PS Vita Exploit confirmed, HBL on its way

Last week, an exploit on the PS Vita through the PSP emulator was announced by Mamosuke. The exploit was found by Teck4, and, we won’t stress it enough, is a PSP exploit that gives us user mode access within the PSP emulator on the Vita. So this is not a Vita exploit per se, but it’s still very cool. Mamosuke confirmed this with a video a few days ago, and today I was able to confirm the exploit myself as shown in the video below (and I must admit that I spent way too much time working on that basic flame effect). The video below shows the exploit running on both a PSP 1000 and the PS Vita.

Here’s also a screenshot since there is not autofocus on my stupid camera

I spent a good amount of time today confirming some of my hopes that it will be possible to run HBL, at least to some extent, with that exploit. It doesn’t mean I have ported HBL to the Vita yet, but I have strong hopes this will be possible. A handful of hackers are working on bringing HBL to the Vita (I won’t mention their names here as I don’t know if they want to be contacted on the subject), and it should be “relatively” easy to get something to work fairly soon. (It should be noted though that the Vita is quite sensitive and crashed on me several times when it went into “sleep” mode from the exploit screen… from there – am I just paranoid? – it seems it is impossible to reboot the machine for almost 10 minutes, which made me think I had bricked my vita… could it be a anti-hacking security? If the console detects several crashes, it takes longer to boot, in order to prevent brusteforce types of attacks?)

I won’t discuss any release yet, it doesn’t depend on me only (this is, after all, Teck4′s exploit), but if I have my opinion to give on the subject, I would suggest to wait until the Vita is released in Europe and in the US. This gives us some time to polish HBL on this device, and hopefully the vulnerabilities we use to run HBL won’t have been patched by then.

This is of course just a challenge with little to no practical interest… once we publicly reveal the exploit (in particular, the game used in it), it will be extremely easy for Sony to patch it (or remove the game from the Playstation Store), so probably only a few people will be able to benefit from it… but only time will tell, there is still hope, after all, that Sony doesn’t care about a tool that allows us to run user mode psp homebrews in a sandboxed emulator.

  1. Ido’s avatar

    First ps vita bricked? wow, hbl on the rocks again \o/

    Reply

  2. wachu’s avatar

    Now all I need is Vita itself.

    Wololo, if you manage to get it working please do not share it with the world yet, because SONY will patch it on 22th february’s PSVs

    Reply

  3. Alpha’s avatar

    @Wololo. Why is it that you never seem to find any “exploits” yourself or do you just simply let the rest of the “hacking” community do it because you are busy with life. I am just trying to say that someone with your expertise decides only to work on small projects (Like HBL) and usually just test “things” when you know yourself (And I think I know) you can do much more to contribute (If you have a job or family, then I understand).

    Reply

    1. wololo’s avatar

      Apologies in advance for the long reply, there’s lots of things I have to say on that subject :)

      I’d say I provide my expertise where it is needed. what pissed me off in the scene at some point was how secretive people were. The people who “know” how to do stuff never wanted to share their knowledge. It shocked me that no tutorial existed on how to find an exploit in game on the PSP, while it’s a very simple technique.
      So I think my most important contribution to the scene are the articles I wrote about finding exploits. I’m convinced that all the user mode game exploits that were found in the past year (minna no golf, patapon, minna no sukkiri, and the one used here in the vita) are the direct result of my blog article explaining how to write a binary loader.
      So, I could give a “fish” to the scene and look for exploits myself, or I could do what I did: teach people how to catch fishes by themselves. There’s a reason you see my name in the credits of every single “hello world” that was publicly released in the past 24 months, you know :)
      I’d say this is how I contribute :)

      Here I’m testing Teck4′s exploit, but don’t get things wrong, he only gave me the name of the game, and I had to do the rest myself (to prove myself I’m not too rusty).

      I do have a job and a family, so my free time is fairly limited (took me the whole day today to confirm this exploit and write the blog article). I also want to add that my main goal for hacking the PSP (besides the fun) is to get my game “Wagic” to run on it (as many models as possible). Wagic is now more than 100’000 lines of code, and is probably my most important contribution to the scene to date. I’d say I’m kind of “in between” homebrew programmers (who have no clue how to hack) and pure hackers (who don’t really care about homebrews)

      I don’t think HBL is a “small” project, it’s actually a massive piece of code with lots of technical problems to solve. It is also a project I value a lot because it doesn’t allow piracy.

      I also want to emphasize that I’m not as great as many devs around here. I tried many times to look for kernel exploits for example, but always gave up given the amount of work this represents. another example is the works on cryptography that were made to hack the PS3, or sign PSP homebrews… I got lost fairly quickly on those too. Usually by the time I understand how these things work, someone already came up with a tool to solve the issue :)

      But it’s not like I never contributed either. Either indirectly with my tutorials, or directly when I ported HBL to the patapon exploit, or helped (a lot!) making HBL more portable to other game exploits. We wouldn’t be able to port HBL within a few weeks to a new exploit if it wasn’t for my work. I also made some tiny contributions here and there, unblocking some key problem for the signing of psp homebrews at some point too (relocation issues).

      Haha, I’m not even sure I answered your post correctly :D

      Reply

      1. Guardian’s avatar

        Vote for President Wololo! You completely bought me with that speech, we need a video game president, that guy is Wololo!

        Reply

      2. Alpha’s avatar

        Ok. Thank you for your detailed reply (Like always) :). It just seems your a busy man who actually has a beautiful life (Family) to contribute all your time too (Make sure it stays this way). Best wishes. :)

        Reply

        1. Guardian’s avatar

          I wish I had a life :(

          Reply

          1. Alpha’s avatar

            Don’t feel bad. If it makes you feel better I’m still discovering mine :).

          2. Guardian’s avatar

            @ Alpha, not to be mean or anything, but that you are discovering yours does not help me at all, still I wish I had a life. ja ja ja ja Just kidding, it makes me happy you are discovering yours, even though I don’t know who you are.

      3. svenn’s avatar

        I loll’d when he said when you only worked on smaller project like HBL and Wagic.

        I work on small project. That is a black box and 1 image hopping on my psp. Wagic and HBL are not small project, nether is keeping a blog like this up-to-date.

        Reply

        1. KID 0/Alpha/*BANNED*’s avatar

          I didnt mention Wagic as a small project, did I? And HBL is a small project compared to CFW’s (Read properly before you start critisizing next).

          Reply

    2. Kirby1997’s avatar

      If you checked this blog daily for as long as I have you would have realised that Wololo is a very busy man. He is not young and does not have lots of spare time. He has “Wololo 2.0″ Coming along XD. Maybe you should read earlier blog posts before criticising the most important people in the PSP scene…

      Reply

      1. Alpha’s avatar

        Ok. Ass Hole :)

        Reply

  4. jlo138’s avatar

    Wow, this actually had me laughing. Simply because Sony tries so hard to prevent these things and they just can’t win can they… Honestly, I don’t want them to. They make excellent products though. The only problem is they sell them to you and they still own them.

    @Wololo, have you seen this “WAGiC” picture I made for you yet? http://www.megapix.com/?p=KFTC210Y. I left it quite simple so someone with greater photoshop experience can do as they wish to make it better. I posted it in the forums and won a contest with it but the hosts of that contest apparently were fakers. They never contacted me for my so called prize.

    I did something similar here http://www.megapix.com/?p=U84IKD7A for a guy on youtube. He owns a video game store called “Level 1 Games”.

    Reply

    1. wololo’s avatar

      Thanks for the art… although in all honesty I’m not sure where/how we would be using it in Wagic… the existing logo is very cool and was done by a professional designer too. For Wagic currently we would be more looking for heroic -fantasy art to illustrate the cards. The kind of work that takes loads of time :)

      Reply

      1. jlo138’s avatar

        I understand. I’m not that type of artist/designer so I just ported the Wagic name to my work. Lol, that was funny. I know it doesn’t exactly fit into the theme but it doesn’t need to be incorporated into anything. I do these things for fun because I want to do them. The other one I did for the guy on YouTube never knew I was doing that until I sent it to him.

        Reply

  5. zabuza’s avatar

    @wololo. Man you should have seen the smile on my face when ı first used HBL to play good old retro games like nes since ı m a psp3000 owner it was the first time that ı was able to use homebrews on my psp and ı used HBL for a long time until of course tn hen was released but my point is it really is a big project think about it this way: ı used it for a long time and now hopefully vita owners are going to benefit from it. Awesome job thanks again for your controbution to psp scene

    Reply

  6. StupidCodes’s avatar

    Is HBL for Vita really confirmed? And Why do you have to put flame effects? lol

    Reply

    1. wololo’s avatar

      What I confirmed is that potentially HBL can run if we port it, the Vita will not prevent us from running homebrews. Now HBL needs to be ported, and maybe we will find problems along the way, but I don’t foresee any given what I know currently.

      The flame effects was for fun, I was tired of the “snowflakes” effect, and remembered the Noobz Era: http://www.noobz.eu/joomla/images/stories/helloworld_illuminati.png (wow their effect is way better than mine)

      Reply

  7. Silw’s avatar

    Hey Wololo,

    i have a PS vita too (received few days ago) and i also work on it (some dev things) but different than what you are doing.

    Let me clarify some stuff about the PS vita hack and the possibility to exploit the PSP emu.

    The PS vita is totally different than the PSP or PS3, they make a new kernel and OS for the PS Vita with strong restrictions.

    I try to launch a PSP Demo on it, the PS vita sees this demo as a corrupted file, weird because the PSP demo is an official demo from the PSN store (eboot.pbp)

    as far as i know and also seen from my private works, when you launch the PS vita (a sub loader checks all the files and structures)…

    the PSP files need to be resigned with a private key/personal key of the PS Vita, it’s a unique key, this key is the validation to boot the program on the PS vita.

    let me you show an example .

    PSP ->Universal Sign Eboot -> Works on every PSP
    PS Vita -> Eboot -> sign with a unique key (the PS Vita one) -> only work on the PS vita including this key.

    hope i’m being clear, you can’t do anything without having your own key, a small part is based on the PS3 System but completely different to executing that… the PS Vita seems to have a stronger security than the PS3 but it can be easily hacked also… depends on what you do… i already explained that thing about the security system in the past.

    Sony prevents the hacking with more control of the product, the PS Vita is under one of the most hacking preventions… because only Sony can validate the execution of a program, all the things you do on the PS vita is logged in the place of the memory

    You can easily brick your PS vita but this is only a temporary brick, it’s just for the security of the PS vita, to prevent any brute force etc…

    if you press Power + volume -+ you can also make a glitch (debug test/mode for the PS vita) you can also get out from this mode by pressing power + playstation logo for a while after rebooting the PS Vita…

    About releasing an HBL for the PS vita, it’s better to do that now than later, because anyway , you would do nothing on the PS vita EU/US with this exploit, they validate every file you have on your PS vita when you connect the PS vita on the internet, the PS Vita euro/US will have a compulsory update in the beginning to validate all the files and to prevent the glitch debug too…

    Reply

    1. wololo’s avatar

      Thanks a lot for the details, this confirms some of the things I’ve mentioned here: http://wololo.net/wagic/2011/12/21/the-many-protections-of-the-playstation-vita/
      Edit: is the glicth mode something that happens only on firmware 1.0? I can’t seem to trigger anything “funny” by pressing power + the volume buttons

      Reply

      1. Silw’s avatar

        If you need any help, i will try my best to help you… because i don’t like the media manager system and don’t support the SDK PS Suite, and other things are limited to Windows and too closed.

        Oh yes i forgot to talk about the media manager of PS vita…

        Media manager is like iTunes version of Playstation, when you want to transfer a file, media manager asks the sony server, there is some weird spying with media manager.

        I found something interesting about the USB connectivity, you need to have linux and force to mount the memory card of the PS vita as a mass storage, it works but with read-only, it’s complicated because the PS Vita format the memory card with a special native system made by Sony, you can see the memory card but you can’t check the files/copy/past/write… i tried a small usb sniffing on Linux and i saw some weird activity between the memory card and the internet access.

        but i was not surprised because on my recent work with an anonymous company of video games (working on PS Vita) i saw that Sony asks the developer to use specific tools and to add some special authorization

        Reply

      2. Silw’s avatar

        About the glitch mode (it’s a debug mode) you need to press power + the 2 buttons of volume +/-

        Few PS Vita have this possibility to activate the glitch mode, it’s a manipulating error from the manufacturer to leave this option ON, they usually use this for some internal testing of the product.

        Reply

  8. Silw’s avatar

    Anyway Wololo, you have my email address, feel free to contact me ;)

    Reply

  9. Silw’s avatar

    OK few days ago a found a way with a PS3 CFW.

    the PS3 seems to recognize the PS Vita as a Unknown device (that remind mind the dongle/jig)

    if i can add the drivers of the PS Vita from the dump of the PS3 4.0 firmware and add this on the actual PS3 CFW, we can have the possibility to have more control on it.

    This is one of the best way, because the PS3 have a total control on the PS Vita with the last firmware.

    We can transfert everything between the PS3 and PS Vita ;)

    Reply

  10. Silw’s avatar

    Have a new entry on the Category_Game of the PS3 about the PS Vita

    -> seg_psp2appdata_vita

    Reply

  11. jlo138’s avatar

    Vita question. So you only need the memory stick for psn downloads right? So that means you should be able to download your already purchased psp and ps1 titles? Or is sony limiting this to the previous models?

    Reply

    1. Guardian’s avatar

      Sony is implementing this system in which you must register the games you have on your psp, then the software of the vita sends this info to Sony and you can download your already purchased games into the vita by paying a discount price, in other words, you have to buy them again.

      Reply

  12. rafael707’s avatar

    its good to know that you guys want to save the exploit until the europe and north america release.

    i just hope no one leaks the exploit/game until then.

    Reply

  13. black’s avatar

    soo,you could boot psp hb?fully working?
    for ex. emulators *.*

    Reply

  14. black’s avatar

    i mean,we instead of you :P sorry

    Reply

  15. Silw’s avatar

    Wololo when you see this message try to contact me ;)

    Reply

  16. dimy93’s avatar

    In my opinion Sony will only have benefits from HBl on the Vita. As we see it’s useless when we talk about any kind of piracy(well apart of downloading old snes and nes games).
    Btw one question that comes to my mind.
    Is the Vita psp emulator gives access to Vita’s touches as they are not part of PSP hardware but would be cool feature for some homebrews.

    Reply

  17. Silw’s avatar

    Ok have 2 way to enter on the glitch mode by holding power button + Vol +/- or by holding power + R button + logo PS but be carefull with that.

    Some PS Vita can’t back on normal mode, if you have this problem, try this.

    Hold Power + PS or Hold Power + L button + PS

    The glich mode = debug mode/internal testing product… don’t play that much with that… you can also check everything on this mode and not only a dolphin.

    Reply

    1. Guardian’s avatar

      Hey, what would happen if I stay or play with the glitch mode for too much time? OK forgive me for this, but what is user/glitch/factory or whatever the name of the mode it is, is and why is it so important, sorry, I am too ignorant and want too learn.

      Reply

  18. Asmith906’s avatar

    Hey wololo. I have two qustions.

    Can you put downloaded psp Demos on it like you could with psp. And can you put downloaded vita demos on it. Say if I downloaded a japanese demo and put it on my vita so I didn’t have to switch accounts
    \

    Reply

  19. Mapp’s avatar

    We are following your work, always write your progress on our website, congratulations

    Reply

  20. StupidCodes’s avatar

    I’ve been reading many articles from different Hacking sites. And many of the articles is about you(Wololo) and the VITA.

    http://www.psvitagen.fr/hack-wololo-confirme-faille-psp-emet-possibilite-eboot-loader-actualite-1337.html

    And this one makes me mad, because every time they post an article about hacking stuff, they always use a picture of a skull with pirate swords. This picture means “pirate” right?

    Reply

    1. silw’s avatar

      I’m a french dev but i would never help the website like Gen, i don’t go argue about the stupid Gen team and other stuff (trying to make money with the hacking and trying to steal the work of someone else)

      I prefer to stay anonymous and do my own work than contribute it to the people like that.

      Reply

  21. cscash241’s avatar

    can’t they wait for a us release first? what if they release an update that blocks the exploit and then the us version mobo can’t be downgraded?

    Reply

    1. cscash241’s avatar

      nvm this was before I actually read it

      Reply

  22. silw’s avatar

    I can tell more about how the PSP Emu work on PS Vita but not on public and it’s gonna be more complicate to use it than what you think.

    Reply

  23. silw’s avatar

    Ok last public information.

    The content manager don’t accept everything ! i saw some website talking shit about that, this is a untrue information, remember that the PS Vita checks every files.

    Eboot.pbp don’t exist anymore on the PS Vita ! don’t think about the Eboot.pbp psp ! forget about load eboot.

    The PSP Emu = 100% software checker that included new sign/cert and compression format… like i said Eboot is useless… the PS Vita have a new kernel… trying to execute a hello world it’s easy but trying to load something else doesn’t work, remember that the PS Vita include third-part of open-source program.

    Didn’t have a contact from Wololo or a friend who works on that… probably busy.

    But i find a way to exploit the PS Vita, you can launch everything… i would never revealed this method, it’s too easy and it’s the biggest fail from Sony and Content Manager (they can fix easily this problem)

    Have a second method but like i said, forget about loading something like on the PSP, it’s too much different, it’s not a simple PSP Emu too

    Reply

    1. wololo’s avatar

      Just sent you an email. I’ve been busy with Christmas preparations

      Reply

    2. wachu’s avatar

      What? You can launch everything ? Goodjob !

      Reply

    3. don17sch’s avatar

      would you be willing to email this method if we agree to keep it secret and don’t publish it?

      Reply

      1. wololo’s avatar

        1. There’s obviously no way he can trust a bunch of random strangers on the internet
        2. If his solution works and is as easy as he claims it to be, others will figure it out soon

        Reply

  24. dinho’s avatar

    Wow god job guys … if the hbl will be ready until 22 february , surly i`ll buy a ps vita . keep up the good work . i`m waiting for news .

    Reply

  25. 2die4’s avatar

    just waiting for the 22nd so i can get my hands on a vita going to keep it boxed up until its all exploited the hell out of

    Reply

  26. crisis718’s avatar

    its only the psp emulator but what if we could run an actual psp system 6.60 within the psp emulator we could make a dual boot system psp/vita or even better run the 2 with in vita –> psp, so that 6.60 can fully function we then can have full control of our own background system that we know for sure we can run our own shit then developers of apps,games,mods can not have to re-invent the wheel for there apps what if this is a psp but with upgraded hardware and a different dash board developers would only have to update there programs to the new hardware with in the psp emulation, now the cpu cortex a9 has released there boot code to the comunnity as source which since they make about 4 of the same cpu :-( on sony we could of had a 8 core cortex a9 with quality graphics upgrades, to much like ps3?(hardware wise)… 1.61 6.6.0, seems like they are just revising the system, so this will be a really great step i am waiting for the info to be released

    Reply

  27. Otaku’s avatar

    It deserves to be hacked, i paid a game and now cant acess JP PSN to get the DLC all thanks to Sony tying their Vita to 1 psn account, wtf is with those guys seriously? im tired of being ripped off, if i were a genious i would hack this crap out of hate for Sega + Sony.

    Reply

Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>