Following up with their announcement that they will introduce their Achievements in "Vita Hacking" at the #35C3-Congress, both Developers @yifanlu and @DaveeFTW from @TeamMolecule today presented their Talk: "Viva la Vita Vida". And in this Thread, you will learn what they got achieved with their Hacks but also what this means for the Community of "Vita Hacking" in future. And to "spoil" you a little bit, we recommend that you will read this Article while sitting on your chair in case you would come off because of your roar with laughter.
For an overview about the #35C3-Congress in General, or where you can find all Livestreams from this Talk as well from other important ones, please click here.
Did you fall off from your chair? We hope you didn't get hurt.
This is the full Talk you can watch via YouTube but to understand what they got achieved, we will include the most important Slides in a summary.
While previous Achievements in both the "User Processes" (this is the Part about past Projects like "HENkaku" and the "Web-Exploit" in General) and the "System Processes" (which allowed you to use your PSP Backups or Homebrew for example) - but also the "ARM TrustZone" were already successfully "infiltraded" by various Developers - Developer @DaveeFTW explains, how they got achieved to break into both the "F00D Kernel" and "F00D Loader". "F00D" is the "Security Co-Processor" inside the PlayStation Vita. While the "F00D Kernel" contains all the "Content Keys" to protect secure assets such as from Game Titles or System Firmwares, the "F00D Loader" contains the "Meta Keys" which protect the "Content Keys" allowing the System to revoke compromised "Content Keys". And by understanding both the "Hardware Architecture" together with the "Software Design and [it's] Implementation", he describes his method how to examine his "Attacking Surface" to break into the "Security Processor". And by tinkering with the "Private Memory" by checking each "byte by byte", they was able built a Model from the "F00D SRAM" to get a "Plain Text" from the Kernel, as they call it the "Octopus Exploit" (but they please you not to ask why it's called like that ). With this result, they was able to analyse the Kernel more deeper.
While @yifanlu takes the Stage talking about his various "Hardware Achievements", which is better explained at the Video from this Talk as mentioned above, "The Way was Clear" to get access to the "last piece of the puzzle", which was the "F00D-Loader". And with access to that, they was also able to find a Vulnerability to get the "SHA256-Hash from the Bootrom". Dumping the "Bootrom" wasn't so interesting - according to @yifanlu - due to the fact that there are no useful Keys included inside. And the "Attacking Surface" wasn't so huge compared to the "F00D Kernel". But this wasn't so tragic since with this effort, they achieved to get Full Control of the PlayStation Vita by dumping every code inside the whole Console. This sounds already very promising since you have to understand that similar to the PS3-era, when someone gets "Full Access" to a Gaming Device, then the next question would be sooner or later: "What you can actually do with such power?" Well, this Thread here can't promise you anything but the chances are high that we can see not only a newer full "Kernel Exploit" for newer System Firmwares above >3.60 or >3.65, but it should give other Developers a easier platform to create newer Homebrew Releases or even a full-fledged Custom Firmware. How you ask? Just take the PS4 as an example, where a "Full Access" is still not provided (by the Time of writing this Article) but even with less Achievements, the side-effect is still sadly Piracy and creating Homebrew is more difficult compared to play your Backups. The PlayStation Vita has a few more Homebrew Releases but the Limitations where still there for many tasks. This could change now but we aren't finished yet with this Article. Now we are getting to the fun part.
Remember the Talk from fail0verflow regarding the PS3 back at #27C3 eight years ago, where they showed the world how "unsecured" the PS3 was at the end with such an cryptographic "Epic Fail" by choosing a "supposed to be random number" the same everytime for signing their SELF-Executables? Sure you remember. And while @yifanlu sums up their Conclusions to both how good the Team from Sony secured this System after such a fiasco with the PS3 while it wasn't such a success for them regarding the Sales of the PlayStation Vita (he even mentioned many things Sony did right with the PSVita, which they didn't for the PS4), he explains that: "Not everyone is Perfect" - while a big "BUT..." is displayed in one of his slides. He admits that: "there is a slight issue in their choice of [the] bootloader encryption key", while he adds the important Tasks of such a key, namely to protect "every other key in[side] the system." So you could see this as a "Master Key." Further on he explains that after they dumped the "Bootrom", they tried to find such a "Master Key" and while the audience is already chuckling as he moves forward to his next Slide, he explains that Sony decided to fill up their "Master Key" with a single byte repeating all the time. Yes you read it right. And by hinting this byte with the Packshot from a Battery-Package including 16x AA-Batteries, he wants to inform you that this "Master Key" is as follows: AA AA AA AA AA AA AA AA - or 0xAA in "Hexadecimal". Yes, this isn't a typo and you are probably speechless like the Audience was (one Question after the Talk was indeed if "this was a Joke!?!?" ). @yifanlu also explains how they was surprised with such a Cryptographic Failure Sony did again since they thought this was just the Code from a Debug Non-Retail Device after they brute-forced this at first but then they realized that this was the "Real Deal" which means that both every PlayStation Vita and PlayStation TV (yes this works for the "PSTV" as well, as asked by one of the Audience's Question) which got sold shares this simple "Master Key". Is there something more to say?
Here you will find several Releases based on the Achievements showed at this Great Talk.
Several "F00D Keys" released by @Mathieulh on "HENkaku Development Wiki"
Developer @theflow0 teases a new "hack" for System Firmware 3.69 in 2019
Developer @pomfpomfpomf3 (from @TeamMolecule) published their "MeP Emulator" together with a "Compiler", which was also mentioned inside the Presentation giving support for "remote debugging"
Developer @DaveeFTW wrote a whole blog post about their Talk at #35C3 with additional details where he didn't have the time to talk about.
We hope that you enjoyed our coverage from this second important Talk at 35C3. Feel free to discuss your opinions about today's Talk in the Comments Section down below. Unlike yesterday's Talk, we are pretty sure here that the PSVita will see very bright days in the near future.
The whole Talk can be found here: media.ccc.de
Twitter: @yifanlu / Twitter: @DaveeFTW / Twitter @TeamMolecule
Bootrom glitching scripts + various SCE decryption units: @GitHub
PS VITA / PS TV Huge Vita News from #35C3- @yifanlu & @DaveeFTW presents their Talk "Viva la Vita Vida"
By Roxanne on Dec 29, 2018 at 5:35 PM
[UPDATE] PS3HEN v2.1.1 - View latest changes to the PS3 Exploit for SuperSlims & nonCFW modelsUPDATE (5-20-2019): Version 2.1.1 has been released.
See below for additional Details!
Here is v2 of the latest PS3 Hack to hit the PS3 Scene with the recent release of PS3HEN. This exploit for nonCFW console's provides homebrew support and a number of Custom Firmware intangibles for those console that can not install a traditional CFW, with those being lat production PS3 Slim models and all of the SuperSlim Consoles. While this is a tremendous release and breakthrough the information behind PS3HEN has been lacking and has served more questions then answers that could be provided. This is due in the way this was delivered and presented. We paused the reporting this on the frontpage until we were pleased with the documentation. So we took it upon ourselves to get the ball rolling on a new PS3HEN F.A.Q. detailing various aspects and info that will be useful for PS3HEN user's. Also we have started forming the PS3HEN Homebrew & Plugin Compatibility Chart
Version 2.x.x has come with a number of new additions for a better experience. Some of the new changes provide full PS3ISO Support ,As well as full BDISO and DVDISO support has been added, plus new improvements to PS3HEN's stabiliContinue reading
Trinity Exploit for PS Vita System Firmwares 3.69 & 3.70 released by TheFloW!Following up after the Announcement from @TheFloW back at the End of March this year, today @TheFloW "let the cat out of the bag" by releasing his newest Jailbreak for the PlayStation Vita, which will allow you to jailbreak both your PlayStation Vita and PlayStation TV even on the newest System Firmwares 3.69 and 3.70 (which weren't able to jailbreak before). But not only that. While you can jailbreak your Devices on the specific System Firmwares mentioned before, you can also Downgrade your PlayStation Vita / TV to a lower Firmware to get the full potential of your Device like with the famous Hacks and Exploits on System Firmware 3.60 (such as HENkaku and modoru) and 3.65/3.67/3.68 (such as h-encore). So while you have been probably already prepared for this release back at the first announcement, together with the fact that @TheFloW was so kind to release his final Jailbreak even earlier as previous announced, we won't keep you on tenterhooks anymore. Here is everything you need to know.
RPCS3 (PS3 Emulator) - March 2019 Progress Report - Native support for DualShock 3 ControllerMonth after Month, the Great Time behind the RPCS3 PS3 Emulator shows more and more improvements in their work for their PS3 Emulator. As they did of course for March 2019, which you can check at their newest Progress Report. In fact, maybe this month is a little bit too technical when reading through their Release Notes but don't worry. You will again realize how good this PS3 Emulator became and how it is getting even better month after month. But one new improvement we have to stick out is the new Native Support for the DualShock 3 Controller when used within RPCS3. You might be wondering, why this new implementation comes so late? Well, there was already a full of third-party drivers but each of them weren't working perfectly. But the Team behind RPCS3 wanted to give you the best experience for playing your PS3 Game Titles. So, since you probably played your PS3 Games Titles with the Original DualShock 3 Controller on your Original PS3 Hardware, they thought about to allow the same on your PC while playing your favourite PS3 Game Titles using RPCS3. So they implemented a native support for the DualShock 3 Controller, as you would use it on your original PS3 Hardware. Kinda neat isn't it?Continue reading
Share This Page
- henkaku homebrew
- playstation 2
- playstation 2 resources
- playstation portable
- playstation portable cfw
- playstation portable resources
- playstation tv
- ps vita
- ps2 emulator
- ps2 resources
- ps3 cfw
- ps3 han
- ps3 homebrew
- ps4 homebrew
- psp cfw
- psp emulator
- psp resources
- pstv homebrew
- vita homebrew
- webman mod
- xmb mod
- User Record:
- Latest Member: