Reverse engineering and programming was done 100% by us - I first heard the name today (really - I have just been recruited to RE the registry by Freeplay). After reading up I added due credit for the font exploit idea :)
Printable View
Reverse engineering and programming was done 100% by us - I first heard the name today (really - I have just been recruited to RE the registry by Freeplay). After reading up I added due credit for the font exploit idea :)
Yay, once something more stable comes out, Ill be able to Hex Edit, yay, I have been dying to for quite some time, and with nothing of extreme importance to Edit via Hex, I have been disappointed, but once a more stable and completly documented version / tutorial comes out explaining what offsets do what and what values are allowed and such.
:icon_smil I really like what all of you have done, but should I wait for a possible downgrader from this or should I sell my 2.50 psp and buy a 2.0 or lower psp?
don't stress em...it's not certain it will be anything from this although we all can hope
Personally I would never take advice from anyone on a forum anyway,(make ur own choice) please back to topic. Like to see what u all who actually know something about this has to say (refering to my self)
I didnt mean to get off topic, sorry
Hope the 2.+ ones acts the same :)Zitat:
I tested out some modified registries on a simulated 2.00 using the MPH firmware loader, and noticed a few funny things (e.g. that a network connection's name can only be 15 characters, but you can store about 48 characters in its place in the registry).
wow strcpy anyone? :DZitat:
I then decided to take a leap and modify the registry of my actual PSP. I changed the path that TeamOverload had noticed to point to ms0:/fontmod . I ran Skylark's program. I copied the fonts from flash0:/font to my MS in a folder called 'fontmod', then I copied my modified registry to my PSP and rebooted.
but i think sony wouldn't be that stupid to use strcpy in its pure form, well we will see it in the next couple of days :)
the big question will be, if the possible 'exploit' leads to full flash/kernel access, ME engine on 2.+ => another 333Mhz? cpu to use :)
personally, i think this will lead to an exploit that can run arbitrary code at least
also, why are the SYSTEM.DREG and SYSTEM.IREG files encrypted anyway?
as we all know flash1 contains user created content, it's not even (c), so why would sony need to encrypt it?
to prevent possible buffer overflows due to registry hacking?
that maybe also explains why all the registry entries are encrypted, to make sure they have a valid length->not creating an buffer overflow
just my 2cents
They're not encrypted, really. The data is all in plain text. They're just marked with a checksum that indicates whether or not a particular block in the file is valid. It's probably because Sony knows something we don't... like, that putting the wrong values in some places could brick your PSP. They wanted to be sure they could check for modified registry entries.Zitat:
Zitat von tommydanger
Whats the version of libtiff used on the 2.00 exploit?
--on-topic
Is there a way that we could use this registery hack and checksum validator to reinstall the old libtiff to the psp therefore re-opening the old exploit?
old libtiff was 3.7.1...
the current version of libtiff at the time of 2.01 release was 3.7.3, there are no exploits for that... yet
Any plans to make an editor? Some settings are not able to be edited using just a hex edit(such as button assign for example).
Just tried the app and i still got the bsod