Advertising (This ad goes away for registered users. You can Login or Register)

Where/How does sony blacklist savegame exploits?

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
wth
HBL Developer
Posts: 834
Joined: Wed Aug 31, 2011 4:44 pm
Contact:

Re: Where/How does sony blacklist savegame exploits?

Post by wth »

m0skit0 wrote:
wth wrote:I mean a simple hash of public exploited savedata files would be a real joke :lol:
Then we'd just have to change some tiny things inside this exploited savedata and it'd work, can't imagine them doing something so dumb
Image
lol I guess it's always worth a shot, that's sony after all
Advertising
JJS
Big Beholder
Posts: 1416
Joined: Mon Sep 27, 2010 2:18 pm
Contact:

Re: Where/How does sony blacklist savegame exploits?

Post by JJS »

I tried something with the Minna no sukkiri savegame. The exploit there is a simple buffer overflow of the player name. Looks like the savedata function checks for the length of the string (or the presence of a 0 character at a specified position, dunno). It doesn't matter what the string contains, but at a certain length the savegame is refused.
Advertising
wth
HBL Developer
Posts: 834
Joined: Wed Aug 31, 2011 4:44 pm
Contact:

Re: Where/How does sony blacklist savegame exploits?

Post by wth »

JJS wrote:I tried something with the Minna no sukkiri savegame. The exploit there is a simple buffer overflow of the player name. Looks like the savedata function checks for the length of the string (or the presence of a 0 character at a specified position, dunno). It doesn't matter what the string contains, but at a certain length the savegame is refused.
Hm ok makes more sense after all
lol Everybody's Tennis exploit is the same thing
m0skit0
Guru
Posts: 3817
Joined: Mon Sep 27, 2010 6:01 pm

Re: Where/How does sony blacklist savegame exploits?

Post by m0skit0 »

Until NUL char?
I wanna lots of mov al,0xb
Image
"just not into this RA stuffz"
wth
HBL Developer
Posts: 834
Joined: Wed Aug 31, 2011 4:44 pm
Contact:

Re: Where/How does sony blacklist savegame exploits?

Post by wth »

Ok thanks to praed0r's tests, looks like fw 1.66 is blocking the Everybody's Tennis nickname's bOf with an 18 chars maximum length, whereas the game originally blocks the nickname's size to 8 chars max
anyway with 18 chars it's still useless lol

Hm anyway it doesn't look like there's another bOf in this game
RNB_PSP
Posts: 138
Joined: Mon Jan 17, 2011 9:18 pm
Location: In your dreams.....

Re: Where/How does sony blacklist savegame exploits?

Post by RNB_PSP »

How about exploits that doesn't use buffer overflows(if there's any)? Or maybe buffer overflows that doesn't use strings(or anything with a null terminator)? Perhaps reordering the instructions(as long as it doesn't change behaviour) will work(as it will change the code's hash, right?)? :? Well, that's if they really use hashing to block exploits.
Image
Image
Zer01ne
Posts: 78
Joined: Mon Jan 24, 2011 10:27 pm

Re: Where/How does sony blacklist savegame exploits?

Post by Zer01ne »

Sony don't use hashing to block exploit, its just check in the savegame buffer where the offset that contains our jump (the offset where $ra is overwritten).
look at sub_000157BC in savedata_utility.prx.
Locked

Return to “Programming and Security”