jamiejrg wrote:

Hi everyone,

Seeing as this is my first post I guess I'll introduce myself. I'm jamiejrg, i'm a huge gamer.. .like many of us are. I try and stay as up to date with most console hacks. My xbox (original) was hacked using the splinter cell game save exploit. I also have CFW psp that i love to death etc. I'm a university student majoring in biology and minoring in comp-sci and as i learn more and more in my comp-sci related classes i try and apply it to hacking where ever possible.

Note: I am by no means an expert on these matters. This discussion, if you will (you being readers) allow it to be more of a think tank on the matter of buffer exploits in game saves and with respect to games (not browser). In my opinion a game save exploit will probably be the way the PS3 is hacked. I mean just recently the psp-3000 was hacked because someone found a heap based exploit in the player name buffer in grip shift (or at least that's what the wiki tells me). So doesn't it make sense to start looking for those same kind of exploits in PS3 games?

If your not familiar with buffer overflow or buffer overrun you may want to check out the wiki:
http://en.wikipedia.org/wiki/Buffer_overflow

My thoughts/efforts

So lately i've been dump all my save games off my ps3 and checking them out with hex editors, not surprisingly most of them are encrypted best i can tell.

However, something i did notice was that in my orange box game saves there are a number of files that are not encrypted (files names elude me right now, i'm in class). If you view them in a hex editor (or maybe even a text editor for that matter you can plainly see names of things like scripts, models, sounds etc) Not exactly sure why this information would be contained in the game save but it struck me as interesting. I haven't really had time to mess around with them yet.

Are these findings in the least bit interesting to anyone else?

I welcome people's thoughts and questions as well if my head is totally up my own arse on the subject pls let me know.

thanks aheado of time,
Jamiejrg

are you trying to impose that these saves may lead to a hack... i've looked at my orange box save files and have noticed the same thing.. this was interesting to me ..
what does anyone else think ?

Last edited by Sk8yu (2009-01-19 14:21:17)

Nothing ever came of any other Game Save exploit, and every firmware update fixes potential threats.

jamiejrg wrote:

But what about the sparta exploit that was found like 2 weeks ago...

http://www.pinoyconsole.com/homebrew/he … -psp-3000/

Pretty sure the psp has had at least 3 gamesave exploits to date. The GTA one, a lumines one and now this one. All of these leading to loaders or downgrades.

Sure 'most' developers use anti-buffer overun tools these days defensive coding techniques.. but they are humans to and we depend on thier mistakes do we not?

Hmm, yeah funny though; I thought we were talking PS3 here, since you ARE in the PS3 Hacks & Cracks forum, and NOT the "OTHER CONSOLES" one...

So, should I move this to the OTHER console section?  Dunno, because your first post says:

Note: I am by no means an expert on these matters. This discussion, if you will (you being readers) allow it to be more of a think tank on the matter of buffer exploits in game saves and with respect to games (not browser). In my opinion a game save exploit will probably be the way the PS3 is hacked. I mean just recently the psp-3000 was hacked because someone found a heap based exploit in the player name buffer in grip shift (or at least that's what the wiki tells me). So doesn't it make sense to start looking for those same kind of exploits in PS3 games?

SO, I answered your thingy there, and then you came back with some PSP stuff, so which is it? 

As I said, firmware updates patch security holes, that's why there are SO MANY of them...

PS3 is not PSP, though they LOOK the same at the menu, they ARE NOT.

Well, if you look around the site, there is an IN DEPTH discussion on all this stuff, and we just don't NEED to re hash it all over again.   

PSP has no Level 1 Hypervisor (the first thing you need to understand)
PSP does not have a CPU KeyVault
PSP does not use eFuse technology

As I said, NOTHING came of the exploits found on the PS3, they immediately cause the PS3 to crash, and/or freeze up, or go blank screen.  This is a function of the HARDWARE security embedded into the system.   

When you make these theories, you base them on what has been done with PSP, when they are a completely different architecture.  You need to really read the security measures used in PS3.  You are way off base...  PS3 will not be hacked anytime soon, not till someone can customize the NAND BIOS, and as it is now?  You can only read 16MB of it, the rest is locked. 

WE have gone over this time and time again, and when WE know something, so will everyone else. That's why there is no HACKING news, because there are no hacks..  Sony plugs them up, 75% of the time, BEFORE we discover them.  THEY have their own people hacking the console, and when they find a hole, they plug it.   

Believe me, there's nothing there...

Not even the XBOX360 has been hacked in the manner wanted.  No one has even broken the surface on hacking the PS3 optical drive to play backups, and it's been TWO YEARS now.  XB360 was hacked in 6 months or less, because the WEAK spot was the DVD drive.  PS3 has no such weaknesses.   I haven't heard or read of anyone even attempting to hack the BR-D drive in the same manner the 360 was done...  So, what does that tell you...

Watch this: http://video.google.com/videoplay?docid … &q=ps3

The difference between an overflow on PSP, XBOX1, and all, is there is no Hypervisor security to make sure you aren't getting anywhere once the error occurs.  You have to have error handlers built into the machines, ALL of them, and it is all based on how the machine is set to handle the error(s).  Since the PS3 has HARDWARE security, it can easily intercept errors and do what ever is needed to protect the system from code execution.  Once the security has been breached by an Error, then the hypervisor can immediately deny access to memory and hardware.  I do not think Sony would be stupid enough to allow errors to exploit the security, which is WAY more advanced than the previous generation. 

The TIFF file exploit for 2.10 firmware freezes the PS3 via "heap overflow" (not buffer overflow), but by knowing the "backend number and making the right calls" it is possible to inject a simple code." Well, this was what, Feb 2008, so where's the beef?

1 year and 161 days ago: A couple of groups of hackers SAY they have found an exploit in the current firmware of the PS3 which allows a buffer overflow to occur, which they claim allows for the booting of PSX backups; and will in the future allow for PS2 and PS3 backups to boot.  Sure, where is it?

All these claims, and nothing to show for it.  There are people WAY ahead of you, and they have nothing.

yeah i don't think we're going to get anywhere with this game save its simply not possible with the ps3

Last edited by Sk8yu (2009-01-20 16:22:44)