Thu Aug 17, 2006 2:15 am
bug fond!
tested on 2.71 en even before i whanted to open it causing a crash (with restarting psp works back) now hope this can be exploited
edit: after leting the psp crach its even shutsdown about 40sec looks like it culd be exploited like the tiff downgrader for 2.5/2.6 gonna test that
edit2: don't work but i got hopes :p (not good at hacking so i can't do this :s )
NOPx86 wrote:
Hey guys, iv been messing around with libtiff for a couple of weeks now
and I found something interesting, Im still doing debugging on it and
whatnot, but it crash's the psp and most image viewers, it may be the
begging of homebrew on 2.71 and 2.80 it may not, im not going to release
the source for it just yet, probably in a couple of days once i do
proper debugging to release a full disclosure. i will however post a
link to the image, iv made a small tiff reader program that does the
most ****tiest error checking you have ever seen but i will print a
quick backtrace
Program received signal SIGSEGV, Segmentation fault.
0xb7eae46b in TIFFFindFieldInfo () from /usr/lib/libtiff.so.3
(gdb) bt
#0 0xb7eae46b in TIFFFindFieldInfo () from /usr/lib/libtiff.so.3
#1 0xb7eace97 in _TIFFsetDoubleArray () from /usr/lib/libtiff.so.3
#2 0xb7eacf3e in TIFFVSetField () from /usr/lib/libtiff.so.3
#3 0xb7eacf27 in TIFFSetField () from /usr/lib/libtiff.so.3
#4 0xb7eafd80 in TIFFReadDirectory () from /usr/lib/libtiff.so.3
#5 0x04004000 in ?? ()
#6 0x04004000 in ?? ()
the 0x4004000 was put in by me, iv noticed it hasnt actually overwritten
the instruction pointer and crashed at that address per say, but im sure
i could maybe get something working, if not I then with help this may
become something. Im asking for volunteers, I would prefer someone from
the hitmen or ps2dev crew or SonyXTeam to help, I have recently been
banned from Toc2rta for not releasing any information and whatnot, I
would however like to come back if at all possible and there are no hard
feelings whatsoever. If anyone would like to help or is even the slight
bit interested then get up with me on yahoo my instant messenger name is
hymn_of_a_needle_freak. I am going to jump ahead of myself at the moment
and go ahead and take some inspiration for the old 2.0 exploit and do my
own variation of the framebuffer png(credit goes to skylark on the idea
and niacin for dumping the data on the original version). Im going to go
ahead and work on setting the rest of it up before i concentrate on more
work with the main part of this. Get up with me if your interested.
greetings to the whole psp homebrew team, mainly ps2dev and
sonyXteam(coldbird and the rest of the gang on their irc server) for
taking the time to listen, also groepaz and skylark for putting up with
my hours of retardedness and questions, harleyg and wakawooki for 2.80
testing(your right, the modchip is the **** ) . I would also like to
thank LC for donating me a psp. I dont know to much about the psp at the
moment as i only have 2.71 so if anyone has pointers then please feel
free to share.
thank you
links:
ColdBird| http://fragment.lan.st/nop/proof.tif
x3sphere| http://www.tritoch.net/nop/proof.tif
tested on 2.71 en even before i whanted to open it causing a crash (with restarting psp works back) now hope this can be exploited
edit: after leting the psp crach its even shutsdown about 40sec looks like it culd be exploited like the tiff downgrader for 2.5/2.6 gonna test that
edit2: don't work but i got hopes :p (not good at hacking so i can't do this :s )
yes im glaad to say i now to have 1.50 
