【P】6.20TN HEN很有可能在6.31上也能运行!!!

cshfelix
2010-11-04 16:42:12

[i=s] 本帖最后由 cshfelix 于 2010-11-4 16:43 编辑 [/i]

11月4日wololo关于TN确定会放出HEN并可能会移植到6.31版本的分析和建议(原地址http://wololo.net/wagic/)：

[align=center]TN Hen will most likely be available for 6.31[/align]
Update, from Total_Noob’s blog: “I’ll release HEN for 6.20. When Sony releases a new firmware (but I don’t think so, because they don’t care about the PSP anymore), I’ll port it to 6.31 (idea by Flyer)”. (Thanks to Sakuryu for the tip). This more or less matches my suggestion so I’m happy with this idea. Thanks Total_Noob
Total_Noob contacted me yesterday to tell me he was going to port his Hen to Firmware 6.31 (you can see part of our discussion on his blog here).
Total_Noob has, on top of his kernel exploit, a VSH user mode exploit that he was planning to use for his Hen on 6.31. Basically, the scenario in this case would be that he focuses on a Hen for 6.31, and all users (including 6.20 users) would update to 6.31 and use the Hen on 6.31.
There are of course many good points in doing that: Total_Noob would only need to work on a Hen for 6.31 (less work for him), and everybody would get the exploit for free. In the other scenario (where Total_Noob does not disclose his VSH vulnerability), People on 6.20 would use the 6.20 version of TN Hen, and people on 6.30/6.31 would need to buy the Hot shots golf game in order to get the exploit. This also means more work for Total_Noob.
It seems total_Noob’s suggestion is the best for everyone… well, not for people who will upgrade to 6.32 (or whatever the name of the next firmware will be). These guys will be locked on a new firmware, knowing that 2 user mode vulnerabilities where used on 6.31, in order to please the 10 guys who upgraded from 6.20 to 6.30 because they said “f#ck homebrews” during the HBL 6.20 era (if you upgraded to 6.30 for a valid reason, feel free to comment, by the way)
My suggestion is the following:
Release TN Hen 6.20 for Patapon and TN Hen 6.31 for Hot shots golf.
Sony patches their firmware with 6.32
Release TN Hen 6.31 for the vsh vulnerability AND work on HBL 6.32 for the same vulnerability.
This way, People on 6.31 who don’t want to pay for HS Golf just have to wait for the release of 6.32. And people on 6.32 will most likely benefit from HBL soon after Total_Noob releases his User exploit. To me, this scenario is better than the one suggested by TN.
Of course, even that is a compromise IMO. If you ask me what my true feeling is, a good vsh vulnerability should wait a little longer, and be used in association with a kernel exploit if/when a new one is found, for future firmwares.
Reading at the comments on Total_Noob’s blog, I see how people can forget their own case very easily. You will see that most people on 6.31 think only about themselves, and ask him to release the vsh exploit, without thinking for one second that it could be used by the people, who, exactly like THEM, will upgrade to the next firmware. Aaah, human nature…
As I told Total_Noob, it’s his choice, and he shouldn’t care about other people’s opinion on the subject (including mine), except maybe other hackers he trusts. Most likely, the “normal” people will want anything that benefits them, I don’t expect many people to think about those who will upgrade to the next unpatched firmware.
What do you think?
Update: I don’t understand why people are so confused. I never said people would have to buy Hot shots golf. As a matter of fact, it’s exactly the opposite. Total_Noob is trying to find a solution that pleases a high number of people, and is looking for ways for people to avoid buying the game (hence the vsh exploit). My suggestion is to release the Hen for patapon AND for Hot shots golf, THEN to release it for the vsh vulnerability AFTER sony release a new firmware. People who are on 6.20 and think they are getting screwed should read more carefully. People on 6.20 are the only ones who have the guarantee they will get the Hen and won’t have to pay anything for it, whatever happens. The “money” issue is only for people on 6.30/6.31. Remember that I expect my readers to use their brains.
[align=center]TN HEN很有可能在6.31上也能运行[/align]
来自Total_Noob博客的更新：“我将会公布6.20HEN。当Sony发布新的固件版本时(不过我不这么认为，因为他们不会再关注PSP了)，我会将它(HEN)移植到6.31版本(Flyer的主意)。(谢谢Sakuryu的点子）这或多或少与我的建议合拍，所以我很高兴看到这个主意。谢谢Total_Noob。
昨天Total_Noob联系了我，告诉我他将把他的HEN移植到6.31固件版本中(在他的博客这儿你可以看到我们讨论中的一部分)。
Total_Noob在自己的核心漏洞之上，拥有了一个VSH用户模式漏洞，他打算在6.31HEN上利用这个漏洞。基本说来，在这种情况下的剧本通常是他专注于6.31HEN的工作，然后所有玩家(包括6.20玩家)升级他们的psp到6.31来使用6.31HEN。
这样做当然有很多好处：
Total_Noob只需要开发6.31这一个HEN(对他而言工作量更小)，然后每个人会免费得到那个漏洞。另一种剧本中(Total_Noob不泄露他的VSH漏洞)，6.20的玩家会使用6.20版本的TN HEN，而6.30和6.31的玩家需要购买Hot shots这个高尔夫游戏来获得这个漏洞。这也意味着Total_Noob将要做更多的工作。

看起来Total_Noob的建议对每个人来说都是最好的。。。哦，对于升级到6.32版本(或者下一代固件版本随便的一个名字)的玩家不够好。在知道6.31上那两个用户模式漏洞的同时，为了取悦那10个从6.20升级到6.30的玩家——因为他们提到了HBL6.20版本中那”该死的自制程序“(顺便说一下，如果你为了一个正当的理由升级到6.30还能这么潇洒的评论的话)，那些(6.32的)伙计们将被封锁在一个新的固件上。

我的建议如下：

发布啪嗒碰上的6.20TN HEN和Hot shots高尔夫上的6.31TN HEN。

索尼在6.32固件上打上封堵补丁。

发布VSH漏洞上的6.31TN HEN，同时开发同样漏洞上的6.32HBL。

这样一来，6.31中不想购买HS高尔夫的玩家需要等待6.32版本的发布。到时在Total_Noob发布他的用户漏洞不久后，6.32的玩家就很有可能从HBL中获益。对于我而言，如此的剧情比TN建议的那个要好一些。

当然，在我看来即便是一个妥协，但如果你问我真正的感觉是什么，我也会告诉你如果或者说当一个新的核心漏洞被发现时，一个好的VSH漏洞需要再等更长的时间，才同未来固件的一个相关核心漏洞一起使用。

读了Total_Noob博客上的评论，我发现人们如何轻易地忘记他们自己的情况。你会看到大部分6.31的玩家只为自己考虑，要求他(Total_Noob)发布VSH漏洞，丝毫未想到这个漏洞可以被那些跟他们一样的人——那些更新到下一代版本的玩家(指下一代新版本，未出，可能是6.32)使用。啊，人性啊。。。

正如我告诉Total_Noob的，这是他的选择，在这个项目上他不应当在意其他人的看法(包括我的在内)，除了可能有一些他信赖的黑客们的看法。“正常”人很可能想要得到任何使他们获益的东西，我不会期待许多人去为升级到下一个未添加补丁固件的玩家着想。

你怎么看呢？

更新：我不明白为什么大家如此迷惑。我从没有说过大家需要去买Hot shots高尔夫这个游戏。事实上完全相反，Total_Noob正在努力找一个解决方法来使许多人满意，寻找一个方法让大家不用买这个游戏(因此有了VSH漏洞)。我的建议是公布啪嗒碰和Hot shots高尔夫上的HEN，在索尼发布新固件后公布vsh漏洞。6.20觉得被耍了的玩家应当读得更仔细点，无论发生什么，6.20玩家保证都能拿到HEN而且无需支付任何花费。需要花钱的程序发布只针对6.30和6.31玩家。记住我希望我的读者们好好用你们的大脑思考。

(个人分析：

1.从wololo的建议可以看出，他不希望TN发现的vsh漏洞现在就公布，如果那样下一代固件会封堵这个漏洞，他建议在HBL上开发6.20TN HEN，在Hot Shots高尔夫上开发6.31HEN；而TN本来是想在VSH漏洞下做6.31HEN的，只做一个；现在TN一定程度上接受了这个建议，将会先发HBL基础上的6.20TN HEN，等下一代固件推出时，再发6.31HEN

2.目前6.31有两个用户模式漏洞，一个是Hot Shots高尔夫，一个是VSH漏洞，前一个已经公布，后一个是TN个人发现的，未公布；

3.本来TN是要做VSH漏洞上的6.31HEN，让6.20玩家升级后使用，现在听了大家的建议——现在公布后下一个版本会被封堵，决定先公布啪嗒碰HBL基础上的6.20HEN，等索尼推出新固件——可能是6.32时再放出VSH漏洞上的6.31HEN)