Page 1 of 2

Maybe *new usermod exploit ?

Posted: Sun Feb 17, 2013 10:55 pm
by katsu

Code: Select all

Exception - Bus error (data)
Thread ID - 0x0
Th Name   - user_main
Module ID - 0x0
Mod Name  - X
EPC       - 0x089933FC
Cause     - 0x1000001C
BadVAddr  - 0x40003600
Status    - 0x60088612
zr:0x00000000 at:0xDEADBEEF v0:0x00000001 v1:0x6AFE9EE8
a0:0x61616160 a1:0x00000000 a2:0x099D3D88 a3:0xDEADBEEF
t0:0x000007D0 t1:0x099D35B8 t2:0x089AF308 t3:0x089B0000
t4:0xDEADBEEF t5:0xDEADBEEF t6:0xDEADBEEF t7:0xDEADBEEF
s0:0x099D35C0 s1:0x09FFF6F0 s2:0x09FFEC20 s3:0x089BF5B0
s4:0x089A0000 s5:0x089F0000 s6:0xDEADBEEF s7:0xDEADBEEF
t8:0xDEADBEEF t9:0xDEADBEEF k0:0x09FFFB00 k1:0x00000000
gp:0x089B7720 sp:0x09FFEBF0 fp:0x09FFFA90 ra:0x08993390
0x089933FC: 0x8C620004 '..b.' - lw         $v0, 4($v1)

Re: Maybe *new usermod exploit ?

Posted: Sun Feb 17, 2013 11:00 pm
by katsu
other way look $v1

Code: Select all

Exception - Bus error (data)
Thread ID - 0x0
Th Name   - user_main
Module ID - 0x0
Mod Name  - x
EPC       - 0x08808270
Cause     - 0x1000001C
BadVAddr  - 0x00003600
Status    - 0x60088613
zr:0x00000000 at:0xDEADBEEF v0:0x6BFE3070 v1:0x61616161
a0:0x089A0000 a1:0x089A0000 a2:0x089C49D8 a3:0x3F800000
t0:0x09FFEA00 t1:0x09FFE980 t2:0x08A50000 t3:0x0B000000
t4:0x0E120000 t5:0x3F800000 t6:0x1280011C t7:0x12800000
s0:0x089BF5B0 s1:0x089ACD28 s2:0x089C0000 s3:0x00000000
s4:0x089BF5B0 s5:0x00000006 s6:0x089ACD28 s7:0x06000000
t8:0x00000002 t9:0x08A48040 k0:0x09FFFB00 k1:0x00000000
gp:0x089B7720 sp:0x09FFE640 fp:0x08FFFFFF ra:0x0880821C
0x08808270: 0x8C450000 '..E.' - lw         $a1, 0($v0)

Code: Select all

host0:/> disasm $epc-150
0x088081D8: 0x3C04089A '...<' - lui        $a0, 0x89A
host0:/> disasm $epc-150 150
0x088081D8: 0x3C04089A '...<' - lui        $a0, 0x89A
0x088081DC: 0xC7A20460 '`...' - lwc1       $fpr02, 1120($sp)
0x088081E0: 0xC440991C '..@.' - lwc1       $fpr00, -26340($v0)
0x088081E4: 0xC4819920 ' ...' - lwc1       $fpr01, -26336($a0)
0x088081E8: 0x3C02089B '...<' - lui        $v0, 0x89B
0x088081EC: 0x46001002 '...F' - mul.s      $fpr00, $fpr02, $fpr00
0x088081F0: 0x46011042 'B..F' - mul.s      $fpr01, $fpr02, $fpr01
0x088081F4: 0x8C433BD8 '.;C.' - lw         $v1, 15320($v0)
0x088081F8: 0x4600008D '...F' - trunc.w.s  $fpr02, $fpr00
0x088081FC: 0x460008CD '...F' - trunc.w.s  $fpr03, $fpr01
0x08808200: 0x8C640000 '..d.' - lw         $a0, 0($v1)
0x08808204: 0x44021000 '...D' - mfc1       $v0, $fcr2
0x08808208: 0x44031800 '...D' - mfc1       $v1, $fcr3
0x0880820C: 0x00021600 '....' - sll        $v0, $v0, 24
0x08808210: 0x0003BE00 '....' - sll        $s7, $v1, 24
0x08808214: 0x0E214339 '9C!.' - jal        0x08850CE4
0x08808218: 0xAFA2045C '\...' - sw         $v0, 1116($sp)
0x0880821C: 0x3C04089A '...<' - lui        $a0, 0x89A
0x08808220: 0xAFA20458 'X...' - sw         $v0, 1112($sp)
0x08808224: 0x3C02089A '...<' - lui        $v0, 0x89A
0x08808228: 0x3C0300FF '...<' - lui        $v1, 0xFF
0x0880822C: 0xC4819928 '(...' - lwc1       $fpr01, -26328($a0)
0x08808230: 0xC4409924 '$.@.' - lwc1       $fpr00, -26332($v0)
0x08808234: 0x8FA60458 'X...' - lw         $a2, 1112($sp)
0x08808238: 0x8FA5045C '\...' - lw         $a1, 1116($sp)
0x0880823C: 0xE7A00310 '....' - swc1       $fpr00, 784($sp)
0x08808240: 0x3463FFFF '..c4' - ori        $v1, $v1, 0xFFFF
0x08808244: 0x00A3F025 '%...' - or         $fp, $a1, $v1
0x08808248: 0xE7A10314 '....' - swc1       $fpr01, 788($sp)
0x0880824C: 0x3C05089A '...<' - lui        $a1, 0x89A
0x08808250: 0x44806000 '.`.D' - mtc1       $zr, $fcr12
0x08808254: 0x8CC20B94 '....' - lw         $v0, 2964($a2)
0x08808258: 0x8CC30B90 '....' - lw         $v1, 2960($a2)
0x0880825C: 0xC4B4992C ',...' - lwc1       $fpr20, -26324($a1)
0x08808260: 0x000210C0 '....' - sll        $v0, $v0, 3
0x08808264: 0x00431021 '!.C.' - addu       $v0, $v0, $v1
0x08808268: 0x000210C0 '....' - sll        $v0, $v0, 3
0x0880826C: 0x00511021 '!.Q.' - addu       $v0, $v0, $s1
0x08808270: 0x8C450000 '..E.' - lw         $a1, 0($v0)
0x08808274: 0x8FA20310 '....' - lw         $v0, 784($sp)
0x08808278: 0x8E040668 'h...' - lw         $a0, 1640($s0)
0x0880827C: 0x3C06089C '...<' - lui        $a2, 0x89C
0x08808280: 0xAFA20318 '....' - sw         $v0, 792($sp)
0x08808284: 0x27A90308 '...'' - addiu      $t1, $sp, 776
0x08808288: 0x24A5000D '...$' - addiu      $a1, $a1, 13
0x0880828C: 0x8FA20314 '....' - lw         $v0, 788($sp)
0x08808290: 0x8C830008 '....' - lw         $v1, 8($a0)
0x08808294: 0x2407000F '...$' - li         $a3, 15
0x08808298: 0x24C4FC18 '...$' - addiu      $a0, $a2, -1000
0x0880829C: 0xAFA2031C '....' - sw         $v0, 796($sp)
0x088082A0: 0x27A60318 '...'' - addiu      $a2, $sp, 792
0x088082A4: 0x27A80074 't..'' - addiu      $t0, $sp, 116
0x088082A8: 0xE7B40308 '....' - swc1       $fpr20, 776($sp)
0x088082AC: 0x4600A586 '...F' - mov.s      $fpr22, $fpr20
0x088082B0: 0xE7B4030C '....' - swc1       $fpr20, 780($sp)
0x088082B4: 0x0060F809 '..`.' - jalr       $v1
0x088082B8: 0xAFBE0074 't...' - sw         $fp, 116($sp)
0x088082BC: 0x3C02089A '...<' - lui        $v0, 0x89A
0x088082C0: 0xC4559934 '4.U.' - lwc1       $fpr21, -26316($v0)
0x088082C4: 0x3C02089A '...<' - lui        $v0, 0x89A
0x088082C8: 0xC4429938 '8.B.' - lwc1       $fpr02, -26312($v0)
0x088082CC: 0x3C02089A '...<' - lui        $v0, 0x89A
0x088082D0: 0xC7A4031C '....' - lwc1       $fpr04, 796($sp)
0x088082D4: 0xC4409930 '0.@.' - lwc1       $fpr00, -26320($v0)
0x088082D8: 0xC7A10318 '....' - lwc1       $fpr01, 792($sp)
0x088082DC: 0x461520C1 '. .F' - sub.s      $fpr03, $fpr04, $fpr21
0x088082E0: 0x02002021 '! ..' - move       $a0, $s0
0x088082E4: 0x46020880 '...F' - add.s      $fpr02, $fpr01, $fpr02
0x088082E8: 0x46000841 'A..F' - sub.s      $fpr01, $fpr01, $fpr00
0x088082EC: 0x27A50320 ' ..'' - addiu      $a1, $sp, 800
0x088082F0: 0x2406000F '...$' - li         $a2, 15
0x088082F4: 0x03C03821 '!8..' - move       $a3, $fp
0x088082F8: 0x00004021 '!@..' - move       $t0, $zr
0x088082FC: 0xE7A4032C ',...' - swc1       $fpr04, 812($sp)
0x08808300: 0xE7A10320 ' ...' - swc1       $fpr01, 800($sp)
0x08808304: 0xE7A30328 '(...' - swc1       $fpr03, 808($sp)
0x08808308: 0x0E20CA5D ']. .' - jal        0x08832974
0x0880830C: 0xE7A20324 '$...' - swc1       $fpr02, 804($sp)
0x08808310: 0x44806000 '.`.D' - mtc1       $zr, $fcr12
0x08808314: 0x8FA20318 '....' - lw         $v0, 792($sp)
0x08808318: 0x8FA30458 'X...' - lw         $v1, 1112($sp)
0x0880831C: 0x27AA01E0 '...'' - addiu      $t2, $sp, 480
0x08808320: 0xAFA201F0 '....' - sw         $v0, 496($sp)
0x08808324: 0x26443E48 'H>D&' - addiu      $a0, $s2, 15944
0x08808328: 0x27A501F0 '...'' - addiu      $a1, $sp, 496
0x0880832C: 0x8FA2031C '....' - lw         $v0, 796($sp)
0x08808330: 0xC7A101F0 '....' - lwc1       $fpr01, 496($sp)
0x08808334: 0x2407000E '...$' - li         $a3, 14
0x08808338: 0xAFA201F4 '....' - sw         $v0, 500($sp)
0x0880833C: 0x3C02089A '...<' - lui        $v0, 0x89A
0x08808340: 0x24080005 '...$' - li         $t0, 5
0x08808344: 0xC443993C '<.C.' - lwc1       $fpr03, -26308($v0)
0x08808348: 0x3C02089A '...<' - lui        $v0, 0x89A
0x0880834C: 0xC4409944 'D.@.' - lwc1       $fpr00, -26300($v0)
0x08808350: 0xC7A201F4 '....' - lwc1       $fpr02, 500($sp)
0x08808354: 0x46030840 '@..F' - add.s      $fpr01, $fpr01, $fpr03
0x08808358: 0x3C02089A '...<' - lui        $v0, 0x89A
0x0880835C: 0x46001081 '...F' - sub.s      $fpr02, $fpr02, $fpr00
0x08808360: 0xC4409940 '@.@.' - lwc1       $fpr00, -26304($v0)
0x08808364: 0xE7A101F0 '....' - swc1       $fpr01, 496($sp)
0x08808368: 0x27A9007C '|..'' - addiu      $t1, $sp, 124
0x0880836C: 0xE7A001EC '....' - swc1       $fpr00, 492($sp)
0x08808370: 0xE7A201F4 '....' - swc1       $fpr02, 500($sp)
0x08808374: 0xE7A301E8 '....' - swc1       $fpr03, 488($sp)
0x08808378: 0x8C620B94 '..b.' - lw         $v0, 2964($v1)
0x0880837C: 0x8C630B90 '..c.' - lw         $v1, 2960($v1)
0x08808380: 0xAFBE007C '|...' - sw         $fp, 124($sp)
0x08808384: 0x000210C0 '....' - sll        $v0, $v0, 3
0x08808388: 0x00431021 '!.C.' - addu       $v0, $v0, $v1
0x0880838C: 0x000210C0 '....' - sll        $v0, $v0, 3
0x08808390: 0x00511021 '!.Q.' - addu       $v0, $v0, $s1
0x08808394: 0x8C460000 '..F.' - lw         $a2, 0($v0)
0x08808398: 0xE7B401E0 '....' - swc1       $fpr20, 480($sp)
0x0880839C: 0x24C60062 'b..$' - addiu      $a2, $a2, 98
0x088083A0: 0x0E22AAE2 '..".' - jal        0x088AAB88
0x088083A4: 0xE7B401E4 '....' - swc1       $fpr20, 484($sp)
0x088083A8: 0x3C02089A '...<' - lui        $v0, 0x89A
0x088083AC: 0x3C03089A '...<' - lui        $v1, 0x89A
0x088083B0: 0xC463994C 'L.c.' - lwc1       $fpr03, -26292($v1)
0x088083B4: 0xC4429948 'H.B.' - lwc1       $fpr02, -26296($v0)
0x088083B8: 0xC7A00318 '....' - lwc1       $fpr00, 792($sp)
0x088083BC: 0xC7A1031C '....' - lwc1       $fpr01, 796($sp)
0x088083C0: 0x8E020668 'h...' - lw         $v0, 1640($s0)
0x088083C4: 0x46020000 '...F' - add.s      $fpr00, $fpr00, $fpr02
0x088083C8: 0x46030840 '@..F' - add.s      $fpr01, $fpr01, $fpr03
0x088083CC: 0xE7A301DC '....' - swc1       $fpr03, 476($sp)
0x088083D0: 0x44806000 '.`.D' - mtc1       $zr, $fcr12
0x088083D4: 0x3C05089C '...<' - lui        $a1, 0x89C
0x088083D8: 0xE7A201D8 '....' - swc1       $fpr02, 472($sp)
0x088083DC: 0x27A80070 'p..'' - addiu      $t0, $sp, 112
0x088083E0: 0x27A901D0 '...'' - addiu      $t1, $sp, 464
0x088083E4: 0xE7A00318 '....' - swc1       $fpr00, 792($sp)
0x088083E8: 0x24A4FC18 '...$' - addiu      $a0, $a1, -1000
0x088083EC: 0x2407000E '...$' - li         $a3, 14
0x088083F0: 0xE7A1031C '....' - swc1       $fpr01, 796($sp)
0x088083F4: 0x2405000C '...$' - li         $a1, 12
0x088083F8: 0x27A60318 '...'' - addiu      $a2, $sp, 792
0x088083FC: 0x8C430008 '..C.' - lw         $v1, 8($v0)
0x08808400: 0xAFBE0070 'p...' - sw         $fp, 112($sp)
0x08808404: 0xE7B401D0 '....' - swc1       $fpr20, 464($sp)
0x08808408: 0x0060F809 '..`.' - jalr       $v1
0x0880840C: 0xE7B401D4 '....' - swc1       $fpr20, 468($sp)
0x08808410: 0x3C05089A '...<' - lui        $a1, 0x89A
0x08808414: 0x8FA60458 'X...' - lw         $a2, 1112($sp)
0x08808418: 0x24A59900 '...$' - addiu      $a1, $a1, -26368
0x0880841C: 0x27A40350 'P..'' - addiu      $a0, $sp, 848
0x08808420: 0x8CC20B94 '....' - lw         $v0, 2964($a2)
0x08808424: 0x8CC30B90 '....' - lw         $v1, 2960($a2)
0x08808428: 0x3C066666 'ff.<' - lui        $a2, 0x6666
0x0880842C: 0x000210C0 '....' - sll        $v0, $v0, 3

Re: Maybe *new usermod exploit ?

Posted: Sun Feb 17, 2013 11:19 pm
by katsu

Code: Select all

Exception - Bus error (data)
Thread ID - 0x0
Th Name   - user_main
Module ID - 0x0
Mod Name  - x
EPC       - 0x088147AC
Cause     - 0x1000001C
BadVAddr  - 0x40003600
Status    - 0x60088613
zr:0x00000000 at:0xDEADBEEF v0:0x30C41D40 v1:0x58585840
a0:0xB9B9B940 a1:0x089BF5B0 a2:0xDEADBEEF a3:0x61616161
t0:0xDEADBEEF t1:0xDEADBEEF t2:0xDEADBEEF t3:0xDEADBEEF
t4:0xDEADBEEF t5:0xDEADBEEF t6:0xDEADBEEF t7:0xDEADBEEF
s0:0x08A00000 s1:0x099D35C0 s2:0x089C0000 s3:0x099D35C0
s4:0x09FFEB00 s5:0x09FFEB40 s6:0xDEADBEEF s7:0xDEADBEEF
t8:0xDEADBEEF t9:0xDEADBEEF k0:0x09FFFB00 k1:0x00000000
gp:0x089B7720 sp:0x09FFEAB0 fp:0x089C0000 ra:0x08814778
0x088147AC: 0x8C431234 '4.C.' - lw         $v1, 4660($v0)

Code: Select all

host0:/> disasm $epc-150 150
0x08814714: 0x8FB3000C '....' - lw         $s3, 12($sp)
0x08814718: 0x8FB20008 '....' - lw         $s2, 8($sp)
0x0881471C: 0x8FB10004 '....' - lw         $s1, 4($sp)
0x08814720: 0x8FB00000 '....' - lw         $s0, 0($sp)
0x08814724: 0x0A223F0D '.?".' - j          0x0888FC34
0x08814728: 0x27BD0030 '0..'' - addiu      $sp, $sp, 48
0x0881472C: 0x27BDFEF0 '...'' - addiu      $sp, $sp, -272
0x08814730: 0xAFB400E0 '....' - sw         $s4, 224($sp)
0x08814734: 0x27B40050 'P..'' - addiu      $s4, $sp, 80
0x08814738: 0xAFB500E4 '....' - sw         $s5, 228($sp)
0x0881473C: 0x27B50090 '...'' - addiu      $s5, $sp, 144
0x08814740: 0xAFB300DC '....' - sw         $s3, 220($sp)
0x08814744: 0x00809821 '!...' - move       $s3, $a0
0x08814748: 0x02802021 '! ..' - move       $a0, $s4
0x0881474C: 0xAFBF00F4 '....' - sw         $ra, 244($sp)
0x08814750: 0xAFBE00F0 '....' - sw         $fp, 240($sp)
0x08814754: 0xAFB700EC '....' - sw         $s7, 236($sp)
0x08814758: 0xAFB600E8 '....' - sw         $s6, 232($sp)
0x0881475C: 0xAFB200D8 '....' - sw         $s2, 216($sp)
0x08814760: 0xAFB100D4 '....' - sw         $s1, 212($sp)
0x08814764: 0xAFB000D0 '....' - sw         $s0, 208($sp)
0x08814768: 0x0E25BE0C '..%.' - jal        0x0896F830
0x0881476C: 0xE7B40100 '....' - swc1       $fpr20, 256($sp)
0x08814770: 0x0E25BE0C '..%.' - jal        0x0896F830
0x08814774: 0x02A02021 '! ..' - move       $a0, $s5
0x08814778: 0x8E63054C 'L.c.' - lw         $v1, 1356($s3)
0x0881477C: 0x506000D5 '..`P' - beqzl      $v1, 0x08814AD4
0x08814780: 0x8E620C50 'P.b.' - lw         $v0, 3152($s3)
0x08814784: 0x8E6701D8 '..g.' - lw         $a3, 472($s3)
0x08814788: 0x3C1E089C '...<' - lui        $fp, 0x89C
0x0881478C: 0x27C5F5B0 '...'' - addiu      $a1, $fp, -2640
0x08814790: 0x00071980 '....' - sll        $v1, $a3, 6
0x08814794: 0x00071100 '....' - sll        $v0, $a3, 4
0x08814798: 0x00431021 '!.C.' - addu       $v0, $v0, $v1
0x0881479C: 0x00022080 '. ..' - sll        $a0, $v0, 2
0x088147A0: 0x00441021 '!.D.' - addu       $v0, $v0, $a0
0x088147A4: 0x00451021 '!.E.' - addu       $v0, $v0, $a1
0x088147A8: 0x3C1008A0 '...<' - lui        $s0, 0x8A0
0x088147AC: 0x8C431234 '4.C.' - lw         $v1, 4660($v0)
0x088147B0: 0x26041C48 'H..&' - addiu      $a0, $s0, 7240
0x088147B4: 0x8C850004 '....' - lw         $a1, 4($a0)
0x088147B8: 0x00031880 '....' - sll        $v1, $v1, 2
0x088147BC: 0x26760430 '0.v&' - addiu      $s6, $s3, 1072
0x088147C0: 0x00651821 '!.e.' - addu       $v1, $v1, $a1
0x088147C4: 0x8C620000 '..b.' - lw         $v0, 0($v1)
0x088147C8: 0x8EC40124 '$...' - lw         $a0, 292($s6)
0x088147CC: 0x8C430028 '(.C.' - lw         $v1, 40($v0)
0x088147D0: 0x8C850000 '....' - lw         $a1, 0($a0)
0x088147D4: 0x8C660000 '..f.' - lw         $a2, 0($v1)
0x088147D8: 0x8CA20110 '....' - lw         $v0, 272($a1)
0x088147DC: 0x10460031 '1.F.' - beq        $v0, $a2, 0x088148A4
0x088147E0: 0x267706E0 '..w&' - addiu      $s7, $s3, 1760
0x088147E4: 0x8E620C50 'P.b.' - lw         $v0, 3152($s3)
0x088147E8: 0x2442FFFF '..B$' - addiu      $v0, $v0, -1
0x088147EC: 0x0047102A '*.G.' - slt        $v0, $v0, $a3
0x088147F0: 0x104000C8 '..@.' - beqz       $v0, 0x08814B14
0x088147F4: 0x00001821 '!...' - move       $v1, $zr
0x088147F8: 0x00032180 '.!..' - sll        $a0, $v1, 6
0x088147FC: 0x00031100 '....' - sll        $v0, $v1, 4
0x08814800: 0x00441021 '!.D.' - addu       $v0, $v0, $a0
0x08814804: 0x00021880 '....' - sll        $v1, $v0, 2
0x08814808: 0x00431021 '!.C.' - addu       $v0, $v0, $v1
0x0881480C: 0x27C4F5B0 '...'' - addiu      $a0, $fp, -2640
0x08814810: 0x00441021 '!.D.' - addu       $v0, $v0, $a0
0x08814814: 0x8C431234 '4.C.' - lw         $v1, 4660($v0)
0x08814818: 0x26041C48 'H..&' - addiu      $a0, $s0, 7240
0x0881481C: 0x8C820004 '....' - lw         $v0, 4($a0)
0x08814820: 0x00031880 '....' - sll        $v1, $v1, 2
0x08814824: 0x44806000 '.`.D' - mtc1       $zr, $fcr12
0x08814828: 0x00621821 '!.b.' - addu       $v1, $v1, $v0
0x0881482C: 0x8C650000 '..e.' - lw         $a1, 0($v1)
0x08814830: 0x02C02021 '! ..' - move       $a0, $s6
0x08814834: 0x267706E0 '..w&' - addiu      $s7, $s3, 1760
0x08814838: 0x8CA20028 '(...' - lw         $v0, 40($a1)
0x0881483C: 0x0E22C810 '..".' - jal        0x088B2040
0x08814840: 0x8C450000 '..E.' - lw         $a1, 0($v0)
0x08814844: 0x8E620C50 'P.b.' - lw         $v0, 3152($s3)
0x08814848: 0x8E6401D8 '..d.' - lw         $a0, 472($s3)
0x0881484C: 0x2442FFFF '..B$' - addiu      $v0, $v0, -1
0x08814850: 0x0044102A '*.D.' - slt        $v0, $v0, $a0
0x08814854: 0x104000A9 '..@.' - beqz       $v0, 0x08814AFC
0x08814858: 0x00001821 '!...' - move       $v1, $zr
0x0881485C: 0x00032180 '.!..' - sll        $a0, $v1, 6
0x08814860: 0x00031100 '....' - sll        $v0, $v1, 4
0x08814864: 0x00441021 '!.D.' - addu       $v0, $v0, $a0
0x08814868: 0x00021880 '....' - sll        $v1, $v0, 2
0x0881486C: 0x00431021 '!.C.' - addu       $v0, $v0, $v1
0x08814870: 0x27C4F5B0 '...'' - addiu      $a0, $fp, -2640
0x08814874: 0x00441021 '!.D.' - addu       $v0, $v0, $a0
0x08814878: 0x8C431234 '4.C.' - lw         $v1, 4660($v0)
0x0881487C: 0x26041C48 'H..&' - addiu      $a0, $s0, 7240
0x08814880: 0x8C820004 '....' - lw         $v0, 4($a0)
0x08814884: 0x00031880 '....' - sll        $v1, $v1, 2
0x08814888: 0x44806000 '.`.D' - mtc1       $zr, $fcr12
0x0881488C: 0x00621821 '!.b.' - addu       $v1, $v1, $v0
0x08814890: 0x8C650000 '..e.' - lw         $a1, 0($v1)
0x08814894: 0x02E02021 '! ..' - move       $a0, $s7
0x08814898: 0x8CA20028 '(...' - lw         $v0, 40($a1)
0x0881489C: 0x0E22C810 '..".' - jal        0x088B2040
0x088148A0: 0x8C450000 '..E.' - lw         $a1, 0($v0)
0x088148A4: 0x3C02089A '...<' - lui        $v0, 0x89A
0x088148A8: 0xC6600C64 'd.`.' - lwc1       $fpr00, 3172($s3)
0x088148AC: 0xC4549FDC '..T.' - lwc1       $fpr20, -24612($v0)
0x088148B0: 0xC66D0C68 'h.m.' - lwc1       $fpr13, 3176($s3)
0x088148B4: 0x3C02089A '...<' - lui        $v0, 0x89A
0x088148B8: 0x4600A3C6 '...F' - mov.s      $fpr15, $fpr20
0x088148BC: 0x460D0340 '@..F' - add.s      $fpr13, $fpr00, $fpr13
0x088148C0: 0xC44C9FD8 '..L.' - lwc1       $fpr12, -24616($v0)
0x088148C4: 0x44807000 '.p.D' - mtc1       $zr, $fcr14
0x088148C8: 0x27B00040 '@..'' - addiu      $s0, $sp, 64
0x088148CC: 0x0E25BC2D '-.%.' - jal        0x0896F0B4
0x088148D0: 0x02002021 '! ..' - move       $a0, $s0
0x088148D4: 0x02002821 '!(..' - move       $a1, $s0
0x088148D8: 0x0E21F998 '..!.' - jal        0x0887E660
0x088148DC: 0x02802021 '! ..' - move       $a0, $s4
0x088148E0: 0x44806800 '.h.D' - mtc1       $zr, $fcr13
0x088148E4: 0x4600A3C6 '...F' - mov.s      $fpr15, $fpr20
0x088148E8: 0xC66C0C6C 'l.l.' - lwc1       $fpr12, 3180($s3)
0x088148EC: 0x46006B86 '.k.F' - mov.s      $fpr14, $fpr13
0x088148F0: 0x03A02021 '! ..' - move       $a0, $sp
0x088148F4: 0x27B00020 ' ..'' - addiu      $s0, $sp, 32
0x088148F8: 0x0E25BC2D '-.%.' - jal        0x0896F0B4
0x088148FC: 0x27B10010 '...'' - addiu      $s1, $sp, 16
0x08814900: 0x02A02021 '! ..' - move       $a0, $s5
0x08814904: 0x0E21F998 '..!.' - jal        0x0887E660
0x08814908: 0x03A02821 '!(..' - move       $a1, $sp
0x0881490C: 0x02803021 '!0..' - move       $a2, $s4
0x08814910: 0x02A02821 '!(..' - move       $a1, $s5
0x08814914: 0x0E25BE5F '_.%.' - jal        0x0896F97C
0x08814918: 0x02802021 '! ..' - move       $a0, $s4
0x0881491C: 0x3C02089A '...<' - lui        $v0, 0x89A
host0:/>
0x08814924: 0xC44C9FE0 '..L.' - lwc1       $fpr12, -24608($v0)
0x08814928: 0x4600A3C6 '...F' - mov.s      $fpr15, $fpr20
0x0881492C: 0x3C02089A '...<' - lui        $v0, 0x89A
0x08814930: 0xC46D9FE4 '..m.' - lwc1       $fpr13, -24604($v1)
0x08814934: 0xC44E9FE8 '..N.' - lwc1       $fpr14, -24600($v0)
0x08814938: 0x02002021 '! ..' - move       $a0, $s0
0x0881493C: 0x0E25BC2D '-.%.' - jal        0x0896F0B4
0x08814940: 0x27B20030 '0..'' - addiu      $s2, $sp, 48
0x08814944: 0x02A02021 '! ..' - move       $a0, $s5
0x08814948: 0x0E21FA6A 'j.!.' - jal        0x0887E9A8
0x0881494C: 0x02002821 '!(..' - move       $a1, $s0
0x08814950: 0x02802021 '! ..' - move       $a0, $s4
0x08814954: 0x02A02821 '!(..' - move       $a1, $s5
0x08814958: 0x0E25BE5F '_.%.' - jal        0x0896F97C
0x0881495C: 0x02803021 '!0..' - move       $a2, $s4
0x08814960: 0x00003021 '!0..' - move       $a2, $zr
0x08814964: 0x02802821 '!(..' - move       $a1, $s4
0x08814968: 0x0E22BDA9 '..".' - jal        0x088AF6A4
host0:/>

Re: Maybe *new usermod exploit ?

Posted: Fri Apr 05, 2013 11:02 pm
by Acid_Snake
yup, it's an exploit

Re: Maybe *new usermod exploit ?

Posted: Sat Apr 06, 2013 12:56 am
by Theredbaron
Acid_Snake wrote:yup, it's an exploit
And that is always good to hear. :)

Re: Maybe *new usermod exploit ?

Posted: Sat Apr 06, 2013 2:20 am
by artmaze7
Hopefully vHBL soon! :D

Re: Maybe *new usermod exploit ?

Posted: Sat Apr 06, 2013 2:22 am
by Theredbaron
artmaze7 wrote:Hopefully vHBL soon! :D
Hopefully not. Let's way till Sony adds something new. Or at least till games start being released that need an update.

That is one of the reasons I didn't use the new update. Why, 2.02 can do just about anything 2.06 can.

Re: Maybe *new usermod exploit ?

Posted: Sat Apr 06, 2013 2:34 am
by JeoWay
Nice Job!

Re: Maybe *new usermod exploit ?

Posted: Mon Apr 08, 2013 12:26 am
by St33lDr4g0n
Nice find katsu :mrgreen:

Re: Maybe *new usermod exploit ?

Posted: Mon Apr 08, 2013 1:14 am
by JeoWay
St33lDr4g0n wrote:Nice find katsu :mrgreen:
Why mr. green? :mrgreen: