11-01-2010 #1Luckluka Guest
W.I.P: PS3 Savegame Buffer Overflow
Yes, ladies and gentlemen, I am going to try and find a buffer overflow in one of my LOCKED Save-game files.
(I mean, why the hell are they locked?, What is the reason? Buffer Overflow might be one reason )
I now start experimenting with NFS:Shift locked game-save file. Follow me at lucklukadev on twitter!
11-01-2010 #2SaveU Guest
I'm assuming they are locked to prevent trophy farming, online cheating with dupes etc..
But good luck looking for bufferoverflow. The more people trying, the more people finding right?
Infinite monkey on typewriter theory
11-01-2010 #3iCEQB Guest
Why do that? In case you really find a buffer overflow and out of a sudden manage to exploit it, you'd only gain the rights on the system every other program has, which is nearly nothing, not even setting mountpoints, so no backups.
With this you could never write inside lv2 kernel space (which the jailbreak can), because every app runs inside a container within RAM, so as soon as you try to do something clever the system will lock up.
So if you have the skills to make exploits, concentrate on porting geohots lv1 exploit to lv2, so we can access the hv that way... more useful then an app in lv2 user space
11-01-2010 #4SaveU Guest
While I agree that porting geohots exploit would be worthwhile, couldn't this buffer overflow idea (if found and exploited) lead to some sort of homebrew for other firmwares??
Like an exploitable savegame buffer overflow, that still exists in 3.50 could lead to homebrew in 3.50 couldnt it?
Or am I missing something rudimentary here. (which is very possible.)
11-01-2010 #5iCEQB Guest
Yeah... but that would be pretty much it... it would be like HBL for PSP's. So if you are realy interested in this homebrew "scene" of the PS3 which only contains of backup managers which you couldn't use in the end... yeah absolutely.
11-01-2010 #6Wonderkik Guest
Isn't the Ps3 protected against buffer overflow? I thought that was one of the reason we had to wait in order to crack the beast?
11-01-2010 #7pasty745 Guest
But even the HBL for the PSP has been able to get kernel access in certain firmwares. If I remember correctly, there was even a ISO loader for one of them (don't feel like looking up which one, but I think it was 5.03). And I'm talking about the models with "un-hackable" MBs (i.e. the 3rd gen PSP-2000s and the 3000s). Also there is the new 6.20 loader that (supposedly) has kernel access and boots to the HBL.
While I would say that the PSP is most likely an easier device to get this kind of access. Any progress with hacking the PS3 is great news. If a HBL can be made to work on PS3s with 3.50 and above, it still means that "the scene" is active and making progress. Good luck to anyone that is helping the PS3 hacking community. Every little bit of working code/exploits helps!
11-01-2010 #8cfwprophet Guest
It wasn't a HBL it was a CFW Loader. Pretty the sam like USB Firm Loader will be. The app loaded a cfw live into RAM. There for it was possible to play umd iso´s from mms device.
Wonderkik is right. The ps3 hase a kind of anti buffer overflow system.Its not really anti and even not a system. Its simply the last syscal "lv1_panic" wich will be called in case something is going on that shouldnt be.
Kind of emergency shutdown. And your buffer overflow or virus or trojan are killed
The usb exploit and the payload hack is the only thing we can do to time.
11-02-2010 #9Luckluka Guest
Yeah, you are right, jailbreak IS enough, I might try porting geohot's exploit, but that still means we need to glitch the memory bus and stuff...