I found two bugs in different PSP games

[Razorbacktrack]

I found two bugs in 2 different games.

Here the first:



Here the second:



May these be exploitable ? Thanks

Advertising

[martepato]

Most likely they won't lead to an exploit.

Its a good sign if you can get full control over $ra, which is aparently not the case here

I recommend looking at this: http://wololo.net/wagic/2009/03/11/find ... n-the-psp/

Also avoid showing the Module ID and Mod Name in future screenshots.

Advertising

[Razorbacktrack]

Thanks for the informations,so It's useless to try to make an exploit ?

[martepato]

Thanks for the informations,so It's useless to try to make an exploit ?

If you have no experience in programming or understand how the MIPS architecture works you should quit on those crashes.

But keep looking for others!

[Razorbacktrack]

Ok I will find new bugs. Can someone work to these two ? I can give the saves.

[m0skit0]

Good work, keep it going, but why is this posted on the PSV forum?

[wth]

Most likely they won't lead to an exploit.

Its a good sign if you can get full control over $ra, which is aparently not the case here

actually you can exploit without control over $ra too, by just taking control over EPC (for instance with jalr-like instructions)
such bugs may very well lead to exploits, if you can control some registers then there may be a way, just need to look the mips source
I recently made an exploit where I even only had control over one register at first, and didn't take control of $ra but EPC only, using some jalr
this was one complicated game to exploit though, this single controlled register had to respect two precise equations to be able to bypass some useless bugs, and then I had to manipulate many parts of my savedata with valid adresses pointing to valid data etc xD lot more fun than direct control over $ra though xD

I recommend looking at this: http://wololo.net/wagic/2009/03/11/find ... n-the-psp/
Also avoid showing the Module ID and Mod Name in future screenshots.

More worrying, he left the Game's debug data in his console screenshot .. you should delete that, it's definitely sensitive data about the game .. xD

[martepato]

Most likely they won't lead to an exploit.

Its a good sign if you can get full control over $ra, which is aparently not the case here

actually you can exploit without control over $ra too, by just taking control over EPC (for instance with jalr-like instructions)
such bugs may very well lead to exploits, if you can control some registers then there may be a way, just need to look the mips source
I recently made an exploit where I even only had control over one register at first, and didn't take control of $ra but EPC only, using some jalr
this was one complicated game to exploit though, this single controlled register had to respect two precise equations to be able to bypass some useless bugs, and then I had to manipulate many parts of my savedata with valid adresses pointing to valid data etc xD lot more fun than direct control over $ra though xD
imho even though some games need more complicated exploits, all of put together, looks like there are still many exploitable games left on psn ..

I recommend looking at this: http://wololo.net/wagic/2009/03/11/find ... n-the-psp/
Also avoid showing the Module ID and Mod Name in future screenshots.

More worrying, he left the Game's debug data in his console screenshot .. you should delete that, it's definitely sensitive data about the game .. xD (if Sony cares about unreleased exploits, then I bet your game would have been patched already, if it's exloitable, and it may very well be, that's why I wouldn't work on this game anymore personally, now you've leaked such informations)
And as I said, if it where me, with control over even just one register, I'd already have high hopes about exploiting it

Of course Thanks for the clarification.

[Razorbacktrack]

wth I don't think that sony will patch the games (as in motorstorm or minna no tennis) . These bugs could be used in this firmware (1.67) for people that couldn't buy super collapse 3,and as we must find a way to exploit,sony must find a way to patch . And now I think that I "fixed" the screenshoot and maybe sony didn't see the informations that I left. However do you want the saves ? Someone want the saves ? Sorry for the mistake that I made

[wth]

wth I don't think that sony will patch the games (as in motorstorm or minna no tennis).

You never know

sony must find a way to patch.

nothing to investigate for a patch, easy as pie once you know the game

And now I think that I "fixed" the screenshoot and maybe sony didn't see the informations that I left. However do you want the saves ?

You didn't .. on this screenshot
[Censured]

, the first text lines before the psplink exception