SPU LS Overflow Exploit

From PS3 Developer wiki
Revision as of 01:56, 22 April 2011 by Stoker25 (talk | contribs) (hope this is alright...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

From what I can understand, the code that the loaders use to verify the SCE header doesn't check the size before it moves the header into isolated memory.
This means if the right SELF is made, it could replace existing code.
Perhaps:
Make a SELF with a large header, containing arbitrary code at a certain offset
This code would replace a part of a loaders code, meaning we can execute at a higher level.
Finding the right offset to put the code must be the hardest part, as you'd have to figure out where the LS ends and code begins.

Please give your ideas/workings here, I figured using the devwiki would be better than forum threads since they are just full of people wanting a simple solution, lets work together instead.