Tiff Exploit - HEN Information

[Davee]

Sorry again for the lateness. I say soon as I have started school again and the exams are looming in and I need to revise. Also, I am away Thursday -> Saturday on a expedition and will NOT have internet access during that time.

Again my apologies, and for those guys at PSP 3000 hax, I did make post number 154, no other

 

[pcstalljr]

The current tiff exploit is a buffer overflow in the libtiff library (There are many and various TIFF exploits for many pieces of hardware, including the PC and MAC), this exploit relies on the way libtiff handles alpha channels.

If you want to get into this, i suggest you go read up on libtiff (You can obtain source code for it for various platforms) and previous exploits for whatever operating system, the TIFF hello world for the PSP is available for download, open it up in a Hex Editor and have a look through it (Try searching for scePaf_Module, or h.bin). Basically libtiff is shot full of holes.. so many it feels like they where put there deliberately.

dude super useful info! thanks!! will do, haha it'l keep me busy while i wait for then HEN to "come out of its shell" haha (weird geek moment )

----added---------

Sorry again for the lateness. I say soon as I have started school again and the exams are looming in and I need to revise. Also, I am away Thursday -> Saturday on a expedition and will NOT have internet access during that time.

Again my apologies, and for those guys at PSP 3000 hax, I did make post number 154, no other

no prob dude. we can wait exams are more important then the HEN anyway. *grabs a scale...hmm...making people happy....your future......*yep your future is more important

 

[NeilR]

You can repeat that as many times as you like, it won't matter. Most CFW users are used to CFW and most of those are used to being pirates, even if they don't think they are (those individuals, and there are many... need to take a big swig of some shotgun-mouthwash)

Believe me I know it's pointless but to clarify: I'm not talking about people who have CFW; I'm talking about the people posting in this thread (and the hello world one) who seemingly don't understand what HEN does.

Unfortunately people heard about this exploit, heard that a HEN was being released, and rather than get themselves educated they immediately got excited and thought they were getting custom firmware (and/or an ISO loader).

 

[tomcat70]

Sorry again for the lateness. I say soon as I have started school again and the exams are looming in and I need to revise. Also, I am away Thursday -> Saturday on a expedition and will NOT have internet access during that time.

Again my apologies, and for those guys at PSP 3000 hax, I did make post number 154, no other

Hi Davee!! Don't worry!! We appreciate your work!! Carry on and take care of the school and your life first!!
Only one Question...Don't you Know more and less when The Hen will be released? I think everybody is waiting for it as a new year's day!!
Thanks again!!!:laugh:

 

[Archaemic]

oh my. i didnt search very well (sorry) haha. i have found it. it was posted on this very thred. (i just had to click about 5 links to get there) he is the main libTIFF site: http://www.remotesensing.org/libtiff/

and the vulnerability report: http://secunia.com/advisories/product/4053/

All of those vulnerabilities are patched as of 5.00, I'm afraid. The buffer underflow one it mentions can be exploited on 4.xx (it's the 4.xx TIFF exploit I mention sometimes), but I'm afraid that a patch that Apple put out for libTIFF blocks exploit on 5.xx. The patch is total crap, though, and doesn't prevent the underflow. It just prevents injecting useful shellcode into the underflow.

 

[pcstalljr]

All of those vulnerabilities are patched as of 5.00, I'm afraid. The buffer underflow one it mentions can be exploited on 4.xx (it's the 4.xx TIFF exploit I mention sometimes), but I'm afraid that a patch that Apple put out for libTIFF blocks exploit on 5.xx. The patch is total crap, though, and doesn't prevent the underflow. It just prevents injecting useful shellcode into the underflow.

sorry if im having a n00b moment here. but from what you say. Apple is resposable for finding the fix for the 5.50 psp OFW? (not directly of coarse i mean basicy. they have found the exploit on there system and found a fix that s0ny ended up using?)

 

[anon2146]

Also, I am away Thursday -> Saturday on a expedition and will NOT have internet access during that time.

An "expedition"? What next? Is he going to get caught by the Nazis and coerced into not releasing the HEN.

/me mimes washing hands

Im out.

 

[Davee]

An "expedition"? What next? Is he going to get caught by the Nazis and coerced into not releasing the HEN.

* anon2146;43072 mimes washing hands

Im out.

It's called Duke of Edinburgh.

 

[Aragorn38]

An "expedition"? What next? Is he going to get caught by the Nazis and coerced into not releasing the HEN.

* anon2146;43072 mimes washing hands

Im out.

That MUST be sarcastic...

 

[NeilR]

An "expedition"? What next? Is he going to get caught by the Nazis and coerced into not releasing the HEN.

* anon2146;43072 mimes washing hands

Im out.

Well I guess Davee can't win. People complain that he's not posting enough about his progress or when they should expect something and when he does people get their panties all knotted up.

At least everyone now knows why he was pushing himself for a circa Tuesday release.

 

[yigal33]

Hi Davee!! Don't worry!! We appreciate your work!! Carry on and take care of the school and your life first!!
Only one Question...Don't you Know more and less when The Hen will be released? I think everybody is waiting for it as a new year's day!!
Thanks again!!!:laugh:

Hello DAVEE
Allow a few words about where HEN standing and appreciation of this will take more time?

 

[abchopra2010]

Atlast some news.
Will look for this thread on monday.

 

[pcstalljr]

An "expedition"? What next? Is he going to get caught by the Nazis and coerced into not releasing the HEN.

* anon2146;43072 mimes washing hands

Im out.

just IMHO. you dont have to but im gonna trust him. this stuff is hard. i mean realy hard. im saying this because i can only do a little. but if you think hes dieing. how about this. you can try to do it. see how hard it is. see what its like to have an app on a secondary system and not realy be able to debug it(that i know of) and fix a problem that you cant realy see unless you know exactly what your looking at.

so i suggest that who ever says hes taking too long. try it. see how hard it is. or better yet just look at some HEX code and see whats wrong with it. i almost guarantee you that you will see how hard it is and ease up on this guy thats doing you all a favor

but like i said thats just IMHO

 

[ghostek]

I think next info will be than HEN is dead and Dave is not releasing it.

 

[Davee]

The problem is due to the lack of debugging utilities on the 3k and such. We've got the kernel mode working on that but our testing time with 3k is limited and debugging is next to zero at reboot time (which is where errors occur). Obviously, we're trying our best, but we are running on theory here (at least for the 3k and TA-88v3) and it takes time to fix it.

 

[Rhodesy]

It's called Duke of Edinburgh.

My BB's used to do that award though I left before then

No rush anyway man, it is actually funny watching how desperate people can get, most of them are very subtle on this board, I have to say

 

[pcstalljr]

I think next info will be than HEN is dead and Dave is not releasing it.

im seeing so many people that seem to have just started an account just for this (like me) but aren't optimistic what so ever. in fact im seeing a lot of pessimism here. sad to say. just give him a chance, hes not the first dev to release somthing late.

-----added-----

The problem is due to the lack of debugging utilities on the 3k and such. We've got the kernel mode working on that but our testing time with 3k is limited and debugging is next to zero at reboot time (which is where errors occur). Obviously, we're trying our best, but we are running on theory here (at least for the 3k and TA-88v3) and it takes time to fix it.

thats perfictly resonable. just take your time. rushing just causes more errors and congrats dude. your one heck of a cool guy

 

[oneshibbyguy]

The problem is due to the lack of debugging utilities on the 3k and such. We've got the kernel mode working on that but our testing time with 3k is limited and debugging is next to zero at reboot time (which is where errors occur). Obviously, we're trying our best, but we are running on theory here (at least for the 3k and TA-88v3) and it takes time to fix it.

Dude, that helps so much. I was curious as to where you were at. Thanks Davee, cant wait.

 

[Maattt]

The problem is due to the lack of debugging utilities on the 3k and such. We've got the kernel mode working on that but our testing time with 3k is limited and debugging is next to zero at reboot time (which is where errors occur). Obviously, we're trying our best, but we are running on theory here (at least for the 3k and TA-88v3) and it takes time to fix it.

Ignore all these idiots and take your time man.

if they are that desperate for HEN, they should create it themselves.

Appreciate your work man

 

[imported_Bumblebee]

The problem is due to the lack of debugging utilities on the 3k and such. We've got the kernel mode working on that but our testing time with 3k is limited and debugging is next to zero at reboot time (which is where errors occur). Obviously, we're trying our best, but we are running on theory here (at least for the 3k and TA-88v3) and it takes time to fix it.

Why don't you guys make your tests on a psp slim that can be hacked?? i guess it's the same ram block for any slim