• Steam recently changed the default privacy settings for all users. This may impact tracking. Ensure your profile has the correct settings by following the guide on our forums.

The ISO "crash" on 5.50 GEN-B2

U3-Robot

U3-Robot

New Member
I've managed to crash the PSP using bad LBA addressing in the ISO game.

FW: 5.50 GEN-B2
MB: TA-085v2
MAC ADDR: Do you know it?

[YT]http://www.youtube.com/watch?v=qNg0yoqhAtA[/YT]

I'll give an ISO only to trusted people (it's not really matter, but I can).
 
It may became an exploit, if port this to PBP format (unfortunately, in PBP is no LBA addressing). But it may work. Like wololo posted 6.00 crash... He only uploaded the video.
 
Abe Froeman said:
What is the point of this video and the reason for this thread?
Click to expand...

U3 thinks he found an exploit!

How is this different than any of the other times people have managed to crash the psp? chances are it is nothing.
 
We don't care. Post when you have something that ACTUALLY MEANS SOMETHING.
If I use a scratched Virtua Tennis 3 disc, I can crash the game. OMG HAX
 
And how are you going to use an ISO on ofw? it's useless if it only works on CFW you silly goose.
 
Lol, no. That would require our unsigned eboots to be loaded onto OFW, which won't happen anytime soon, if ever.

See, us running unsigned eboots(DATA.PSP/PSAR modded/unsigned) is hax in itself.
 
Right, so you want to port a crash you made in an iso... with something that you've said only works on an iso... to a pbp that won't run without another exploit...

Great work.

EDIT: Holy shit. Lady GaGa? Seriously? Please excuse me while I kill myself.
 
U3-Robot said:
We don't need to run PBP. Only to open Game -> Memory Stick.
Click to expand...

It will check for it to be signed before it loads anything else from the pbp.

@James.
Not only does he know what he's talking about, but he also has a great taste in music!
 
PBP's don't directly use LBA, only the actual memory stick driver does, which should be secured against this kind of stuff. Reason it crashes is that the ISO list is made with an internal isofs driver, which of course wasn't coded to be secure, as it's a custom firmware element...
 
I debugged it via PSPLink and got that:

Code: 
host0:/> Exception - Bus error (data)
Thread ID - 0x0519AF09
Th Name   - ScePafJob
Module ID - 0x002A3C43
Mod Name  - sceSystemMemoryManager
EPC       - 0x8800DA2C
Cause     - 0x9000001C
BadVAddr  - 0x20E01402
Status    - 0x20088603
zr:0x00000000 at:0xBC600000 v0:0x00000000 v1:0x0000000C
a0:0x90091CF4 a1:0x88285EA0 a2:0x00000000 a3:0x00000000
t0:0x8808F5E8 t1:0x00000000 t2:0x00000000 t3:0x00000030
t4:0x0000001C t5:0x00000007 t6:0x88014D90 t7:0x88014828
s0:0x8808F5E8 s1:0x8808F5FC s2:0x00000001 s3:0x0000000A
s4:0x8828EDB8 s5:0x00000040 s6:0x8828EDC8 s7:0x88285EA8
t8:0x00000001 t9:0x00000001 k0:0x0B7EED00 k1:0x00000000
gp:0x089AB520 sp:0x885F8AE0 fp:0x88285EA0 ra:0x88284EFC
0x8800DA2C: 0x50C00008 '...P' - beqzl      $a2, 0x8800DA50
 
U3-Robot said:
I debugged it via PSPLink and got that:

Code: 
host0:/> Exception - Bus error (data)
Thread ID - 0x0519AF09
Th Name   - ScePafJob
Module ID - 0x002A3C43
Mod Name  - sceSystemMemoryManager
EPC       - 0x8800DA2C
Cause     - 0x9000001C
BadVAddr  - 0x20E01402
Status    - 0x20088603
zr:0x00000000 at:0xBC600000 v0:0x00000000 v1:0x0000000C
a0:0x90091CF4 a1:0x88285EA0 a2:0x00000000 a3:0x00000000
t0:0x8808F5E8 t1:0x00000000 t2:0x00000000 t3:0x00000030
t4:0x0000001C t5:0x00000007 t6:0x88014D90 t7:0x88014828
s0:0x8808F5E8 s1:0x8808F5FC s2:0x00000001 s3:0x0000000A
s4:0x8828EDB8 s5:0x00000040 s6:0x8828EDC8 s7:0x88285EA8
t8:0x00000001 t9:0x00000001 k0:0x0B7EED00 k1:0x00000000
gp:0x089AB520 sp:0x885F8AE0 fp:0x88285EA0 ra:0x88284EFC
0x8800DA2C: 0x50C00008 '...P' - beqzl      $a2, 0x8800DA50
Click to expand...

You're an idiot. That is all.
 
You must log in or register to reply here.
Back
Top