Editing SPU LS Overflow Exploit
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 9: | Line 9: | ||
<br /> | <br /> | ||
http://pastie.org/1898468 | |||
---- | ---- | ||
Your shell code would have to overwrite an area of the LS that gets executed. There will be an amount of guesswork as to the offset since we cannot see the code. The code would begin copying areas of the LS into the shared LS, You would need some PPU code to read the shared LS and dump the information. The implementation of this exploit is rather difficult due to the fact we cannot see the code in the first place, and it will not give a clean dump. | Your shell code would have to overwrite an area of the LS that gets executed. There will be an amount of guesswork as to the offset since we cannot see the code. The code would begin copying areas of the LS into the shared LS, You would need some PPU code to read the shared LS and dump the information. The implementation of this exploit is rather difficult due to the fact we cannot see the code in the first place, and it will not give a clean dump. | ||
[[User: | [[User:Admin|Admin]] 16:17, 22 April 2011 (CDT) | ||
---- | ---- | ||
So maybe it would be a good idea to first try it with metldr as we can pass our modified loader without having to flash it. | So maybe it would be a good idea to first try it with metldr as we can pass our modified loader without having to flash it. |