Advertising
Finding the memory layout of the vita?
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Forum rule Nº 15 is strictly enforced in this subforum.
-
- Posts: 191
- Joined: Tue Apr 24, 2012 12:23 am
Re: Finding the memory layout of the vita?
why not use the SDK to hack the vita and make a program that way? I'm sure there's something in the SDK that would give us an edge since its a beta.
Re: Finding the memory layout of the vita?
we would need the real SDK not that useless PSM
Advertising
anon wrote:If you can't trust a 600 year old vampire in a prepubescent girl's body, who can you trust?
Re: Finding the memory layout of the vita?
@sirauron14: please inform yourself what C# and .Net are and how they work before making such statements.
I wanna lots of mov al,0xb
"just not into this RA stuffz"
"just not into this RA stuffz"
Re: Finding the memory layout of the vita?
Maybe I don't get the point of memory layout here, but isn't it possible to get code execution or a partial memorydump (the method used on the iPhone was to print catched information on screen).
in the context of an Application (PSM Studio). Fuzzing Monodevelop could reveal some security issues, and i think the memory layout of the IL interpreter should be similar on one Architecture.
This would at least help understanding the (ELF?) structure of PSV Programms and relative Jumpadresses.
I got my PSM App crashing by using http://www.exploit-db.com/exploits/15974/ . So there might be hope that they did not correctly fix this. I'm doing some debugging and fuzzing whenever there is time to do so
Thanks
in the context of an Application (PSM Studio). Fuzzing Monodevelop could reveal some security issues, and i think the memory layout of the IL interpreter should be similar on one Architecture.
This would at least help understanding the (ELF?) structure of PSV Programms and relative Jumpadresses.
I got my PSM App crashing by using http://www.exploit-db.com/exploits/15974/ . So there might be hope that they did not correctly fix this. I'm doing some debugging and fuzzing whenever there is time to do so
Thanks
Re: Finding the memory layout of the vita?
very interesting approach, good luck I have heard rumours that the mono vm is indeed significantly dated.
Follow me on twitter: @DaveeFTW
Re: Finding the memory layout of the vita?
Yeah actually it's 2.8.8.4 of the monodevelop. But there seem to be to many issues. Building that thing for ARM seems to be very slow (at least on my iPhone it does not compile). Emulating ARM with NetBSD on QEMU seems like the only way to go.
I dont know, are there major differences on architectures when searching for security issues. Else it might be just as good to audit the mac version. You might ask why not search in the source-code...well thats not one of my strengths
So well, bitblaze + peach would be my approach. But yeah, I'm actually not deep enough into some stuff.
Btw Davee: Great respekt on your kernel exploit, actually quite interesting your work on the Kermit Interface. If i had a PSP i would search one myself . How was your Reverse actually done? Did you use IDA, and when, how did you manage to get the references to the other files working? Actually you could try my approach with the PSP Emulator I'm especially thinking of a psp program to forwards fuzzing input from a pc to the Kermit interface. But sadly, in this case we have no further details what happens when it crashes.
I dont know, are there major differences on architectures when searching for security issues. Else it might be just as good to audit the mac version. You might ask why not search in the source-code...well thats not one of my strengths
So well, bitblaze + peach would be my approach. But yeah, I'm actually not deep enough into some stuff.
Btw Davee: Great respekt on your kernel exploit, actually quite interesting your work on the Kermit Interface. If i had a PSP i would search one myself . How was your Reverse actually done? Did you use IDA, and when, how did you manage to get the references to the other files working? Actually you could try my approach with the PSP Emulator I'm especially thinking of a psp program to forwards fuzzing input from a pc to the Kermit interface. But sadly, in this case we have no further details what happens when it crashes.
Re: Finding the memory layout of the vita?
That "exploit" simply throws an ArgumentException for me.
Re: Finding the memory layout of the vita?
My fault, it's of course not an exploit. Thanks to your reply, i was not able to get the mono debug output in the past because of vm.
Yeah so it seems to be fixed, as we might expect after two years. But there might (must!) be more of this stuff
Yeah so it seems to be fixed, as we might expect after two years. But there might (must!) be more of this stuff
Re: Finding the memory layout of the vita?
I played around with the debugger (sending commands over usb serial and whatnot) while it was still in closed beta with no luck. Maybe someone should take another look at it? The debug commands are well documentated.
Re: Finding the memory layout of the vita?
Thats another approach i should consider. I forgot to mention that, thanks to LGPL, you can get a copy of the Mono modifications made for the Vita. Just send them an Email (found on the License site). Got my Copy yesterday, there seem to be some interesting stuff in the io.c implementation for the Vita. Crypto context, a "bridge" header file and all that stuff. Definatly worth a look. And of course you can take a look at the debug interface
[EDIT:] For those who want to join my Path. The registration ist at:
http://www.scei.co.jp/psvita-license/mono.html
[EDIT:] For those who want to join my Path. The registration ist at:
http://www.scei.co.jp/psvita-license/mono.html
Btw a synonym worked for me. The Response came after 5 days so be patient.In compliance with the LGPL, the source code of the open source software is made available to you. For request, please send e-mail to: pss_opensource_info@scei.co.jp with “Mono LGPL Request” in the subject line. In the body of the e-mail include your name and e-mail address. The personal information provided will be used only to answer your request.