Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 224: | Line 224: | ||
===== Save data format ===== | ===== Save data format ===== | ||
* The save data has no digest nor any kind of security. | * The save data has no digest nor any kind of security. | ||
* The records pages data are stored as follows: each | * The records pages data are stored as follows: for each record, signed int (4 bytes) for the time/most KO's count, followed by 21-byte string for the player's name, which must be null-terminated as it is copied using strcpy. | ||
===== Bug description ===== | ===== Bug description ===== | ||
Line 276: | Line 244: | ||
* $s0 read from $sp -> 4847005A59585756 (bottom), 504F4E4D4C4B4A49 (top) | * $s0 read from $sp -> 4847005A59585756 (bottom), 504F4E4D4C4B4A49 (top) | ||
* It is guessed that at least 0xB7B bytes of the savedata can be overwritten with a MIPS shellcode without breaking the main menu. | * It is guessed that at least 0xB7B bytes of the savedata can be overwritten with a MIPS shellcode without breaking the main menu. | ||
* savedata string address: 0x61b76c in pcsx2 but | * savedata string address: 0x61b76c in pcsx2 but maybe depends on PS2 BIOS | ||
===== Official cheat codes ===== | ===== Official cheat codes ===== |