Advertising (This ad goes away for registered users. You can Login or Register)

Search found 426 matches

by frostegater
Thu Nov 15, 2012 5:36 am
Forum: Programming and Security
Topic: Crash
Replies: 27
Views: 4035

Re: Crash

To make "step" you should delete breakpoint.
by frostegater
Wed Nov 14, 2012 10:15 am
Forum: Programming and Security
Topic: Kernel Tutorial
Replies: 8
Views: 2390

Re: Kernel Tutorial

Sorry but this tutorial looks just like misinformation to me. Finding kernel vulnerabilities is not just looking for store instructions, you have to understand how different classes of exploits work and investigate every function you suspect contains a vulnerability. Also you don't explain _why_ ov...
by frostegater
Wed Nov 14, 2012 7:00 am
Forum: Programming and Security
Topic: Kernel Tutorial
Replies: 8
Views: 2390

Re: Kernel Tutorial

Try to make kxploit for:

Code: Select all

sceLolExample:
	move   $s0, $a0
	move   $s1, $a1
	sll    $t4, $s1, 4
	subu   $t4, $s0, 16
	sb     $zr, -16($t4)
;)
by frostegater
Wed Nov 14, 2012 6:51 am
Forum: Programming and Security
Topic: Kernel Tutorial
Replies: 8
Views: 2390

Kernel Tutorial

You should know MIPS (http://chortle.ccsu.edu/assemblytutorial/tutorialcontents.html) and C. To get the kernel rights you should make jump from kernel module. You can use sceKernelLibcTime function. Let us consider this function with more details. Pseudo-C (without some things, just more important):...
by frostegater
Tue Nov 13, 2012 8:20 am
Forum: Vita Half Byte Loader
Topic: vHBL porting with missing UtilityLoad/Unload imports
Replies: 12
Views: 1920

Re: vHBL porting with missing UtilityLoad/Unload imports

Can't. It's kxploit: sceWlanGetEtherAddr(0x8800F718); sceWlanGetEtherAddr(0x8800F716); sceWlanGetEtherAddr(0x8800F714); sceWlanGetEtherAddr(0x8800F712); sceKernelDcacheWritebackAll(); sceKernelLibcTime(0, (void *)((u32)kernel_function | 0x80000000), 0, 0, 0); In my sexploit missed LoadModule imports...
by frostegater
Tue Nov 13, 2012 7:20 am
Forum: Vita Half Byte Loader
Topic: vHBL porting with missing UtilityLoad/Unload imports
Replies: 12
Views: 1920

Re: vHBL porting with missing UtilityLoad/Unload imports

// missed dirent syscalls, so we can't read folders sceIoDopen sceIoDread sceIoDclose sceIoChdir sceIoMkdir sceKernelDcacheWritebackAll sceKernelTerminateThread // uses in killing threads sceKernelExitDeleteThread sceKernelDelayThreadCB sceKernelSleepThreadCB sceKernelSendMsgPipe sceKernelTrySendMsg...
by frostegater
Tue Nov 13, 2012 6:42 am
Forum: Vita Half Byte Loader
Topic: vHBL porting with missing UtilityLoad/Unload imports
Replies: 12
Views: 1920

Re: vHBL porting with missing UtilityLoad/Unload imports

Detected firmware version is 0x06060010 p5_get_stubs entering savedata dialog loop status changed from -1 to 2 status changed from 2 to 3 status changed from 3 to 0 dialog has shut down Relocating stub addresses from 0x08414A0C to 0x09D70000 current stub: 0x08414AFC 0x00000011 0x00004001 0x00000005...
by frostegater
Mon Nov 12, 2012 7:22 am
Forum: Vita Half Byte Loader
Topic: vHBL porting with missing UtilityLoad/Unload imports
Replies: 12
Views: 1920

Re: vHBL porting with missing UtilityLoad/Unload imports

Ok. I make undef LOAD_MODULES_FOR_SYSCALLS (and make some useless things to avoid warnings), but now it crashes in creating HBL thread (eloader.c: thid = sceKernelCreateThread("HBL", start_thread, 0x18, 0x10000, 0, NULL);)

Go to advanced search