2.7+ Decrypted Dump Exploit Discuss

I got the files.

Sure ignor me, but think of how long 2.01 and 2.50 was decrypted, did that lead to an exploit? Just because you can disassemble it doesnt mean you will find an exploit.

But be my guest...

Zitat:

---

Zitat von harleyg

Sure ignor me, but think of how long 2.01 and 2.50 was decrypted, did that lead to an exploit? Just because you can disassemble it doesnt mean you will find an exploit.

But be my guest...

---

It doesn't matter if we find a exploit or not, its just fun to look thought the PSPs files to see how it works.

It can HELP find one though.

If there's anything about this scene that I've ever learned in the year I've known it, NEVER SAY NEVER.

Zitat:

---

Zitat von harleyg

Sure ignor me, but think of how long 2.01 and 2.50 was decrypted, did that lead to an exploit? Just because you can disassemble it doesnt mean you will find an exploit.

But be my guest...

---

Well not many people were really looking for an exploit in 2.01/2.5 after the GTA exploit was released. And I wanna point out that the 2.5/2.6 kernal exploit was found with a decrypted firmware file

Link88 could you send me the link to the decrypted files when you have them? thnx
Offtopic: TheKnightInHell may i ask how you get such a spoiler? :p

You click the 'hide' button to the far right off all the buttons on the post screen, or just do like [ Spoiler ] Spoiler here [ / Spoiler] (remove spaces)

Yousendit.com to [email protected]

;)

Zitat:

---

Zitat von TheKnightInHell

Well not many people were really looking for an exploit in 2.01/2.5 after the GTA exploit was released. And I wanna point out that the 2.5/2.6 kernal exploit was found with a decrypted firmware file

---

:humped:

It gave me file called odd.bin do you need that one also or just the FD folder?

Zitat:

---

Zitat von harleyg

No idea if this has already been said, not to bothered either.

This thread is a waste, and ill say this once.

You cannot find an exploit with a decrypted firmware.

---

Zitat:

---

Zitat von harleyg

Sure ignor me, but think of how long 2.01 and 2.50 was decrypted, did that lead to an exploit? Just because you can disassemble it doesnt mean you will find an exploit.

But be my guest...

---

If you want to be a negative pesimist, that's your choice :p

Zitat:

---

Zitat von Link88

It gave me file called odd.bin do you need that one also or just the FD folder?

---

Just send it all please.

TeamOverload and pJ14 you should be recieving your files soon. I'm using that website to send the files.

Dunno really just give me all files you get from it :)

TO, I have the 2.71 firmware decrypted. Can I enter this search for an exploit?

I sent it. Both of you check you email.

Thnx for the files =)

2 more files in 2.7 then 2.71

@PTPSP-Feel free to join in.

What is this one?
pspnet_ap_dialog_dummy.pr x

Can someone post the files that are missing in the 2.71 (pspnet_ap_dialog_dummy.p rx and usbgps_serial.prx)?

can you also send it to me?..

btw.. is it 2.71 or 2.70 because i need 2.70.

Send it by pm or to [email protected]

@TeamOverload

I sent you an email with a site, I thought you were after 2.71 but I was wrong. So ignore my email.


Cheers B4tm4n.

Zitat:

---

Zitat von PTPSP

Can someone post the files that are missing in the 2.71 (pspnet_ap_dialog_dummy.p rx and usbgps_serial.prx)?

---

We are not allowed to post those here, because they are copyrighted by Sony.

I'm now starting to examine the other files.

In the pspnet_ap_dialog_dummy.pr x file, I didn't find anything. In the usbgps_serial.prx file, I found:

sceUSBGpsSerial_Driver
sceUsbBus_driver

Kernel references:

UtilsForKernel
KDebugForKernel
ThreadManForKernel
SysclibForKernel
InterruptManagerForKernel

And a list of errors...

Is this any useful?

Sorry if I have bad english...

I think this is more usefull but it has been posted allready

ms0:gps_init_data.bin
flash1:/gps/init_data.bin
host0:./gps_init_data.bin

host0: the gps device connected thru the usb port?

maybe it needs to be connected to synchronize files such as maps or other data. BTW, where do you find those informations (what file)?

usbgps.prx is my guess.

I was examining reboot.bin and it has some interesting data.

In usbgps_serial.prx :p

madmatty, if you're going to lie about everything, you're not welcome in this thread.

Zitat:

---

Zitat von madmatty

Firstly the USBCAM, yes the USBCAM does require acess to the Flash0, this is because when placing your USBCAM into the PSP it installs the drivers required to run the device.

---

Wrong, wrong, wrong. The drivers are already there. The USB camera has zero access to flash0. It does, however, have its own upgradeable firmware.

Zitat:

---

Zitat von madmatty

Now again the GPS again need Flash0 access to create the ICONS, this will include again all the settings for the GPS system, at the moment this has not be finalised and will be deceided at a later date.

---

Same deal here. GPS has zero access to flash0, but has its own upgradeable firmware.

The two driver PRXes for these devices make this obvious.

Zitat:

---

Zitat von madmatty

The Wlan file above your talking about has been fixed to stop please from using PC to surf the contents of your Memory Stick via file sharing. IE.. if you type in the I.P address of the PSP whilst using WIFI then your PC will not show the PSP's contents. Sorry but this is all that this message means.

---

THAT NEVER HAPPENED. EVER. PERIOD. Your PSP is not a web server just because it's on the web. It CANNOT display the contents of the PSP in a PC's browser, regardless of which version your firmware is. You're such a horrible liar.

Zitat:

---

Zitat von madmatty

This is correct, it (game_install_plugin.prx) is also used to decompress the Eboot.pbp file and PSAR files.

---

WRONG AGAIN!

The PSP downloads EBOOT files from the internet using an XPD or XDS file. These filse contain information about what is in the download. Here's an example - demo.xpd:

Code:

---

[Info]
EID=NVL#
Desc=Leroy Jenkins!
Size=281
Duration=43

[File]
C=http://www.unaligned.org/~freeplay/leroyjenkins.mp3

---

Toss this into an XPD file, host it somewhere, and open it in the 2.71 browser. It'll download that MP3 file, after asking you to confirm it.

This is all processed by dd_helper.prx. Nothing else.

The PRX file in charge of opening game EBOOTs is opening_plugin.prx . And EBOOTs are not compressed, so there's no decompression going on.

And PSAR files aren't even handled by the firmware! They're handled by the libpsar.prx file that is packed into every update EBOOT.

Okay, so if I got my hands on a 2.7X dump, what would I need to start looking through it (like what hex editor, etc.). Also, what in particular should I look for? Kernal references? Or just anything that seems rather strange? I'm new to this, but wanna help in any way I can.

Zitat:

---

Zitat von marv101

Okay, so if I got my hands on a 2.7X dump, what would I need to start looking through it (like what hex editor, etc.). Also, what in particular should I look for? Kernal references? Or just anything that seems rather strange? I'm new to this, but wanna help in any way I can.

---

Currently, we are just looking through it in a hex editor. TO is trying to get his hands on a decompiler which will help out a lot. In the mean time, we are simply looking for anything that looks like it could lead to an exploit.

I have the decompiler but I need the java sdk. Can anyone get the offline linux one and compress it down to 30mb or less? Zip it, rar it, tarball it, do whatever it takes.

Thanks. Well I'll take a look. Any particular hex editor to use which is easier/more efficient, etc?

Zitat:

---

Zitat von TeamOverload

I have the decompiler but I need the java sdk. Can anyone get the offline linux one and compress it down to 30mb or less? Zip it, rar it, tarball it, do whatever it takes.

---

Think I've found it. Do you want self-extracting file, or one with the RPM in the self extracting file? (I have not got a clue what this means btw, lol)

EDIT: Just looked at some of the 2.71 stuff, and wow. How on earth does anyone make any sense from it?! I've scrolled down to the bottom and found some partially readable stuff, but how do you know when one command ends and another begins?

Zitat:

---

Zitat von marv101

Think I've found it. Do you want self-extracting file, or one with the RPM in the self extracting file? (I have not got a clue what this means btw, lol)

EDIT: Just looked at some of the 2.71 stuff, and wow. How on earth does anyone make any sense from it?! I've scrolled down to the bottom and found some partially readable stuff, but how do you know when one command ends and another begins?

---

We can't see all the actual commands. I believe that is what the decompiler will allow us to do (based on what I found in wikipedia about decompilers in general).

Zitat:

---

Zitat von marv101

Think I've found it. Do you want self-extracting file, or one with the RPM in the self extracting file? (I have not got a clue what this means btw, lol)

EDIT: Just looked at some of the 2.71 stuff, and wow. How on earth does anyone make any sense from it?! I've scrolled down to the bottom and found some partially readable stuff, but how do you know when one command ends and another begins?

---

self-extracting please.

well i've got the file, and it's in .bin. how do i compress that? in powerarchiver and winrar, i see no option to compress a file such as that, nor in the shell integration. Am I just being stupid? You might have to wait until the morning (UK time) since it's getting late here and I'm really tired.