The Vita hacking scene, a community in need of fresh blood?
The Playstation Vita was out more than a year ago worldwide, and we have yet to see a native hack publicly released. I can see several reasons for that and will try to describe them here.
First, it is essential to understand that the Vita not being hacked “yet” is not an exception. Despite growing rumors, Nintendo’s 3DS has been so far following the same path (the NDS mode of the 3DS is hackable, just like the PSP emulator of the PS Vita is regularly hacked through game vulnerabilities); and it took hackers roughly 4 years to come up with what the general audience consider as the first PS3 jailbreak, back in 2010.
What this shows is that computer manufacturers in general, and Sony in particular with its playstation brand, have stepped up their game in terms of security. Modern programming languages make buffer overflow, if not entirely a vulnerability of the past, at least more difficult to achieve, while modern Operating Systems have increased counter-hack measures. In general these security measures are here for the good of the end-user (you!), to avoid being hacked and getting important information stolen or your computer used as a zombie in a massive Chinese DDoS against your own bank
In the case of the Vita this has the side benefit of allowing Sony to guarantee their hardware stays as locked as possible. As a matter of fact, I would claim that Sony has no interest in their customers’ security in general (did we mention some of your credentials on the PSP are stored in plain text?), and that their only motivation for keeping up to date with latest security measures is to guarantee their business doesn’t get threatened. After all, there only ever was one virus on the PSP in its 7 years of existence.
But I digress. Independently of the motives, the fact is that Sony’s consoles are much more secure than they used to be. The Vita is believed to run an OS based on FreeBSD, and has the security that comes with it, such as a better permissions system than the PSP used to have (which will avoid compromising the entire system if someone ever managed to take control of a specific app). Most likely, the CPU itself embeds security that would prevent our typical user/kernel psp exploits modus operandi. Loading binaries wherever we want in ram is prevented by things such as the NX bit (details here)
As an additional security, the infamous Content Manager Assistant was made with the sole purpose of making it difficult to put any kind of file on the device. The Vita is made to play games, watch movies, and listen to MP3s, it won’t let you copy anything else there, and in particular won’t let you play as you want with the filesystem, unlike the PSP, which was recognized as a regular USB Drive when plugged in to a computer. If you remember how many TIFF exploits we had on the PSP, you’ll understand a tool such as the Content Manager Assistant is in general bad news for hackers.
I won’t go deeper in the details of the Vita security, mostly because we don’t know much about them yet, but also because we’ve talked about them several times on this blog. But to summarize, the information I’ve gathered from hackers and sources close to Sony all contribute to confirm that hacking the PSP (or the PSP emulator in the Vita) was Child’s Play compared to what the Vita is, and to what the PS4 will be.
Technique is not the only way Sony is preventing hackers from joining the party. The legal action against Geohot 2 years ago has clearly impacted the motivation of several hackers, if not to look for vulnerabilities, at least to share them. A few hackers have contacted me with concerns of being the “first” to bring piracy to the Vita for legal reasons. For example legal concern was one of the things that delayed the release of project ARK, despite the code being ready more than half a year ago.
Additionally, with the release of Playstation Mobile (formerly Playstation suite), Sony have made it less “acceptable” to hack their device on the ground of interoperability and homebrews. After all, homebrewers can get a license for $100 a year and start playing with the SDK, so they don’t have a good excuse to hack anymore, do they?
And despite the exception for jailbreaking phones (and, keeping in mind that this exception was never there for consoles)
revoked this year in the US (update: the jailbreak exception was not revoked, the unlock exception was), there is no sign of hope that the DMCA or non-US equivalents will let console jailbreaking out of it shades-of-gray-but-mostly-black legal area any time soon.
Not a hobby anymore?
But all things considered, the real challenge today with hacking modern consoles such as the Vita is the increased security of the OS and CPU, as mentioned above. The vita was built with security in mind from day 1, which was clearly not the case of the PSP. To a point where (and I think I’ve mentioned that before) spending time trying to hack the device is not worth it anymore for your typical “teenage hacker”. It has become too hard, too expensive, and requires knowledge that a single person would take years to learn. I am still impressed at the level of cryptanalysis knowledge that was required to hack the PS3. The guys at failOverfl0w may refer to their discovery as a huge mistake on Sony’s end, but the overall thing still required loads of work and knowledge.
When you think that the initial PSPs “simply” ran unsigned binaries out of the box, it puts things in perspective. Today, I believe that most console hacking cannot be led by enthusiasts anymore, but by companies, that have both the financial backup required to do the R&D, and reverse engineering work, while having ways to get their investment back, one way or another. Companies like Datel of course, but also more shady businesses like the people who were behind the initial PS3 jailbreak. Alternatively, a team of researchers looking for a great theme for their PHD… assuming their school is ready to face the legal risk (ok…never gonna happen? Well, the Xbox case was kind of like that…)
My argument above is that hacking the Vita today is an expensive and time consuming hobby, and it also has legal risks. I believe that the Vita is secure enough that only somebody with a goal of making money (a company) would be able to invest enough time and energy in hacking it fully. Additionally, given that the Vita sales are not so great, I’m thinking this means not only less hackers, but also less interest for potential “hacking” companies, which reduces even more the chances of seeing a Vita hack one day.
Where to look for new ideas?
Let’s zoom away from “businesses”, back to our regular community: the current Vita hacking scene is mostly made of people who came from the PSP scene, and a few from the PS3 scene. One thing that is sad and yet unsurprising is how much each “facet” of hacking pays almost no attention to the other “scenes”. How many PSP hackers know how an iPhone jailbreak works? Even more shockingly, while discussing with PS3 hackers I realized how little I know about the PS3 architecture, and how most of them know nothing about PSP hacking. It is then no surprise that the successful hackers nowadays are the ones with a broad knowledge of the other scenes. Mathieulh with his knowledge of the PS3 and the PSP comes to mind of course, or also Geohot who was famous for his work on the iPhone before coming to the PS3, but more recently YifanLU (his work on the Vita, despite not being public yet, is the closest the scene has to a native hack so far) who was initially known for his work on Amazon’s Kindle.
Well I’m probably stating the obvious here, with all electronic devices implementing similar security measures, relying on the same hardware and libraies, of course somebody who knows about one device will learn faster about the next one. But I guess what I’m saying is that the Vita scene, if it wants to make progress, needs to start looking outside of the world of the PSP. The iPhone and Android jailbreaking teams come to mind of course, but also people working on Nintendo or Xbox.
We are partially to blame here at wololo.net for the status quo on the vita side, and the emphasis on the PSP legacy. Clearly, by promoting hacking inside the psp emulator, we are probably steering lots of brilliant minds away from “actual” Vita hacking, but independently of that I still think few people actually have all the skill-set and free time required to be able to do something something Vita-wise. PSP hacking has the benefit of being well documented, and, in hindsight, quite easy compared to what we are facing today with the Vita. The legal pressure on a “previous generation” console feels also much lighter.