| | |
| |
09-11-2010, 03:22 AM I want to know how the tiff exploit worked from a technical aspect, as i may or may not be onto something that could allow chickhen on firmwares higher than 5.03.
I suspect that the exploit worked by overloading the psp's ram, causing it to have to restart in a vulnerable state. If this is not the case then please explain how it works.
09-11-2010, 03:39 AM the TIFF sends a code to whatever kernel or user vulnerability first. then overrides, then goes to ram.
which has been tried on all current firmware by more trusted people and has been determined as unusable.
also, IF you do have an exploit, current chickhen won't work on higher firmwares. you'd have to make a whole new one from scratch and code it for that firmware.
Last edited by xavis; 09-11-2010 at 03:46 AM.
09-11-2010, 04:01 AM It causes a stack overflow.
09-11-2010, 02:04 PM wait...if code was embedded in the tiff, isnt the same also true for a sound or video file?
Last edited by Unkind Student; 09-11-2010 at 03:13 PM. Reason: New Theory!
09-11-2010, 04:13 PM yes. but the important code is not in the TIFF. its in the .BIN file.
09-11-2010, 05:47 PM So how is the .BIN file associated with the Image, or any other type of media viewable by the PSP?Originally Posted by xavis
09-11-2010, 06:37 PM the TIFF file when loaded tells the system to load the h.bin file which has everything in it. codes, overrides, all that good shit.
09-11-2010, 06:50 PM So the tiff has a code embedded in it that tells the psp to read a certain file, regardless of a signature from sony.
09-11-2010, 07:03 PM yes.
filler
09-11-2010, 07:10 PM TIFF images are high quality and as such are often used for exploits, however, to prevent anymore TIFF exploits sony has disabled the ability to read the format on PSP
09-13-2010, 02:01 AM Would embedding such a code be possible with a PNG of GIF format, or was it only possible with TIFF because of its high quality.
09-13-2010, 02:46 AM theoretically it might work. but you would have to go to lan.st and ask them. they would know.
be aware a crash is different then an exploit. so dont go in and hex the shit willy nilly.
09-13-2010, 04:41 AM LibTIFF still works and some crashes were even found but as xavis said a crash is not an exploit.
09-14-2010, 01:47 AM Yeah i am aware of that, trust me, im dont know nearly enough about programming and the such in order to hex edit. I really just want to find a vulnerability that others can work with.
Even if it is hacked we would need to figure out the proprietary software deal, so any mistakes can be easily fixed.
09-14-2010, 01:51 AM dude a 5 year old hex edit. thats basicly how you find a crash. find out what you can do to a tiff and, test the crash on CFW with psplink(or something) then ask at lan.st.
if they tell you that you can get full control over $ra (i believe thats it) then ya, good for you.
not likely though.
| « Noob's First PSP, Please Help? | is there a t9abc plugin?? » |
