Over this past weekend developer FreePlay released the save game exploit for the PSPgo he showcased last month. Based largely on code from team Prometheus, it is compatible with firmware 6.10 and takes advantage of a user mode vulnerability in Archer Maclean’s Mercury. We’ve tested it on our unit and it works exactly as you’d expect. However, Sony removed the offending game title mere minutes after this hack hit the web, in addition to patching this exploit at the firmware level in 6.20. As of writing, it is back, now swapped with a copy that requires firmware 6.20 instead of 6.10.

As Sony has full control over PSN, this was a move more or less expected by those in the homebrew community, leading to questions of why this was even released in the first place. At the very least, it’s proof that these types of exploits are not viable on the go. Chalk it up as a victory for Sony this time around, but if history is any indication, the tables could turn once again in the future.

For archival purposes, we’ve included a copy of the exploit below. However, remember that it is not usable unless you downloaded Mercury prior to it being patched.

Download Leaked PSPgo Save Game Exploit

PSPgo Save Game Exploit Released, Sony Swiftly Responds - [eXophase.com]

Neon of Team Typoon, the same team responsible for bringing homebrew to the masses on PSP-3000 has released a brief video that demonstrates the possibilities of HEN (short for Homebrew Enabler) on a PSPgo unit in a custom firmware esque environment.

Genesis emulator PicoDrive is shown running Sonic through the go’s savestate-like Resume Game feature, which can continue play sessions even after a full shutdown. While there are no immediate plans to release this Kernel-level exploit to the public, we’re told that more footage in better quality is coming soon.

Clip: PSPgo Fully Hacked, Running HEN - [eXophase.com]

Update #2: The TIFF exploit has been updated once again, this time sporting compatibility with both the PSP-1000 and PSP-2000. Although not officially supported, reports also suggest it is working on 3000 units. Hit up the link below to download.

Update: File has been re-uploaded. According to MaTiAz, the wrong h.bin file was uploaded initially. If you had already grabbed the earlier release, simply download this one and replace all files. The “Hello World” message should now display when successfully executed.

The prospect of running homebrew on PSP-3000 units is rapidly inching closer, as homebrew developer MaTiAz has released a TIFF-based exploit in the form of a “Hello World,” proof of concept application.

The exploit is run from the PSP’s photo menu, taking advantage of a vulnerability found in the TIFF image library. Should be quite a familiar process if you were around back in the heyday of the PSP scene, when software-based downgraders were all the rage. Nonetheless, installation instructions can be found in the included readme file. Note that the current version will function only on PSP-1000 units. A separate release is being prepared for Slim models, specifically the PSP-2000 and PSP-3000.

MaTiAZ notes that “a bit of awesomeness” is due out within the coming days, so keep your eyes peeled. After a long wait, the gates to homebrew access on firmware 5.03 have been opened up.

Download TIFF-based “Hello World” Exploit for Firmware 5.03

5.03 TIFF Hello World [MforMature]

As the headline clearly indicates, PSP firmware 5.03 is due out shortly. It’s being touted as a maintenance update only, so if you were expecting any new features or enhancements, save that excitement for another day. According to PlayStation Network director Eric Lempel, the sole purpose of this update is to fix a security vulnerability found in the latest PSP system software revision:

I wanted to give you a quick heads up that a new PSP firmware update, v. 5.03, will be released soon. This update includes a security patch for the PSP’s system software.

Most likely, this security patch deals with closing up with the user mode exploit found in GripShift a couple weeks ago. So, if you fancy running homebrew code on that PSP-3000, it’d be wise to refrain from updating. Just sayin.

PSP 5.03 Update [PS Blog]

News on the exploitation front!

Team noobz will join forces with MaTiaZ and FreePlay in further progressing the savegame exploit recently found in the PSP game "GripShift" (as reported previously here and here).  

We saw the bat-signal calling for 'someone who has experience in progressing exploits' to help out with developing this one further, and I'm glad to announce that we'll be joining forces with FreePlay and MaTiAz.

They also acknowledged the SDK made by FreePlay but pointed out that they will focus more on a way to easily launch common homebrew using this exploit.

If (and when) this will result in a new/ported eLoader or some new tool to launch our loved homebrews remains to be seen, there's also no estimate on when something will be seen at all as everyone is pretty busy at the moment and the whole project will require quite some work.

And before some start screaming, this does NOT mean there's any downgrader or CFW installer coming, since the whole exploit takes place in user-mode only so far, meaning there is no access to anything related to the firmware itself - not even dreaming of patching it, all that would require "kernel access".

If (big if!) some tricky person will find a way to gain kernel access, "a HEN and downgrader ought to be doable, but we're not focussing on that at this time" - as it says in the noobz announcement.

Well, at least this puts up hope for homebrew on the PSP 3000, even if somewhat limited, but better than none at all.

Exploit Fever Is Here Again [ Noobz.eu ]

Here's a great progress report on the newly discovered savegame exploit that we're sure will thrill all you PSP 3000 owners out there.

MaTiAz has updated his thread on LAN.ST with the release of a "Hello World" example program which runs using the GripShift savegame exploit. Our friend FreePlay also provides a basic developer kit so we might see some homebrew soon enough! Stay tuned for future news; In the mean time we have the download links and more details below.

Download Hello World [MaTiAz]
Download Sparta SDK [FreePlay]
Via lan.st

Discussion thread

It's "back to the roots" this time!

Ever since Pandora came to the light of day there have been no more hacks or exploits for the PSPs games or the firmware itself.

The situation just changed as well known PSP veteran "MaTiAz" recently announced to have found an exploit for the game "GripShift" when loading a saved game.

The exploit uses a vulnerability known as "buffer overflow".
Put in more simple words: The patched savegame gets the game to overwrite an important status register of the PSP's CPU resulting in it jumping to the code injected in the savegame rather than back to the real game itself.

So far this code only runs in "user mode" - so no(!) access to the flash or other hacky things from there! For this, one would require kernel mode access, if and how this can be achieved using the new exploit is yet unclear and remains to be investigated.

Nevertheless, if crafted out well enough this exploit could at least result in some small homebrew stuff and eventually maybe even an eLoader sort of thing - all running on the 3000 and OFW! Only time will tell.

The unencrypted version of the PoC (requires "Savegame-Deemer" to be used!) can be found here (Savegame is for US GripShift ULUS10040): [Download]

Video of PoC [here]

We'll keep you posted!