PSP Buffer Overflow Allows Downgrading of Firmware

SonyxTeam has released a downgrader for the PSP. The downgrade works by exploiting a buffer overflow in libtiff which resides in PSP’s toc2rta 2.0. The downgrade utilizes the overflow as there is no other way to run non-Sony approved software on the PSP 2.0. The downgrade opens up the PSP device to independent software development for Sony’s device which hasn’t been Sony-approved.

In my opinion this is the first time a buffer overflow has been used for “good“, i.e. execute a good piece of software, rather than for “evil“, execute a bad piece of software. It would be interesting to see how would Sony react to this, and whether this will speed Sony’s responsiveness to software vulnerabilities found in their product.