Wipeout Browser.

[pyrosama]

I was thinking that the browser would be a good target for a buffer overflow but after the FAKE 1.5 hack that directed the browser to load an eboot that was renamed eboot.html made me think that it must be over loading the memory causing it to shut down - So this probably means that the PSP doesnt have enough memory to alow for a buffer over flow exploit.

Pikoro and I dicussed this for a while last night and he seems to belive we will have to go about it compleatly dif - No buffer overflow exploit. - He is probably right.

Then again who knows.


P.Sama

[ooPo]

I assume the content of this message will appear in part 2?

[asmodi]

the PSP doesnt have enough memory to alow for a buffer over flow exploit.

Priceless? ;)

[MrHTFord]

Would you mind telling me how much memory is required to alow (sic) a buffer overflow exploit.

Actually don't bother. In fact, why don't you and Pikoro post your random jibberish on psphacks instead of here?

Thanks.

[pyrosama]

I was attempting to be constructive. If I am completely wrong in my understanding of these technologies you need not insult me, simply redirect my line of thought or ignore the topic.

I don’t know what you guys know that is why I am here. – To learn….. To contribute…..

So don’t be an ass.


P.Sama

[pixel]

the PSP doesnt have enough memory to alow for a buffer over flow exploit.

Priceless? ;)

Huh, indeed. Never saw such a lame saying in my life yet.

[mrbrown]

I was attempting to be constructive. If I am completely wrong in my understanding of these technologies you need not insult me, simply redirect my line of thought or ignore the topic.

I don’t know what you guys know that is why I am here. – To learn….. To contribute…..

So don’t be an ass.


P.Sama

I think it's quite fitting you got flamed for your post. We are sick of reading posts from people who do absolutely no research, don't back up their claims, or have no idea what they're talking about. If you want to contribute, then run some tests in the WO browser or directly on your PSP after figuring out what it is you're talking about in the first place. Don't just come in spouting random gibberish about concepts you clearly don't understand - we don't take that as constructive behavior.

There are posts here that explain buffer overflows (or provide pointers to pages that explain buffer overflows). Did you even read or search the forums before posting here?

[zigzag]

Good entertainment value!

[ichan]

this thread deserves to be stickied or at the very least, moved to the incredible hall of shame.

[Pikoro]

I think it's quite fitting you got flamed for your post. We are sick of reading posts from people who do absolutely no research, don't back up their claims, or have no idea what they're talking about. If you want to contribute, then run some tests in the WO browser or directly on your PSP after figuring out what it is you're talking about in the first place. Don't just come in spouting random gibberish about concepts you clearly don't understand - we don't take that as constructive behavior.

mrbrown, I've been going through the forums and i think that _you_ are the one that is sick of reading posts from people who have "no idea what they're talking about". I find nearly all the other mods to be reasonable when pointing out a flaw or saying that something is redundant.

A forum is supposed to be for the sharing of ideas, and lines of thought, because otherwise, you'd have to think up every little thing yourself. Granted, what pyro is talking about is not quite the meaning of the discussion that we had, however, you seem to take great pleasure in locking perfectly good lines of thought. Because that's what they are. Bringing out ideas that could perhaps prompt someone else to come up with something better.

Get a grip. If you dont' like what someone posts, state that, but i dont' think you should take it upon yourself to determne what everyone else wants to post about.

If you think someone has no idea what they're talking about, and it's not an obvious troll, why don't you help them out, or at least link to the topic that you say is redundant before locking. You know, a few words go along way towards helping someone.

If you dont' want to link to a similar post that might help someone understand something they dont' fully know, perhaps because you dont' want to take the time to search for the exact post that you're talking about, how do you think the person that did the original post is going to find it?

Lead by example?

Cheers

[mrbrown]

Pikoro, my only response is that I'm doing my job as a forum moderator. Here I have only reiterated points brought up by myself and other moderators. You are free to disagree.

[Drakonite]

If you think someone has no idea what they're talking about, and it's not an obvious troll, why don't you help them out, or at least link to the topic that you say is redundant before locking. You know, a few words go along way towards helping someone.

Letting people learn how to use the search feature of the forums helps everyone.

[KresentPhresh]

I have an idea! Let's be constructive and make fun of people that don't know as much as us! Obviously, we know EVERYTHING and we always have, and we've never gone to anyone else looking for help, so let's all be merry and make fun of the people that are trying!

I remember this one time when I was working at Hollywood Video, this little kid tried to exchange his Grand Theft Auto cuz he got the dreaded Disc Read Error, so I said, "No, your Playstation is broke and you're stupid for not knowing it like I do!" And then I hit him in the face with "Ghostbusters 2".

[ooPo]

When you talk out of your ass - don't be surprised when people think you're full of shit.

We're not here to hold hands and be superfriends.

[allthatinny]

not everyone have the same exp as someone else. Like when i posted the wipeout thing i found and ooPo deleted it. I think that it could be something interesting and ppl could atleast add some ideas to it but i guess my intel is not good enough for the forums so i just kept on reading and learning more i never got mad and flaming other ppl. We are all here to help each other not to announce what we made or found. Every little theory or guess can help alot and as we know we are on to something big cuz sony wont create a update 1.51 for everyone :)

*EDITED: P.S. This is a "PSP Exploit Research Discussion" not a off topic forums so lets stay on the topic folks ;)

[KresentPhresh]

I wanna hold your hand, Oopo, and stroke your soft skin.

Anyway, I was under the impression this was a PSP Exploit Research "DISCUSSION" forum. Y'know, where you do things like DISCUSS your PSP Exploit Researching.

So, lemme ask, if you guys are so damned brilliant, why haven't you figured out how to get my PSP to stream japanese tentacle porn for me?! Huh!? My GOD, you guys must be uber retarded! Pfft! REAL hardware master have already figured out how to use their PSPs to hack Russian spy satellites and watch live video of Lindsay Lohan changing her tampon, and you're still trying to figure out how to play Duck Hunt! Bahaha! I laugh! Oh, not only do I laugh, I SCOFF!

*SCOFF*

See?! I scoffed! And it was GOOD!

-KresentPhresh
"Yes, I'm nuts."

[asmodi]

This is an exploit topic on a PS2/PSP dev forum, who said that people should help out with the understanding of BOF?

Pikoro, the search function is there for a reason. It's like someone asking you on your forum what a PSP is, or stating that the PSP is something else.

[th0mas]

just saw this on securityfocus:

http://www.securityfocus.com/archive/1/ ... 05-05-23/0

does wipeout browser open TIFFs? ;)

[oneman]

It seems to download the tif but not display it.

http://rawdod.com/test.html
http://rawdod.com/test.tif

[th0mas]

thanks for testing it oneman; I do'nt have wipeout so I can't test it myself.

[pyrosama]

I belive I read something a while ago about there being a way to exploit a system with a jpeg - I searched on google for a little while with no results but if there is it may not have been adressed when designing the browser for wipeout seeing is it wasnt intended to be used as a full function browser.


P.Sama

[Mawdsley]

I belive I read something a while ago about there being a way to exploit a system with a jpeg - I searched on google for a little while with no results but if there is it may not have been adressed when designing the browser for wipeout seeing is it wasnt intended to be used as a full function browser.


P.Sama

JPG/PNG exploits were using a NTFS feature. Basically any file on NTFS can have multiple streams. The exploit involved a malformed jpg containing an exe in the second stream. I dont know the specifics but they got the second stream executed.

As this is specific to machines running NTFS there is no point trying it on the psp.

[pyrosama]

Now every one knowing that I dont know much... How about this thought....


I belive I saw the save data encyption key floating around (Not sure though)

If so then the recent update for wipeout is stored on the memory card and the data is read and executed from the memory card....

Would that not be an easy target to exploit? It is looking for files on the mem card that have to have some sort of data that it executes to update the game (or does it simply look to that file as content rather than installing an update file some place?) So modify the update (if not encypted in the same manner as the game files) and have it update the game with an exploit programed into it.


Yeah I know this forum isnt for random thoughts and unsuported theorys but seeing how this thread is trash as it is I figured I might as well post it here.


P.Sama

[steddy]

Mawdsley

JPG / PNG exploits do not rely upon NTFS file systems but are related to corrupt headers in the main stream which cause buffer overflows.

I have tried PNG with the known exploits and the PSP just displays a placeholder image for it. I posted previously on this topic (and got flamed and locked).

Steddy

[Mawdsley]

Mawdsley

JPG / PNG exploits do not rely upon NTFS file systems but are related to corrupt headers in the main stream which cause buffer overflows.

I have tried PNG with the known exploits and the PSP just displays a placeholder image for it. I posted previously on this topic (and got flamed and locked).

Steddy

Not what I read, but we could be talking about separate exploits here. No point arguing.