Page 1 of 3

Kxploit question

Posted: Sun Apr 08, 2012 7:01 pm
by fidelcastro
only raise the question about the kernel exploit in saved games and if possible, could be ported to PSVita?

Re: Kxploit question

Posted: Mon Apr 09, 2012 12:50 am
by fate6
*snip*

Re: Kxploit question

Posted: Mon Apr 09, 2012 10:09 am
by m0skit0
@fate6: please abstain answering stuff you have no idea about and confusing people, thanks.

There's no kernel exploits on savegames. Those are user mode exploits. Kernel exploits are found by another means, but you definitely need a user mode exploit to be able to do what's called a "privilege escalation". If you had a kernel exploit for 6.60 firmware it would most likely work on PSV's PSP emulator since it emulates 6.60 FW.

EDIT: moves topic to PSP/Security

Re: Kxploit question

Posted: Mon Apr 09, 2012 11:50 am
by fidelcastro
I think not entirely sure this statement Professor, I think maybe if possible a core mode in a save, though perhaps not be entirely valid, although I have not got the skills to get to exploit it if it were so.

I opened the thread in general because I wanted to bring it more into a kind of debate

Re: Kxploit question

Posted: Mon Apr 09, 2012 4:30 pm
by FrEdDy
fidelcastro wrote:I think not entirely sure this statement Professor, I think maybe if possible a core mode in a save, though perhaps not be entirely valid, although I have not got the skills to get to exploit it if it were so.

I opened the thread in general because I wanted to bring it more into a kind of debate
Let's clear this once and for all...
SAVEDATA EXPLOITS ARE ONLY USERMODE
That's because games are run in user mode, and only in user mode.
It is possible to port a kernel exploit to PSV, but you need a working usermode exploit too in order to run it, as m0skit0 said, it's called privilege escalation: you gain the privilege to execute code in usermode with an usermode exploit, and then you run some code that gives you the privilege to run code in kernel mode.
Got it?

Re: Kxploit question

Posted: Mon Apr 09, 2012 5:12 pm
by fidelcastro
if that I have always known, but also believe it is possible to attempt the direct kernel mode, either saved game or vsh, not saying it will work, but if it could be possible.

although it may be wrong.

Code: Select all

host0:/> Loading all modules ... Ready
Exception - Interrupt
Thread ID - 0x00CDC301
Th Name   - sndp thread se
Module ID - 0x0199B019
Mod Name  - sceSAScore
EPC       - 0x88279000
Cause     - 0x10000400
BadVAddr  - 0x8B761715
Status    - 0x00088603
zr:0x00000000 at:0xBFC00000 v0:0x00000000 v1:0x00000001
a0:0x88210480 a1:0x00000000 a2:0x88049680 a3:0x882FD710
t0:0x00000000 t1:0x00000001 t2:0x880158E0 t3:0x00000000
t4:0x000092D0 t5:0x00000001 t6:0x880152E8 t7:0x80020000
s0:0x88066E48 s1:0x00000002 s2:0x881F1238 s3:0x00000000
s4:0x88049680 s5:0x00000000 s6:0x00000004 s7:0x88050000
t8:0x881F1260 t9:0x881F1260 k0:0x09FE6B00 k1:0x00000000
gp:0x089A7000 sp:0x882FD6C0 fp:0x800201AB ra:0x88030834
0x88279000: 0x8CF50000 '....' - lw         $s5, 0($a3)
although this save game could not be ported to vita, for now

Re: Kxploit question

Posted: Mon Apr 09, 2012 6:43 pm
by m0skit0
fidelcastro wrote:Exception - Interrupt
That's not exploitable.

Re: Kxploit question

Posted: Mon Apr 09, 2012 7:03 pm
by fidelcastro
I know, just one example of what should not happen

Re: Kxploit question

Posted: Mon Apr 09, 2012 7:30 pm
by m0skit0
fidel, I already told you what you have to do: learn programming. You'll understand all this better.

Re: Kxploit question

Posted: Mon Apr 09, 2012 9:08 pm
by fidelcastro
good, point dead.
and if, learning programcion in C, assembler and other options will understand better, I will not make excuses cheap about it .

just trying to understand some things, like this save game failure, which can be written without Deemer savegame or by jumping to kernel addresses in user mode,

nothing, continue with our pitiful existence