SLEEPING GUARD exploit soft-release (information only)

[masterj001]

Ok, this is only a soft release, as i don't have the files on this specific computer... But here goes. I've been working on this for over a year...

THE SLEEPING GUARD EXPLOIT

The way this exploit works is, you create a prx file that modifies a RAM value (mine was simple enough, using 0x088A243C as a base) and modify as simple of a flash1 file as possible (in my particular case, i chose the updater configuration) to essentially bootstrap it.

Honestly, i'm surprised nobody else thought of loading a file at startup that edited the RAM values before the security kicked in and locked out access...

I want to make some changes to the exploit prx before releasing my files... For instance, i was hoping people would go for the idea of implementing satellite.prx's capabilities... I've made some small strides in unifying the files, but i could quite possibly bootstrap that prx with the current prx...

Any comments or questions should be restrained to this thread.

(edit: ) i will start giving answers in the morning. I've been awake for four days straight now... I've had waaaaayyyyyy too much to do, and i need sleep.

Advertising

[snailface]

Soft release? That's a new one.

Oh, you said "(information only)". Computer code is information so where does that leave you?

"WIP thread"

Advertising

[fate6]

its not exactly a WIP thread since he is telling you how to do it but cant provide the files at the moment
but with the info in the OP you could just make it yourself

now IMO the most interesting part about this is the possibility of a 6.60 perma patch
I will leave that to the people with the skills to decide tho

[garrei]

would this be at all useable on the vita? Maybe if UVL could launch the PSP emu and use sleeping guard to maybe load up a PSP XMB? im probably way ahead of myself here but it would be interesting if the vita can use this.

[ViKtory]

Interesting.


Go on...

[Steven]

how much risk factor is involved if it's successfully made (i hope)

[Zer01ne]

For modifying RAM value you need to run unsigned code, for running unsigned code, you need to have an exploit.
I dont know what will change from LME or PRO.

[masterj001]

The beauty of it is it runs before memory protection engages. The kernel loader itself runs it, so it has kernel permissions, signed or not. And i doubt it would be effective on the vita's psp emulator, as, if i'm understanding it correctly, the vita loads it after the vita firmware starts up, so memory protection is most likely already active when it runs. Plus, if it is possible, you would need to modify the exploit prx to edit the right mmemory values for the vita, which, AFAIK are unknown... But, barring those two flaws with the vita, if you can find the value and load it with the vita firmware, and make sure it doesn't get overwritten, it's potentially possible.

[masterj001]

how much risk factor is involved if it's successfully made (i hope)

About as much risk as a permanent gameshark on another console. All it is doing is editing RAM values... So as long as you choose the right value and you don't write over something vital, it shouldn't crash... And even if you get the value wrong, unlesss you're extremely unlucky and use a memory address holding vital information for functioning, it should load, and you should be able to just reflash with a new prx.

[ShimaFlareX]

Stop feeding the troll please.