Jackpot! Once exploit fever hits, it washes over everyone completely and utterly. Following the ChickHEN 5.03 exploit from the other day, PSP homebrew developer wololo of Wagic: The Gathering fame has now found a Libtiff Exploit for FW 5.50!

Has been found by Wololo

Jackpot! Once exploit fever hits, it washes over everyone completely and utterly. Following the ChickHEN 5.03 exploit from the other day, PSP homebrew developer wololo of Wagic: The Gathering fame has now found a Libtiff Exploit for FW 5.50!

Has been found by Wololo

Here the Video of it running on 5.50
http://www.youtube.com/watch?v=qvH05SlxRsA&feature=channel_page
http://www.youtube.com/watch?v=yIRawX1kBfY&eurl

Duh they should have wated untill PSP-4000 gets released...

Duh they should have wated untill PSP-4000 gets released...

why dummy, that's at least a year away.

Why the hell did he release this??!

You guys know the routine...a crash != exploit. This is probably nothing.

It's probably not exploitable.
It's probably an old file I released more than 2 months ago, and was proven to be not exploitable.
See the thread at lan.st.
Also see this:

http://wololo.net/wagic/2009/03/15/so-what-about-the-libtiff-vulnerability/


Q: And what about firmwares above 4.20? I saw a crash on 5.02 too!

A: The fact is that the bug hasn’t been correctly solved. However, it’s been patched enough to prevent anything useful from happening with this vulnerability beyond firmware 4.20


Source (http://www.dark-alex.org/forum/viewtopic.php?f=83&t=13931)


It's the same exploit he's been working on for months. Someone just renamed it. It's nothing new...

lol @ this.

read this: http://forums.maxconsole.net/showthread.php?t=139678

The gist of it is, jsuperducky (Kratosjohn) claimed he had a method of loading Davee's HEN on 5.50 (and take screen shots), the example crash .tif he sent me to play with was named test1.tif (it's attached along with wololo's work)

Then take a look at the following.


http://forums.maxconsole.net/attachment.php?attachmentid=23790&stc=1&d=1242192296

Notice Kratosjohn's test1.tif matches Wololo (2).tif's MD5 which was released some time ago?


It's probably not exploitable.
It's probably an old file I released more than 2 months ago, and was proven to be not exploitable.
See the thread at lan.st.
Quote Source: http://www.dark-alex.org/forum/viewtopic.php?f=83&t=13931


http://forums.maxconsole.net/attachment.php?attachmentid=23789&stc=1&d=1242192286

PSPLink of the crash, the first and last are generated on preview, the second is generated on load.

Funny stuff from Kratosjohn there... I wonder why he didn't say it wasn't his work? lol

im confused. so is this fake?

:p

Gathering magic: Libtiff Exploit for Firmware 5.50 found ... of Wagic: The Gathering fame has now found a Libtiff Exploit for FW 5.50!

im confused. so is this fake?

:p

It does crash 5.50 and previous firmwares (As seen in my PSPLink image), but it's just a crash right now.

I was highlighting the fact that jsuperducky/kratosjohn was bandying about a test1.tif which he wasn't forthcoming with the fact that it wasn't his work (See the MD5 checksum comparison), he claims that he can load Davee's HEN using it, but it's buggy due to Davee's HEN being designed for 5.03 NIDS.

I'm just a little annoyed he didn't say "Here look at this, it's a tif crash created by wololo..." instead of trying to feed me some cryptic bullshit.

well according to wololo..



I just want to say that I wasn't involved in this youtube video.

I don't know if it's fake or not, I don't know if it's using files I actually created, I don't know anything.
All I know is that I woke up this morning and saw many PSP news sites mentioning my name for something I did not (directly) do.

It is highly probable that one of the files I created still crashes on new firmwares, but it is highly unlikely that this will lead anywhere. I've discussed my findings a lot already with skilled people, and what I had found has been proven to lead nowhere.

To my knowledge this file is 2 months old, and has nothing new compared to the discussion we had on LAN.st

Also remember that it is very easy to crash the PSP with a tiff file, but much more difficult to get something useful out of it. I was excited when I found my first tiff crash a few months ago, but you would think writers at QJ.net and other news websites have seen so many "dead end" hacks that they wouldn't bother writing a news about every single crash... - wololo

Source (http://forums.mformature.net/showpost.php?p=54590&postcount=22)

lol @ this.

read this: http://forums.maxconsole.net/showthread.php?t=139678

The gist of it is, jsuperducky (Kratosjohn) claimed he had a method of loading Davee's HEN on 5.50 (and take screen shots), the example crash .tif he sent me to play with was named test1.tif (it's attached along with wololo's work)

Then take a look at the following.


http://forums.maxconsole.net/attachment.php?attachmentid=23790&stc=1&d=1242192296

Notice Kratosjohn's test1.tif matches Wololo (2).tif's MD5 which was released some time ago?

Quote Source: http://www.dark-alex.org/forum/viewtopic.php?f=83&t=13931


http://forums.maxconsole.net/attachment.php?attachmentid=23789&stc=1&d=1242192286

PSPLink of the crash, the first and last are generated on preview, the second is generated on load.

Funny stuff from Kratosjohn there... I wonder why he didn't say it wasn't his work? lol

did you not catch me saying "us" or "we" the whole time we talked on msn?
Low attention span I guess. This could be more exploitable we just need HEN updated which might not ever be updated :(

But some good news about HEN is davee is putting in theme support for revision 3 soooo....looks like you psp3k users can now have custom themes.

did you not catch me saying "us" or "we" the whole time we talked on msn?
Low attention span I guess. This could be more exploitable we just need HEN updated which might not ever be updated :(

But some good news about HEN is davee is putting in theme support for revision 3 soooo....looks like you psp3k users can now have custom themes.

Actually, you said "Us" once, and "We" once.


12/05/2009 16:09:41 John maxmousedll@xxxxx.xxx everyone thinks 5.50 is useless
12/05/2009 16:09:46 John maxmousedll@xxxxx.xxx other than us and two others


16:11:47 maxmousedll@xxxxx.xxx John wait until a decent update then hit them with it
12/05/2009 16:11:58 John maxmousedll@xxxxx.xxx ha
12/05/2009 16:12:17 maxmousedll@xxxxx.xxx John or at least until consoles start appearing with 5.50 out of the box
12/05/2009 16:12:26 John maxmousedll@xxxxx.xxx yeah
12/05/2009 16:12:31 John maxmousedll@xxxxx.xxx then we need it

Neither instance was in relation to the origin of the TIF exploit work... Who needs an attention span when I log everything? Speaking of which, attached is a transcript to refresh your memory if need be.

Anyway, it doesn't matter to me, just something i felt i would like to point out, I look forward to further developments by you and your team in this area :)

Here the Video of it running on 5.50
http://www.youtube.com/watch?v=qvH05SlxRsA&feature=channel_page
http://www.youtube.com/watch?v=yIRawX1kBfY&eurl

*Update* If you, like some of us, were also wondering why wololo didn't post this on his Wagic blog, then get this: the exploit/crash file isn't really his. From his website, here's his official statement to clarify the matter (emphasis by wololo):

I saw today a buzz on various websites about a youtube video showing a tiff file crashing OFW 5.50, apparently a file created by me.


I am not directly related to this video.


I haven’t looked at the file yet, but it is possible that this is an OLD file I created a while ago and which has proven to be unexploitable beyond firmware 4.20. See here and here (note how old these posts are)


There is also a possibility that someone else found a crash and decided to use my name in the file for some reason, but I find this highly unlikely.


So my official statement right now is the following: Not a fake, not an exploit, just a crash

From http://pspupdates.qj.net

frwololo responds on DCEMU forums May 12th, 2009, 18:26
If you really want to know what he has to say go to his blog here: http://wololo.net/wagic/
Don't rely solely on the quotes and other comments posted in this thread.

Source (http://www.dcemu.co.uk/vbulletin/showthread.php?t=206783)

Lol, I didn't know I did that.
It's probably one of my old files.
If that's the one I'm thinking about, there's probably a crash that Sony didn't fix, but it's not going to lead to an exploit.

Makes me laugh that I would need to investigate one of my own files to understand if it's useful :D

Anyways, right now my official statement on this file is the same as it was two months ago:

http://wololo.net/wagic/2009/03/15/so-what-about-the-libtiff-vulnerability/