i ve read this on a some psp sites,

"Alright, time for a brief update with the facts so far.

This exploit is definitely genuine, and usable.

It's unclear exactly which firmwares it will be usable on, but so far 2.0 and 2.01 should definitely work. 2.5 and above are significantly harder to research. 2.7+ will take longer still. The signs are that it may go up as far as 2.8, but that's not proven.

Just to put things into perspective, a combined team has spent at least 60 intensive hours working on researching this so far, and we're at the point of being able to confirm that it will work.

It will take longer still to convert it into something that is actually in a demonstrable form, such as Hello World.

Credit so far goes to NOPx86 for discovering the vulnerability and proof of concept on the PC, and Skylark and psp250 for researching it on the PSP. I've helped a bit too, but those guys have done the bulk of the work."

from fanjita,
anyone can confirm, homebrew for all is on the way??? :p

I hope it's true. And I hope it will work with firmware 2.6, so users can downgrade without a proper version of GTA (like me :P ).

I think it will be usermode only in the beginning (if they ever made it into an userble form), but like GTA, there is alway's hope for kernelmode.

its a little behind but heres the quote


Hey guys, iv been messing around with libtiff for a couple of weeks now
and I found something interesting, Im still doing debugging on it and
whatnot, but it crash's the psp and most image viewers, it may be the
begging of homebrew on 2.71 and 2.80 it may not, im not going to release
the source for it just yet, probably in a couple of days once i do
proper debugging to release a full disclosure. i will however post a
link to the image, iv made a small tiff reader program that does the
most ****tiest error checking you have ever seen but i will print a
quick backtrace

Program received signal SIGSEGV, Segmentation fault.
0xb7eae46b in TIFFFindFieldInfo () from /usr/lib/libtiff.so.3
(gdb) bt
#0 0xb7eae46b in TIFFFindFieldInfo () from /usr/lib/libtiff.so.3
#1 0xb7eace97 in _TIFFsetDoubleArray () from /usr/lib/libtiff.so.3
#2 0xb7eacf3e in TIFFVSetField () from /usr/lib/libtiff.so.3
#3 0xb7eacf27 in TIFFSetField () from /usr/lib/libtiff.so.3
#4 0xb7eafd80 in TIFFReadDirectory () from /usr/lib/libtiff.so.3
#5 0x04004000 in ?? ()
#6 0x04004000 in ?? ()

the 0x4004000 was put in by me, iv noticed it hasnt actually overwritten
the instruction pointer and crashed at that address per say, but im sure
i could maybe get something working, if not I then with help this may
become something. Im asking for volunteers, I would prefer someone from
the hitmen or ps2dev crew or SonyXTeam to help, I have recently been
banned from Toc2rta for not releasing any information and whatnot, I
would however like to come back if at all possible and there are no hard
feelings whatsoever. If anyone would like to help or is even the slight
bit interested then get up with me on yahoo my instant messenger name is
hymn_of_a_needle_freak. I am going to jump ahead of myself at the moment
and go ahead and take some inspiration for the old 2.0 exploit and do my
own variation of the framebuffer png(credit goes to skylark on the idea
and niacin for dumping the data on the original version). Im going to go
ahead and work on setting the rest of it up before i concentrate on more
work with the main part of this. Get up with me if your interested.

greetings to the whole psp homebrew team, mainly ps2dev and
sonyXteam(coldbird and the rest of the gang on their irc server) for
taking the time to listen, also groepaz and skylark for putting up with
my hours of retardedness and questions, harleyg and wakawooki for 2.80
testing(your right, the modchip is the **** ) . I would also like to
thank LC for donating me a psp. I dont know to much about the psp at the
moment as i only have 2.71 so if anyone has pointers then please feel
free to share.

thank you

links:

ColdBird| http://fragment.lan.st/nop/proof.tif
x3sphere| http://www.tritoch.net/nop/proof.tif

Always feel better when I see news like this being confirmed on maxconsole.
Hey whackawookie, I noticed you helped out with some testing. Must be great to have a chip for this kind of stuff. Just wondering if you think anything can be made out of this for 2.71 or 2.8?

I don't know or want to speculate on if its going anywhere because this isn't my field and i honestly don't know anything of the sorts. I'll leave it to the dev's to take it somewhere and answer these questions. Im just a tester that has a psp with a 1000 lives

Ok, lol. I´ll wait for info like everyone else. I´m just curious anyways,
I´m a happy owner of a 1.5. Which is great, a psp with a 1000 lives would be even better:D
stay cool.

well psp-hacks.com says its true and its very very very rare for them to post something if it aint ledgit.

yeah right...like the 2.80 decrypter..lol...

yeah right...like the 2.80 decrypter..lol...

lol yea, psp-hacks.com isnt all that legit :rolleyes:

Here is the original thread if u want to read it
http://forums.qj.net/f-developers-dungeon-47/t-libtiff-vulnerability-crashs-271-and-280-65799.html