Re: PSP exploits: 3k 5.50 - 6.xx+... |
|
|
| If I could help anyway, please tell me so. |
|
| Back to top |
|
|
Blade
Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.
|
| Posted: Mon Mar 22, 2010 10:02 am Post subject: |
|
|
| i know this is really old, but, i never really got confermation on the status of the 5.50 exploit of need for speed or monster hunter when i searched other forums and sites... do these actually work?........ and has anyone tried that "Action Replay" thing by Datel? |
|
| Back to top |
|
|
m0skit0
Joined: 02 Jun 2009
Posts: 226
|
| Posted: Mon Mar 22, 2010 7:53 pm Post subject: |
|
|
AR is a dead end. Could the scene get something from Sony's official updated? No, so you can't get anything useful from Datel's AR.
_________________
| The Incredible Bill Gates wrote: | | The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers. |
|
|
| Back to top |
|
|
Wally
Joined: 26 Sep 2005
Posts: 672
|
| Posted: Tue Apr 27, 2010 4:28 pm Post subject: |
|
|
| m0skit0 wrote: | | AR is a dead end. Could the scene get something from Sony's official updated? No, so you can't get anything useful from Datel's AR. |
Thanks for Clarifying :) |
|
| Back to top |
|
|
Blade
Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.
|
| Posted: Wed May 19, 2010 12:44 am Post subject: |
|
|
| .... ive got a chance to try out the hello world and the hbl for patapon 2 demo. i used it on my psp 3000 fw 5.50 and it works just as specified. i did also manage to load up wololo's "Wagic", though it does takes a while, but at least we now know that it loads homebrew (mostly small ones) and hopefuly the advanced devs will soon come out with a full working binary eloader for this exploit. :) |
|
| Back to top |
|
|
Mathieulh
Joined: 19 Oct 2005
Posts: 68
|
| Posted: Wed Jun 02, 2010 9:30 am Post subject: |
|
|
| Blade wrote: | | does anyone think the decrypted fw could be modded in any way, to execute unsigned code? |
That, my friend, is a question worthy of the hall of shame...
You need to learn about something called the "chain of trust" before implying such a thing, the only way to modify code would be to patch it from ram running your own code to do so. (considering you can't really sign any prx without sony's keys (though they do use symmetric encryption so in theory should you manage to dump those keys from the kirk engine as well as the algos that come with them, you should be able to resign just fine)
This means you need an exploit to get your code to run, preferably a kernel one so you can gain full privileges over the system.
Thus in order to let's say run a custom firmware you'd need an exploit somewhere in the bootchain (preferably some place that can't be updated, (like the pre-ipl that's already been exploited in earlier models and lies within the cpu's mask rom, this isn't easily done mind you),
You could however settle for a kernel rebooter (like a HEN or devhook) which would patch reboot.bin and the remaining kernel modules (on the fly in ram) later on so that your firmware then does all the fancy stuff you want it to be doing or allowing. (including such things as running unsigned (and untusted) code.)
This is definitely not as nice as having your own code run right after powering up the console (though that's not possible anyway since you can't overwrite syscon code nor the pre-ipl's through software means and those are already sony's code running on the console), of course you can somewhat manage to run your own code later on (Like at IPL time if you exploit the pre-ipl as it's been done before)
Anyway, no you can't simply from decrypted binaries, run any kind of unsigned (modified) code on your psp console, not without reversing those binaries first in the hope of finding an exploit (and then of course exploiting it) |
|
| Back to top |
|
|
Blade
Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.
|
| Posted: Wed Jun 23, 2010 11:32 pm Post subject: |
|
|
EDIT: disregard this comment if you wish
i installed the fontmod on my psp 3000 fw 5.50, i also got birdman1fontpack v11 which also worked, but only when i changed the ltn0.pgf via my computer. i tried to change it using pspfiler by storing the fonts on ms0:/ and copying and overwriting ltn0.pgf in the fontmod folder, but i did that and tried to exit to XMB but it said system files corrupt ("BSOD") every time i turned the psp on until i took my memory stick out and restarted it. the "BSOD" also apeared after i succesfuly installed fontmod, turned off my psp and restarted it without the memstick.... at first i thought i had a brick! LOL! XD
Last edited by Blade on Thu Jun 24, 2010 1:19 am; edited 1 time in total |
|
| Back to top |
|
|
whistler
Joined: 04 Mar 2008
Posts: 40
|
| Posted: Wed Jun 23, 2010 11:41 pm Post subject: |
|
|
| Blade wrote: | | i installed the fontmod on my psp 3000 fw 5.50, i also got birdman1fontpack v11 which also worked, but only when i changed the ltn0.pgf via my computer. i tried to change it using pspfiler by storing the fonts on ms0:/ and copying and overwriting ltn0.pgf in the fontmod folder, but i did that and tried to exit to XMB but it said system files corrupt ("BSOD") every time i turned the psp on until i took my memory stick out and restarted it. the "BSOD" also apeared after i succesfuly installed fontmod, turned off my psp and restarted it without the memstick.... at first i thought i had a brick! LOL! XD |
what interest does this post hold for a developer? |
|
| Back to top |
|
|
Blade
Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.
|
| Posted: Wed Jun 23, 2010 11:58 pm Post subject: |
|
|
| none, really. im on the wrong forum. i am aware this is a development forum. sorry.......... |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
