Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Portables (Games) Sony

Buffer Overflow Found in PSP Firmware v2.0 90

Doomstalk writes "PSP news site PSP Updates is reporting that a buffer overflow flaw has been found in PSP firmware v2.0's photo viewer. So far it's only been used to corrupt the menu display, but it holds great promise for running homebrew code on upgraded PSPs." From the article: "Thanks to the unknown author(s) for this great starting point to have homebrew on 2.0, all that is needed are coders to extend this knowledge for full homebrew usage on the v2.0 firmware. We cannot say when someone will step up to the plate and write the code for users to run homebrew on a 2.0 using this exploit, but we will definitely have our ears (and email boxes) open and be sure to let you know as soon as we do."
This discussion has been archived. No new comments can be posted.

Buffer Overflow Found in PSP Firmware v2.0

Comments Filter:
  • Exploit (Score:3, Interesting)

    by EnderWigginsXenocide ( 852478 ) on Saturday September 24, 2005 @02:21PM (#13639167) Homepage
    When will the first PSP worm/virus be out in the wild?
    • Re:Exploit (Score:1, Funny)

      by Seumas ( 6865 )
      PSP already has worms [joystiq.com].
    • Re:Exploit (Score:4, Insightful)

      by Anonymous Coward on Saturday September 24, 2005 @02:37PM (#13639235)
      There is no point in a PSP Virus, If any of them were mass-bricked, It would end up hurting nobody but sony in the long run because they would have no choice but to fix all the bricked psp's...

      I'm sure somebody could write somthing to brick a psp using the lua language...even just ruin somthing by possibly clocking up all 3 processors by insane amounts then make it do millions of simple commands over and over till it breaks... But the only way it would really spread would be way of the homebrew, and its not like wifi would spread it because nomatter what to recive somthing via wifi you must:

      1: Have the wlan switch on
      2: Have an active connection
      3: Accept this file

      Therefore any worm that would be released would proove useless...

      And if anybody is dumb enough to shop on their psp, well then they should have their identity stolen for not having anywhere near enough security!

      --PrimalTheory
      • Re:Exploit (Score:2, Insightful)

        by DrSkwid ( 118965 )
        your agument is the same for cabir [f-secure.com]

        Does this sound familiar ? :

        Cabir replicates over bluetooth connections and arrives to phone messaging inbox as caribe.sis file what contains the worm. When user clicks the caribe.sis and chooses to install the Caribe.sis file the worm activates and starts looking for new devices to infect over bluetooth.

        To get cabir you need

        1. Have Bluetooth switched on
        2. Have an active connection
        3. Accept this file
        4. Press OK to install
      • I agree. I'm certain that Sony will have no problem keeping practicaly every PSP fully updated by the costumers themselves. They are offering lots of stuff online and it'll probably only work if the PSP is up to date.
  • by bartkusa ( 827611 ) on Saturday September 24, 2005 @02:49PM (#13639324) Homepage
    ...but I don't think I've ever seen a buffer overflow being celebrated before.
    • by ikkonoishi ( 674762 ) on Saturday September 24, 2005 @03:04PM (#13639439) Journal
      Well you see when companies go to great lengths to piss off their most devoted customers. It becomes an event worthy of celebration when said customers manage to use the product in the way they wanted to when they paid for it.
      • Now, I'm all for hacking your PSP into whatever you want it to be, but it's not like Sony's pulling a bait-and-switch. They wanted this thing to be a tightly controlled console that only ran their approved code, and it's been that way since day one. If you bought it with other intents in mind, then hey, have fun making it meet them, but it's not like you can claim that Sony misled you.

        I know this probably isn't what you meant, but it does carry that implication.
    • Pretty sure people were happy when the first one was found for xbox. I don't imagine party hats and champagne or anything, but a tool is a tool I guess.
    • Hey, lots of people like me you insensitive clod.
    • I think the rule of thumb is:

      DRM, it turns the bad into good, and the good into bad.

      DRM is kind of the "soviet russia" of technology.
  • by Myself ( 57572 ) on Saturday September 24, 2005 @06:41PM (#13640945) Journal
    Why throw your money at Sony, who does their best via DRM and everything to keep you out, when open platforms like the Tapwave Zodiac [portagame.com] invite developers in?

    Of course, this "feed the hand that bites us" behavior among gamers has already forced the Zodiac off the market -- nobody was buying it.

    Ditto XBox! Why do geeks, who should oppose every shred of DRM and proprietarism that the green thing embodies, go out and buy the thing only to turn it into a set-top linux box? Hello? You're throwing money AT the evil empire.

    I understand there's a certain challenge to "owning" such a closed system. Fine, show Microsoft and Sony you're better than them. But at the end of the day, all this activity does is encourage MORE of exactly the wrong behavior on the megacorps' part.
    • Because the Zodiac kinda blew? Being an "open" system does not make something a "quality" system.
      • Actually the Zodiac itself had a better hardware spec than the DS in the shape of vastly more memory, superior support via it's ATI Imageon graphics card, higher resolution display and a much faster CPU). It also had a much sleeker form factor and had the added bonus of being a functional PDA with a huge library of Palm software available for it (something I wish the PSP had).

        Obviously this came at a cost - it was double the price (so at the PSP price point, but with less than PSP level performance, and wit
    • actually tapwave is just a kinder gentler sony.

      they still require signing but are more likely (relative to sony) to grant you "authorization" (don't you just like how in the modern world you need permission to access your own property?)

      so the tapwave isn't a good example.

      a good example would be something like the gamepark32 (and it's newer brother). there's no "signing" required or supported on the hardware.

      and may i say that " Why throw your money at Sony, who does their best via DRM and everything to keep
    • (As a first side note, I think the GP2X [gbax.com] is an interesting throw at an open handheld console.)

      That was cute, but you forget one major aspect of humanity in general and geeks in particular:

      We're lazy.

      And that means we don't uphold our principals 100% of the time. Sure, I'm against closed standards. What's that? A dirt-cheap linux box, with a small (for a PC) form-factor, and they're all identical? I'll take three!
      What? Microsoft? Bah, you know they actually LOSE money on the X-Box hardware, don't you?

      That sai
      • sadly, if a console is open, you can bet that the openness will be used 95% of the time to play pirated games, not homebrew ones.

        There is a middle ground of legal emulation. If you own a copy of a Lucasarts adventure game, and you use your right under 17 USC 117 to use ScummVM DS [drunkencoders.com] to install it onto a CompactFlash card and then put the CF card into an adapter [ndshb.com] on your Nintendo DS, you can still play commercial quality games without piracy.

        Quite simply because commercial games are of much higher quality

        • That's all fine and dandy except that falls within the 5% (and I think that's highly generous) of homebrew users. Most people will just download isos from some 0-day warez site and play them on their system, completely ignoring all the homebrew software out there. And the few people enjoying homebrew don't make up for the much larger number of people warezing commercial games. Sure, the PSP didn't run pirated PSP games yet AFAIK but it runs emulated games, some of which (GBA, for example) are still being ma
    • by Moraelin ( 679338 ) on Monday September 26, 2005 @03:33AM (#13648984) Journal
      Frankly, I own a gaming console, you know, for gaming. You may notice a highlighted word there. Hint, it's: gaming.

      I do not buy it to make some political statement about open vs closed software. I buy it to play games on it. If Sony has the games I want to play, and some hypothetical vendor has this super-open GPL-conform Stallman-approved ESR-blessed platform without many games, you can guess whose I'll buy. Hint: it starts with "So" and ends with "ny".

      The whole "feeding the hand that bites us" metaphor is emotional and all, but I don't feel bitten at all so far. I gave them some money, I got some games I wanted in return. If anything, I'm "feeding them" to get more games like those in the future. But more pragmatically, I'm not "feeding" anyone. I'm just acting in my own interest as a consumer, and buying the one that's the better product for me right now.

      And if DRM is what it takes to get those games, fine by me. I can still plug the cartridge or UMD in and play the game, right? Well then why should I care what technologies went into that UMD or the loader in the BIOS?

      You assume too much that all geeks are like this or that, all are on a zealot crusade against the very idea of commercial software, and all bought an XBox or a PSP just to run Linux on it. Which is just false. I for example am a terminal geek all right, but I bought my XBox to actually run XBox games like Fable or Jade Empire. Even those two alone make it well worth every cent MS got from me. I know only two people who've modded their XBox and that was to add some multimedia functionality and IIRC a bigger hard drive, not to run Linux on it.

      Basically rest assured that when you read news about someone's uber-l33t port of Linux to some game console, you're really reading about a small minority that gives a damn at all, and mostly just to show that they can do it. It's the geek equivalent of showing that you can tear a phonebook with your bare hands: it's not actually _needed_ (there are easier ways to destroy a phonebook), it's not what everyone buys a phonebook for, and it doesn't make it a better phonebook than it was before being torn. It's just a way to show off. Unlike tearing a phone book with your bare hands, though, pretty much noone else gives a damn about it.

      Now lot more people will care about it if it lets them pirate UMD games and play them off the memory card. (That was the main reason people modded their PS1, PS2 and XBox, btw: to be able to play pirated games.) But even then we're talking freeloaders, not people on a holy jihad for the glory of OSS. Rest assured that _all_ they wanted was to let someone else (e.g., the rest of us paying customers whose money keeps those devs in business) pay the tab for their gaming, not to make some "free as in speech" political point.
    • Er.

      It might have something to do with Sony's hardware still being supported, as opposed to Zodiac discontinuing [palminfocenter.com] support.

      Plus, it's based on PalmOS, isn't it?

      But I could be making that up ...
  • by Anonymous Coward on Saturday September 24, 2005 @07:15PM (#13641147)
    The PSP and this rather lame exploit which only lets you run up to 64kb which to those who dont know isnt enough to run 99% of homebrew and emulators, yes it creates news but its not going anywhere, thank god the new Portable Linux Console that embraces Open Source Coding has arrived, Emulation and Homebrew with out stupid little exploits, yes im talking about the GP2X http://www.gbax.com/main.pl [gbax.com] Once it arrives we can say hello to the future of amatuer coding.
    • by cowscows ( 103644 ) on Sunday September 25, 2005 @11:07AM (#13644688) Journal
      Languages are for communicating. Languages have rules. Rules make it understandable. Some rules involve punctuation. Some times you want to denote the end of one phrase. Then you start the next one. There's a piece of punctuation for this. Yes, I'm talking about the period.

      .

      I hate to pick on someone for their grammar, but there's a difference between having bad grammar and being so incredibly lazy with your writing that a reader has to go over it five times to understand what you're trying to say.
  • welcome our buffer overflow overlords.

    who'd have thunk it?

    that BO's would be a freedom fighting geek's best friend.
  • by quaker5567 ( 841639 ) on Saturday September 24, 2005 @08:21PM (#13641526)
    So far only binaries smaller than 64KB can be run and only in user mode not kernel mode. NO ACCESS TO KERNEL NO DIRECT ACCESS TO FIRMWARE Still a long way to go before a full exploit.
    • So far only binaries smaller than 64KB can be run and only in user mode not kernel mode.

      But can't a user-mode program make a few syscalls, telling the kernel to open files on the Memory Stick and then copy them into RAM, and then jump to the loaded homebrew code?

      • If it were that easy, all the 2.00 owners would be playing mario right now ;)

        Code in user mode can't demand that the kernel do anything. It can ask and see what happens. The kernel will decide itself what it wants to do. There's no direct access to the firmware, thread/process manager etc. from user mode.
    • In addition, I don't see what everyone is getting so excited over.

      Let's say they do fully crack firmware 2.0...no big deal. Sony will then launch a knockout punch: GTA: Liberty City Stories automatically installs the brand-new, patched 2.10 firmware.

      Crack the 2.10 firmware? No problem, essential games like Madden 2007 and Lumines 2: "The Bloodening" will come with the spiffy new 2.50 firmware.

      If you ever intended to play official games at all, emulation and homebrew on the PSP will be a losing battle. Th
    • You crazy kids.
      I remember back when 64KB was A LOT of memory.
  • democracy (Score:2, Insightful)

    by chigun ( 770799 )
    I do not agree with funding evil empires such as Sony by purchasing their items and then "cracking" them. Sony will just keep forcing more firmware, and you the faithful consumer, will continue cracking it. In the meantime, you're purchasing new duo sticks, umd vids, and games. Sony has tricked you into becoming a loyal customer by dangling the golden carrot that is their "unbreakable" firmware.

    I'll vote with my dollars and not purchase one at all. The GP2X intrigues me though, even though there is some
    • Re:democracy (Score:2, Informative)

      by All_Star25 ( 736597 )
      http://www.gbax.com/drmgp2x.html [gbax.com] details the DRM in the GP2X. And plus, I'd imagine it somewhat tricky to implement on a Linux-based platform.
    • As I was saying before, I bought it to play games on it. Sony didn't have to "trick" me into anything. They just had to have the games I want to play. That's all.

      Yeah, if all you wanted from a portable console was to run some old emulator on it, the PSP might not be the one for you. But then you know what? Go buy whatever console lets you run those, and quit whining already. Does the GP2X let you run those? Well, good for you, then. Get one of those, then, and give it a rest already.

      No, seriously. It's not
      • This is slashdot, where linux zealots will take any opportunity they can to whine about how big company X is trying to prevent them from running they're favourite distro of linux on widget Y cause linux is the bestest awesomest most coolest thing in the WHOLE WIDE WORLD!!!!1!1eleventyone!!

        Me I agree with you. I got my PSP to play games on and I don't have a problem paying money to buy those games. If DRM gets to the point where it truly restricts my or anyone else's ability to use the products I purchase as
      • You are not the consumer I was referring to, so simmer down. The average consumer (you apparently) will never notice anything but good changes in their "updated" firmware. I have nothing against proprietary formats in theory, but proprietary hardware that ONLY supports that format, just plain sucks.

        Sony is always pulling crap like this and then years down the line they play catchup (like the stupid "network walkman" or whatever its called).

        The PSP is an elegant product, i do not deny that, but elegance is
  • check it on pspupdates.com a hello world program is out for 2.0 psps... not much time before homebrew makes its way to 2.0 psps...
  • 1.5 Owner (Score:3, Insightful)

    by fwitness ( 195565 ) on Sunday September 25, 2005 @01:18PM (#13645465)
    Thankfully, there are no games out that force a 2.0 upgrade that I want. I shiver as a gamer saying that. The battle may soon be won over 2.0, but the war will inevitably be won buy Sony when 2.1 is released to fix this. Games will require it, and if you want to play games, you will have to play *their* game of firmware upgrades. It's silly, stupid, and I hate it. I still have the DS, but Sony, please, please, just let us run our homebrew apps. It's a better world if we all get along. Go after the pirates aggressively, fine. But leave us that just want to run a file-transfer program and ScummVM alone. I love your product, please stop fugging with it.
    • It is only a matter of time until everybody is going to have to upgrade to the new firmware. Sony will probably include it on GTA:LCS. I don't plan on owning a PSP so it doesn't really affect me, but I still hope that maybe in the future they will release cheaper development kits that use disks that have less capacity so they can't be used to pirate games but they can still be used to make some small games.
      • Yep, GTA is probably going to be the killer app for the PSP. I'll be glad when it finally comes out, so I can play games on the PSP. It will be a sad day though, as it will probably upgrade my firmware.
    • Re:1.5 Owner (Score:4, Informative)

      by Elite Xizer ( 915457 ) on Sunday September 25, 2005 @05:04PM (#13646620)
      Have you guys not heard of the Firmware changer? There will be no need to upgrade from 1.50 to 2.00 when GTA: LCS arrives. Just run this program [qj.net] and it will let you play it on a 1.5 PSP
      • Indeed I had not. It's difficult to wade through the mass of PSP software out there. Some bogus, some horribly beta, some incredibly useful. I suppose this is why I still post on slashdot occasionally. :) You have officially made my day.
    • Re:1.5 Owner (Score:3, Interesting)

      by grumbel ( 592662 )
      ### but Sony, please, please, just let us run our homebrew apps.

      ACK, especially since the piracy argument is pretty much void, I mean a 1GB memory stick costs around 100EUR, I can get two original games for that price and it might not even enough to hold a single complete game. So to make it work you either need to limit yourself to those games that don't use much diskspace or cutout the cutscenes and other space consuming stuff. So piracy might still be there, but its really far less attractive then say fo
  • Paint Shop Pro just isn't what it used to be. Who wants to start a fork?!
  • Hello everyone. I upgraded my PSP to 2.0 so i could try and make some games for the new firmware version. I have written a few Java type games that work well useing the built in browser in the 2.0 firmware. These games/Apps can be launched from the browser pretty easy. If anyone knows of a good place to upload them so the PSP world can get to them let me know. Or if you want me to email you insrtuctions on how to do such things drop me a line :)

In order to dial out, it is necessary to broaden one's dimension.

Working...