Slashdot Mirror

← Back to Stories (view on slashdot.org)

HEN TIFF Exploit Cracks PSP-3000 Open For Homebrew

Posted by Soulskill on from the finding-a-way dept.

indrora writes "The PSP community was rocked this weekend by the Homebrew Enabler (HEN) from developers Davee and Bubbletune. One of their friends on the Team Typhoon development team posted a YouTube video showing proof of the TIFF Exploit running on Firmware 5.03, changing the firmware version and MAC address for a reboot. This comes after a picture of gpSP running on a PSP-3000 via the HEN exploit. From the QJ.net article: 'First [things] first: No, Davee hasn't finished the HEN yet. Which means it isn't out yet. What we do have today is some visual confirmation that the HEN can indeed run emulators, in this case the GBA emulator gpSP.' And from the more recent article showing the exploit demo video: 'Be patient, everyone. Davee's HEN Kernel exploit will eventually arrive, given time. "This is a demo of the 5.03 firmware running the tiff exploit and booting into a HEN environment on a PSP 2003 (3000 Support also) on 5.03 Official Firmware. This proves that the code survives a reboot and the system software and MAC address can be changed. This is something that only can be done with a kernel exploit. A video launching homebrew will be posted later."' Hopefully, we'll soon have PSP-3000s playing homebrew games and running PSP uCLinux."

15 of 77 comments (clear)

  1. Cool by Goldberg's+Pants · · Score: 4, Funny

    All 27 remaining PSP users must be thrilled with this!

    1. Re:Cool by Goldberg's+Pants · · Score: 2, Insightful

      As I said a while back on here, I looked into getting a PSP and planned to hack it, with piracy being a part of it.

      I didn't see anything for the PSP worth pirating. And only one game worth buying. (Football Manager.)

      Of course lately the DS isn't much better IMO. I've largely stopped using mine.

    2. Re:Cool by vux984 · · Score: 3, Informative

      50m is still bigger than all the next-gen (PSWii60) consoles combined.

      Say what now? Wii has 50M pretty much all by itself.

  2. Why.... by Darkness404 · · Score: 4, Interesting

    Why even include TIFF support in the PSP if you were trying to lock people out of homebrew? TIFF, by nature, will contain more exploitable code then other image formats (based on how the image is stored and other technical specs of the TIFF format), and is much lesser used compared to JPEG, PNG, GIF, and the dozens of other image formats we use on a daily basis. But the inclusion of TIFF seems puzzling, unless by default various Sony products save things as TIFF, there doesn't seem to be any need for it.

    --
    Taxation is legalized theft, no more, no less.
    1. Re:Why.... by Anonymous Coward · · Score: 3, Informative

      Digital cameras produce TIFFs.

    2. Re:Why.... by Archaemic · · Score: 2, Informative

      Yes, I wonder the same thing about TIFF support on the PSP myself. It was touted as a new feature for the 2.0 firmware, but I don't really see the point, given how insecure it is in general and how rarely it is used. Furthermore, if it is used for a camera picture, it's pretty useless anyway, because the PSP will generally not show the picture if it's too large anyway, which is usually smaller than digital camera resolution. The original PSP model does only have 32MB of RAM, 8 of which is not available in usermode. A fair amount of this memory is unavailable to the decoder anyway, leaving only about 4MB of RAM for displaying a picture.

      I've had two battles with LibTIFF on the PSP, one resulting in a triumphant victory for me (although never released due to various reasons). The other was me actually trying to exploit a crash that lead to the exploit that MaTiAz found (which is the TIFF exploit (user mode) mentioned in this article). The kernel mode exploit used in conjunction with the user mode exploit was found by Davee, as mentioned. However, what was particularly great was how they patched the TIFF exploit for 5.03 in the following firmware: by disabling the section of LibTIFF that was being exploited. If one tries to view a TIFF that has additional channels (i.e. alpha channel, be it premultiplied or whatever), it says unsupported data. Brilliant work, Sony. The TIFF exploit didn't work in any other software because the other software properly supported the additional channels. It's still sort of a mystery how they failed this one so hard.

      Furthermore, there was an exploit in LibTIFF in earlier firmwares (and actually the current stable version of LibTIFF) that was patched by Apple, and then Sony (and most others) adopted the patch. However, the patch itself is broken, as I discovered when looking at it. Therefore, I now have a TIFF that will crash any modern LibTIFF application (unless it has a specific section of LibTIFF disabled, which some do, such as Photoshop CS3), including the PSP on its newest firmware. Works even on the newest firmware. All I can say for the patch is that it did seal the vector for shellcode, even if it didn't seal a vector for a DoS. I filed a patch with the LibTIFF people that sealed the hole entirely, but it's been ignored since January.

    3. Re:Why.... by AliasMarlowe · · Score: 2, Informative

      Did, you mean. Back when people still used flobby disks...

      Actually, some digital SLRs use variants of the TIFF format to store their "raw" files. They may muck about with the headers and you need to know the RGB response curves to make proper use of the data, but underneath, it's still a TIFF. The Pentax PEF format as produced by the istD family of DSLRs can be rendered by TIFF readers which ignore certain "irregularities" in the header, for instance.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    4. Re:Why.... by Anonymous Coward · · Score: 2, Funny

      Can we at least acknowledge that TIFF isn't an image format but a linked library format, and make the buffer overflows a feature and not a bug?

    5. Re:Why.... by fireman+sam · · Score: 3, Insightful

      "Why I would want an uncompressed image from my 2-megapixel POS camera with a crappy lens, I have no idea."

      Because it uses the super crappy jpeg compression code which will give even worse results. At least if you can capture in raw you can do post processing with you crappy computer without the jpeg artifacts.

      --
      it is only after a long journey that you know the strength of the horse.
  3. Just admit you're not making new homebrew games by Anonymous Coward · · Score: 5, Insightful

    Hopefully, we'll soon have PSP-3000s playing emulators and running the same goddamn games you've all been emulating since the first emulators came out for PCs.

    There. Fixed that for you.

    Unless someone can show me a decent amount of actual, fairly good, unique homebrew games, that is. You know, not the piece of shit "proof of concept that we can homebrew" game clones we see on every iteration of homebrew hacks, but the groundbreaking games that all the proponents of homebrew keep bragging about and assuring us will result from it?

  4. Stupid Sony by Nom+du+Keyboard · · Score: 2, Interesting

    Why do you keep trying to lockout your homebrew users, who are some of your most talented fans? Why not end this stupid war and simply sell an open version that can run what people want to run on it?

    Same for Apple. You are trying to control too much. Leads me to cheer for an open Android platform with healthy competition from clone makers. The biggest jump in improvement of the Apple platform I ever saw was during the brief period that Apple allowed clone makers.

    Proprietary systems are never to the consumer's advantage.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    1. Re:Stupid Sony by Anonymous Coward · · Score: 2, Insightful

      "Proprietary systems are never to the consumer's advantage."

      Of course not. That's because it's not about you or what's good for you. One day we'll wake up and realize that the market, in it's current form, isn't based on "best product" for the "best price". It's about gaining enough market share to afford legislation to protect your business model from innovation and competition.

  5. Novel idea by Goffee71 · · Score: 3, Insightful

    If all these homebrew guys are such loyal PSP fans and great coders, why don't they release their cracks with a block on running PSP ripped games, thereby protecting the success of the console they enjoy playing on?

    That'd be a decent thing to see (right up there with alien motherships, flying pigs and world peace)

    --
    If he's the Walrus then can I be a penguin please?
    1. Re:Novel idea by wbo · · Score: 2, Informative

      Actually Davee has stated it will be very difficult to run pirated games using this HEN.

  6. Re:Lesbian Strapon Porno HERE! No Torrents, all mp by Sj0 · · Score: 2, Funny

    Tribadism, not Tribulation, you moron.

    I dunno, it looks like the most difficult way possible to get off. Tribulation might be accurate.

    --
    It's been a long time.