GripShift PSP Exploit - Hello World + Sparta SDK

[NeilR]

MaTiAz updated his post on lan.st

GripShift savegame exploit PoC - LAN.ST

Ok, binary loader, hello world and SDK finished, get it here. Read the readme for the important stuff.
It's encrypted and works on the US version only.
Get the SDK here.

Readme

Hello World on PSP FW 1.52-5.02
The Spartaaaaaaaaaaaaaaaaaaaa!!! Exploit

by MaTiAz & FreePlay

Instructions
------------
1. Copy the contents of MS_ROOT into the root of your memory stick.
(This will overwrite the first GripShift savegame slot).
2. Launch the US version of GripShift.
3. Load up the game (if it doesn't autoload).
4. See your PSP run unsigned code. :)

It'll autoexit after some time. You can use the home button to exit too if
you've seen enough.

FAQ
---
Q: Will this allow downgrading?
A: No, because this is an usermode exploit and functions required to downgrade are
   only available in kernel mode.

Q: Why the name?
A: Because the original exploit was found by overwriting the player name with
   "this is spartaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa".

Q: Can/Will Sony block this?
A: Yes.

Q: I wanna make homebrew using the exploit. How?
A: Get FreePlay's GS SDK: http://f6y.ath.cx/pspdev/sparta_sdk.zip
   It has some constraints though, check the readme.
   The Hello World was written with it. :)

Credits
-------
Exploit and binary loader: MaTiAz
SDK: FreePlay
Greets go to Dark_AleX, Mathieulh, jas0nuk, Hellcat, etc. etc. etc, you know.

Edit: If you want, you can link to our article now that I published it.

 

[Slasher]

I'm really looking forward to what this exploit will bring Let's all hope some sort of kernel breach happens soon so we can get these damn 3000's hacked... I think.

With all of these pre-ipl security checks and whatnot, is custom firmware even a possibility anymore regardless of kernel access?

 

[Slasher]

I find it a little disappointing that this exploit is done through a game that I doubt is even readily available anymore. Even if a downgrader or whatever came out for it, I don't think it would be nearly as easy to downgrade as it was once with GTA:LCS just due to the fact that Gripshift won't be easy to find. I was kinda hoping a new game exploit would happen through one of the more recent and more plentiful titles so anybody can just go out, buy the game, then hack their PSP.

 

[EvilSeph]

The game can be directly downloaded from the PSN store. Whether or not the exploit is applicable to that version of the game remains to be investigated.

 

[Adiuvo]

It reminds me of the old Lumines exploit. Once it was in high demand prices everywhere went up, even stores. Since Gripshift is very hard to find now, it's not too farfetched to think that the prices will go past $70.

 

[eldiablov]

Dont think cfw, think HEN

 

[eldiablov]

I find it a little disappointing that this exploit is done through a game that I doubt is even readily available anymore. Even if a downgrader or whatever came out for it, I don't think it would be nearly as easy to downgrade as it was once with GTA:LCS just due to the fact that Gripshift won't be easy to find. I was kinda hoping a new game exploit would happen through one of the more recent and more plentiful titles so anybody can just go out, buy the game, then hack their PSP.

Most will only be found in old games as sony are tight as a nun on security now.

 

[Lachrymose]

Pretty excited to see what comes out of this.

I lent my psp to a friend who I promised I could hack his psp that he got for Christmas but it ending up being a v3. So i'm really pumped!

 

[Hellcat]

More games will be "tested for exploitability" IMO
So no worry of not beeing able to grab a copy of this one, as I see it, this is only the start, like a "warm up" - just like old times

 

[Lachrymose]

More games will be "tested for exploitability" IMO
So no worry of not beeing able to grab a copy of this one, as I see it, this is only the start, like a "warm up" - just like old times

So are they exploiting it a different way then the old Lumines and GTA?

 

[Hellcat]

I'm not 100% sure how the old exploits worked, but the basics are most likely all the same.

IMHO it'll be a matter of minutes to port the original eLoader to this exploit - if Fanjita would be still in PSP land, AFAIK he's not and the sources were never made public.

So we gotta reinvent a few wheels again....

 

[Lachrymose]

I'm sure he wouldn't mind coming back for one more project.

EDIT:
I HOPE he won't mind coming back for one more project.

 

[spike021]

A question of mine: is it one of the one's that were found months ago, but never revealed?

 

[EvilSeph]

No, this is a user-mode exploit. Those are kernel-mode exploits.

 

[Hellcat]

No, this is a user-mode exploit. Those are kernel-mode exploits.

And I could cry for not knowing 'bout them :cry:

//EDIT
wow, there's a smiley missing

 

[MiKeY188]

very nice find, good work guys good to see people working on the PSP.

 

[Lachrymose]

A question of mine: is it one of the one's that were found months ago, but never revealed?

This happened? Why weren't they revealed?

 

[EvilSeph]

A lot of exploits have been found but not revealed - this is a good thing. Through this choice, we have doorways into the device we're working on. By revealing the exploit, those doors will close very quickly. Usually the hidden or private exploits allow us to accomplish much more than we need the exploit to accomplish and so are really valuable and make sense for them to be kept private.

Suffice it to say, if we were to reveal every exploit we come across, discover or create we would not have been able to accomplish half the things we have to this day.

 

[RoBz]

What is the average PSP user going to do with knowledge of a kernel mode exploit, it's much much better for them to be kept to the devs. Same thing should happen with the PS3.

EDIT: And I hope it does happen with the PS3.

 

[Slasher]

Check out how much GripShift costs on Amazon now lol
Amazon.com: GripShift: Video Games

$129.79