Game save crash

pspjoke · #1 02-02-2010, 03:21 AM

if this looks exploitable i would like to speak to one of the pros via pm to further the development of the exploit and to learn more about exploits in general.

the overrun string was just a ton of A's

or 0x61 .. as you see i managed to overwrite ra so i think im on to something.

changed to 0xEE and it is for sure.

Abigail · #2 02-02-2010, 04:32 AM

Yes, this is exploitable.

Getsuga_3000 · #3 02-02-2010, 05:07 AM

im not holding my breath until wololo, or someone approves of this, and send the files to him.

coyotebean · #4 02-02-2010, 05:10 AM

This is clearly a buffer overflow and the stack is overwritten which can most likely be exploited.

**SilverSpring** · #5 02-02-2010, 05:28 AM

Doesn't even look like a savegame. Just looks like a homebrew app.

Did you just write a simple homebrew to test a buffer overflow?

But, if it really is from a savegame feel free to PM and I'll confirm it and make an exploit from it.

**MaxMouseDLL** · #6 02-02-2010, 07:17 AM

That's one hell of a lot of variables you've broken into there, is it even possible to overwrite that many vars from a gamesave?

I look forward to hearing the outcome of this, but... in keeping with recent events, i won't hold my breath.

coyotebean · #7 02-02-2010, 09:55 AM

Quote:

Originally Posted by MaxMouseDLL

That's one hell of a lot of variables you've broken into there, is it even possible to overwrite that many vars from a gamesave?

I look forward to hearing the outcome of this, but... in keeping with recent events, i won't hold my breath.

In the beginning of a function, it saves registers used in the function to the stack. When it is about to return to the calling routine, it restores registers from the stack. When the stack is overwritten, it restored the overwritten value (including the register $ra, the return address of the calling routine) from the stack.

**MaxMouseDLL** · #8 02-02-2010, 09:59 AM

Quote:

Originally Posted by coyotebean

Quote:

Originally Posted by MaxMouseDLL

That's one hell of a lot of variables you've broken into there, is it even possible to overwrite that many vars from a gamesave?

I look forward to hearing the outcome of this, but... in keeping with recent events, i won't hold my breath.

In the beginning of a function, it saves registers used in the function to the stack. When it is about to return to the calling routine, it restores registers from the stack. When the stack is overwritten, it restored the overwritten value (including the register $ra, the return address of the calling routine) from the stack.

I get that, but it seems to have affected a whole bunch of registers (Yes i call them variables because i code PHP all day everyday.. force of habit when dealing with dollar signs).

Anyway, i hope it's legit and look forward to hearing about it (Even though it obviously doesn't apply to me)

pspjoke · #9 02-02-2010, 12:09 PM

judging from peoples responses, sounds like i hit gold..

awesome. ok silver, pming you now. well... in a bit actually.. im shivering to death right now and just want some fing coffee...

FrEdDy · #10 02-02-2010, 01:22 PM

this looks like GripShift exploit ^^ I think....I hope you tested it on 6.20 too and on psp go maybe....

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
PsP GO save game exploit	millp	Sony PlayStation Portable	13	02-17-2010 09:31 AM
Game Crash	millp	Sony PlayStation Portable	10	10-21-2009 08:17 PM
Game Crash found with "0x41414141"	Draco	Sony PlayStation Portable	15	04-24-2009 05:02 AM
Can I save my UMD and WLan??	Genkiqi	Ultimate Hall of Shame	4	04-09-2009 11:16 PM
can't save themes?	spiffy	Sony PlayStation Portable	3	09-22-2008 08:22 AM