forums.ps2dev.org Forum Index forums.ps2dev.org
Homebrew PS2, PSP & PS3 Development Discussions
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

PSP exploits: 3k 5.50 - 6.xx+...

 
Post new topic   Reply to topic    forums.ps2dev.org Forum Index -> PSP Development
View previous topic :: View next topic  
Author Message
Blade



Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.

PostPosted: Sun Mar 07, 2010 5:28 am    Post subject: PSP exploits: 3k 5.50 - 6.xx+... Reply with quote

I've seen many posts on other forums -n- stuff about exploits on 6.20. there is a psardumper that decrypts the firmware, could this be of use on psp 3k? i managed to decrypt 6.20 using psp 1000 5.00 m33, but idk if it will do any good for 3k... there are also claims for 6.20 exploits that are said not to be released by some devs on other forums...
Back to top
View user's profile Send private message
Davee



Joined: 22 Jun 2009
Posts: 59

PostPosted: Mon Mar 08, 2010 2:54 am    Post subject: Reply with quote

...wat
Back to top
View user's profile Send private message
adrahil



Joined: 16 Mar 2006
Posts: 277

PostPosted: Mon Mar 08, 2010 3:46 am    Post subject: Re: PSP exploits: 3k 5.50 - 6.xx+... Reply with quote

Blade wrote:
I've seen many posts on other forums -n- stuff about exploits on 6.20. there is a psardumper that decrypts the firmware, could this be of use on psp 3k? i managed to decrypt 6.20 using psp 1000 5.00 m33, but idk if it will do any good for 3k... there are also claims for 6.20 exploits that are said not to be released by some devs on other forums...


If you can find an exploit in the 6.20 firmware for psp 1k or 2k, it will work on the 3k and go. The firmware is the same (except for some hardware drivers).

Yes, there are some people who have already got exploits, and, as you might have seen in a recent video, a working homebews enabler. My guess is that they will not release it until they get another backdoor into the firmware - finding other user or kernel mode exploits, getting the aes256cbc keys for KIRK, etc - as they would not want Sony to lock them out in a subsequent firmware update... :)
Back to top
View user's profile Send private message
Blade



Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.

PostPosted: Tue Mar 09, 2010 11:30 am    Post subject: Reply with quote

since i have decrypted the 6.20 firmware and have its security certificate, do You think it would be possible to change the code within its files and maybe access the kernel when i run it on my psp? or even a spoofed "upgrade", like implying code from the GEN or M-33 updates?
Back to top
View user's profile Send private message
m0skit0



Joined: 02 Jun 2009
Posts: 226

PostPosted: Tue Mar 09, 2010 1:45 pm    Post subject: Reply with quote

No
_________________
The Incredible Bill Gates wrote:
The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
Back to top
View user's profile Send private message
arnie



Joined: 11 Apr 2009
Posts: 16

PostPosted: Tue Mar 09, 2010 3:29 pm    Post subject: Reply with quote

Blade wrote:
since i have decrypted the 6.20 firmware and have its security certificate, do You think it would be possible to change the code within its files and maybe access the kernel when i run it on my psp? or even a spoofed "upgrade", like implying code from the GEN or M-33 updates?


Security Certificates? O_O

Last time I checked, there was that netfront browser which needed that mega CERT file. :D

:P

-Arnold
Back to top
View user's profile Send private message
Blade



Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.

PostPosted: Wed Mar 10, 2010 7:12 am    Post subject: Reply with quote

arnie wrote:


Security Certificates? O_O

Last time I checked, there was that netfront browser which needed that mega CERT file. :D

:P

-Arnold
it was a file in the folder after i decrypted it lol... i also remember seeing that a vsh menu was saved to the fw while decrypting it (?)
Back to top
View user's profile Send private message
Blade



Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.

PostPosted: Wed Mar 10, 2010 7:25 am    Post subject: Reply with quote

does anyone think the decrypted fw could be modded in any way, to execute unsigned code?
Back to top
View user's profile Send private message
jimparis



Joined: 10 Jun 2005
Posts: 1179
Location: Boston

PostPosted: Wed Mar 10, 2010 8:11 am    Post subject: Reply with quote

No
Back to top
View user's profile Send private message
arnie



Joined: 11 Apr 2009
Posts: 16

PostPosted: Wed Mar 10, 2010 3:30 pm    Post subject: Reply with quote

Blade wrote:
arnie wrote:


Security Certificates? O_O

Last time I checked, there was that netfront browser which needed that mega CERT file. :D

:P

-Arnold
it was a file in the folder after i decrypted it lol... i also remember seeing that a vsh menu was saved to the fw while decrypting it (?)


-_________________________-
Back to top
View user's profile Send private message
arnie



Joined: 11 Apr 2009
Posts: 16

PostPosted: Wed Mar 10, 2010 3:38 pm    Post subject: Reply with quote

Blade wrote:
arnie wrote:


Security Certificates? O_O

Last time I checked, there was that netfront browser which needed that mega CERT file. :D

:P

-Arnold
it was a file in the folder after i decrypted it lol... i also remember seeing that a vsh menu was saved to the fw while decrypting it (?)


-_________________________-
Back to top
View user's profile Send private message
marteljorge



Joined: 26 Jan 2010
Posts: 4
Location: marteljorge.no-ip.org

PostPosted: Tue Mar 16, 2010 9:00 pm    Post subject: Re: PSP exploits: 3k 5.50 - 6.xx+... Reply with quote

If I could help anyway, please tell me so.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Blade



Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.

PostPosted: Mon Mar 22, 2010 10:02 am    Post subject: Reply with quote

i know this is really old, but, i never really got confermation on the status of the 5.50 exploit of need for speed or monster hunter when i searched other forums and sites... do these actually work?........ and has anyone tried that "Action Replay" thing by Datel?
Back to top
View user's profile Send private message
m0skit0



Joined: 02 Jun 2009
Posts: 226

PostPosted: Mon Mar 22, 2010 7:53 pm    Post subject: Reply with quote

AR is a dead end. Could the scene get something from Sony's official updated? No, so you can't get anything useful from Datel's AR.
_________________
The Incredible Bill Gates wrote:
The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
Back to top
View user's profile Send private message
Wally



Joined: 26 Sep 2005
Posts: 672

PostPosted: Tue Apr 27, 2010 4:28 pm    Post subject: Reply with quote

m0skit0 wrote:
AR is a dead end. Could the scene get something from Sony's official updated? No, so you can't get anything useful from Datel's AR.


Thanks for Clarifying :)
Back to top
View user's profile Send private message AIM Address
Blade



Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.

PostPosted: Wed May 19, 2010 12:44 am    Post subject: Reply with quote

.... ive got a chance to try out the hello world and the hbl for patapon 2 demo. i used it on my psp 3000 fw 5.50 and it works just as specified. i did also manage to load up wololo's "Wagic", though it does takes a while, but at least we now know that it loads homebrew (mostly small ones) and hopefuly the advanced devs will soon come out with a full working binary eloader for this exploit. :)
Back to top
View user's profile Send private message
Mathieulh



Joined: 19 Oct 2005
Posts: 68

PostPosted: Wed Jun 02, 2010 9:30 am    Post subject: Reply with quote

Blade wrote:
does anyone think the decrypted fw could be modded in any way, to execute unsigned code?


That, my friend, is a question worthy of the hall of shame...

You need to learn about something called the "chain of trust" before implying such a thing, the only way to modify code would be to patch it from ram running your own code to do so. (considering you can't really sign any prx without sony's keys (though they do use symmetric encryption so in theory should you manage to dump those keys from the kirk engine as well as the algos that come with them, you should be able to resign just fine)

This means you need an exploit to get your code to run, preferably a kernel one so you can gain full privileges over the system.

Thus in order to let's say run a custom firmware you'd need an exploit somewhere in the bootchain (preferably some place that can't be updated, (like the pre-ipl that's already been exploited in earlier models and lies within the cpu's mask rom, this isn't easily done mind you),


You could however settle for a kernel rebooter (like a HEN or devhook) which would patch reboot.bin and the remaining kernel modules (on the fly in ram) later on so that your firmware then does all the fancy stuff you want it to be doing or allowing. (including such things as running unsigned (and untusted) code.)

This is definitely not as nice as having your own code run right after powering up the console (though that's not possible anyway since you can't overwrite syscon code nor the pre-ipl's through software means and those are already sony's code running on the console), of course you can somewhat manage to run your own code later on (Like at IPL time if you exploit the pre-ipl as it's been done before)

Anyway, no you can't simply from decrypted binaries, run any kind of unsigned (modified) code on your psp console, not without reversing those binaries first in the hope of finding an exploit (and then of course exploiting it)
Back to top
View user's profile Send private message
Blade



Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.

PostPosted: Wed Jun 23, 2010 11:32 pm    Post subject: Reply with quote

EDIT: disregard this comment if you wish



i installed the fontmod on my psp 3000 fw 5.50, i also got birdman1fontpack v11 which also worked, but only when i changed the ltn0.pgf via my computer. i tried to change it using pspfiler by storing the fonts on ms0:/ and copying and overwriting ltn0.pgf in the fontmod folder, but i did that and tried to exit to XMB but it said system files corrupt ("BSOD") every time i turned the psp on until i took my memory stick out and restarted it. the "BSOD" also apeared after i succesfuly installed fontmod, turned off my psp and restarted it without the memstick.... at first i thought i had a brick! LOL! XD


Last edited by Blade on Thu Jun 24, 2010 1:19 am; edited 1 time in total
Back to top
View user's profile Send private message
whistler



Joined: 04 Mar 2008
Posts: 40

PostPosted: Wed Jun 23, 2010 11:41 pm    Post subject: Reply with quote

Blade wrote:
i installed the fontmod on my psp 3000 fw 5.50, i also got birdman1fontpack v11 which also worked, but only when i changed the ltn0.pgf via my computer. i tried to change it using pspfiler by storing the fonts on ms0:/ and copying and overwriting ltn0.pgf in the fontmod folder, but i did that and tried to exit to XMB but it said system files corrupt ("BSOD") every time i turned the psp on until i took my memory stick out and restarted it. the "BSOD" also apeared after i succesfuly installed fontmod, turned off my psp and restarted it without the memstick.... at first i thought i had a brick! LOL! XD


what interest does this post hold for a developer?
Back to top
View user's profile Send private message
Blade



Joined: 18 Feb 2010
Posts: 26
Location: Lancaster P.A.- U.S.A.

PostPosted: Wed Jun 23, 2010 11:58 pm    Post subject: Reply with quote

none, really. im on the wrong forum. i am aware this is a development forum. sorry..........
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    forums.ps2dev.org Forum Index -> PSP Development All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group