The concept of exploiting PSX games was unfamiliar and uninteresting and widely unknown up until qwikrazor87 and myself found one that lead to psx games with perfect sound on the Vita without the need for external plugins.
In my last article I explained the process involved in the 6.60/3.18 POPS exploit, but this is just one of the many exploits that can be found in POPS, the part that’s really interesting for people who want to help out with us is the process of finding an exploit in a PSX game to be able to exploit POPS.
Here I’ll explain it in more detail.
Exploiting a PSX game is just as easy as exploiting a PSP game, perhaps even easier as there was no encryption back then (so access to code execution also allows access to PSX BIOS) and developers didn’t implement any security measure in their games (other than modchip detection which doesn’t bother us).
This tutorial covers how I exploited Sports Superbike 2 (a similar exploit was found in XS Moto and Tekken 2).
First things first, we have to enable psplink debugging in POPS, so we connect our PSP to PC, navigate to the seplugins folder and open pops.txt to add the following lines.
We can now start our exploit adventure, be sure to have psp link open in the background.
We now open Sports Superbike 2 and look for something that might be a good attack vector, in my case I opted for the player name that also shows up in the rankings.
Now we have to edit the savedata, but to do that we have to edit it in RAM, rather than on the save directly. So first things first, we have to pause pops so it stops modifying RAM.
thsusp @popsmain
Now we dump RAM:
savemem 0x08800000 0x01800000 memdump.bin
From there on out I opened the RAM dump with a hex editor a looked for my player name.
So I edited this part in hopes to cause an overflow somewhere.
And load the modified RAM dump back into the PSP with the following command:
loadmem 0x08800000 memdump.bin
And of course we want to resume pops so our game plays again:
thresm @popsmain
And sure enough I got an overflow when attempting a player 1 race that we can use to trigger POPS exploits, like the one explained in the earlier post.
Tekken 2 was similar, but in that one I used the survival ranking.
From here on out it’s just a matter of handing out the exploit to us so we can port it to our POPS exploits and you can enjoy ARK-3 on your Vita with perfect PSX sound. However we have no way to play PSX games beyond 3.52 (for now).
The post How to exploit PSX games for PSP and Vita. appeared first on Wololo.net.