Sony's PSP Firmware v2.0 exploited using an overflow attack

When Sony's PSP firmware was exploited back in version 1.5, Sony was quick to plug the exploit in version 1.51, not to mention them announcing a major security improvement when they released version 2.   Now, someone has found a security flaw in its photo viewer that allows the execution of their own custom code through a buffer overflow exploit, much like how worms such as the Blaster worm could infect and execute themselves though Windows exploits.  However, unlike Windows exploits, hackers are doing this on the PSP to allow the use of homebrew code or to possibly even run games from a memory stick.  If you copy, please show appreciation by linking back to CDFreaks.
The exploit consists of two specialised images - a tif that causes the buffer overflow and a png that contains the homebrew code.  It works by using one image that must be set as the wallpaper, since this ensures the code it contains is placed in a known address of memory (VRAM).  When the 2nd image is opened, it exploits the overflow vulnerability by overwriting a return address in the stack such that its processor jumps to the homebrew code stored in the Video RAM.  At present, this does no more than paint the screen, although according the author it can be modified to execute homebrew code on the PSP. KickF used our news submit to let us know about the following news:

We have received an email from someone named 'foo bar' (now revealed as toc2rta) with a file made by unknown, which allows a buffer overflow to be run via the photos menu in Sony PSP firmware v2.0. Although it is not currently possible to run homebrew code with this exploit, the door is wide open for the future. Here is what the readme says:

First Homebrew Code on 2.00

1. Set wallpaper to frame_buffer.png (without overflow.tif present in the PHOTO directory, or it will crash).
2. Add overflow.tif to the PHOTO directory, and open into the photo viewer. Custom code to paint the screen! Or to write a homebrew app! Not to run illegal games.

The full detail can be read at the source here.

It is interesting to see an exploit so soon after the original exploit, especially with all the firmware updates Sony has released.  Then again, then again chances are that this exploit may have been discovered earlier, but the hacker decided to wait until the PSP was more widely available or until Sony released firmware version 2.0 was out for a while such that Sony could not quickly plug the hole before people updated their OS.

KickF wrote:  Sony's try to stop owners of a PSP to run homebrew and homemake apps, has yet again come to a short ... The new 2.0 Firmware that should stop all this seems like it has a backdoor and with a simple code you can make a overflow to the VRAM in the PSP that makes it possible to run your own programcodes and it should only be a matter of time before homebrew is out that works on the 2.0 Firmware

Feel free to discuss about the Playstation Portable on our Console Forum.

Source: PSP Updates

No posts to display