MAMOSUKE , "Half-Boiled", New Exploit ?

[KiNgOfUnIvErS]

I found a PSP savedata exploit in a certain game(region:Japan) which could be able to put any data you want in some registers including $ra.
It is available in OFW6.20.(I tried with PSP-2000)

"a"=61



"A"=41



Now I call it "Half-Boiled" SAVEDATA Exploit.

Some of the registers can be changed to any value,but only half of them.

For example, $ra to 0x00(Value1)00(Value2)

It means that I can change (Value1) and (Value2) only.
Ya,half of .So this is "Half boiled" exploit.
I can't confirm where a balue "00" come from.
("Value1" and "Velue2" are confirmed.)

I tried to change all of the data "00" in SAVEDATA to "61" or "41", and found crashing as before, but the value of registers did have no change: The situation remained unchanged.This would be distinctive of this game.

I have not investigated all of them so that I don't know this is useful as an exploit.What do you think?

Source:
http://forum.gamegaz.jp/viewtopic.php?f=23&t=77

so if i uderstand good he can load any mips codes in RA and other register but just in half.

Comment!

I wan't to specify, i don't made this exploit it was made by Mamosuke

[AcesInThePalm]

i'm no expert on the matter, but that does look interesting.
i'd say it's exploitable
but again, i'm not one to ask

edit :definatly exploitable, you have control of return address.
nice job

[coyotebean]

Sounds like the string is converted to unicode within the game. You maybe able to do something more with UTF-8/"Japanese" encoding input string.

[wololo]

おめでとう！
Looks like you found something good mamosuke
as coyotebean said, you probably need to play a bit with unicode here, probably with a bit more research you can have full control of $ra

[pyroesp]

Quote:

Originally Posted by wololo

おめでとう！
Looks like you found something good mamosuke
as coyotebean said, you probably need to play a bit with unicode here, probably with a bit more research you can have full control of

Omedetou ! (that's the only thing I can read in Jap )

[Pirata Nervo]

I'm sorry but the images look like they were made in Paint or something..that doesn't look like my terminal
Edit:
Don't take me wrong if they're real though

[KiNgOfUnIvErS]

Quote:

Originally Posted by Pirata Nervo

I'm sorry but the images look like they were made in Paint or something..that doesn't look like my terminal

Yea Becouse character of the system are jappanese so they looks so, MamoSuke is jappanese.but they are real trough

[Iguanahak]

try to use complex characters to fill in the rest of the data in like the ra register. like enclosed alpha numberic values. alot of international games use normal english letters by skipping bytes because of the type of string format. since it is japanese game it would have the ability to use international letters. so u need to use those types of letters to fill in the rest. like it should be UTF-16. so look in the character map using Arial Unicode MS font and look at the values on them.

[npt]

Looks very interesting, congrats.

npt

[Pirata Nervo]

Quote:

Originally Posted by KiNgOfUnIvErS

Quote:

Yea Becouse character of the system are jappanese so they looks so, MamoSuke is jappanese.but they are real trough

No, I meant the black window, what does it have to do with the japanese characters? It should look like the terminal but the font does not look like the terminal font.
I might be wrong though