Firmware 2.6 hack

[Constantine]

This post has been updated as of 11:15pm EST

Quote:

Originally Posted by QJ.Net

Break out your calendars folks, because this may be a day that you want to mark as a pivotal day in the history of PSP homebrew. A developer known as hitchhikr of "hitchhikr SoftWorks" and coder companion Neural have come out with a Proof of Concept of a 2.50/2.60 Firmware Exploit! Once implemented and fine tuned for "normal user" use, this will bring 2.50 and 2.60 Firmware up to the same homebrew capability that 1.50 PSP owners enjoy with FULL kernel mode access - although Grand Theft Auto: Liberty City Stories will still be required, just like with eLoader.

Speaking of eLoader, Fanjita is already working with hitchhikr on incorporating this new exploit into an easily executable means via eLoader. After a brief chat with Fanjita, he's told us that you can expect some generic application for developers to hopefully be released in the next 24 hours. It will take a bit longer before something useable for non-devs will be released.

The exploit takes advantage of an added security check in 2.50/2.60 Firmware for sceKernelLoadExec, which is responsible for loading EBOOTs, but Sony also accidentally added an overflow bug, which means this exploit will not work with 2.0 and 2.01 Firmware.

Below you will find a download of hitchhikr's & Neural's Proof of Concept - this is not intended for the casual user. It creates dump files containing kernel memory dumps in the root of the memstick (boot.bin, kmem.bin, klib.bin). It also creates writeaccess.bin which contains just the hex (12 34 56 78) to prove that kmem CAN be written to.

But don't start upgrading those PSP's yet until a viable means of implementation is released! Also, this breakthrough does not open up the possibility of a downgrader due to the protection in the IPL in 2.50+ firmware. Although speculation has already begun that this will open the door to the decrypting of 2.70+ Firmware, allowing it to be emulated a la Devhook.

We will stay on top of this breaking news all day long and be constantly updating this news post with information as soon as we get it! Stay with QJ.NET and PSPUpdates for all the latest!

Download: [2.60 Firmware Exploit - Proof of Concept]
Read: [QJ.NET Forum Discussion Thread]


UPDATE #1: Fanjita has released the "source" of his work so far today on this newly discovered exploit. If you would like to take a look at it and continue investigating where he left off for today, have a look!

Only for v2.5 / v2.6.

Based on Proof of Concept code by Hitchhikr / Neural.

Function : Attempts to load ms0:/kernel.elf using sceLoadModule/sceStartModule when in kernel mode, after writing a NOP to 0x8801A5B4.

Diags: Writes a log of operations to ms0:/GTALOG.TXT.
If LoadModule fails, writes the error code to ms0:/failload.trc.
If StartModule fails, writes the error code to ms0:/failstart.trc.

Check out the included readme for more info! (Thanks for the tip, gangsta_psp!)

Download: [Fanjita's Exploit Source - Day 1]


Note: This news post will stay at the top of the page for most of the day to ensure everyone gets a chance to see this breaking story unfold. Scroll down for more up to the minute news from QJ.NET!

http://pspupdates.qj.net/Breaking-Ne...g/49/aid/57216

[odhranus]

i hate that pspupdates is blocked on this pc

[Pagnell]

Looks interesting - Fanjita is already trying to find a way of implementing it so with any luck this will be working within a day or two. Full kernal mode emulation on 2.6 firmware - that would be nice.

[2poor]

Very interested in how this develops...I still like my 1.5 though and would love to see 2.7+ FW decrypted for use in Devhook. 8)



ps. I added quote tags to your post Constantine, lest we suffer the wrath of someone bickering about original content.

[weezer]

Awesome news. Time to get gta :lol: