Just noticed that if you start any UMD, and when the flash screen shows, if you pop the UMD out (at the same time you are supposed to remove ms for the swap exploit) the system attempts to run files from the memory stick...
there could be alternative "exploit" without having to swap memory sticks, just pop the UMD...
I could not yet make it run, but it could be possible...
UMD use instead of swap MS
I prefer to be modest about the things I work on, but since all of Spain thinks I am just a complete loser (I like the "Mr Closer" though), I'll give a brief list of what I have done for pspdev:
- Created a working PSP-specific GNU toolchain which folks are starting to use for homebrew development.
- Figured out that the 0x1000 module_info flag is responsible for loading a program in kernel mode (however, I did not discover how to get into kernel mode, nem did that). I even sacrificed my PSP to figure this out :).
- Discovered more name<->NID matches than any single person that I'm aware of (according to the forums). We're still cleaning up our "big NID list" and it'll be released RSN.
Anyway, my motivation for closing threads is to keep the forums clean and tidy for those who actually want to get work done as opposed to idly posting random brain farts.
And my apathy towards "psp-dev" is one felt and expressed by many on these and other boards. The way we work is, you either put up or shut up. We don't think it's necessary to spin rumors to get enough people to stroke our egos or to tell them "we told you so, we are l33t". Just the fact they used ps2ownz as their conduit tells us what they were all about.
Yes, it's good there's an exploit for 1.5. I'm not going to stroke their egos over finding it. And I will continue to tell it like it is.
- Created a working PSP-specific GNU toolchain which folks are starting to use for homebrew development.
- Figured out that the 0x1000 module_info flag is responsible for loading a program in kernel mode (however, I did not discover how to get into kernel mode, nem did that). I even sacrificed my PSP to figure this out :).
- Discovered more name<->NID matches than any single person that I'm aware of (according to the forums). We're still cleaning up our "big NID list" and it'll be released RSN.
Anyway, my motivation for closing threads is to keep the forums clean and tidy for those who actually want to get work done as opposed to idly posting random brain farts.
And my apathy towards "psp-dev" is one felt and expressed by many on these and other boards. The way we work is, you either put up or shut up. We don't think it's necessary to spin rumors to get enough people to stroke our egos or to tell them "we told you so, we are l33t". Just the fact they used ps2ownz as their conduit tells us what they were all about.
Yes, it's good there's an exploit for 1.5. I'm not going to stroke their egos over finding it. And I will continue to tell it like it is.
"He was warned..."
Why would that matter?MelGibson wrote:How old are you mrbrown ?mrbrown wrote:write a crappy VB.NET app for the "swaploit"
TBH the app they included in the exploit was completely useless and the exploit could have been released on the 11th when they found out about it along with a pbp with only an icon and sfo in it and things would have been a lot simpler. Instead they waited 5 days, coded a buggy program that corrupted executables and released it en-masse through the biggest console piracy related site on the web. Yet you wonder why we thought it was a fake and still brush it off? I mean kudos to them for figuring the swap trick out but they made too big of a production out of it.
As for mrbrown, ps2dev and pspsdev would be a LOT farther behind if this man were not here. He's contributed countless things to both as well as done a lot of work on both the ps2 and psp toolchains (which isn't very fun work btw). He's one of the most talented people I know as opposed to most of you I see here blabbing off at the mouth.
On the same note, I seem to remember working with DrEggman on the swap thing almost a month ago anyways.
It wasn't really a new concept, all that he figured out was when exactly to swap the memory sticks out.
I agree with mr closer completely. Hence why my site wouldn't post anything until it was released anyways, just to avoid all the "hype" that surrounded it on all those "other" sites.
Thanks mrbrown btw for keeping these forums clean. Need someone like you on my forums.
Cheers
It wasn't really a new concept, all that he figured out was when exactly to swap the memory sticks out.
I agree with mr closer completely. Hence why my site wouldn't post anything until it was released anyways, just to avoid all the "hype" that surrounded it on all those "other" sites.
Thanks mrbrown btw for keeping these forums clean. Need someone like you on my forums.
Cheers
Does anyone have a wipeout pure dump so we can find out the filename PSP is looking for when you insert the UMD and click on the UMD icon. Once the screen flashes, PSP is looking for a certain file on the UMD. If we can find out the file name of that file we can then name the folder on the Memory stick the same name and put a PBP file that we want to run in it.
I think you are brushing close to the forum rules talking about UMD dumps.
All PSP's execute the following file when inserted:
/PSP_GAME/SYSDIR/EBOOT.BIN
This is an encrypted ELF executable.
Also on the disk is:
/PSP_GAME/SYSDIR/BOOT.BIN
This is the unencrypted version of the same file.
All disks have these two files.
Steddy
All PSP's execute the following file when inserted:
/PSP_GAME/SYSDIR/EBOOT.BIN
This is an encrypted ELF executable.
Also on the disk is:
/PSP_GAME/SYSDIR/BOOT.BIN
This is the unencrypted version of the same file.
All disks have these two files.
Steddy
You don't need a dump to figure this out. And please refrain from asking for 'dumps' of games on our forums (and double posting since you already created a thread on this).Vini wrote:Does anyone have a wipeout pure dump so we can find out the filename PSP is looking for when you insert the UMD and click on the UMD icon. Once the screen flashes, PSP is looking for a certain file on the UMD. If we can find out the file name of that file we can then name the folder on the Memory stick the same name and put a PBP file that we want to run in it.
To answer your question it looks for PSP_GAME\SYSDIR\BOOT.BIN
if the psp blindly searched the same directory routes on other drives when the source drive could not be accessed, then this may be a viable 'exploit' but i seriously doubt it does, so its putting Test.exe on c:\ and d:\, typing in d:\test.exe in a command prompt, and deleting the file just before running the command, it wont look at c:\ for the file it will just not find the file thus return to the psp menu.
You talk about the application MSwap Tool?mrbrown wrote:Remember, these are the guys that had everyone waiting 4 days so they could write a crappy VB.NET app for the "swaploit".
- MSwap Tool its programmed in Visual Basic 6
- MSwap Tool its programmed in one morning (3 hours + o -)
- MSwap Tool 0.2 don't corrupt applications
In IRC #PSPDEV, the topic is "DO NOT USE SPLOIT PC APP will corrupt applications", You have some problem with me? You have some problem with the application?
The launching of the EXPLOIT was not posponed by this application.
P.D.: Sorry for my poor english
EDIT: Sorry i don't read this:
That is not my opinion, It is not necessary that I say nothing about his profits since well they are known by all the community.mrbrown wrote:but since all of Spain thinks I am just a complete loser
mrbrown: there's no more info or proof that this may work than what existed for the 2-ms exploit... well maybe a bit more info that points for such possibility.
So I just suggest we try and look if there's another "hole" in the system, it's not clear cut by any means, and if you have some proof that there's no attempt for file access when the UMB-load is interrupted please let us know.
the MS gets accessed in both cases, but when interrupted there is significant MS activity...
I haven't had time to play with this but if anything should start off the MS it needs to be (named) BOOT.BIN or EBOOT.BIN
and I have no idea where on the MS those files should reside.
for information on UMD structure and whatnot you may find this useful:
http://psplinux.sourceforge.net/forum/v ... 8b2ef60c79
please don't make the thread ugly and keep to the topic and your finds...
g'luck to all :)
So I just suggest we try and look if there's another "hole" in the system, it's not clear cut by any means, and if you have some proof that there's no attempt for file access when the UMB-load is interrupted please let us know.
the MS gets accessed in both cases, but when interrupted there is significant MS activity...
I haven't had time to play with this but if anything should start off the MS it needs to be (named) BOOT.BIN or EBOOT.BIN
and I have no idea where on the MS those files should reside.
for information on UMD structure and whatnot you may find this useful:
http://psplinux.sourceforge.net/forum/v ... 8b2ef60c79
please don't make the thread ugly and keep to the topic and your finds...
g'luck to all :)
you guys have no right to come here causing a scene and indirectly calling people idiots when all the 'ftp mirrors' links for your exploit on your website still contain the root logins for the ftp, giving anyone who feels like it, read/write access to the serversMrSiir[S] wrote:¿VB.NET = Visual Basic 6?, yeah! yeah!, jajajajajajaja, great great .... jajaja.i am a idiot, yes, yes.
Pot, Kettle, Black :(
I think everyone is overreacting if these guys wanna search for an exloit that may never be possible who cares? If they wanna involve everyone in this community who cares? As long as their not breaking any rules maybe people will get interested in this so called dead end and it will lead them to be interested in somthing else. Its one thing to say IMHO this doesnt seem to lead to anything useful but its another to start calling people stupid for trying.