A TIFF Exploit has been found in 2.5 FW,not fully tested yet, but www.pspupdates.com is reporting it!!!

http://psp3d.com i believe is the original source for this

I'm hoping that this isn't the only hole sony left in this firmware... Maybe the 1.5'ers will soon be going 2.5!

Thanks for the correction man, did not see anything by pspupdates on that, and did not that about the psp site, so kudos to you

From their site:

"Through various experimentation I have found a way to turn my 2.5 EBOOT exploit into a savegame file. The savegame version performs the same actions, but with it in a savegame the data.bin can be changed to arbitrary code so that when you boot a UMD and load a savegame it runs the data.bin file. Thats the latest."

If it's true what he says, that's pure genius. I had thought a backdoor to the kernel might be found within a game somehow, and it looks like they might've found a big one.

either this is gonna be big ... or its just gonna be another faker, so far it looks promising. I'm gonna be watching this one closely :)

hope this **** works. homebrew on 2.5 would rock and we could play gta :cool: and every other game wich will be released from now on with 2.+ support

Too bad they are focussing on a downgrader first...

A TIFF exploit again :(...... Still no KERNEL :mad:


However: Good Job! Very nice work!

BTW: This EXPLOIT is clearly a great finding!!

From their site:

"Through various experimentation I have found a way to turn my 2.5 EBOOT exploit into a savegame file. The savegame version performs the same actions, but with it in a savegame the data.bin can be changed to arbitrary code so that when you boot a UMD and load a savegame it runs the data.bin file. Thats the latest."

If it's true what he says, that's pure genius. I had thought a backdoor to the kernel might be found within a game somehow, and it looks like they might've found a big one.

if your in the game, kernal mode is already active. So if hes made a savegame exploit then you should have full access to the kernal through the exploit.

if your in the game, kernal mode is already active. So if hes made a savegame exploit then you should have full access to the kernal through the exploit.

Its not ingame, its through the savegame manager. It does open up posibilities though.

if your in the game, kernal mode is already active. So if hes made a savegame exploit then you should have full access to the kernal through the exploit.

If that's true, we have the best exploit after 1.5. However he is talking about a TIF exploit, So I don't think that's happening but I do hope so!

Its not ingame, its through the savegame manager. It does open up posibilities though.
Hmm i'm not sure, the quoted text seems to imply that it can be run when loading a savegame from inside a game... If it's confirmed to work, this could be the achievement we're all waiting for...

You're in 2.5, you boot any real UMD game, and when it tries to load the savegame, it runs an ISO loader instead. Hop, your ISO runs in 2.5 !!!

That would be great :)

"boot a UMD and load a savegame it runs the data.bin file"

pretty much means running the exploit from within the booted umd.. excellent! looking forward to 2.5!

Hmm i'm not sure, the quoted text seems to imply that it can be run when loading a savegame from inside a game... If it's confirmed to work, this could be the achievement we're all waiting for...

You're in 2.5, you boot any real UMD game, and when it tries to load the savegame, it runs an ISO loader instead. Hop, your ISO runs in 2.5 !!!

That would be great :)

Yeah, at this moment they didn't do it that way: However they could easily do that if you ask me and then just like u said :)

well hope they finish it and crack that bastard. :D
cus al new game will have 2.0 fw only. :eek:

lol all this happens and im selling my psp soon because i need a 360 and most of the psp games really suck.

"boot a UMD and load a savegame it runs the data.bin file"

pretty much means running the exploit from within the booted umd.. excellent! looking forward to 2.5!

The movies they show as proof show the savegamemanager, but you're correct about the description. :)

edt: seems the movie shows the first stage of the development. After this butterballer created the savefile version, which is hosted on the site (2nd newspost).

Fingers crossed but don't get too excited ;)

Hmm, this is pretty much what I expected was going on with this exploit.

So - you're trying to run with TIFF exploit via code that's designed to load PNGs, you've stuck what seems (didn't look closely) to be a WAV into the Atrac3 slot, and you've done something odd with resizing the overflow TIFF (presumably destroying the exploit code in the process).

Which part of this did you think would give you running code, rather than simply crashing the PSP by giving it the wrong file formats?

I'd be extremely surprised if you manage to build a working exploit from this code. (Currently, it's not an exploit - just a crash. The PSP, having such high quality firmware (/sarcasm) is kinda prone to simple crashes). I'll eat my PSP if you manage to run the TIF exploit via PNG display code.

If you're going to try to find a working exploit, abandon the fixation with the TIF exploit. That's been patched. Instead, do some research on what bits of code might actually have real vulnerabilities, and target your attacks on those.

And please, please, please - unless you have a real exploit, don't fill all the front pages with exaggerated claims.

(Apologies for unconstructive tone - but I feel the hype created around this one deserves it).

You guys remember Fanjita, right? THe one who coded the 2.0 ebootloader?

I'll eat my PSP if you manage to run the TIF exploit via PNG display code.


I will second that LOL :D

I doubt if the author of this so-called "exploit" really understands what he is doing or what actually makes the PSP crash in this case. It sounds like he just "created" a reason to explain it...

lol ha i didnt read what the exploit was. Il eat mine 2, if he does it b4 i sell it :p

ROFL, this isn't a real exploit... This is just letting the PSP Crash... Letting the psp crash isn't really a exploit.... If you really think it is an exploit, just write "Hello World" for this so called exploit and proof the world you are right!

You guys remember Fanjita, right? THe one who coded the 2.0 ebootloader?

The responses should be an interesting read, considering the euphoria that was buzzing around the site ;)

edit: can we get a source for Fanjita's reply doesnt seem to be on the psp3d forums. tia!

[QUOTE=mksoftware]ROFL, this isn't a real exploit... This is just letting the PSP Crash... Letting the psp crash isn't really a exploit.... If you really think it is an exploit, just write "Hello World" for this so called exploit and proof the world you are right, because you aren't right and you didn't exploit anything!!

Well the 2.0 mph downgrader used the image file and it crashed the psp and changed it to a fake 1.00 and you then upgrade to 1.50, this is smiliar but it has a AT3 file that crashed the psp with a sound, don't be saying that its crap, did you find this out? did you find this exploit? NO, so stop with the stupid comments and lets see :cool:

The responses should be an interesting read, considering the euphoria that was buzzing around the site ;)

edit: can we get a source for Fanjita's reply doesnt seem to be on the psp3d forums. tia!
It's on pspupdates...I'm running through a weird proxy so I can hit it from work, so I don't have the exact URL...it's in the PSP Development Forum there and the thread is titled "2.5 loader test".

OK to end fear of the exploit, here are the inner workings:

Tradional PBP and SAVEGAME Layout
-ULUS100xxxx or EBOOT
--Param.SFO (tells how the psp handles the file: e.g. title - update ver. 2.51)
--icon0.PNG (icon)
--icon1.PMF (almost like a short movie clip <500kb
--pic1.PNG (background for pile that appears when you look at the file)
--SND0 (background sound-not in most saves or EBOOTs)
--Data file/data.psp (name vary depending on game saves...data.psp is the name when in eboots)
--Data.psar(only in eboots)

Well my Exploit contains...

--Param.SFO (tells how the psp handles the file: e.g. title - update ver. 2.51)
--icon0.PNG (icon-overflow.tif)
--icon1.PMF (blank PMF found in iso rip kits)
--pic1.PNG (background for file-framebuffer)
--SND0.AT3 ( small randow sound clip)
--Data file/data.psp (from v1.5)
--Data.psar(from v1.5)
and...
--Pic0.PNG (overflow.tif)

My Original Idea For The Exploit

1)the icon0 would be set to the overflow.tif
2)pic1 the framebuffer image
3)the 2 data files as 1.50s data files
4)SND0.AT3 a music file >20mb
5)ICON1 the blank pmf found in iso rip kits
6)Param file set to be read as updater version 2.51
7)pic0 overflow.tif resized to 272x480

Only one thing from my original blueprint wasn't used : the AT3 file is 5kb
How This Works

This works by overloading the psp audio with a glitch sound, and overloading the image handler with overflow.tif, thus in conjuction overriding the TIF patch.

Starts to seem promising... :p

I wonder would this help with access to kernel mode in 2.0 if this takes long...
Though, of course it's better to have 2.5...
It would work a bit longer... MAYBE.... :cool:

[QUOTE=mksoftware]ROFL, this isn't a real exploit... This is just letting the PSP Crash... Letting the psp crash isn't really a exploit.... If you really think it is an exploit, just write "Hello World" for this so called exploit and proof the world you are right, because you aren't right and you didn't exploit anything!!

Well the 2.0 mph downgrader used the image file and it crashed the psp and changed it to a fake 1.00 and you then upgrade to 1.50, this is smiliar but it has a AT3 file that crashed the psp with a sound, don't be saying that its crap, did you find this out? did you find this exploit? NO, so stop with the stupid comments and lets see :cool:
Did you exploit this crash? No you didn't since it's NOT an exploit. It's a crash.
The TIF exploit in 2.0 used to "downgrade" the PSP is the same one used by Fanjita's 2.0 ebootloader....what's your point?
But read Fan's comments...he looked at it. Since he would probably be the one to adjust his 2.0 ebootloader over to run via an exploit on 2.5, I think he would know what he's talking about.
This is the equivalent of thinking that one can "root" a Windows OS computer by renaming a TIF file to an EXE and trying to execute it.
But ruling out different approaches to exploiting 2.5 is still progress.

Well the 2.0 mph downgrader used the image file and it crashed the psp and changed it to a fake 1.00 and you then upgrade to 1.50, this is smiliar but it has a AT3 file that crashed the psp with a sound, don't be saying that its crap, did you find this out? did you find this exploit? NO, so stop with the stupid comments and lets see :cool:

Renaming a tif to png (even if its the overflow one) makes the results at least seem dubious. Theres not telling what makes the psp crash. That a developer that produced a 2.0 bootloader says it's nothing should at least say something. On the other hand, the Site-admins keep saying it IS a legit exploit, not a crash.

hope this leads to anything ! looks promising

Looks like at best it will may lead to a 2.5 downgrader. Unfortunately it doesn't look like they've uncovered the legendary 2.0 ISO loader, but at least this may prevent losing homebrew if the next wave of games forces a 2.5 update instead of just 2.0.

After Posting this:

Considering the implications this claim to an exploit has, could you please also respond to this response made by Fajita (from 2.0 bootloader fame):

Quote from fajita as shown earlier by iball source: http://forums.qj.net/showpost.php?p=255764&postcount=14

Not trying to be a negative twat here, I hope for a genuine exploit, but considering Fajita based his bootloader on the overflow.tiff and basically says this does nothing, Id like to see what you think of this.

...Im banned from their (psp3d) forum
lol

After Posting this:

Considering the implications this claim to an exploit has, could you please also respond to this response made by Fajita (from 2.0 bootloader fame):

Quote from fajita as shown earlier by iball source: http://forums.qj.net/showpost.php?p=255764&postcount=14

Not trying to be a negative twat here, I hope for a genuine exploit, but considering Fajita based his bootloader on the overflow.tiff and basically says this does nothing, Id like to see what you think of this.

...Im banned from their forum.
lol

:eek: PSPUpdates sux!!! :mad:

:eek: PSPUpdates sux!!! :mad:

not pspupdates, the "founders" of the exploit, psp3d.com

not pspupdates, the "founders" of the exploit, psp3d.com
Oh yeah... I didn't read very carefully.... :D
Hmm... I wonder is this gonna be something...
But if they banned u about that comment then... Uhh..
Keep looking for exploit this is nothing...
Or well... Better to say nothing...
I'll just wait...
Though it's hard to be without GTA + homebrew solution.... :p

After Posting this:

Considering the implications this claim to an exploit has, could you please also respond to this response made by Fajita (from 2.0 bootloader fame):

Quote from fajita as shown earlier by iball source: http://forums.qj.net/showpost.php?p=255764&postcount=14

Not trying to be a negative twat here, I hope for a genuine exploit, but considering Fajita based his bootloader on the overflow.tiff and basically says this does nothing, Id like to see what you think of this.

...Im banned from their (psp3d) forum
lol

I read your post there, and if they (PSP3D.com) really ban you for that, they are extremely STUPID.

I start to wonder if the author of this "exploit" is just trying to create some hypes, fool people around and draw attentions... I think the admin of PSP3D.com has made a fatal mistake to consider this guy an affiliate.

I read your post there, and if they (PSP3D.com) really ban you for that, they are extremely STUPID.

I start to wonder if the author of this "exploit" is just trying to create some hypes, fool people around and draw attentions... I think the admin of PSP3D.com has made a fatal mistake to consider this guy an affiliate.

I honestly was hoping they had a simple explanation for it really, as I'm hoping it to be at least an opening in the 2.5 fw.

I do think the site was a little eager to create traffic (they even claimed that in several posts), and they have done so by making the frontpage of psp-hacks and maxconsole (and soon tons of others), and pspupdates earlier (they pulled it from there after Fajita denounced the exploit).

To me, all is up in the air right now, I just hope maxconsole and psp-hacks arent a little too soon with following the hype.

its still on pspupdates when i visit

its just pretty far down the page as other news has broken since they put that up

its still on pspupdates when i visit

its just pretty far down the page as other news has broken since they put that up

AH, my bad indeed, thought this broke later then some of the other news.

theres even an update on the matter:
UPDATE: We've gotten 3 confirmations from forum users that this indeed works properly as an overflow exploit just as stated by the creator. This of course does not ensure it is safe, but after 6 hours and no reports of bricking, I feel confident to take this off such a high alert status and place it into a legitimate exploit status. Kudos PSPlayer1001, I believe you might have found something useful here.

yeah they actually broke it late last night

in fact there was a back and forth as they didnt attribute the author or psp3d at first supposedly but that was cleared up

what is suprising is they still seem to be hedging their bets because they say its considered an exploit yet i seem to remember stuff like this in the past being fixed to the top for a few days until it played out

so i think they arent certain for sure yet but dont want to say its bs either

Again, it's not a buffer overflow if you can't get code to execute using it.
My God, the most basic form of hacking another system, no matter what it is, is "overflowing the buffer" so that arbitrary code is executed.
It's not an exploit until it's PROVEN to be an exploit. And bavelb, I read your post and there was absolutely NOTHING in there that would deserve a "ban" but I also didn't see "BANNED" under your name. Try logging in again?
Then again, d-c-e-m-u banned me for sicking the MasterGear hounds on them and Yoshi for source code theft. Cease and desist letters are going out on that one.
Hey, it could be worse.....Yoshi could have stolen this crash method and claimed it as his own exploit.

I would be quite interested to know what make those guys think this IS an exploit. Just because it crashes their PSP? Oh yeah, I think I can name 10 ways or more to crash... errrr exploit a PSP then LOL

Again, it's not a buffer overflow if you can't get code to execute using it.
My God, the most basic form of hacking another system, no matter what it is, is "overflowing the buffer" so that arbitrary code is executed.
It's not an exploit until it's PROVEN to be an exploit. And bavelb, I read your post and there was absolutely NOTHING in there that would deserve a "ban" but I also didn't see "BANNED" under your name. Try logging in again?
Then again, d-c-e-m-u banned me for sicking the MasterGear hounds on them and Yoshi for source code theft. Cease and desist letters are going out on that one.
Hey, it could be worse.....Yoshi could have stolen this crash method and claimed it as his own exploit.

Seems they didnt ban me, just permalocked me out of posting (as if I typed a wrong pass 5 times in a row over and over)
Your account on PSP 3D has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 192.168.250.018 <--not mine :)

Seems they didnt ban me, just permalocked me out of posting (as if I typed a wrong pass 5 times in a row over and over)
Your account on PSP 3D has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 192.168.250.018 <--not mine :)


Hmmh...

Probably the PSP3D's admin, lol... :D

Hmmh...

Probably the PSP3D's admin, lol... :D
Yes considering 192.168.x.x networks aren't routable over the internet.
Sounds like it was done internally? Anyway, enough with the conspiracy theories, anyone want to take a hack at this and see if it IS an exploit?
Although after reading Fanjita's reply to the whole thing, I would doubt it would work.

I guess not too many people want to upgrade to 2.5 and try ;)

but has anyone tried this on a 2.00 machine?

Yes considering 192.168.x.x networks aren't routable over the internet.
Sounds like it was done internally? Anyway, enough with the conspiracy theories, anyone want to take a hack at this and see if it IS an exploit?
Although after reading Fanjita's reply to the whole thing, I would doubt it would work.

If loading a TIFF image with a PNG viewer can be an exploit... perhaps we can start trying loading HTML or some totally unrelated files there LOL :cool:

If loading a TIFF image with a PNG viewer can be an exploit... perhaps we can start trying loading HTML or some totally unrelated files there LOL :cool:
Yes yes yes, BUT the PNG viewer would HAVE to "read" the file it's given in order to execute any code hidden inside it. If it can't READ it and just crashes, well....you've figured out how to crash a PSP and that's about it.

Yes yes yes, BUT the PNG viewer would HAVE to "read" the file it's given in order to execute any code hidden inside it. If it can't READ it and just crashes, well....you've figured out how to crash a PSP and that's about it.

I suppose you can see the sarcasm in my previous post heh :D Loading a format-A file into a format-B reader in order to find an exploit is NO better than loading some random files. If this can be an exploit, either the founder must be EXTREMELY LUCKY or the programmers of the reader must be some NOOBS to allow such stupid and fatal mistakes.

I suppose you can see the sarcasm in my previous post heh :D Loading a format-A file into a format-B reader in order to find an exploit is NO better than loading some random files. If this can be an exploit, either the founder must be EXTREMELT LUCKY or the programmers of the reader must be some NOOBS to allow such stupid and fatal mistakes.
Whoops, you're right...I missed the sarcasm LOL at the end. Doh!
Someone might as well lock this thread since it's just a crash and NOT an exploit, no matter how many times the word "exploit" is used on psp3d.com's main page. Remember this mantra: A crash is not always equal to an exploit.
Stop jumping the gun and going "OMG! THEY'VE FINALLY DONE IT!" without examining the process and the code used FIRST. Otherwise you're all bait for the next "Run-GTA-on-1.5-downbricker" that will brick your PSP in seconds.

I think the important thing to remember here is that the 2.0 TIF exploit actually meant that when the overflow occurred, that it jumped to a specific point in the user stack from which code could be executed.

This method, simply overloads the PSP (as opposed to causing an overflow) - a basic analogy would be doing a DIV/0 on a calculator - cant do anything more until it's reset. The PSP just stops with this 2.5 "crash" and turns off.

To be perfectly honest, i'd suspect that you're more likely to find an exploit in the web browser or the LocationFree (or whatever they called it) code. However, since i'm not upgrading to 2.5 to test out exploits, i'll stick with my head in getting 2.0 to emulate properly on a 1.5 PSP.

If loading a TIFF image with a PNG viewer can be an exploit... perhaps we can start trying loading HTML or some totally unrelated files there LOL :cool:

Heck, we should just load the bloody GTA EBOOT from the png viewer while we're at it

a lot of useless threads/posts and people on the forum where disturbing me a lot last weeks ... BUT now im sure, maxconsole is over for me. i thought maxconsole was one of the more reliable sites among all crappy psp sites. but i was definately wrong on that.

one thing: sadness

a respected site knows the difference between confirmed and confirmed imo

:rolleyes: I took a look at the eBoot file with a Hexeditor. The eBoot is nearly exact the same as the official 1.51 Update! He just changed one value to 2.51. The rest of the content also indentifies it as the 1.51 update :D

Sry if this is old news =/

:rolleyes: I took a look at the eBoot file with a Hexeditor. The eBoot is nearly exact the same as the official 1.51 Update! He just changed one value to 2.51. The rest of the content also indentifies it as the 1.51 update :D

Sry if this is old news =/
It's news in this thread. So it sounds like he's trying to re-create an eboot loader, too bad it won't work using the "TIF-renamed-to-a-PNG-file" crash method. HA! Downgrade to 1.51, then upgrade to 2.0, then downgrade to 1.50. That's a lot of wear and tear on the flash right there.

It's news in this thread. So it sounds like he's trying to re-create an eboot loader, too bad it won't work using the "TIF-renamed-to-a-PNG-file" crash method. HA! Downgrade to 1.51, then upgrade to 2.0, then downgrade to 1.50. That's a lot of wear and tear on the flash right there.

lol well, it can be flashed 1000 times so not really. But yeah pointless downgrading to 1.51.

This was posted by user "stupid" (yes, that's his screenname) on the psp3d forums:


Well, according to the creator, the TIF exploit was only patched in the Photo viewer. However, by using a glitch sound along with a modified tif exploit embedded within an eboot, you can bypass it by launching the exploit from the eboot handler instead of the Photo handler.

So, if we were to get this right, an overflow TIF file renamed to a PNG and run using the PNG viewer when combined with a "glitch sound" in a WAV file run by a non-WAV audio codec produces a workable exploit but only when loading it from within a game using a specially-modified savegame file?
NOT! Still have yet to see proof of this in a working homebrew running on 2.5, "downbricker" be damned.

well rather than start a new thread i thought i would let everyone know that work on the downgrader is being suspended as the author of the exploit makes gta playable on 1.5

http://psp3d.com/showthread.php?t=68

well rather than start a new thread i thought i would let everyone know that work on the downgrader is being suspended as the author of the exploit makes gta playable on 1.5

http://psp3d.com/showthread.php?t=68

Give this guy a lightbulb and a bolt of cloth and he will acquire cold fusion.

Are we sure this guy isnt Richard Dean Anderson?

Yeah, and now his own Admin is trying to get him on AIM...wonder why?
Probably to point him to here and other places.
Man, the sheer number of nuthuggers over there praising him like Jesus when he hasn't even proven a thing other than a PSP crash. No workign exploit code, nothing.
Man, I should do the same thing so people will come over and hug my nuts for a little while.
Until I'm found out as a fake!

Hey I found an exploit myself, I made my PSP crash by hitting it with a hammer! Next step, downgrader... followed by my "stab screen with screwdriver" loader for GTA! </sarcasm> :)

Hey I found an exploit myself, I made my PSP crash by hitting it with a hammer! Next step, downgrader... followed by my "stab screen with screwdriver" loader for GTA! </sarcasm> :)

Come on people, we have front page news here!
Get me PSPUpdates, PSPHacks, the whole psp paparazzi! Let's cross-post this all over the place!
I can CONFIRM that this works indeed... (That's right, CONFIRMED :cool: )
Hey I don't know if this allows executing arbitrary code, but who cares, the PSP freezes when I follow Carty's proof of concept!
I'm going to make a blurry video of this exploit in 5 mins.

It works exactly like Carty said, basicly you hit the PSP with a hammer, and it freezes! Woa, no really! I'm sure we can turn this into a downgrader soon even!

im going take a risk and date this jp guy who work for sony pm me waht info you need to crack the 2.50 hope my plan works and we get a lecke

well rather than start a new thread i thought i would let everyone know that work on the downgrader is being suspended as the author of the exploit makes gta playable on 1.5

http://psp3d.com/showthread.php?t=68

OMG, this guy just looks more and more like another Yoshi, perhaps even WORSE. All this guy has done so far are BSing, creating hypes and NOTHING productive. At least Yoshi really did something useful to the community.

OMG, this guy just looks more and more like another Yoshi, perhaps even WORSE. All this guy has done so far are BSing, creating hypes and NOTHING productive. At least Yoshi really did something useful to the community.
Like what? Code theft? Stealing something from Sony, like the private encryption key used to on official eboots is one thing, stealing from the "scene" is never a good thing.
Just ask Yoshi this: "What have you done for us lately, Eddie?"
(older readers will get that quote)

Like what? Code theft? Stealing something from Sony, like the private encryption key used to on official eboots is one thing, stealing from the "scene" is never a good thing.
Just ask Yoshi this: "What have you done for us lately, Eddie?"
(older readers will get that quote)

half

sorry back to your regularly scheduled topic

Like what? Code theft? Stealing something from Sony, like the private encryption key used to on official eboots is one thing, stealing from the "scene" is never a good thing.
Just ask Yoshi this: "What have you done for us lately, Eddie?"
(older readers will get that quote)

Well at least Yoshi has the version changer and some minor stuff. And don't get me wrong. I do NOT like this Yoshi guy either (who do anyways LOL). We all know 95% of the time he is BSing and stealing stuff, but he still has 5% time in the productive mode, which can't be completely ignored.

Really, yoshi made the changer or he says he did and that was it, v3.0 was a big lie and the rest of the stuff he did, yoshi cannot be put in the psp dev scene at all.

Well, he jumped in over at pspupdates and said:


To be more blunt with you, iball, I need more time for the hack. Simple as that.

To which I replied:


So you're as far along as everyone else then when it comes to exploiting 2.5.

True or not?

Well, he jumped in over at pspupdates and said:
To which I replied:
True or not?

The thing is, he claims the sound is the cause of the overflow (if any) has anyone looked deeper into that?

The thing is, he claims the sound is the cause of the overflow (if any) has anyone looked deeper into that?
You mean, has anyone looked into renaming a WAV file into another file format that crashes the and the PSP?
Umm....no?
But I know what you REALLY meant was:
"Has anyone looked into an audio/video codec buffer overflow yet?"
Umm....no?

This guy is obviously a liar, its just a matter of time before he starts asking for donations. Until he actually produces a hack all threads about him will be closed. 2.5 has not been exploited, plain and simple.