Shine: i'm sorry, i wasn't able to get this to work with javascript. try a static file.
anyway, i think call= "\x60\x93\xa3\x48"; should do it (or does it produce unicode crap?), but it doesn't. or should unescape() work around something?
Search found 6 matches
- Wed Jun 01, 2005 9:46 am
- Forum: PSP Development
- Topic: 6 ways to crash the wipeout browser...
- Replies: 54
- Views: 36033
- Wed Jun 01, 2005 8:29 am
- Forum: PSP Development
- Topic: 6 ways to crash the wipeout browser...
- Replies: 54
- Views: 36033
You need to put the address of sceKernelSleepThread, not the ID. the address would be 0x08a39360. otherwise it would work, though i didn't tried with javascript. i had to use 0x48a39360 because 0x08 wouldn't be parsed, but maybe you have more luck with javascript! i used Wipeout-USA (is there anothe...
- Wed Jun 01, 2005 12:01 am
- Forum: PSP Development
- Topic: 6 ways to crash the wipeout browser...
- Replies: 54
- Views: 36033
0xdeadface: I overwrote the return address with the address of the sceKernelSleepThread function (or better, the wrapper). Yes, i could pass my own code, but the problem is finding it in memory. I don't know where the stack is located nor any other place where i can upload code to. The only thing i ...
- Tue May 31, 2005 8:04 pm
- Forum: PSP Development
- Topic: 6 ways to crash the wipeout browser...
- Replies: 54
- Views: 36033
- Tue May 31, 2005 12:02 am
- Forum: PSP Development
- Topic: 6 ways to crash the wipeout browser...
- Replies: 54
- Views: 36033
KiWi: i choosed the first thing which i had some binaries for, and that was wipeout. exploiting something without having binaries sounds nearly impossible for me, at least when doing stack-based overflows where you have to know the return-addr. Sure an exploit in something else would be better, but ...
- Mon May 30, 2005 6:42 pm
- Forum: PSP Development
- Topic: 6 ways to crash the wipeout browser...
- Replies: 54
- Views: 36033
6 ways to crash the wipeout browser...
Hi, I noticed the following ways to crash the wipeout browser: 1.) "<div>" * (large number, > ~500). you can use every other tag as well. The html parser seems to be recursive. At least this slows down the parsing process until it finally crashes. No big deal, i think, i don't think it can...