|
.TIFF Exploit proved fake
|
|
Senior Member
1 product review
|
7. February 2008 @ 16:05 |
Link to this message
|
Copy and pasted from here http://forums.qj.net/showpost.php?p=1971019&postcount=53 all props and credit goes to Freeplay
I was examining the TIFF file, at first, I was excited, but then I saw the code that its fake.
Yep, fake. And so is their "exploit TIFF." As I posted on ps3hax:
Shame that this is a fake, too.
It's a real TIFF from a real exploit, sure, but the exploit was discovered in libTIFF in 2006 and FIXED in a LibTIFF 3.8.2 patch. Oh, and it was never capable of running code; only of crashing the client.
Code:
>>> # LibTIFF 3.8.2 unpatched | >>> # LibTIFF 3.8.2 patched
>>> snippet(0x2) | >>> snippet(0x2)
* Read offset to next directory for sequential |
* scans. | /*
*/ | * Check for integer overflow when
(void) ReadOK(tif, &nextdiroff, | * validating the dir_off, otherwise
sizeof (uint32)); | * a very high offset may cause an
} else { | * OOB read and crash the client.
toff_t off = tif->tif_diroff; | * -- taviso@google.com, 14 Jun 2006.
| */
|if (off + sizeof (uint16) > tif->tif_size) { | |if (off + sizeof (uint16) > tif->tif_size ||
TIFFErrorExt(tif->tif_clientdata, module, | off > (UINT_MAX - sizeof(uint16))) {
"%s: Can not read TIFF directory count", | TIFFErrorExt(tif->tif_clientdata, module,
tif->tif_name); | "%s: Can not read TIFF directory count",
return (0); | tif->tif_name);
>>> | >>>
Read about it here. The author of the original proof-of-concept is Tavis Ormandy. Here, read some more.
Notice the highlighted bit above, and the highlighted bit below:
Seriously, people, this took me less than a minute with Google and a hex editor to figure out.
This message has been edited since posting. Last time this message was edited on 9. February 2008 @ 11:53
|
|
Advertisement
|
|
|
|
|
Propagand
Member
|
7. February 2008 @ 16:18 |
Link to this message
|
|
WTF!!!!!! Im sick of this. People need to stop posting fake stuff. I got my hopes up for nothing. I wasnt interested in this the first time this happened, but i feel bad for the people who was. Another dissapointment.....
PSP>2.0>forgot sum>2.81>3.03>1.5>3.03oea>1.5>3.40oea>custom theme semibrick>3.40oea>3.52 M33>1.50>3.52 M33>1.50 addon 2>3.71 M33>3.71-2 M33
Difficult takes a day, impossible takes a week- Jay Z
|
|
vinny13
Suspended due to non-functional email address
|
7. February 2008 @ 16:24 |
Link to this message
|
|
|
Senior Member
|
7. February 2008 @ 16:24 |
Link to this message
|
Originally posted by CKhaleel:
I was examining the TIFF file, at first, I was excited, but then I saw the code that its fake.
Yep, fake. And so is their "exploit TIFF." As I posted on ps3hax:
Shame that this is a fake, too.
It's a real TIFF from a real exploit, sure, but the exploit was discovered in libTIFF in 2006 and FIXED in a LibTIFF 3.8.2 patch. Oh, and it was never capable of running code; only of crashing the client.
Code:
>>> # LibTIFF 3.8.2 unpatched | >>> # LibTIFF 3.8.2 patched
>>> snippet(0x2) | >>> snippet(0x2)
* Read offset to next directory for sequential |
* scans. | /*
*/ | * Check for integer overflow when
(void) ReadOK(tif, &nextdiroff, | * validating the dir_off, otherwise
sizeof (uint32)); | * a very high offset may cause an
} else { | * OOB read and crash the client.
toff_t off = tif->tif_diroff; | * -- taviso@google.com, 14 Jun 2006.
| */
|if (off + sizeof (uint16) > tif->tif_size) { | |if (off + sizeof (uint16) > tif->tif_size ||
TIFFErrorExt(tif->tif_clientdata, module, | off > (UINT_MAX - sizeof(uint16))) {
"%s: Can not read TIFF directory count", | TIFFErrorExt(tif->tif_clientdata, module,
tif->tif_name); | "%s: Can not read TIFF directory count",
return (0); | tif->tif_name);
>>> | >>>
Read about it here. The author of the original proof-of-concept is Tavis Ormandy. Here, read some more.
Notice the highlighted bit above, and the highlighted bit below:
Seriously, people, this took me less than a minute with Google and a hex editor to figure out.
Well done CKhaleel,my brother told me exactly this yesterday(Wednesday).
This message has been edited since posting. Last time this message was edited on 7. February 2008 @ 16:34
|
Senior Member
1 product review
|
7. February 2008 @ 18:07 |
Link to this message
|
|
Thanks.
Team ICE fails at life.
|
Senior Member
|
7. February 2008 @ 18:09 |
Link to this message
|
|
Dont you think it at least has a potential of doing something good.
|
Senior Member
1 product review
|
7. February 2008 @ 18:11 |
Link to this message
|
|
Well, I can try to re-compile the .TIFF code and try something...
|
Senior Member
|
7. February 2008 @ 18:15 |
Link to this message
|
|
Its worth trying,id love to try it myself but i dont have the patience.
|
Senior Member
1 product review
|
7. February 2008 @ 18:17 |
Link to this message
|
|
If I can re-compile the TIFF it might be worth something
|
Senior Member
|
7. February 2008 @ 18:23 |
Link to this message
|
I mean if you look at one of the readme files they clearly say they used an iphone exploit.They are completely different the iphone and the ps3,so that should tell you right away that it is fake.I'm going to say even if it was real how long do you think it would last before Sony patched it with a firmware update.I would leave it alone CKhaleel this is not something to look into,but if your interested in messing with code try out the OtherOS demo source code provided by Marcus.
...........................:SiG cReAtEd By Phantom69:............................ |
Senior Member
|
7. February 2008 @ 18:30 |
Link to this message
|
Originally posted by L-Burna:
I mean if you look at one of the readme files they clearly say they used an iphone exploit.They are completely different the iphone and the ps3,so that should tell you right away that it is fake.I'm going to say even if it was real how long do you think it would last before Sony patched it with a firmware update.I would leave it alone CKhaleel this is not something to look into,but if your interested in messing with code try out the OtherOS demo source code provided by Marcus.
I didnt provide any source code dude.
|
Senior Member
|
7. February 2008 @ 21:01 |
Link to this message
|
|
I'm not sure what you mean marcusita,but I was referring to someone different.A person by the name of Marcus released an OtherOS demo with source code for the PS3.It isn't a Tiff exploit,but runs off the OtherOS option.It has been confirmed working from ps2dev which is a very reliable source,and they have a toolchain that can be compiled as well.The only thing visible right now is a demo,but running code through the OtherOS has its downside as well.It doesn't gain access into the Hypervisor which is needed in order to accomplish a loader.I would look into the OtherOS demo before this Tiff exploit as it has been confirmed working.
...........................:SiG cReAtEd By Phantom69:............................
|
Senior Member
1 product review
|
7. February 2008 @ 21:06 |
Link to this message
|
|
I really got my hopes up for homebrew on the PS3. That sucks!
|
Senior Member
|
7. February 2008 @ 21:15 |
Link to this message
|
Originally posted by L-Burna:
I'm not sure what you mean marcusita,but I was referring to someone different.A person by the name of Marcus released an OtherOS demo with source code for the PS3.It isn't a Tiff exploit,but runs off the OtherOS option.It has been confirmed working from ps2dev which is a very reliable source,and they have a toolchain that can be compiled as well.The only thing visible right now is a demo,but running code through the OtherOS has its downside as well.It doesn't gain access into the Hypervisor which is needed in order to accomplish a loader.I would look into the OtherOS demo before this Tiff exploit as it has been confirmed working.
LMAO,my real name is Marcus,i thought you were talking about me.
|
|
redchinee
Junior Member
|
7. February 2008 @ 22:38 |
Link to this message
|
|
hi peeps. my name is Marcus too. people just need to relax until we see a workin mod for ps3. it should happen sometime. just chill till it does.
|
Senior Member
3 product reviews
|
7. February 2008 @ 23:50 |
Link to this message
|
|
Forgive me if this seems like a noob question but what programming language is that in?
|
Senior Member
|
8. February 2008 @ 03:36 |
Link to this message
|
|
The programming language for the OtherOS demo is in C.It uses a similar method like the psp most code is in C/C++.You can use Cygwin to program for the PS3 or you can program from Linux.From my understanding the OtherOS is a programmed .elf file converted into a otheros.bin file then converted again into an otheros.bld .The compression is using gzip which is a GNU compression utility.You can find a bunch of documentation from IBM on the Cell processor as well.
...........................:SiG cReAtEd By Phantom69:............................
|
|
ooZEROoo
Senior Member
4 product reviews
|
8. February 2008 @ 08:00 |
Link to this message
|
Team ICE also said that the tiff were just for fun exploits. I tried it and my system just froze...wow. I did however try the Motorstorm exploit and that seemed to work with the provided self file. It may be fake and it may not but people are going to be mad if they update and this does turn out to be legit. Keep in mind that nobody has reached "hello world" and even if they do it's not going to do any good at the moment. If anyone has gotten the avatar thing to work I would like to know if others can see it or just you.
|
Senior Member
|
8. February 2008 @ 08:04 |
Link to this message
|
Originally posted by ooZEROoo:
Team ICE also said that the tiff were just for fun exploits. I tried it and my system just froze...wow. I did however try the Motorstorm exploit and that seemed to work with the provided self file. It may be fake and it may not but people are going to be mad if they update and this does turn out to be legit. Keep in mind that nobody has reached "hello world" and even if they do it's not going to do any good at the moment. If anyone has gotten the avatar thing to work I would like to know if others can see it or just you.
The Avatar thing is annoying me i can even get the software set up properly.Everybody should be able to see your Avatar.
This message has been edited since posting. Last time this message was edited on 8. February 2008 @ 08:06
|
|
ooZEROoo
Senior Member
4 product reviews
|
8. February 2008 @ 08:07 |
Link to this message
|
Thanks. I'll see what I can do with it later. Sony should have let us use our own avatars long ago.
|
Senior Member
|
8. February 2008 @ 08:08 |
Link to this message
|
Originally posted by ooZEROoo:
Thanks. I'll see what I can do with it later. Sony should have let us use our own avatars long ago.
Yes they should have,they may do in a later Firmware update.
|
Member
|
8. February 2008 @ 13:26 |
Link to this message
|
|
You people get too wound up about this crap.Seriously go out and by your games fopr gods sake. The amount of man hours some of you put into this is crazy. Put the same effort into buying and selling on ebay and ull make enough money to buy 10 games!!
|
|
_FreePlay
Newbie
|
8. February 2008 @ 21:01 |
Link to this message
|
|
|
|
_FreePlay
Newbie
|
8. February 2008 @ 21:04 |
Link to this message
|
|
Oh... also. No, this can't be used to hack the PS3. The reason the PS3 crashes is because the hypervisor kicks in and goes "NO, I DON'T THINK SO" and freezes the system intentionally. Also, the exploit was fixed TWO YEARS AGO.
|
|
Advertisement
|
|
|
Senior Member
|
8. February 2008 @ 21:08 |
Link to this message
|
Originally posted by _FreePlay:
Oh... also. No, this can't be used to hack the PS3. The reason the PS3 crashes is because the hypervisor kicks in and goes "NO, I DON'T THINK SO" and freezes the system intentionally. Also, the exploit was fixed TWO YEARS AGO.
Dude how could it have been fixed two years ago,the PS3 hasnt even been out for two years.
|
