Slashdot Mirror
Buffer Overflow Found in PSP Firmware v2.0
Doomstalk writes "PSP news site PSP Updates is reporting that a buffer overflow flaw has been found in PSP firmware v2.0's photo viewer. So far it's only been used to corrupt the menu display, but it holds great promise for running homebrew code on upgraded PSPs." From the article: "Thanks to the unknown author(s) for this great starting point to have homebrew on 2.0, all that is needed are coders to extend this knowledge for full homebrew usage on the v2.0 firmware. We cannot say when someone will step up to the plate and write the code for users to run homebrew on a 2.0 using this exploit, but we will definitely have our ears (and email boxes) open and be sure to let you know as soon as we do."
When will the first PSP worm/virus be out in the wild?
Blessed are the pessimists, for they have made backups. -- 0 1 My two bits
...but I don't think I've ever seen a buffer overflow being celebrated before.
Theres another exploit here and thats the commercial exploit of the Homebrew scene by Content Holdings.com who brought the PSPhacker domain and when the japs released the hello world and early releases they repackaged the releases as their own and add to that the 3 dollars a month to remove ads that "premium" members pay and also the free psp (and we know thats a scam) site they have and not to mention the fact that if a release is on a site they consider a rival they either say they were emailed the release or another lie. Well at least the site admins can collect more cash now thanks to Slashdot and others, why on earth they didnt link to the coders is beyond anyone but if you remember the BochsPSP news they linked to their own site then also. If your looking for decent news sites for PSP then try http://www.maxconsole.net/ http://psp-news.dcemu.co.uk/ or http://psp-archive.de/
Yeah after seeing the Slashdot about the GP2X last week http://www.gbax.com/main.pl i want one of them, no need for any bloody exploits :)
"...when the japs..."
You lost me there. Try again with a little less insultingly ignorant speech next time.
Why throw your money at Sony, who does their best via DRM and everything to keep you out, when open platforms like the Tapwave Zodiac invite developers in?
Of course, this "feed the hand that bites us" behavior among gamers has already forced the Zodiac off the market -- nobody was buying it.
Ditto XBox! Why do geeks, who should oppose every shred of DRM and proprietarism that the green thing embodies, go out and buy the thing only to turn it into a set-top linux box? Hello? You're throwing money AT the evil empire.
I understand there's a certain challenge to "owning" such a closed system. Fine, show Microsoft and Sony you're better than them. But at the end of the day, all this activity does is encourage MORE of exactly the wrong behavior on the megacorps' part.
The PSP and this rather lame exploit which only lets you run up to 64kb which to those who dont know isnt enough to run 99% of homebrew and emulators, yes it creates news but its not going anywhere, thank god the new Portable Linux Console that embraces Open Source Coding has arrived, Emulation and Homebrew with out stupid little exploits, yes im talking about the GP2X http://www.gbax.com/main.pl Once it arrives we can say hello to the future of amatuer coding.
welcome our buffer overflow overlords.
who'd have thunk it?
that BO's would be a freedom fighting geek's best friend.
Science : Proprietary , Knowledge : Open Source
So far only binaries smaller than 64KB can be run and only in user mode not kernel mode. NO ACCESS TO KERNEL NO DIRECT ACCESS TO FIRMWARE Still a long way to go before a full exploit.
Actually the Zodiac itself had a better hardware spec than the DS in the shape of vastly more memory, superior support via it's ATI Imageon graphics card, higher resolution display and a much faster CPU). It also had a much sleeker form factor and had the added bonus of being a functional PDA with a huge library of Palm software available for it (something I wish the PSP had).
Obviously this came at a cost - it was double the price (so at the PSP price point, but with less than PSP level performance, and without the supreme benefit of Sony's brand recognition - which is the only reason I think consumers are willing to trust in a device as expensive as the PSP).
That aside, I think biggest thing it had issue with was lack of developer support and poor marketing (which to some extent go hand in hand, stores won't stock it and people won't buy it if there are no games, but developers aren't keen to flock to an unknown quantity and invest time and money in such a risky enterprise).
I was on the verge of buying one but held off when I read about the PSP for the first time, not that I wouldn't mind owning both but the game library for the Zodiac (that is, games that took advantage of the unique 3D hardware - not just the regular Palm games which I've mostly played already) was just too small to imagine me using it for longer than a month or two.
I do not agree with funding evil empires such as Sony by purchasing their items and then "cracking" them. Sony will just keep forcing more firmware, and you the faithful consumer, will continue cracking it. In the meantime, you're purchasing new duo sticks, umd vids, and games. Sony has tricked you into becoming a loyal customer by dangling the golden carrot that is their "unbreakable" firmware.
I'll vote with my dollars and not purchase one at all. The GP2X intrigues me though, even though there is some claim that it will be DRM enabled, I believe that to be just an assurance that it will have the capability of playing shitty DRM files (not that I'd have any anyway).
swanker than you
check it on pspupdates.com a hello world program is out for 2.0 psps... not much time before homebrew makes its way to 2.0 psps...
Thankfully, there are no games out that force a 2.0 upgrade that I want. I shiver as a gamer saying that. The battle may soon be won over 2.0, but the war will inevitably be won buy Sony when 2.1 is released to fix this. Games will require it, and if you want to play games, you will have to play *their* game of firmware upgrades. It's silly, stupid, and I hate it. I still have the DS, but Sony, please, please, just let us run our homebrew apps. It's a better world if we all get along. Go after the pirates aggressively, fine. But leave us that just want to run a file-transfer program and ScummVM alone. I love your product, please stop fugging with it.
-- I have fans? Wow.
sadly, if a console is open, you can bet that the openness will be used 95% of the time to play pirated games, not homebrew ones.
There is a middle ground of legal emulation. If you own a copy of a Lucasarts adventure game, and you use your right under 17 USC 117 to use ScummVM DS to install it onto a CompactFlash card and then put the CF card into an adapter on your Nintendo DS, you can still play commercial quality games without piracy.
Quite simply because commercial games are of much higher quality than any homebrews!
Not always. Would you rather play Tetris Worlds for GBA, which actually breaks the concept, or would you prefer Tetanus On Drugs for GBA? Would you rather play Lumines on a PSP and Minesweeper on a Pocket PC, or would you prefer Luminesweeper on a GBA SP while your backside is cushioned by a wad of cash?
They sell the PSP at a loss.
Even if this is true, why don't consoles get decent development tools after they become profitable? PS2 Linux is out of print, and it doesn't work on the slim PS2. Why can't a console have licensed games for the first couple years and then both licensed games and homebrew later? Even more unexplainably, why are hardly any consoles opened to homebrew once the console maker stops authorizing new titles on the platform? Why don't other console makers follow the example of Atari, which opened the 7800, Lynx, and Jaguar?
Frankly, I own a gaming console, you know, for gaming. You may notice a highlighted word there. Hint, it's: gaming.
I do not buy it to make some political statement about open vs closed software. I buy it to play games on it. If Sony has the games I want to play, and some hypothetical vendor has this super-open GPL-conform Stallman-approved ESR-blessed platform without many games, you can guess whose I'll buy. Hint: it starts with "So" and ends with "ny".
The whole "feeding the hand that bites us" metaphor is emotional and all, but I don't feel bitten at all so far. I gave them some money, I got some games I wanted in return. If anything, I'm "feeding them" to get more games like those in the future. But more pragmatically, I'm not "feeding" anyone. I'm just acting in my own interest as a consumer, and buying the one that's the better product for me right now.
And if DRM is what it takes to get those games, fine by me. I can still plug the cartridge or UMD in and play the game, right? Well then why should I care what technologies went into that UMD or the loader in the BIOS?
You assume too much that all geeks are like this or that, all are on a zealot crusade against the very idea of commercial software, and all bought an XBox or a PSP just to run Linux on it. Which is just false. I for example am a terminal geek all right, but I bought my XBox to actually run XBox games like Fable or Jade Empire. Even those two alone make it well worth every cent MS got from me. I know only two people who've modded their XBox and that was to add some multimedia functionality and IIRC a bigger hard drive, not to run Linux on it.
Basically rest assured that when you read news about someone's uber-l33t port of Linux to some game console, you're really reading about a small minority that gives a damn at all, and mostly just to show that they can do it. It's the geek equivalent of showing that you can tear a phonebook with your bare hands: it's not actually _needed_ (there are easier ways to destroy a phonebook), it's not what everyone buys a phonebook for, and it doesn't make it a better phonebook than it was before being torn. It's just a way to show off. Unlike tearing a phone book with your bare hands, though, pretty much noone else gives a damn about it.
Now lot more people will care about it if it lets them pirate UMD games and play them off the memory card. (That was the main reason people modded their PS1, PS2 and XBox, btw: to be able to play pirated games.) But even then we're talking freeloaders, not people on a holy jihad for the glory of OSS. Rest assured that _all_ they wanted was to let someone else (e.g., the rest of us paying customers whose money keeps those devs in business) pay the tab for their gaming, not to make some "free as in speech" political point.
A polar bear is a cartesian bear after a coordinate transform.
As I was saying before, I bought it to play games on it. Sony didn't have to "trick" me into anything. They just had to have the games I want to play. That's all.
Yeah, if all you wanted from a portable console was to run some old emulator on it, the PSP might not be the one for you. But then you know what? Go buy whatever console lets you run those, and quit whining already. Does the GP2X let you run those? Well, good for you, then. Get one of those, then, and give it a rest already.
No, seriously. It's not like we don't already have enough Nintendo fanboys ranting and raving about how the PSP is T3H 3V1L!!!111, stiffles innovation, makes God kill small kittens, etc, and how about all of us who bought one are some servants of the Antichrist. I don't need yet another group telling me that I'm some kind of a tricked victim, just because I wanted to play Lumines, Mercury and the racing games.
Get this: most of us actually knew very well what we were buying. There was no trick, there was no broken promise, nothing of the kind. Sony didn't dangle the carrot of "but you'll be able to run a NES emulator on it" in front of us at any point. They only said there'll be games and UMD movies for it. That's all. And I fail to see how buying one for those counts as being "tricked". Did any of Sony's patches make it no longer play UMD games or movies, or what? Well, wake me up if they ever do that, because only then it will count as being "tricked".
And generally, WTF? I thought we were in the "Games" section, not in the "let's whine about proprietary stuff" section. Did this story get posted in the Linux section too, or what?
A polar bear is a cartesian bear after a coordinate transform.
Paint Shop Pro just isn't what it used to be. Who wants to start a fork?!
Hello everyone. I upgraded my PSP to 2.0 so i could try and make some games for the new firmware version. I have written a few Java type games that work well useing the built in browser in the 2.0 firmware. These games/Apps can be launched from the browser pretty easy. If anyone knows of a good place to upload them so the PSP world can get to them let me know. Or if you want me to email you insrtuctions on how to do such things drop me a line :)
So why not just release a dongle that costs enough to turn loss into a tidy profit?
Sony did make such a dongle for the PS1 (called Net Yarôze) and the PS2 (called "PS2 Linux Kit"), but both were limited in their capability, and neither was manufactured in near enough quantity for it to be interpreted as more than a token effort. Nor is there such a dongle for the PSP or any public plans to make one.
I've played four player games on one PC, it just requires two gamepads (usually two people can use the keyboard though I think we played Clonk 4 wih three people on the KB and one on the gamepad).
It also requires a TV output, or would you recommend crowding four players around a 17" monitor?
Sure, having two gamepads is rare but is it really any less common than a modified console that'll run homebrew stuff?
No, you don't need to mod a Dreamcast console to play homebrew that has been burned onto CD-R. Both the old firmware and the new "non-MIL-CD" firmware have been cracked so that a CD-R disc can self-boot without a modchip.
And if I want to make games that run on a handheld, which widely sold open handheld has decent controls for games?