[tjhooker73]

Why hasn't anyone made a save game exploit,(Such as the ones used for Wii hacking) it wouldn't be all that hard, You load the save, it crashed and the payload runs thus you could do a multitude of things, ex. possibly dumping the nand/nor, getting the keys, and making modified games.

Just an idea, that could work...

Post what you think about it below

[Persian McLovin]

This type of exploiting also happened on the 360 via the King Kong save game exploit but without getting more technical, the way the PS3 does things is a bit more complicated but I think it may be possible if in the hands of high-skilled devs.

[svenmullet]

The hypervisor doesn't allow this to happen. There are no known vulnerabilities in 4.11 (I'm not saying there aren't any, but we can't find them without dumping and reversing a live Lv1, and that's impossible without very expensive hardware, possibly not possible at all)

Even if all the above happened and someone found a vulnerability, you'd then have to find a game with a weakness that allows buffer/heap/stack overflows with malformed save data, and it would have to coincide with any weakness in the Lv1. Short answer: It's not going to happen.

[DEFAULTDNB]

Hyper visor wont allow save game exploits.

Perhaps I dont understand how exactly an eboot.bin works: I still think its just a simple path redirection from the eboot to a modified metldr(appldr isoldr etc)/DEX devflash.

All we need is a dev eboot or eboot exploited (header exploit?), change the paths inside to alternate ldr's and sign it for 3.55, bypass the 3.60 keys all together.

Please correct me if I'm wrong? I probably am.

[Pockets69]

i somehow remember answering this a month ago... but sven pretty much said everything...

[euss]

gamesave runs inside vsh / lv2_kernel, which resides inside lv2 LPAR, managed by lv1 hypervisor.

basicly, it is a prison cell inside celblock, inside special inmates section, inside federal state prison inside your worst government ruled state, while being sentenced to death if anything happens on route to your hearing.

[cory1492]

Originally Posted by Persian McLovin This type of exploiting also happened on the 360 via the King Kong save game exploit but without getting more technical, ...

Without getting more technical? The KK exploit on xbox involved patching an unsigned shader to use the GPU to directly write to unprotected memory with some stack context data that took advantage of a instruction in the hv (so it was essentially two exploits - not one), then hacking the drive firmware to play the disk you burned with the patched shader on it. Had nothing to do with the save game.

The point is, even if you get an exploit to work at game level, all you can do is what the game is able to do - you still need another exploit to do MORE than the game is allowed to do. Not impossible, but certainly not trivial especially when you don't have the keys to decrypt the things you want to exploit.

[Persian McLovin]

Originally Posted by cory1492 Without getting more technical? The KK exploit on xbox involved patching an unsigned shader to use the GPU to directly write to unprotected memory with some stack context data that took advantage of a instruction in the hv (so it was essentially two exploits - not one), then hacking the drive firmware to play the disk you burned with the patched shader on it. Had nothing to do with the save game. The point is, even if you get an exploit to work at game level, all you can do is what the game is able to do - you still need another exploit to do MORE than the game is allowed to do. Not impossible, but certainly not trivial especially when you don't have the keys to decrypt the things you want to exploit.

I think you've misread my post. I didn't mean the exploit itself wasn't technical, I meant in answer to the OP's idea that without going into the technical aspects, more needs to be done to go through this via the PS3 as opposed to the 360...

[cory1492]

LOL no YOU!

This type of exploiting also happened on the 360 via the King Kong save game exploit but without getting more technical

I'm not sure how I could misread that you said it was a save game exploit, when it simply wasn't (without getting technical at all as I already explained the exploit vectors they actually used )