Advertising
researched exploit a possibility?
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Forum rule Nº 15 is strictly enforced in this subforum.
-
masterj001
- Posts: 57
- Joined: Tue Feb 22, 2011 2:24 am
Re: researched exploit a possibility?
ok. I'll keep looking into it.
I have:
AMD phenom 8-core 4 ghz on custom designed computer in compaq shell running:
win7, win8, winxp, win98, fedora, freeBSD, osx 10.6, and OpenSUSE.
psp 1000 x 32
psp 2000 ta-088v3
Haha, you think your computer is confusing:p
AMD phenom 8-core 4 ghz on custom designed computer in compaq shell running:
win7, win8, winxp, win98, fedora, freeBSD, osx 10.6, and OpenSUSE.
psp 1000 x 32
psp 2000 ta-088v3
Haha, you think your computer is confusing:p
Re: researched exploit a possibility?
Ahm... still
Anyway, this could only work if the thread loading f1 files you want to exploit actually has f0 permissions.
makes no sense.masterj001 wrote:it loads all the data from flash1 into flash0
Anyway, this could only work if the thread loading f1 files you want to exploit actually has f0 permissions.
Advertising
I wanna lots of mov al,0xb
"just not into this RA stuffz"
"just not into this RA stuffz"
-
bluemimmosa
- Posts: 17
- Joined: Thu Nov 25, 2010 10:43 am
Re: researched exploit a possibility?
Whats the point of loading flash 1 files in flash0 or having write access in flash0 until u cant influence the chain of trust or u cant load a self created arbitary module, which seems to be impossible without a kernel exploit.
Re: researched exploit a possibility?
I agree with m0skit0, that doesn't really make sense.m0skit0 wrote:Ahm... still
makes no sense.masterj001 wrote:it loads all the data from flash1 into flash0
However, if this were to happen, it would depend on the module that you are exploiting. If it is a kernel module, then I guess you might be able to gain kernel access, but if it was a vsh module, then you'd still have to trigger a kernel exploit. Although, if this were to be done, no point at all to release it now, only to save some lazy ppl 20~ seconds.
way to keep a secret malloxis...erm jeerum
Hmm, a demo user mode exploit doesn't seem as important anymore, I wonder why... xP
Hmm, a demo user mode exploit doesn't seem as important anymore, I wonder why... xP
-
Strangelove
- Posts: 286
- Joined: Thu Nov 25, 2010 6:32 pm
Re: researched exploit a possibility?
I doubt you'll be able to exploit the registry itself, that kind of code isn't likely to be exploitable.
But I was thinking about what TIPI said about fonts. It looks like you are able to control which fonts the VSH uses via the registry (haven't confirmed this btw.) and so you should be able to load a specially crafted font file during boot of VSH. The chances of finding exploits in the font rendering code should be much better.
But I was thinking about what TIPI said about fonts. It looks like you are able to control which fonts the VSH uses via the registry (haven't confirmed this btw.) and so you should be able to load a specially crafted font file during boot of VSH. The chances of finding exploits in the font rendering code should be much better.
"If you have specific questions ... don't hesitate to ask as the more generic the question is the more philosophic the answer will be" - PSPWizard
Re: researched exploit a possibility?
You're wrong. The exploitable target is the code handling the registry values. As any other code, it's vulnerable.Strangelove wrote:I doubt you'll be able to exploit the registry itself, that kind of code isn't likely to be exploitable.
True, but despite TiPi's hard tries back on advancedpsp, he did not succeed in finding exploitable vulnerabilities.Strangelove wrote:The chances of finding exploits in the font rendering code should be much better.
I wanna lots of mov al,0xb
"just not into this RA stuffz"
"just not into this RA stuffz"