Following up with their announcement that they will introduce their Achievements in "Vita Hacking" at the #35C3-Congress, both Developers @yifanlu and @DaveeFTW from @TeamMolecule today presented their Talk: "Viva la Vita Vida". And in this Thread, you will learn what they got achieved with their Hacks but also what this means for the Community of "Vita Hacking" in future. And to "spoil" you a little bit, we recommend that you will read this Article while sitting on your chair in case you would come off because of your roar with laughter.
For an overview about the #35C3-Congress in General, or where you can find all Livestreams from this Talk as well from other important ones, please click here.
Did you fall off from your chair? We hope you didn't get hurt.
This is the full Talk you can watch via YouTube but to understand what they got achieved, we will include the most important Slides in a summary.
While previous Achievements in both the "User Processes" (this is the Part about past Projects like "HENkaku" and the "Web-Exploit" in General) and the "System Processes" (which allowed you to use your PSP Backups or Homebrew for example) - but also the "ARM TrustZone" were already successfully "infiltraded" by various Developers - Developer @DaveeFTW explains, how they got achieved to break into both the "F00D Kernel" and "F00D Loader". "F00D" is the "Security Co-Processor" inside the PlayStation Vita. While the "F00D Kernel" contains all the "Content Keys" to protect secure assets such as from Game Titles or System Firmwares, the "F00D Loader" contains the "Meta Keys" which protect the "Content Keys" allowing the System to revoke compromised "Content Keys". And by understanding both the "Hardware Architecture" together with the "Software Design and [it's] Implementation", he describes his method how to examine his "Attacking Surface" to break into the "Security Processor". And by tinkering with the "Private Memory" by checking each "byte by byte", they was able built a Model from the "F00D SRAM" to get a "Plain Text" from the Kernel, as they call it the "Octopus Exploit" (but they please you not to ask why it's called like that ). With this result, they was able to analyse the Kernel more deeper.
While @yifanlu takes the Stage talking about his various "Hardware Achievements", which is better explained at the Video from this Talk as mentioned above, "The Way was Clear" to get access to the "last piece of the puzzle", which was the "F00D-Loader". And with access to that, they was also able to find a Vulnerability to get the "SHA256-Hash from the Bootrom". Dumping the "Bootrom" wasn't so interesting - according to @yifanlu - due to the fact that there are no useful Keys included inside. And the "Attacking Surface" wasn't so huge compared to the "F00D Kernel". But this wasn't so tragic since with this effort, they achieved to get Full Control of the PlayStation Vita by dumping every code inside the whole Console. This sounds already very promising since you have to understand that similar to the PS3-era, when someone gets "Full Access" to a Gaming Device, then the next question would be sooner or later: "What you can actually do with such power?" Well, this Thread here can't promise you anything but the chances are high that we can see not only a newer full "Kernel Exploit" for newer System Firmwares above >3.60 or >3.65, but it should give other Developers a easier platform to create newer Homebrew Releases or even a full-fledged Custom Firmware. How you ask? Just take the PS4 as an example, where a "Full Access" is still not provided (by the Time of writing this Article) but even with less Achievements, the side-effect is still sadly Piracy and creating Homebrew is more difficult compared to play your Backups. The PlayStation Vita has a few more Homebrew Releases but the Limitations where still there for many tasks. This could change now but we aren't finished yet with this Article. Now we are getting to the fun part.
Remember the Talk from fail0verflow regarding the PS3 back at #27C3 eight years ago, where they showed the world how "unsecured" the PS3 was at the end with such an cryptographic "Epic Fail" by choosing a "supposed to be random number" the same everytime for signing their SELF-Executables? Sure you remember. And while @yifanlu sums up their Conclusions to both how good the Team from Sony secured this System after such a fiasco with the PS3 while it wasn't such a success for them regarding the Sales of the PlayStation Vita (he even mentioned many things Sony did right with the PSVita, which they didn't for the PS4), he explains that: "Not everyone is Perfect" - while a big "BUT..." is displayed in one of his slides. He admits that: "there is a slight issue in their choice of [the] bootloader encryption key", while he adds the important Tasks of such a key, namely to protect "every other key in[side] the system." So you could see this as a "Master Key." Further on he explains that after they dumped the "Bootrom", they tried to find such a "Master Key" and while the audience is already chuckling as he moves forward to his next Slide, he explains that Sony decided to fill up their "Master Key" with a single byte repeating all the time. Yes you read it right. And by hinting this byte with the Packshot from a Battery-Package including 16x AA-Batteries, he wants to inform you that this "Master Key" is as follows: AA AA AA AA AA AA AA AA - or 0xAA in "Hexadecimal". Yes, this isn't a typo and you are probably speechless like the Audience was (one Question after the Talk was indeed if "this was a Joke!?!?" ). @yifanlu also explains how they was surprised with such a Cryptographic Failure Sony did again since they thought this was just the Code from a Debug Non-Retail Device after they brute-forced this at first but then they realized that this was the "Real Deal" which means that both every PlayStation Vita and PlayStation TV (yes this works for the "PSTV" as well, as asked by one of the Audience's Question) which got sold shares this simple "Master Key". Is there something more to say?
Here you will find several Releases based on the Achievements showed at this Great Talk.
Several "F00D Keys" released by @Mathieulh on "HENkaku Development Wiki"
Developer @theflow0 teases a new "hack" for System Firmware 3.69 in 2019
Developer @pomfpomfpomf3 (from @TeamMolecule) published their "MeP Emulator" together with a "Compiler", which was also mentioned inside the Presentation giving support for "remote debugging"
Developer @DaveeFTW wrote a whole blog post about their Talk at #35C3 with additional details where he didn't have the time to talk about.
We hope that you enjoyed our coverage from this second important Talk at 35C3. Feel free to discuss your opinions about today's Talk in the Comments Section down below. Unlike yesterday's Talk, we are pretty sure here that the PSVita will see very bright days in the near future.
The whole Talk can be found here: media.ccc.de
Twitter: @yifanlu / Twitter: @DaveeFTW / Twitter @TeamMolecule
Bootrom glitching scripts + various SCE decryption units: @GitHub
PS VITA / PS TV Huge Vita News from #35C3- @yifanlu & @DaveeFTW presents their Talk "Viva la Vita Vida"
By Roxanne on Dec 29, 2018 at 5:35 PM
[Update] multiMAN 04.85.01 - Official Update from deank adds 4.83-4.85 CFW Support + PS3HEN SupportUPDATE 04.85.01 - Improved PS3HEN Support Added
Original: Appears that developer @deank has pushed an official update for the popular PS3 Homebrew known as multiMAN (or mM). We have not seen an official update since firmware 4.82 (albeit from some unofficial modified version, that were not ideal), there was not much of a need for an update since the previous official update of 4.82 worked fine as is on 4.83 /4.84 / 4.85. In that time Sony's changes in 4.8x era of firmware were minimal and presented little changes for the PS3. The only thing that was missing was firmware detection of 4.83 and greater, as it was impossible for the application to know the offsets of future firmware's. However, deank quietly pushed an update via the applications online update. This new update provides official support for CFW 4.83 - 4.85 which will recognize and properly fix the cosmetic issue and display the new firmware presents.
Other then that its the same old classic multiMAN, which is not a bad thing as this was and still is an iconic applications for the PS3. This powerful Homebrew is packed with tons of functionality for your cfw enabled PS3, Regarding support for PS3HEN user's I am not sure as of writing this if this version supports PS3HEN fully, (see 04.85.01 update) nothing is mentioned so we should not assume. On brewology there is an unofficial multiMAN 4.84 PS3HEN version (* in previous releases), but not sure how compatible many of the feature are (maybe we could have user's comment below with some feedback regarding ps3hen) PS3HEN user's in general should also realize that many PS3 Homebrew apps were created with CFW in mind. so there can be compatibility issue with some features..Note that ManaGunZ is supporting PS3HEN w/ a special PS3HEN mode that will disable the CFW features.Continue reading
[New PS2 Exploit] Hacking the PS2 using Yabasic on (PAL) demo disc ( by Cturt )The PlayStation 2 is still in the cross-hairs for many developer's in the homebrew scene, hacker Cturt known for his work with PlayStation 4 exploits has turned his attention to the PS2. The motive for this exploration was to provide a "slightly more convenient" way to execute homebrew on the PS2 and also with the newer consoles being hacked via webkit exploitation and the PAL models Ps2 demo disc that contain Yabasic, the hacker seen the potential and now that potential has came to fruition with the release of this write up of exploiting a PS2 with Yabasic on a PS2 Demo Disc in PAL regions. The developer states in NTSC there may be a future solution (as mentioned in the conclusion of the writeup)Continue reading
[UPDATE] PS3HEN v3.0.0 - View latest changes to the PS3 Exploit for SuperSlims & nonCFW models4.85.1 HFW post by @Joonie
UPDATE (10-17-2019): Version 3.0.0 has been released.
See below for additional Details!
See also: The Great PS3 HEN All in One (AIO) Guide
Here is v3 of the latest PS3 Hack to hit the PS3 Scene with the recent release of PS3HEN. This exploit for nonCFW console's provides homebrew support and a number of Custom Firmware intangibles for those console that can not install a traditional CFW, with those being lat production PS3 Slim models and all of the SuperSlim Consoles. While this is a tremendous release and breakthrough the information behind PS3HEN has been lacking and has served more questions then answers that could be provided. This is due in the way this was delivered and presented. We paused the reporting this on the frontpage until we were pleased with the documentation. So we took it upon ourselves to get the ball rolling on a new PS3HEN F.A.Q. detailing various aspects and info that will be useful for PS3HEN user's. Also we have started forming the PS3HEN Homebrew & Plugin Compatibility Chart
Version 3.x.x has come with a number of new additions for a better experience. Some of the new changes provide full PS3ISO Support ,As well as full BDISO and DVDISO support has been added, plus new improvements to PS3HEN's stabiliContinue reading
Share This Page
- henkaku homebrew
- playstation 2
- playstation 2 resources
- playstation portable
- playstation portable cfw
- playstation portable resources
- playstation tv
- ps vita
- ps2 resources
- ps3 cfw
- ps3 homebrew
- ps4 homebrew
- psp cfw
- psp resources
- pstv homebrew
- vita homebrew
- webman mod
- xmb mod
- User Record:
- Latest Member:
- M'aiq The Liar