![]() One would exploit the File Allocation Table|FAT16 system of the memory stick, and the other involved putting _SCE_ before the name of corrupted folder and %_SCE_ before the name of the normal folder (with the percentage sign at the end removed). However, this was shortly overcome by using two tricks. The file with just the program data would be seen as corrupted. This was because the PSP would only see the program that had a PARAM.SFO file in it, the file inside the % folder. The problem with this exploit was that corrupted data would show on the memory stick (as well as the normal data). The folder without the % had only a DATA.PSP renamed to EBOOT.PBP, the file containing the code. The percentage folder contained no data aside from images and a PARAM.SFO. There were reports of failing memory sticks using this method, but none have been verified.ĭeveloped by the Spanish Killer-X, KXploit exploited a misuse of the sprintf function of the PSP by having another folder named exactly the same with a percentage sign after the file name (eg game and game%). It was created by a Spanish team and involved swapping between two memory sticks at the launch of the game, before it crashed with an error, to run the selected homebrew. First, through the use of an exploit known as "Swaploit", and later, via the safer 'KXPloit'. Two ways were developed to run unsigned code. ![]() The discovery allowed early US PSP adopters to run homebrew which quickly led to articles appearing in the mainstream. It was discovered in June 2005 that unsigned code could be run on a firmware with version 1.50. These dumped UMD images can be written to a Memory Stick Duo and executed, performing in exactly the same way as if they were being read from a UMD. In addition, it became possible to dump Universal Media Discs (UMDs) using a homebrew technique. This resulted in the release of a number of homebrew software, which were all built with the GNU GCC and GNU Binutils, modified to produce code for the PS2 and PSP (MIPS processor devices). ![]() A proof of concept "Hello World" was released to demonstrate this. This meant that PSPs could be used to run homebrew software, as there was no mechanism to check if the code had been digitally signed by Sony in this firmware revision (as was similar with the PlayStation and PlayStation 2 consoles - missing security features in first revisions). In May of the same year, PSPs using the 1.00 version of the firmware were able to execute unsigned code packed in the same format as EBOOT.BIN from Wipeout, but from the /PSP/GAME folder on a Memory Stick. Using a dumped PSP system ROM image, and the knowledge discovered from the Wipeout disc, the layout of the executable format was successfully reverse-engineered by a hacker "NEM" and the "Saturn Expedition Committee". Using this trick, and with a bit of guess work, hackers spotted that navigating to addresses such as file:///disc0:/ would allow files from the UMD to be viewed, thus the discovery of PSPs executable format, the, was figured. In April 2005, a DNS redirection trick was discovered in the game Wipeout Pure's content-downloading feature that allowed regular HTML web pages to be displayed in its place.
0 Comments
Leave a Reply. |