破解新進展！基於TIFF漏洞PSP3000 Hello World發佈 - 改機

By Charlie
at 2009-04-12T20:32

Table of Contents

轉自
http://www.psper.net/psp/M33/04122D042009.html

　　在前段時間放出的「爆沖賽車漏洞」被索尼官方5.03系統封堵之後，作者MaTiAz今天宣佈在5.03系統上成功運行了著名的「Hello World」 —— PSP破解的一個重要標誌！
而且這個「Hello World」是在前不久曝出的 3K的最新TIFF漏洞基礎上來運行的！這個系統漏洞運行於PSP的照片菜單，利用了TIFF圖像博物館中的一個脆弱處。
　　作者目前只放出了肥P上可運行的版本，聲稱將於近幾天放出瘦P版的！而且還強調只要再過幾天，將會有一份大禮降臨，讓大家瞪大眼睛關注！尤其是2K和 3K的玩家（A separate release is being prepared for Slim models, specifically the PSP-2000 and PSP-3000.）
　　這一切都和當初的1K破解如此的相似，當年1K的「Hello World」放出後，很快就陸續出現了GB模擬器等一系列可運行自製程序！這次的消息不禁令人想起那個PSP破解盛行，破解軟件大行其道的光輝時代！讓我們一起期待作者近日將發佈的大禮吧！

原文:

The prospect of running homebrew on PSP-3000 units is rapidly inching closer, as homebrew developer MaTiAz has released a TIFF-based exploit in the form of a 「Hello World,」 proof of concept application.
The exploit is run from the PSP's photo menu, taking advantage of a vulnerability found in the TIFF image library. Should be quite a familiar process if you were around back in the heyday of the PSP scene, when software-based downgraders were all the rage. Nonetheless, installation instructions can be found in the included readme file.
According to MaTiAz, 「a bit of awesomeness」 is due out within the coming days, so keep your eyes peeled. After a long wait, the gates to homebrew access on firmware 5.03 have been opened up.

The days of TIFF based exploits aren't long gone, at least not yet
Here's the third TIFF exploit for the PSP, enjoy.
Just copy the files to the memory stick root, disconnect USB and go to photo menu.
Don't dismiss the exploit even if it doesn't work on the first time, it's *very* unstable.
You might get it working on the first time, but you might as well have to try it 20 times!
The h.bin is loaded to 0x08800000, and the text address of paf.prx is passed in $a0 to the
binary code. You can then trick out function imports, like for example sceDisplayWaitVblankStart:
sceDisplayWaitVblankStart = (void*)(paf_addr+0x15F068);
This release works _only_ on fat PSPs. The slim version will come out later.
I'm not gonna include a list of credits here, I'll just forget some important names and then
I'll be screwed :P The people who need to be credited will know it anyway.
Have fun!
P.S. Just wait a few days, there's a bit of awesomeness coming up.
- MaTiAz

翻譯（海星雲）

這個系統漏洞運行於PSP的照片菜單，利用了TIFF圖像博物館中的一個脆弱處（大概是這意思）。你可能會覺得這些很熟悉，因為這跟那個PSP破解盛行，破解軟件大行其道的「光輝時代」時候很相似。而且，安裝方法也可以在readme 文檔裡面找到。
經過長久等待，5.03系統的自治系統的大門終於要向我們打開了！

使用方法
距離基於TIFF的系統漏洞的放出已經為時不久了，這已經是是PSP的第三個系統漏洞，大家盡情享受。
只要把文件複製到記憶棒的跟目錄，斷開USB鏈接然後進入到照片菜單。如果漏洞第一次不工作不要灰心，他非常的不穩定。即使你一次就讓他工作了，你還是需要至少嘗試實驗20次才能真正成功！
這個h.bin會加載到0X8800000，並且PAD.PRX的文本地址會通過二進制碼加入到$a0（這句話不確定，很專業），然後你就可以欺騙系統，進行導入，比如
sceDisplayWaitVblankStart:sceDisplayWaitVblankStart = (void*)(paf_addr+0x15F068);

現在放出的版本只能適用於肥PSP（PSP-1000），瘦P的版本會稍後放出。我不會在這裡列出製作人名單，我想我很可能會忘掉一些重要的名字然後我就死定了：P，那些參與其中並且需要讓我列名單的人反正自己都明白。
祝大家愉快！
PS：只要再過幾天，將會有一份大禮降臨
-MaTiAz

作者特別強調只要再過幾天，將會有一份大禮降臨，讓大家瞪大眼睛關注！尤其是2K和3K的玩家（A separate release is being prepared for Slim models, specifically the PSP-2000 and PSP-3000.）

原文鏈接：http://exophase.com/psp/firmware-503-says-hello-world-tiff-based-exploit-released-10981.htm

下載地址：http://downloads.exophase.com/476/hello-world-for-firmware-503/

--

Tags: 改機