Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Portables (Games) Entertainment Games

HEN TIFF Exploit Cracks PSP-3000 Open For Homebrew 77

Posted by Soulskill from the finding-a-way dept.
indrora writes "The PSP community was rocked this weekend by the Homebrew Enabler (HEN) from developers Davee and Bubbletune. One of their friends on the Team Typhoon development team posted a YouTube video showing proof of the TIFF Exploit running on Firmware 5.03, changing the firmware version and MAC address for a reboot. This comes after a picture of gpSP running on a PSP-3000 via the HEN exploit. From the QJ.net article: 'First [things] first: No, Davee hasn't finished the HEN yet. Which means it isn't out yet. What we do have today is some visual confirmation that the HEN can indeed run emulators, in this case the GBA emulator gpSP.' And from the more recent article showing the exploit demo video: 'Be patient, everyone. Davee's HEN Kernel exploit will eventually arrive, given time. "This is a demo of the 5.03 firmware running the tiff exploit and booting into a HEN environment on a PSP 2003 (3000 Support also) on 5.03 Official Firmware. This proves that the code survives a reboot and the system software and MAC address can be changed. This is something that only can be done with a kernel exploit. A video launching homebrew will be posted later."' Hopefully, we'll soon have PSP-3000s playing homebrew games and running PSP uCLinux."
This discussion has been archived. No new comments can be posted.

HEN TIFF Exploit Cracks PSP-3000 Open For Homebrew More

HEN TIFF Exploit Cracks PSP-3000 Open For Homebrew

Comments Filter:

  • Re:Why.... (Score:3, Informative)

    by Anonymous Coward on Sunday May 03, 2009 @03:47PM (#27808501)

    Digital cameras produce TIFFs.

  • Re:Why.... (Score:2, Informative)

    by Archaemic ( 1546639 ) on Sunday May 03, 2009 @05:13PM (#27809157)

    Yes, I wonder the same thing about TIFF support on the PSP myself. It was touted as a new feature for the 2.0 firmware, but I don't really see the point, given how insecure it is in general and how rarely it is used. Furthermore, if it is used for a camera picture, it's pretty useless anyway, because the PSP will generally not show the picture if it's too large anyway, which is usually smaller than digital camera resolution. The original PSP model does only have 32MB of RAM, 8 of which is not available in usermode. A fair amount of this memory is unavailable to the decoder anyway, leaving only about 4MB of RAM for displaying a picture.

    I've had two battles with LibTIFF on the PSP, one resulting in a triumphant victory for me (although never released due to various reasons). The other was me actually trying to exploit a crash that lead to the exploit that MaTiAz found (which is the TIFF exploit (user mode) mentioned in this article). The kernel mode exploit used in conjunction with the user mode exploit was found by Davee, as mentioned. However, what was particularly great was how they patched the TIFF exploit for 5.03 in the following firmware: by disabling the section of LibTIFF that was being exploited. If one tries to view a TIFF that has additional channels (i.e. alpha channel, be it premultiplied or whatever), it says unsupported data. Brilliant work, Sony. The TIFF exploit didn't work in any other software because the other software properly supported the additional channels. It's still sort of a mystery how they failed this one so hard.

    Furthermore, there was an exploit in LibTIFF in earlier firmwares (and actually the current stable version of LibTIFF) that was patched by Apple, and then Sony (and most others) adopted the patch. However, the patch itself is broken, as I discovered when looking at it. Therefore, I now have a TIFF that will crash any modern LibTIFF application (unless it has a specific section of LibTIFF disabled, which some do, such as Photoshop CS3), including the PSP on its newest firmware. Works even on the newest firmware. All I can say for the patch is that it did seal the vector for shellcode, even if it didn't seal a vector for a DoS. I filed a patch with the LibTIFF people that sealed the hole entirely, but it's been ignored since January.

  • Re:Why.... (Score:3, Informative)

    by AliasMarlowe ( 1042386 ) on Sunday May 03, 2009 @05:18PM (#27809209) Journal

    Did, you mean. Back when people still used flobby disks...

    Actually, some digital SLRs use variants of the TIFF format to store their "raw" files. They may muck about with the headers and you need to know the RGB response curves to make proper use of the data, but underneath, it's still a TIFF. The Pentax PEF format as produced by the istD family of DSLRs can be rendered by TIFF readers which ignore certain "irregularities" in the header, for instance.

  • Re:Cool (Score:4, Informative)

    by vux984 ( 928602 ) on Sunday May 03, 2009 @05:19PM (#27809213)

    50m is still bigger than all the next-gen (PSWii60) consoles combined.

    Say what now? Wii has 50M pretty much all by itself.

  • Re:Novel idea (Score:2, Informative)

    by wbo ( 1172247 ) on Monday May 04, 2009 @01:19PM (#27817839)
    Actually Davee has stated it will be very difficult [mformature.net] to run pirated games using this HEN.

Slashdot Top Deals

Work is the crab grass in the lawn of life. -- Schulz

Close