I haven't played this game in a long time, but something came to mind recently concerning it's potential for developing an exploit.
There is a cheat/feature in the game where pausing and opening the disc tray allows levels from the original game to be loaded into memory and played in the sequel. I was wondering whether there could be a buffer overflow exploit that allows a malformed level to be loaded instead of the level file the game is looking for. It would go something like this:-
Open disc cover -> swap with backup of original game that has one of the .exp level files swapped with an Action Replay/Unirom file that would allow for disc swapping.
The reason I was looking around for new exploits is that the only PS1 I have is a SCPH-9000 series (the one without a parallel port) so I can't use my usual unirom cartridge to load backups and didn't want to go to the hassle of buying modchips, new lasers for other systems etc. The only other softmod way to load backups would be the cheat CDs like Action Replay that allow for 'safe swapping'. What if a game like V8 2nd Offence that allowed for swapping discs could be exploited in this way?
So I put my game disc in, loaded the game's elf SLES_021.62 and had a look at the labels. The most interesting are: "DISC COVER OPEN" and "V8 LEVELS ENABLED!". I've attached a screengrab. My knowledge of MIPS is not good enough to understand whether there is potential here or not, what do you think?
Potential for exploit in Vigilante 8 2nd Offence?
Potential for exploit in Vigilante 8 2nd Offence?
You do not have the required permissions to view the files attached to this post.
But you still have the problem of reading a backup?
Who is online
Users browsing this forum: No registered users and 2 guests