On the historical PSP (PlayStation Portable) console on firmware version 5.03 there used to be a thumbnail-based exploit called HEN-C. It worked (under a race condition I presume since it didn't work every single time) by viewing a picture thumbnail of an splashed egg and a binary encoded (?) picture thumbnail, which was the payload itself I would presume. The exploit was used to load so called CFW (custom firmware) onto the device, which is basically a jailbroken/modified ROM.
My questions would be:
- I'm guessing the exploit used a flaw in the thumbnail parser, is that correct?
- How did it actually work?
- What was the exact flaw/programming mistake in the firmware that allowed this?
- Was there been any similar exploits on PC as well? (yes I've searched exploit-db.com already with no avail...)
- Is it possible to find the source code for it somewhere for historical reasons?
All I could find online, that is relevant (besides lots of YouTube videos with annoying buzzing in the background) is this source code for the newer procfw https://github.com/wicanr2/procfw, which appears to be irrelevant to the exploit apparently...