How long till you get the maxim chip?
Printable View
How long till you get the maxim chip?
same here :neutral:Zitat:
Zitat von SasukeXIII
so this is for 2.7 or 2.71 or both?Zitat:
Zitat von FreePlay
soundling like a total retard but why don't we actually check the 2.7/71 firmware files against each others so we can see what stuff they changed and where?
so we know where to look first :/
Well they both use the same version of libpng and zlib so the exploit has to work for both firmwares.
I wouldn't say that. I only checked 2.71.
Well, the Exploit doesn't acturally exist yet :P hehe, but i really hope it will someday :D
Well thats what I though, but then again you are the one working on this so you know more, keep up the great work! :Punk:Zitat:
Zitat von FreePlay
They might of cancelled my order seeing that I put "none" as a company.Zitat:
Zitat von SasukeXIII
i always submit fake companies ;)
I hope not.Zitat:
Zitat von vb_master
I don't know, if they did I'll just have to 1. put in a fake company, 2. order some ECPE's from DigiKey (they are the same, just ECPE has electrical shock protection).Zitat:
Zitat von TeamOverload
I've bought the DIY circuit board kit from RadioShack for $15, much better than Spark Fun.
I have totally redesigned the board because I noticed an error. It's much better now.
http://img124.imageshack.us/img124/3...ixeddl9.th.jpg
Ive been gone for a while...so nothing with the libpng thing i posted yet?
sorry but i was out for a bit, what exactly is this supposed to do?Zitat:
Zitat von vb_master
Converts standard serial to PSP serial.Zitat:
Zitat von dracule
thanks
Can we stop focusing on the serial thing and move on with the libpng idea. Seriously wait until you get it to quit working on it because if you just give up this good idea might never get anywhere. I've been searching for like two days for the proof of concept for the libpng exploit and have gotten close to finding it but everytime I do something happens and I have to leave.
http://lists.grok.org.uk/pipermail/full-disclosure/
This place is a good place to look too. There is ALOT to read though that's why I haven't found specifically what I'm looking for but there are alot of links to concepts and exploited programs. libpng is in there because when I searched on google it came up and I saw libpng 1.2.6 exploit proof of concept. So it has to be in there.
We arn't, I'm just working on the serial thing because it will benefit more people, especially people who bricked.Zitat:
Zitat von copna1231
I think freeplay ended up saying the zlib thing wont work in the thread about it anyways.
I searched through and only found fixes for the libpng about the exploit.Zitat:
Zitat von copna1231
hmmm...
some info for u guys on the libpng topic
the same bug but some stuff about it
The Unix and Windows library libpng, which processes graphics in the PNG format, does not check the length of certain entries in these images, which can cause a buffer overflow. Attackers can use manipulating graphics to execute arbitrary code on the systems affected.
The function png_decompress_chunk() in the file pngrutil.c does not check the chunk_name entries in PNGs before it copies this string into a buffer of insufficient size. As a result, libpng may crash, and program code can be smuggled in.
So our only option is the serial cable?
not unless we can figure out how to use this exploitZitat:
Zitat von SasukeXIII
After what Freeplay said my hopes went downhill.
about the zlib exploit in the other thread?Zitat:
Zitat von SasukeXIII
Freeplay said that the exploit was for a function the psp did not use.
yes but there still maybe other exploits :)Zitat:
Zitat von SasukeXIII
trying to find stuff on the libpng :)
Ok I'll keep looking too.Zitat:
Zitat von mikc
Have some info sites about an exploit in libpng 1.2.5, they also have <<proof of concept>>.
Here they are:
http://scary.beasts.org/security/CESA-2004-001.txt
http://deepquest.code511.com/blog/co...d=A201_0_1_0_C
The poc thats available at these sites, (you'll find them if you search around the text) is in png format, I have them available here:
http://www.schei-nilsen.com/espen/badpngs.rar
If this is the sort of thing yoou're looking for, but for 1.2.6, let me know, and i'll know what to look for....
i assume this is something we would want but try find for 1.2.6 :)Zitat:
Zitat von NorthernFusion
This place seems very interesting, sorry if it was posted before http://www.uscert.gov/cas/bulletins/SB05-257.html#zlib
I will try the proof of concepts but I am sure they are patched in 1.2.6.
Double Post Merge
They both refuse to show. Just displays a red X.
To narrow things down a bit, we need to look for this exploit: CVE-2006-0481. The summary states that it also effects 1.2.6
EDIT: I found another Proof Of Concept. Anyone who knows what to do give it a try.
I think TO knows.
I have a 2.71 and when I try to view it in the Photo menu it just shows up as unsupported data, the browser shows the picture fine, now errors or anything...Zitat:
Zitat von X omega v5
It doesnt crash, but it looks a lot different than it does on the pc. That might be because pc clusters it together, i dont know.
did you see on another thread, somebody made a flash file that completely freezes the psp?
http://forums.qj.net/showthread.php?...5&page=1&pp=10
could be an exploit.
Any ideas as to why it doesn't supported it.Zitat:
Zitat von TeamOverload
I am etching the first circuit board right now, I will post pics of it when I am done.
ok. something else, a guy called Steve Grubb found something in 1.2.6
Steve Grubb discovered that libpng would access memory that is out of
bounds when creating an error message. The impact of this bug is not
clear, but it could lead to a core dump in a program using libpng, or
could result in a DoS (Denial of Service) condition in a daemon that
uses libpng to process PNG images.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0421 to this issue.
http://lwn.net/Articles/82996/
http://secunia.com/advisories/11505/
Found something else conserning 1.2.6, looking into it, and will report asap.
This is it so far:
http://rhn.redhat.com/errata/RHSA-2006-0205.html
The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-0481 to this issue.
http://secunia.com/advisories/18654/
CAN-2004-0421
CVE-2006-0481
Thats not an exploit.Zitat:
Zitat von dracule
Crash!=exploit