Exploits - How-to
I would like to start a thread for helping people understand what exploits are and how they are created. I for one knew/know very little about exploits, but since the PSP has come out I have been learning C/++/#. I have a long way to go, but a good thread with help/input from those who do know would help a great deal. Something without all of the "That's teh most Retarded Question i ever heard..." comments.
If people want a real exploit, anyone with the abilty to do so should work on one, maybe create a thread dedicated to finding one, where people can list there findings/research. Because 3 people working on one, while 400 people sit back and critique makes no sense. just having 100 people working on one in various forms/stages would speed up the process.
here are some links that i was reading earlier today, wondering if they could also pertain to the PSP..?
i could be way off.
hmmm...i'm not an expert on this, but i have some experience on exploits and have written some simple exploit code for a computer systems class. when a function is called, a stack frame is created in the memory dedicated to this function and its instructions are stored in the stack. as the program counter (which points to one instruction at a time) advances those instructions are executed. note that the stack fram consists of a data space, a code space, (dont remember the proper name) a return pointer and other spaces that contain the necessary information to run the code and return to the caller. so, if we can somehow overwrite the instructions we may be able to get the program to run whatever we want it to. an example of this is buffer overflow, which utilizes the weakness in c that it doesn't do boundary checks when you enter an array. so if you enter more data in an array than the allocated size, the data section in the stack frame would not be enough to hold all the data, and the extra data would replace the return pointer and probably the original instructions. it's easy to see what happens now. if the return pointer is rewritten to return to an entirely different function, it'll run that function instead of going back to the caller. similar things happen when the code section is replaced. i would imagine the overflow.tif works in a way similar to this in principle. but again, that's all i know about exploits and i actually just received my psp today. the firmware version is 2.01 so i can't run any "homebrews" on it at the moment, sigh...anyway, nice meeting everyone here and hope the new hack comes out soon