![]() Depending on the complexity of the game there are more of these system functions imported. They are normally starting with the prefix 'sce' eg 'sceIoRead' and are compiled into the game to make it work. Which games should I concentrate on and why?Ī PSP game when developed makes use of different pre-existing and necessary system functions provided by Sony itself. And of course there are even more exploit-types but I think thats going too far for now. The easiest and best case would be that a return address of a function gets overwritten, but more about that later. If that happens we already have a buffer overflow and the additional data might cause some other things to break and load our data to other places in memory where they shouldn't exist. If we now manually extend the length of our name by messing with it via a He圎ditor (and our game doesn't have any security checks for that implemeneted), it is loading more data in memory than allocated for it. This text string is then saved in your savegame and will be loaded to the PSPs memory the next time you load the savedata. The most common exploits are buffer overflow exploits and what we are going to concentrate on today.Īn example: Its quite common in games that you have to select and enter a username at some point, right? Depending on the game you have a limited number of characters and it wont let you enter any additional ones once reached. The short version is -> find a crash -> see if we can exploit it -> run a simple PoC ![]() In the end the emulators are still emulators and may handle some instructions differently! However don't get this guide wrong: To be a hundred percent sure that your found crash really works on a PSP, you need to test it! (But from my experience thats the case for maybe 99% of the crashes.) Additionally they have implemented debuggers and memory viewers where on PSP we needed to use additional programs. For example the emulators can store all savegames unencrypted as plain files where on the PSP they are always encrypted and need to be converted twice each time you change something. ![]() Additionally they are having everything we need for exploit-hunting implemented and thats why its way much easier and faster compared to doing all steps on an actual PSP. Well firstly the available PSP Emulators like PPSSPP and JPCSP got pretty good with emulating and are quite fast nowadays. In the end the goal of this guide should be that you have a simple Proof of Concept (PoC) of custom code execution working!Īt first you might think Whats the benfit of not using an actual PSP for this? I'm not trying to go that much into detail but explaining things as noob-friendly as possible. See this as an updated version of wololo's original tutorial here (which btw tought me all the essential things years ago)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |