PSP exploits and the Vita: how hacking PSP Minis became relevant
Software usermode exploits on the PSP have always been either about exploits in a game (generally a buffer overflow), or exploits in one of the embedded libraries such as libtiff. Exploits in games had the inconvenience that it often meant buying an expensive game that you might not end up really playing, but sometimes it was well worth it. The overall idea was to make sure to buy a copy of the game that didn’t have a patch for the security hole (in hindsight, the games were actually not patched, their metadata was just slightly modified to require a higher version of the Firmware, and the firmware is where the patch was). As long as you didn’t update your firmware and were able to buy one of the “golden” UMDs somewhere, you would be able to enjoy a HEN, a downgrade, or a CFW.
That system had its drawbacks, mostly the insane price of the UMDs for some of those games (unpatched copies of GTA Liberty City Stories reached up to 20,000Y – that’s $250 – in Japan), but other than that it was a pretty good way to get exploits.
Then came the PSP Go, with its concept of “all digital” purchases. UMDs were gone, and if an exploit was found in a game, it would have been easy for Sony to remove the game from the PSN, patch the firmware, and put the game back on the store afterwards (as we’ve seen, this is what they do nowadays with VHBL or CEF for the Vita, which is why we came up with the concept of Ninja releases).
The PSP Go suddenly made Game exploits much less attractive. What would be the point of releasing an exploit that all new PSP Go owners would not be able to use? This is something I myself mentioned several times on this blog back in the days.
There was still, however, one loophole in this system, which was the PSP Demos. It had seemed a good idea a while ago that PSP Demos should be distributed not by Sony only, but by other websites promoting the PSP. Therefore, Demos were signed in a way that allowed anybody to redistribute them, without having to go through the PSN. This is why the first hack publicly available for the PSP go was an exploit in the Demo of Patapon2, which was later followed by similar exploits such as the Japanese demo of Minna no sukkiri. These demos had the double benefit of being free and not requiring a PSN connection, which meant no forced update for PSP Go owners, so everyone was happy.
Of course, there’s not an infinite amount of Demos with such vulnerabilities, but that became quickly irrelevant as better hacks ended up being found for the PSP, in particular the possibility to sign content for it, which removed the need for usermode exploits.
Usermode exploits in PSP games are easy to find and implement nowadays (see the guide here), and experience shows us that lots of psp games are vulnerable to simple buffer overflow attacks. But the PSP Go digital model, and, more importantly, the Vita today (where all PSP purchases are – obviously – digital, and the few psp demos there all need to be downloaded through the PSN) made that type of attack quite irrelevant. In the end, buying expensive PSP games, just for a hack that will end up being patched in next firmware, might seem quite pointless to some of us.
It’s in this new context that looking for exploits in PSP minis appears to me as a new valid option today. While it wasn’t relevant to look for vulnerabilities in a digital-only game back when all psps had UMD support, the change of situation now is that digital psp games are the only choice, and in that case we might as well look for the cheap ones. In addition, since Minis weren’t interesting to hackers back in “the days” for the reason mentioned above that they were digital-only, this increases the probability of finding vulnerabilities in them today, as they still are a “fresh” source for investigation.
Of course, the situation is not ideal, we would all prefer free hacks, and we would all prefer a “real” vita exploit. But for now, hacking psp minis in order to run VHBL or CEF sounds like the most viable approach, compared to looking for exploits in “regular” psp games, which are more expensive to the end user. This situation is of course not a secret, and you’ve seen a tendency for the past VHBL/CEF releases to target more and more “Minis” (Urbanix, Mad Blocker alpha, …), as I think hackers all reached the same conclusion as me.
The principle with PSP hacks on the Vita nowadays is not to find the “Golden” game like it used to be the case for GTA, Gripshift or Lumines a few years ago. The idea seems more to flood the scene with regular releases involving cheap games with vulnerabilities to guarantee Sony won’t keep up. Of course, some of us won’t see the point to keep playing that game of cat and mouse, but think of how many minis you can buy for the price you would have paid for a unpatched copy of GTA…
very informative. thanks
ooooooooooo common …just tell uss…when ps vita is hacking..i want to play games 🙁
read the forums please. nobody is dangling a cookie over your head. Besides, patience is a virtue.
Cookies, you say? With the exploit? IT’S GOTTA BE COOKIE MONSTER’S GREAT ADVENTURE. (goes and downloads)..unless maybe we get cookies for the exploit? Find an exploit, get a cookie? Or the game is cookie-cutter? Hmm, your cookie metaphor has me baffled, good sir. Thank god i don’t have diabeetus.
plzz dude get a real life, & learn english
*Please
*English
*Improper sentence structure
*Incorrect usage of “&”
*Needs capitalization
Hahaha tard
Don’t forget punctuation.
dude you read too much into that; it startled my brain. At least I’m laughing now 😛
i think you guys forget that the internet is world wide, and while people may not be able to use english properly, i’m guessing they use 2 or 3 languages more than you do.
so feel superior all you like, alot of these people actually know more than you could ever hope to know
Buy your games, or PSVita will get even less support than it already has.
You already can run the homebrew, emulators etc.
Then buy some…
It’d be great to have full use of the Vitas hardware (CPU, GPU, second analogstick, front/rear-touchscreen, cameras) for homebrews or emulators, but the aim of hacking the vita is NOT piratizing games! the vita needs enough game-buyers for its support.
It is just a shame that once again we are not getting the games that suit the vita the most because western society doesn’t like them apparently, I say apparently as the genres (like jrpg) that tend to get left out and excluded as they were on the psp are the ones that would have carried the first console through it’s dark ages once people got used to the idea.
The issue isn’t that western people don’t like them, it is that there are too few out there for people to discover perchance and actually discover they like them.
It’s more complex than that, I know for a fact that working with Japanese companies regarding translation matters, etc… is a gigantic Pain in the a##.
Working with Japanese companies in general is very difficult. The few guys I know who have been involved in such translations stuff (although that was much more oriented towards manga and anime than videogames) got burnt. Very low pay, fans are never happy with the result, JP distribution companies will not work with you unless you’re a personal friend of the CEO’s… etc.
It’s less about Western not liking the games, than Japan not even bothering about external markets. But to your credit, the few companies in Japan that have tried to go outside of the country have found that it was probably not worth the effort. THE Video Game market in Japan is huge, and people are ready to pay way much more for Video Games in Japan than in the US or in Europe.
Actually a bigger shame is that in my country we get these consoles 6 months later and at 60% higher price than the rest of the world and then they still don’t offer us playstation plus,Xbox live etc and charge us much much more for physical copies..thankfully we recently got the iTunes store in our country!!
go to the store, give money to the lady, pick a game, bring it back home, PLAY!
Very interesting and informative article that I’m sure will help others. Thanks for taking the time to write it.
thanks for this great info..
Nice Information, Thank you 🙂
hahah i rember i had two copyies of gta the first one and the patch one look allover gamestop for the gta was lucky to find it…
? i remeber there was a way to use a psp to find game for hombrewing n i think i found a game that might work but i just got a psp n was wandering on the the post on it. think it was like two months ago
some history 🙂
i remember prizing my umd copy of lumines when i saw people paying $50 for it.. i saw it in a shop the other day for $3, lol
and great article, wololo.. you’re a really good writer and captured the feelings really well
yea i no i wanted fo buy like *** load umd last week since i finaly got a psp its a 3000 alright i guess got it like running 6.60 custume but when i got to gamestop they moved all the psp game to there store the outher side of town so i just bought a new vita well used so was like $199 n a used 8 gig card fo like $24…but i got iso working on my psp but it just has a 4 gig card fo now… but now umd are getthing cheap i think i might start playing them again..
Dude, I know this isn’t a English exam, but your comment made my brain ache.
When can we expect exploit for ps vita 2.01?
thanks
soon
arigatou gosaimasu Wololo san
Man i wont a new xployt so i kan pla sum free games huri up whit it!
shut up idiot
Only thing I saw was “This is Sparta”!
The next exploit is Angry Birds!
WOW! i looked for angry birds because i was wondering if this wher true. ANGRY BIRDS IS GONE….SOMEONE FUKED UP! it HAD to have been angry birds because angry birds is GONE! NINJA RELESE IS MESSED UP. there wasnt even a public release. im in the /talk forums and i dont even know HOW to see a ninja relese do they email it? anyways this is fuked up ive been looking at this site 100x a day and someone leaked the game and gotit REMOVED FUUUUUUUH!
i don’t recall even seeing angry birds in the ps store for the past 2 weeks.
no one fuct up anything, yet imo.
or we all would have heard about it.
they email it in i havent gota a email saying it was angry birds
To clarify. There is no ninja release yet
This person, is a complete idiot, and I’m surprised he has so many people believing what he’s saying considering the fact he has labelled himself as a TROLL.
Finally, @Lyric. They do NOT Email it.
guys chill im sorry, im not a troll. someone else said it was angry birds and i checked and angry birds wasnt there what was i supposed to think! i didnt know angry birds was gone for 2 weeks.
btw… if they dont email it to you. how do you recieve the ninja relese?
You’ll see it above the “Forum Index” in talk page. You must be logged in AFAIK
Wololo please make it a special point NOT to reveal the ninja release to this person.
Thanks.
lol U stupid bro??? Angry Birds has never been available on PSN for PlayStation Vita.
there is a mini for it
I remember the Fanjita’s eLoader in my PSP1004 2.5, and i got the game (GTALCS) dirty cheap.
heck, I remember getting my origianl 1000 the week it released in Japan, and being so excited when 1.05FW came out so I could play more music formats, only for a bunch of homebrew games to come out a week later >_< I was always 1 FW ahead, until I got lucky and my friend was getting rid of his unpatched GTA(he had no idea :D)
poor jason, i hope you have heart meds. weird because angrybirds was not available in canada for PSVITA. so i dont think it was ever there. i kinda miss the PSP days, i still have my GTA LCS umd.upgrade then downgrade then upgrade to 1.5, loved it!
Still got my unpatched version of GTA lol umd lol
Same here!!! I never even used it for the exploit!!!
Wololo & Mods,
I think the talk page should display “No new releases yet” to avoid trolls. It would be a quick and easy way to confirm if there has been a new release, or not.
It’d also prevent/help the spread of leaks, as users that aren’t supposed to see the game’s name will see the “No new releases yet”.
Anyways, it’s just a random idea that’s been cooking in the back of my head for a while.
would see **
Aww the libtiff sploit… Good memories.
I just want an exploit to play ONE (maybe 2) game(s) because Im tired of waiting for them to put it on PSN (Crisis Core being the MAIN one)
I thought crisis xore was on rhe psn store for the vita. I just want to put ff5 on my vita so I have series on there and sone nes
Ok the game is out, it’s angry birds go download it now hurry up!!!!
Funny, since the exploit is all hot and ready i wonder why it isn’t released yet. There are a few people who have the exploit like Wololo, The Z, fate6 ect all enjoying it.
Why is that? lol
Simply because this is how ninja releases work. Trusted people get the info first.
I know that i am one of those *trusted* people who got the exploit (mad blocker). I’m talking about the so called new one that’s coming out. That I’m sure you have.
The “trust” is spread on several levels. Think of it as a rock hitting the surface of the water, it creates circles that get larger and larger. What matters is how far you are from where the rock fell 🙂 All trusted people do not get the information at the same time. Everyone gets the information eventually, what changes is when they get it.
for some reason i believe i’m considered more “trusted” then quite a few other people (not sure why…) :p and i always feel bad during ninja releases, since I don’t even own a vite, and know the game. while people in the comments are begging for the exploit.
just out of curiosity is the amount someone is “trusted” based on how long they’ve been a member?
@w7y7a7t7t : yes, in particular people who joined way before the Vita even existed are more trusted, because we know they did not join “only” for the ninja releases. But that’s not the only information we take into account, we’ve been refining the process with time.
@Wololo Took me awhile to join cause of the whole geohot’s case with sony. And sony getting ip’s and cross reference’s with psn/s.e.n. id’s. other than that I can recall seeing a video on the internet of you in Brazil giving a what is hacking seminar. Thank You for your teachings o’wise one!!!
still have my unpatched gta lcs UMD… got it used back in the day for 20$ from gamestop when i got my first psp haha..didnt know about the exploit until a week after and checked my UMD and bam was the unpatched one..back in those days cfw always gave me a heart attack..no pandora and mms back in those days 😛
Just wait for your turn dude..
nice info!thanks!
ah the old days..i remeber buying gta liberty city and lumines for about $20 each and taking my psp and asking to test the games before i bought them to see if they were not patched…employees were puzzled lol
I also got the unpatched GTA disc 🙂 I actually never knew about an exploitable Lumines UMD. But since it’s the first game I bought when the PSP was released, I’m sure it’s also an exploitable one B-)
Nice read, thanks!
use Bloon TD .. the cheapest game their is
is there going to be a hbl for lbp psp
I’m not positive where you’re getting your info,
but great topic. I needs to spend a while studying more or understanding
more. Thanks for excellent information I was on the lookout for this information for my mission.