Following up with their announcement that they will introduce their Achievements in "Vita Hacking" at the #35C3-Congress, both Developers @yifanlu and @DaveeFTW from @TeamMolecule today presented their Talk: "Viva la Vita Vida". And in this Thread, you will learn what they got achieved with their Hacks but also what this means for the Community of "Vita Hacking" in future. And to "spoil" you a little bit, we recommend that you will read this Article while sitting on your chair in case you would come off because of your roar with laughter.
For an overview about the #35C3-Congress in General, or where you can find all Livestreams from this Talk as well from other important ones, please click here.
Did you fall off from your chair? We hope you didn't get hurt.
This is the full Talk you can watch via YouTube but to understand what they got achieved, we will include the most important Slides in a summary.
While previous Achievements in both the "User Processes" (this is the Part about past Projects like "HENkaku" and the "Web-Exploit" in General) and the "System Processes" (which allowed you to use your PSP Backups or Homebrew for example) - but also the "ARM TrustZone" were already successfully "infiltraded" by various Developers - Developer @DaveeFTW explains, how they got achieved to break into both the "F00D Kernel" and "F00D Loader". "F00D" is the "Security Co-Processor" inside the PlayStation Vita. While the "F00D Kernel" contains all the "Content Keys" to protect secure assets such as from Game Titles or System Firmwares, the "F00D Loader" contains the "Meta Keys" which protect the "Content Keys" allowing the System to revoke compromised "Content Keys". And by understanding both the "Hardware Architecture" together with the "Software Design and [it's] Implementation", he describes his method how to examine his "Attacking Surface" to break into the "Security Processor". And by tinkering with the "Private Memory" by checking each "byte by byte", they was able built a Model from the "F00D SRAM" to get a "Plain Text" from the Kernel, as they call it the "Octopus Exploit" (but they please you not to ask why it's called like that ). With this result, they was able to analyse the Kernel more deeper.
While @yifanlu takes the Stage talking about his various "Hardware Achievements", which is better explained at the Video from this Talk as mentioned above, "The Way was Clear" to get access to the "last piece of the puzzle", which was the "F00D-Loader". And with access to that, they was also able to find a Vulnerability to get the "SHA256-Hash from the Bootrom". Dumping the "Bootrom" wasn't so interesting - according to @yifanlu - due to the fact that there are no useful Keys included inside. And the "Attacking Surface" wasn't so huge compared to the "F00D Kernel". But this wasn't so tragic since with this effort, they achieved to get Full Control of the PlayStation Vita by dumping every code inside the whole Console. This sounds already very promising since you have to understand that similar to the PS3-era, when someone gets "Full Access" to a Gaming Device, then the next question would be sooner or later: "What you can actually do with such power?" Well, this Thread here can't promise you anything but the chances are high that we can see not only a newer full "Kernel Exploit" for newer System Firmwares above >3.60 or >3.65, but it should give other Developers a easier platform to create newer Homebrew Releases or even a full-fledged Custom Firmware. How you ask? Just take the PS4 as an example, where a "Full Access" is still not provided (by the Time of writing this Article) but even with less Achievements, the side-effect is still sadly Piracy and creating Homebrew is more difficult compared to play your Backups. The PlayStation Vita has a few more Homebrew Releases but the Limitations where still there for many tasks. This could change now but we aren't finished yet with this Article. Now we are getting to the fun part.
Remember the Talk from fail0verflow regarding the PS3 back at #27C3 eight years ago, where they showed the world how "unsecured" the PS3 was at the end with such an cryptographic "Epic Fail" by choosing a "supposed to be random number" the same everytime for signing their SELF-Executables? Sure you remember. And while @yifanlu sums up their Conclusions to both how good the Team from Sony secured this System after such a fiasco with the PS3 while it wasn't such a success for them regarding the Sales of the PlayStation Vita (he even mentioned many things Sony did right with the PSVita, which they didn't for the PS4), he explains that: "Not everyone is Perfect" - while a big "BUT..." is displayed in one of his slides. He admits that: "there is a slight issue in their choice of [the] bootloader encryption key", while he adds the important Tasks of such a key, namely to protect "every other key in[side] the system." So you could see this as a "Master Key." Further on he explains that after they dumped the "Bootrom", they tried to find such a "Master Key" and while the audience is already chuckling as he moves forward to his next Slide, he explains that Sony decided to fill up their "Master Key" with a single byte repeating all the time. Yes you read it right. And by hinting this byte with the Packshot from a Battery-Package including 16x AA-Batteries, he wants to inform you that this "Master Key" is as follows: AA AA AA AA AA AA AA AA - or 0xAA in "Hexadecimal". Yes, this isn't a typo and you are probably speechless like the Audience was (one Question after the Talk was indeed if "this was a Joke!?!?" ). @yifanlu also explains how they was surprised with such a Cryptographic Failure Sony did again since they thought this was just the Code from a Debug Non-Retail Device after they brute-forced this at first but then they realized that this was the "Real Deal" which means that both every PlayStation Vita and PlayStation TV (yes this works for the "PSTV" as well, as asked by one of the Audience's Question) which got sold shares this simple "Master Key". Is there something more to say?
Here you will find several Releases based on the Achievements showed at this Great Talk.
Several "F00D Keys" released by @Mathieulh on "HENkaku Development Wiki"
Developer @theflow0 teases a new "hack" for System Firmware 3.69 in 2019
Developer @pomfpomfpomf3 (from @TeamMolecule) published their "MeP Emulator" together with a "Compiler", which was also mentioned inside the Presentation giving support for "remote debugging"
Developer @DaveeFTW wrote a whole blog post about their Talk at #35C3 with additional details where he didn't have the time to talk about.
We hope that you enjoyed our coverage from this second important Talk at 35C3. Feel free to discuss your opinions about today's Talk in the Comments Section down below. Unlike yesterday's Talk, we are pretty sure here that the PSVita will see very bright days in the near future.
The whole Talk can be found here: media.ccc.de
Twitter: @yifanlu / Twitter: @DaveeFTW / Twitter @TeamMolecule
Bootrom glitching scripts + various SCE decryption units: @GitHub
PS VITA / PS TV Huge Vita News from #35C3- @yifanlu & @DaveeFTW presents their Talk "Viva la Vita Vida"
By Roxanne on Dec 29, 2018 at 5:35 PM
Milestone Update for Orbital - An PS4 Emulator by @AlexAltea - now with (very first) Video Output!Nearly a year ago, Developer @AlexAltea showcased us an early-stage Version from his own PS4 Emulator called Orbital. The very first Version was on a minimal stage by running several code examples on a Terminal within Linux only but this was already impressive since as you probably know, both the PS4 and standard Computers shares the same x86 CPU Architecture. But the CPU isn't the only thing the PS4 shares with a standard PC. Since you need also a lot of GPU Power to run your Games on a Console for General, it is getting quite usual that those big players like NVIDIA or AMD are collaborating with the Console Manufacturers to deliver them with special-designed Graphics Processing Units for the Consoles you own. Even when we talk about "Special" GPU's, you already recognized by yourself that if you go further in newer Console Generations, you realized that the internal GPU used inside each Console is having more and more similarities compared to a standard GPU. With that result in mind, Developer @AlexAltea showcased yesterday that his Emulator Orbital is capable of running the Safe Mode of the PS4 together with getting a Video Output from that mentioned Safe Mode as well, which leads to the point that his Emulator showcased the very first Video Output from a PS4 emulated by a PC! Do I have to say more? Continue reading
4.84.3 STARBUGED (w/ COBRA 8.01) - New update in from Habib
Following the introduction of 4.84 STARBUGED CFW for the PS3, which also gave us the introduction of Cobra v8.0x from developer @habib, Has now followed up that cfw release with 4.84.3 STARBUGED (w/ Cobra 8.01) that contains some more candy for the scene. As the developer has provided new features once again with this update with the ability to Hardcode Kernel Plugins, which can be useful for things like MAMBA (a Cobra Alternative) as it can not be ran as a kernel plugin. Down below you will see the technical aspects of what this update has provided from Ps3 CFW Developer @habib.
RPCS3 (PS3 Emulator) - January 2019 Progress Report (+ useful Extras and Tools)A new Year, a new Progress Report begins. Kinda late for March, I know and yes it's not the first time I use this excuse for being such late. But the Team behind this wonderful PS3 Emulator RPCS3 thought about that instead of bringing you a monthly updated Progress Report only this time - which still shows some impressive Progress from each Month if you ask me - they decided that it would be a good start for the first Progress Report of 2019 to release some additional Tools together with the January 2019 Progress Report. So while you can enjoy their Progress for January both down below and on their Blog post (also linked down below), the Team behind RPCS3 teased several Tweets about their additional Achievements they did since the beginning of this year. You want an example? Well, maybe you didn't know about but since RPCS3 also supports a Basic Network Functionality, it will allow you not only to emulate some AAA Game Titles. It can be also useful to emulate other Non-Gaming Applications and various Media Applications as well. So there is no problem at all to watch some Videos using the official YouTube-Applications for PS3 via RPCS3, viewing the newest Episode from you favourite Anime Series on Crunchyroll or why not enjoying a full-length Hollywood Blockbuster on Netflix, for instance. How cool is that?Continue reading
Share This Page
- henkaku homebrew
- homebrew game
- playstation 2
- playstation 2 resources
- playstation portable
- playstation portable cfw
- playstation portable resources
- playstation tv
- ps vita
- ps2 emulator
- ps2 resources
- ps3 cfw
- ps3 homebrew
- ps3xploit 3.0
- psp cfw
- psp emulator
- psp resources
- pstv homebrew
- vita homebrew
- webman mod
- User Record:
- Latest Member: