Seriously, forget attempting to hack 1.51 or 1.52 for the time being. Think about 2.0.
Why? The web browser. This gives us another vector of attack on the PSP, and if there are flaws in the browser's buffering system, we can use a good old buffer overflow exploit. Now, this assumes that there is a flaw in the browser in 2.0, which there might not be.
However, the catch is that this would require essentially a custom web server that would be able to inject malicious data into an HTTP response header or something similar. Still, it might prove to be an easier target than bashing an entrance that Sony has already covered up quite well on us.
Anyone agree, or think I am absolutely nuts on this?
2.0 should be the next target
-
TheDevilsJester
- Posts: 16
- Joined: Wed Apr 06, 2005 8:10 am
Nuts. Really.
First you would have to be by a wifi hotspot to access a webpage, just to run homebrew. That fact alone shoots any webbrowser or javascript exploit full of holes.
Those of use doing homebrew (coding and playing) are very few comparitivly right now, imagine if a wireless network was a requirement, the community would slow to a crawl.
Not to mention any exploit we managed would be fixed in 2.1
Trying to hack each new version of the firmware we will always be a dog chasing its tail. We wont progress.
What we need to focus on is trying to trick the PSP into thinking our code is signed. This is not an easy task and may take years..., but its the only way we will get a real working homebrew system.
First you would have to be by a wifi hotspot to access a webpage, just to run homebrew. That fact alone shoots any webbrowser or javascript exploit full of holes.
Those of use doing homebrew (coding and playing) are very few comparitivly right now, imagine if a wireless network was a requirement, the community would slow to a crawl.
Not to mention any exploit we managed would be fixed in 2.1
Trying to hack each new version of the firmware we will always be a dog chasing its tail. We wont progress.
What we need to focus on is trying to trick the PSP into thinking our code is signed. This is not an easy task and may take years..., but its the only way we will get a real working homebrew system.
-
TheDevilsJester
- Posts: 16
- Joined: Wed Apr 06, 2005 8:10 am
And the point being? It wont stop at 2.0. If you hack 2.0 sony isnt going to up and quit. They will fix it in 2.1 and require that for your next big game. Hack 2.1 and sony will fix it in 2.2, do you see the pattern? There is no way to win, we will always be behind, spending the majority of the development time trying to hack each new firmware as its released. Its a pointless endevor. This pattern will end, sure, once sony has fixed all of the holes in its firmware and left us no avenue to exploit. What then? Back to square one because the entire time was spent running up hill.Thanhda wrote:i agree i think its a good idea to try to hack the lastest firmware, not only because you can use the web browsers, you will still be able to play the latest games that are soon to come out.
And in the mean time, we will still have a good portion of people who accidently updated, or bought new ones that were updated or sent them to sony and they had forced updates, etc..., all the while crying for a exploit to firmware x.xx
The only way to progress beyond a dog chasing its tail is to work on a solution to make our executables unofficially signed. Unless we can do that, there is no hope for the continued existance of the PSP homebrew. (I think we can and will accomplish this task, moreso if the devs focus on this rather than trying to exploit each firmware everytime someone whines about it on the forums ;p)
-
Famicom DS
- Posts: 18
- Joined: Fri May 13, 2005 5:46 am
TBH, I don't see how a modchip is going to work. On the original Playstation, Sony were stupid enough to use static data, which could easily be faked with the most basic of Microcontrollers (think PIC12C508). PS2 was more difficult, but could still be done quite easily in a small FPGA or CPLD.
On the PSP, the (encrypted) ELF file is loaded into memory, and then the digital signature is checked, so the only way of faking it is to fake the digital signature, or to find an exploit like we already have. As well all know, faking a digital signature will take too long to be practical, and even though firmware 1.51+ still contains the "formatted string bug", they no longer will run an unencrypted ELF, which is the exploit we have used from 1.00 to 1.50.
Now before you say that the Nintendo DS also uses signed code and was hacked by the hardward PassMe system, Nintendo were stupid enough not to bother to include the header in the signature (as it was easier to support GBA ROMs that way), and only the header was hacked. Since the header contains the execution address, changing this address to point to the GBA slot lets the DS check the signature on the code it thinks it's going to launch and then launch yours instead.
Unless we can find an equivalent exploit on the PSP, the only hardware hack we'll be able to do is a small switch on the side of the console to switch between different firmware versions. Have fw1.00 or 1.5 for homebrew, and 2.0 or whatever for commercial.
Now, does anyone know if the firmware flash is seperate on the PSP, or whether it is munged in a big silicon blob along with other support chips like Nintendo like to do?
On the PSP, the (encrypted) ELF file is loaded into memory, and then the digital signature is checked, so the only way of faking it is to fake the digital signature, or to find an exploit like we already have. As well all know, faking a digital signature will take too long to be practical, and even though firmware 1.51+ still contains the "formatted string bug", they no longer will run an unencrypted ELF, which is the exploit we have used from 1.00 to 1.50.
Now before you say that the Nintendo DS also uses signed code and was hacked by the hardward PassMe system, Nintendo were stupid enough not to bother to include the header in the signature (as it was easier to support GBA ROMs that way), and only the header was hacked. Since the header contains the execution address, changing this address to point to the GBA slot lets the DS check the signature on the code it thinks it's going to launch and then launch yours instead.
Unless we can find an equivalent exploit on the PSP, the only hardware hack we'll be able to do is a small switch on the side of the console to switch between different firmware versions. Have fw1.00 or 1.5 for homebrew, and 2.0 or whatever for commercial.
Now, does anyone know if the firmware flash is seperate on the PSP, or whether it is munged in a big silicon blob along with other support chips like Nintendo like to do?
-
TheDevilsJester
- Posts: 16
- Joined: Wed Apr 06, 2005 8:10 am
And what would that accomplish? You know has fast the PSP homebrew scene would die if it required 2 PSPs? Its a very small niche community as it is. You require 2 PSPs and suddenly the # of developers goes down to very few. The number of people playing the homebrew drops significantly too, thus giving the devs less motivation or desire to make homebrew for the entire community of six people.Warren wrote:I would rather install a modchip in my PSP than buy 2 PSP.
I think buying 2 PSP is stupid because it costs an extra couple of hundred dollars just to run home brew and who wants to carry around 2 PSPs on the chance they want to play homebrew or UMD games?
And you know, all new PSPs are already updated, so only a very few people can get older PSPs for homebrew, and that number will slowly decrease till there are only a couple people that still own a 1.5 < firmware PSP.
Even if sony didnt force firmware update via the new games, just making all new PSPs have the new firmware will eventually flood the market with those, leaving very few with older ones.
This wont stop if you hack 2.0, as I said, it will continue this way, sony can change the firmware at anytime they want. The only way to truly create a homebrew scene is to find a way to use the current system (the portions that "Work as Designed") and trick them into running our code. Something that sony cant patch without breaking compatiblity with existing official games/apps from memory stick.
Personally I am developing homebrew games for the PSP, but if GTA, FF7, or any other big hitter I want requires an update, then its so long homebrew for me. I can gaurentee that the vast majority will do the same. Its difficult for a person to own one PSP with this price, let alone two, so thats right out.
Why do you keep assuming that people have to update for the "next big game". First off, all that we know now is that the games that require updates, require 1.50. Not to mention that, don't you think someone with the ability to run their own games would say screw spending 40 bucks + updating to a firmware not desired?TheDevilsJester wrote:Everything
Anyone who has to buy the "next biggest game" for PSP can probably afford another PSP just for that purpose. I will take my Super Mario World and Goldenaxe over Coded Arms any day...