|
|
Post by laxer3a on May 6, 2006 6:30:47 GMT 1
VERY IMPORTANT :
The source code of the emulator has been leaked through some people which found how to download it from the official web site.
(I have contacted yoyo, but he is probably still sleeping right now and anyway the damage is done)
While it is not TOO MUCH of a trouble (but we dont agree with it neither ok ?).
We are wondering about SECURITY PROBLEM.
Downloading already compiled binary from our official site garantee you that the program will NOT do something REALLY BAD to your PSP.(it may be a buggy and crashy emulator sometime :-), but it will NEVER BREAK your PSP)
So, this is a message to the whole PSP community.
Please do NOT download binaries of TYL that you don't know where it is coming from...
Laxer3A
EDIT : I am of course talking about the 0.4 version of the emu.
EDIT : The leaked source code isnt the last version either and bug has been fixed in between. So you shouldnt really use binary that havent been build with the leaked source anyway.
|
|
master1motoko
Junior Member
Chuck Norris counted to infinity......twice
Posts: 76
|
Post by master1motoko on May 6, 2006 15:56:21 GMT 1
understood
|
|
|
|
Post by joebro on May 6, 2006 16:21:29 GMT 1
thanks for the info laxer
|
|
|
|
Post by brent2k6 on May 6, 2006 21:54:44 GMT 1
lol im soo confused i dont know whats going on and i dont know how thats possible :S
|
|
|
|
Post by Cheeezy on May 6, 2006 23:41:35 GMT 1
What good is it if it isn't compiled anyway?
|
|
|
|
Post by _Em on May 7, 2006 0:26:29 GMT 1
This means that others have copies of the source code and can release their own versions, possibly modified in no-so-good ways. The main issue though, as originally pointed out, isn't that the code is leaked (as most of the code is publicly available anyway), but that the security of the site was compromised. This means that anything else that could be accessed in the same way as the source code is also available elsewhere now.
Laxer3a: I'd suggest putting an IP whitelist on the site for the files you don't want publicly accessible; this way, only people who *should* have access will. If you're using Apache as the server, this is documented, and pretty easy to set up.
|
|
|
|
Post by mr.chockuls on May 7, 2006 0:40:29 GMT 1
HACKERS
|
|
|
|
Post by craig588 on May 7, 2006 1:32:23 GMT 1
I hope you didn't have your server letting anyone get directory listings.
|
|
|
|
Post by laxer3a on May 7, 2006 4:46:26 GMT 1
Well, I am not that much concerned with the web site security.
I mean, there is really nothing to hide, we released the source code anyway too.
My concern is people having now spreading "new TYL 0.4" binaries outthere, compiled with a code THAT COULD HAVE BEEN MODIFIED TO DO SOMETHING BAD.
Well, it can happen with other emulator too anyway (as most of them have their source code released), but I just feel paranoid a bit. (new emu, many changes... a good timing for somebody wanting to do something bad at a cheap cost).
Just that people should download the binaries from TRUSTED places.
|
|
|
|
Post by Cheeezy on May 7, 2006 5:29:25 GMT 1
Maybe you should release the source code so when people do get it from an unreliable source, then they can compare it.
|
|
|
|
Post by laxer3a on May 7, 2006 6:30:09 GMT 1
You dont get my point :
1/ Mr. A get the source
2/ Mr. A add bad things to the emulator (like crash your PSP in one month from the first start of the emu)
3/ Mr. A release his "unofficial 0.4 build" over the internet.(=executable EBOOT file)
Who cares if I release the official sources or not.
Anyway Mr. A is not stupid enough to release his modified source with code like :
...
// Write to flash memory and Crash the psp here...
...
Moreover, who read the source code ?
The point is that people should not download EBOOT from uncertified places.
And it is a valid statement for all homebrew actually.
While I could be talking about a 0.0000001% probably you never know.
Still, people should not take useless risks. thats all.
Anyway as the code as leaked, yes, I believe we will release the latest version of the source at the same time.
|
|
greekslover
Junior Member
Everyone would like more lives.
Posts: 81
|
Post by greekslover on May 7, 2006 8:57:10 GMT 1
But what will this idiot hackers win by bricking other PSPs?
|
|
|
|
Post by laxer3a on May 7, 2006 8:59:53 GMT 1
Well nothing... but same as people writing viruses or other DDOS attack software or...
Program that bricks PSP were released when the PSP when firmware was still 1.0 and the ability to compile and run program was found.
|
|
greekslover
Junior Member
Everyone would like more lives.
Posts: 81
|
Post by greekslover on May 7, 2006 9:05:17 GMT 1
I really hate this kind of people(I had to format my computer 5 times because of virus infection).
|
|
|
|
Post by brent2k6 on May 7, 2006 23:23:08 GMT 1
this is work by the sony corporation lol
|
|
|
|
Post by laxer3a on May 8, 2006 6:30:32 GMT 1
OK I think it is time for removing the announcement.
And let this thread fade away in the limb of time...
(LOCK/UNSTICKY/REMOVE ANNOUNCMENT)
|
|
