Following up with their announcement that they will introduce their Achievements in "Vita Hacking" at the #35C3-Congress, both Developers @yifanlu and @DaveeFTW from @TeamMolecule today presented their Talk: "Viva la Vita Vida". And in this Thread, you will learn what they got achieved with their Hacks but also what this means for the Community of "Vita Hacking" in future. And to "spoil" you a little bit, we recommend that you will read this Article while sitting on your chair in case you would come off because of your roar with laughter.
For an overview about the #35C3-Congress in General, or where you can find all Livestreams from this Talk as well from other important ones, please click here.
Did you fall off from your chair? We hope you didn't get hurt.
This is the full Talk you can watch via YouTube but to understand what they got achieved, we will include the most important Slides in a summary.
While previous Achievements in both the "User Processes" (this is the Part about past Projects like "HENkaku" and the "Web-Exploit" in General) and the "System Processes" (which allowed you to use your PSP Backups or Homebrew for example) - but also the "ARM TrustZone" were already successfully "infiltraded" by various Developers - Developer @DaveeFTW explains, how they got achieved to break into both the "F00D Kernel" and "F00D Loader". "F00D" is the "Security Co-Processor" inside the PlayStation Vita. While the "F00D Kernel" contains all the "Content Keys" to protect secure assets such as from Game Titles or System Firmwares, the "F00D Loader" contains the "Meta Keys" which protect the "Content Keys" allowing the System to revoke compromised "Content Keys". And by understanding both the "Hardware Architecture" together with the "Software Design and [it's] Implementation", he describes his method how to examine his "Attacking Surface" to break into the "Security Processor". And by tinkering with the "Private Memory" by checking each "byte by byte", they was able built a Model from the "F00D SRAM" to get a "Plain Text" from the Kernel, as they call it the "Octopus Exploit" (but they please you not to ask why it's called like that ). With this result, they was able to analyse the Kernel more deeper.
While @yifanlu takes the Stage talking about his various "Hardware Achievements", which is better explained at the Video from this Talk as mentioned above, "The Way was Clear" to get access to the "last piece of the puzzle", which was the "F00D-Loader". And with access to that, they was also able to find a Vulnerability to get the "SHA256-Hash from the Bootrom". Dumping the "Bootrom" wasn't so interesting - according to @yifanlu - due to the fact that there are no useful Keys included inside. And the "Attacking Surface" wasn't so huge compared to the "F00D Kernel". But this wasn't so tragic since with this effort, they achieved to get Full Control of the PlayStation Vita by dumping every code inside the whole Console. This sounds already very promising since you have to understand that similar to the PS3-era, when someone gets "Full Access" to a Gaming Device, then the next question would be sooner or later: "What you can actually do with such power?" Well, this Thread here can't promise you anything but the chances are high that we can see not only a newer full "Kernel Exploit" for newer System Firmwares above >3.60 or >3.65, but it should give other Developers a easier platform to create newer Homebrew Releases or even a full-fledged Custom Firmware. How you ask? Just take the PS4 as an example, where a "Full Access" is still not provided (by the Time of writing this Article) but even with less Achievements, the side-effect is still sadly Piracy and creating Homebrew is more difficult compared to play your Backups. The PlayStation Vita has a few more Homebrew Releases but the Limitations where still there for many tasks. This could change now but we aren't finished yet with this Article. Now we are getting to the fun part.
Remember the Talk from fail0verflow regarding the PS3 back at #27C3 eight years ago, where they showed the world how "unsecured" the PS3 was at the end with such an cryptographic "Epic Fail" by choosing a "supposed to be random number" the same everytime for signing their SELF-Executables? Sure you remember. And while @yifanlu sums up their Conclusions to both how good the Team from Sony secured this System after such a fiasco with the PS3 while it wasn't such a success for them regarding the Sales of the PlayStation Vita (he even mentioned many things Sony did right with the PSVita, which they didn't for the PS4), he explains that: "Not everyone is Perfect" - while a big "BUT..." is displayed in one of his slides. He admits that: "there is a slight issue in their choice of [the] bootloader encryption key", while he adds the important Tasks of such a key, namely to protect "every other key in[side] the system." So you could see this as a "Master Key." Further on he explains that after they dumped the "Bootrom", they tried to find such a "Master Key" and while the audience is already chuckling as he moves forward to his next Slide, he explains that Sony decided to fill up their "Master Key" with a single byte repeating all the time. Yes you read it right. And by hinting this byte with the Packshot from a Battery-Package including 16x AA-Batteries, he wants to inform you that this "Master Key" is as follows: AA AA AA AA AA AA AA AA - or 0xAA in "Hexadecimal". Yes, this isn't a typo and you are probably speechless like the Audience was (one Question after the Talk was indeed if "this was a Joke!?!?" ). @yifanlu also explains how they was surprised with such a Cryptographic Failure Sony did again since they thought this was just the Code from a Debug Non-Retail Device after they brute-forced this at first but then they realized that this was the "Real Deal" which means that both every PlayStation Vita and PlayStation TV (yes this works for the "PSTV" as well, as asked by one of the Audience's Question) which got sold shares this simple "Master Key". Is there something more to say?
Here you will find several Releases based on the Achievements showed at this Great Talk.
Several "F00D Keys" released by @Mathieulh on "HENkaku Development Wiki"
Developer @theflow0 teases a new "hack" for System Firmware 3.69 in 2019
Developer @pomfpomfpomf3 (from @TeamMolecule) published their "MeP Emulator" together with a "Compiler", which was also mentioned inside the Presentation giving support for "remote debugging"
Developer @DaveeFTW wrote a whole blog post about their Talk at #35C3 with additional details where he didn't have the time to talk about.
We hope that you enjoyed our coverage from this second important Talk at 35C3. Feel free to discuss your opinions about today's Talk in the Comments Section down below. Unlike yesterday's Talk, we are pretty sure here that the PSVita will see very bright days in the near future.
The whole Talk can be found here: media.ccc.de
Twitter: @yifanlu / Twitter: @DaveeFTW / Twitter @TeamMolecule
Bootrom glitching scripts + various SCE decryption units: @GitHub
PS VITA / PS TV Huge Vita News from #35C3- @yifanlu & @DaveeFTW presents their Talk "Viva la Vita Vida"
By Roxanne on Dec 29, 2018 at 5:35 PM
[Update August 10th] HW Acceleration (RSX) Project Update by RenéRebeUPDATE (August 10) - Now the 28th Video Released >>> The next PS3 NVidia RSX accelerated X.org steps
(Original Article from Nov. 14) Is the PS3 a bit closer to gaining Hardware Acceleration (via RSX) in OtherOS (Linux) with a proper driver to enable the GPU chip? We are not there, but we may be getting closer to a reality. Earlier this year (back in April) we detailed some of the progress that the busy dev RenéRebe has made with unlocking the potential of the PlayStation 3's RSX chip and now today we have been greeted with a new video and what we can expect with this project as the developer starts to undertake the challenge of further unlocking one more component of the Ps3 hardware,. The developer has alot of videos on other intresting subjects in his diverse YouTube channel >>> (Bits and More) <<< many very informative video's..Continue reading
RPCS3 (PS3 Emulator) - June 2019 Progress Report - Unlockable Framerates above >30 FPSEmulating Home Console Game Titles has many Advantages when they work properly. Optimizing the Output Resolution is one thing. But many Game Titles - especially for the PS3 - where designed to run with 30 Frames-per-Second (FPS) only on Original Hardware. Some Games have even a "cap" which doesn't allow the Game to exceed that Frame Limit even if it could or other Games can't even get to the 30 FPS mark due to bad Gaming Design or tremendous of Game Files, which needs to be loaded in the Background and the Console can't even achieve that due to slow Hardware. Best Example, if you ever played the "Bayonetta Series" on your PS3 (I really hope you didn't ), then you will know what I mean. But luckily, with the help of the famous PS3 Emulator RPCS3 and it's newest Updates and Recent Changes, this problematic could be lead into a thing to the past for several Game Titles. This will lead many Classic Titles like the "Uncharted Series", "The Last of Us" or "Red Dead Redemption" into a even better Gameplay as you enjoyed them on your original PS3, where those mentioned Game Titles already showed impressive results, as you can check in the video down below.. And the cool thing is, everyone is welcome to contribute their test results here. So you know which Homework I will give you know today, right? Continue reading
RPCS3 (PS3 Emulator) - May 2019 Progress Report - 1337 pl4y4bl3 ~ 1337 1n64m3 :)That can't be an accident. Following up after the impressive Progress Report last Month, where we learned that over >40% of all PS3 Game Titles are now fully "Playable", today the great Team behind the PS3 Emulator RPCS3 showcases their newest Progress Report for May 2019 with another milestone. If you are a long follower of their great Project or maybe you are even enjoying your PS3 Game Titles on your PC right now (because "why not"?), you will be already familiar with the fact that most of the Game Titles tested on RPCS3 will at least boot up, but then you will experience Graphical Glitches, huge Slow-Downs or even you aren't able to play a Game Title to the End, which is sad (Damn you "Narco Terror" and "The Expendables 2: Videogame" why you still aren't bootable? :P). This is why in the past, the "Ingame" Status comprised most Game Titles in every Compatibility List. But for the first Time since it's Initial Release, the "Playable" Category ties the first place together with the "Ingame" Category with both 1337 Game Titles each. This means whatever Game Title you choose to play via RPCS3, there is a 43.71% Chance that it will be at least "Ingame". That's impressive don't you think? Oh, and sorry for the leetspeak at the Title. I mean come on, we are talking about 1337 Game Titles fully "Playable".Continue reading
Share This Page
- henkaku homebrew
- playstation 2
- playstation 2 resources
- playstation portable
- playstation portable cfw
- playstation portable resources
- playstation tv
- ps vita
- ps2 resources
- ps3 cfw
- ps3 han
- ps3 homebrew
- ps4 homebrew
- psp cfw
- psp resources
- pstv homebrew
- vita homebrew
- webman mod
- xmb mod
- User Record:
- Latest Member: