Meer hackers claimen hack op de PlayStation Vita

RDJ134 19 december 2011 om 17:49 uur

Gisteren kon je hier op Eigenwereld.nl lezen dat de hacker teck4 claimde een 'Hello World' te hebben gedraait op de PlayStation Vita door een exploit in de PSP Emulator van de handheld. Uiteraard zijn wij hier heel erg sceptisch over, aangezien we geen video kregen te zien, maar een foto. Maar ook de bekende Japanse PSP hacker Mamosuke heeft nu volgens eigen zeggen diverse exploits in de PSP emulator gevonden en zo Homebrew kunnen instaleren en opstarten. Op zijn Blog geeft hij een uitgebreide technische uitleg, en nu is het wachten op de eerste video's die 'Hello World' tonen.


Japanese PSP scener Mamosuke announced today on his blog that he was able to confirm a "Hello World" running on the PS Vita through the embedded PSP emulator. The exploit was made by developer teck4, and most likely relies on one of our good buffer overflow friends. and for those who are wondering "is it real?", my current answer is that I haven't tried it yet, but knowing Mamosuke fairly well I can tell you it's true.

Technically, the idea behind the hack is simple but brilliant: the PS Vita has a PSP emulator, and we have plenty of PSP game exploits lying around... can we assume they will work on the emulator? That's what teck4 tried, and the answer is yes, so he managed to run unsigned code on the PS Vita.

For those who join this blog for the first time, basically how this works is that a special save data file is crafted for a specific game. When the game is asked to load the save data, through a flaw in the game code we manage to re-route the game into executing code that we wrote ourselves. That code is usually very simple, displaying a simple message (typically "hello world", hence the name).

From there, what happened for the PSP was that we integrated these exploits into our homebrew loading tool, Half-byte Loader, which allows people to load more interesting homebrews such as emulators, etc...

That's the theory. Practically, although this is good news, there are a bunch of obstacles which will probably not make the exploit so interesting for most users (at least not yet): First of all, the exploit happens within the PSP emulator on the Vita, and will not directly give access to the Vita hardware or features. So this can theoretically only allow to run PSP homebrews on the vita (which, to me, is already fairly nice), and also, only User-mode ones ( a game exploit does not give access to the PSP kernel mode, so some tools and functionality is missing, which prevents emulators such as Daedalusx64 for example to run at full speed).

The second issue, and we ran into the same type of problem with the PSP, is that Sony will probably stop distributing the flawed game as soon as they know which game it is, and/or patch the game or the emulator. That can probably be tampered by the fact that there are numerous vulnerable games on the PSP, and so a "cat and mouse game" could start, assuming Sony cares about protecting the PSP emulator against user-mode homebrews.

The third issue, and that might be the worst problem, is that copying PSP savedata from your computer to the PS Vita requires to go through a tool named the "contents management assistant", which could easily be blocking the crafted savedata. Worse, copying any file to the PSP emulator has to go through this assistant, which means if we are to copy/load homebrews using this trick, they would probably have to follow a very specific format, and be all able to run from within the game's savedata folder (most homebrews expect to run from the PSP/GAME folder, and half byte loader itself expects to be living on the root of the PSP, but the contents management tool will only copy files to the game' savedata folder). Eventually tools will probably be built to overcome this limitation, but it sounds like Sony could patch that kind of stuff fairly easily in the future (and prevent copying anything that's not recognized as some savedata, for example)

Reageer