This is a side project I worked on while taking a computer architecture and design class. The class taught MIPS assembly - convenient to know for PSP hacking since the PSP has a MIPS processor.

A buffer overflow exists in the PSP game Super Collapse 3. The game does not do a proper bounds check on the name used in the high scores table. By crafting a save game file with a very long high score name, it's possible to overwrite adjacent memory and overwrite the $ra (return address) register. The $ra register can then be used to jump to an arbitrary location in memory. By injecting a small binary loader later in the save game file, $ra can be set to the start of the injected binary file. The binary file at the address in $ra will be executed with the same privileges as the Super Collapse 3 game.