Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
This page lists vulnerabilities found | This page lists vulnerabilities found for the original Sony PlayStation. Here are display system flaws and userland flaws that are documented, exploited or not. | ||
=Savegames/Demos= | |||
These flaws in this category are relatively easy to find and exploit. There is a write-up on finding these flaws [https://championleake.github.io/blog//PS1-StackSmashing/ here] | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
! Game/Application name | ! Game/Application name | ||
! | ! Vuln/Flaw | ||
! Summary | ! Summary | ||
! Revisions | ! Revisions | ||
! | ! Timeframe this vuln was discovered | ||
! | ! Vuln discovered by | ||
|- | |- | ||
| Castlevania Chronicles | | Castlevania Chronicles | ||
| Stack Buffer Overflow via unchecked | | Stack Buffer Overflow via unchecked string length | ||
| The player name has a limit of 8 character strings to create a | | The player name has a limit of 8 character strings to create a save-slot (Both original or arranged modes of the game). Since the string length/size is not checked, one can use a very large string to overwrite several stack registers including the '''''$ra(return address)''''' to eventually jump to unsigned code in the savegame. | ||
| N/A | | N/A | ||
| August 12th, 2018 | | August 12th, 2018 | ||
| [[User:ChampionLeake|ChampionLeake]] | | [[User:ChampionLeake|ChampionLeake]] | ||
|- | |- | ||
| | | Brunswick Circuit Pro Bowling 1 & 2 | ||
| Stack Buffer Overflow via unchecked Custom Bowler Name length | |||
| Brunswick Circuit Pro Bowling 1 & 2 offers players to create their own bowlers in terms of physical appearances and names. The bowlers' name is limited up to 15 characters long. When the player wants to create name, it's copied to the stack, however the string length isn't checked. With a very large string, one can overwrite the stack and take control of the return address'''($ra)''' to eventually jump to unsigned code in the savegame. | |||
| 1.0 | |||
| January 20th, 2019 | |||
| [[User:ChampionLeake|ChampionLeake]] | |||
| | |||
| | |||
| | |||
| | |||
| | |||
|- | |- | ||
| Tony Hawk Pro Skater 2 | |||
| Tony Hawk | |||
| Stack Buffer Overflow via unchecked Custom Skater name | | Stack Buffer Overflow via unchecked Custom Skater name | ||
| The player has the chance to create their own skater (physical appearance, skateboard, names, etc.). The skater name is copied to the stack, however the string length | | The player has the chance to create their own skater(physical appearance, skateboard, names, etc.). The skater name is copied to the stack, however the string length isn't checked. With a large skater name, one can overwrite the stack and control the return address'''($ra)''' to eventually jump to unsigned code in the savegame. One can trigger this overflow by selecting "Career Mode" and then selecting the "Create a new career" option. | ||
| 1.0 | | 1.0 | ||
| January 22nd, 2019 | | January 22nd, 2019 | ||
| [[User:ChampionLeake|ChampionLeake]] | | [[User:ChampionLeake|ChampionLeake]] | ||
|} | |} | ||
=System/Hardware Flaws= | |||
Flaws in this category are related to the system/hardware that holds and powers the Sony PlayStation. | |||
= System/Hardware = | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
! Summary | ! Summary | ||
! | ! Vuln/Flaw | ||
! Documentation | ! Documentation | ||
! Revisions | ! Revisions | ||
! | ! Timeframe this vuln was discovered | ||
! | ! Vuln discovered by | ||
|- | |- | ||
| N/A | | N/A | ||
Line 178: | Line 53: | ||
|} | |} | ||
= | =Games already fuzzed(Useless Crashes)= | ||
These are games that developers have fuzzed/researched trying to find bugs. Any useless crashes or games that don't crash at all go here. This is to inform users if a game is not exploitable. | |||
These are games that developers have fuzzed | * Family Feud -- Using a large string for the family name doesn't seem to crash the game. In conclusion, the family name is not exploitable. (Researched by [[User:ChampionLeake|ChampionLeake]]) | ||
* Family Feud -- Using a large string for the family name |