Heads up. Humble Monthly this month gets you Destiny 2 + about $100 worth of games for $12, yours to keep. In other news, God of War PS4 Pro Limited Edition might or might not ship with firmware 4.73. (Affiliate links)

Kernel Exploits, how they work and why they are scarce.


I like beer.

66 Responses

  1. ZacUAX

    This is exactly why I don’t plan on leaving the UNO exploit until something better presents itself. Kernel exploits don’t come every day, y’know.

  2. wartaf

    nice, so Having eCFW still possible 😀

  3. MarSprite

    Yeah, I’ve been debating buying another Vita. If Phantasy Star Online 2 comes to the Vita in the US, I will be playing it. Plus the games I’ve been anticipating should start raining into the lineup soon. As a sidebonus, I can use my eCFW Vita to multiplayer PSP ad-hoc games with my friends, but I already have 2 PSPs for that..
    Right now the only advantages I have of the eCFW are: I can play Phantasy Star 2 on my Vita, I have an endless Nyan Cat animation on my Vita, I can make ISOs of my UMDs(that I don’t play anymore anyway) using my PSPs and play the ISOs on my Vita.
    I really don’t want to miss out on CFW for the Vita if the attack vector is through the eCFW though. I hate the GUI for the Vitas menu and I’m probably willing to drop 300 usd just on the offchance that I may someday be able to do something about it.

    Anyone have any Ideas on how to get more out of my eCFW?

  4. garrei

    what is this the 10th time a post has been made explaining kernel exploits?

  5. XDarkMario

    Wow this is very advanced stuff 0_0

  6. slap slap slap

    Fascinating information. It would have been nice if you mentioned the names and tasks of the Sony functions used in each of the hacks, its interesting… to a geek like me.

  7. Moon

    The good thing about having no piracy is that for once noone can blame piracy for the lack of software releases. Looks like a device can fail all by itself, without piracy being there to take the blame. Who would have thought.

    • jeebs

      well said

    • Acid_Snake

      true, and we don’t need the vita to know this. The gamecube wasn’t exactly a success yet it had a late hacking scene, the wii on the other hand was a huge success yet it had piracy all over it

      • aerinas

        That is because the wii had almost exactly the same anti-piracy measures as the gamecube, the main one being that they reversed the data on the discs. Because of that, the wii was hacked (in theory) before it even launched!
        The thing is, the gamecube was a regular console with a broad spectrum of games, while intendo shifted it’s audience to kids/family with the wii. That was the wii’s biggest copy protection, the audience. Ever seen a 45 year old mom and her 12 year old son install CFW? 😛

        • Acid_Snake

          actually, that’s what made the wii more prone to hacking. Kids don’t have any money to buy games, so it’s simpler for them (and the parents) to pirate those games. Oh and I think that thing about the reversed blocks is not true. I’m not an expert but I’ve hex edited GC isos and the data looks normal, GC discs only have a special dye that only the modified GC laser can read, plus it has a purposely damaged TOC (the burst cutting area) so standard DVD readers wouldn’t even detect the disc.

  8. psgarsenal

    so… to find a vita kernel exploit (not in the psp emulator) we need to have access to the sdk to disasemble every kernel functions?

    • Yifan Lu

      If it were that easy. You need a kernel exploit to dump the kernel. Regardless of retail or devkit.

  9. Frostburn

    If they are so scarce why doesn’t Total Noob release the kernel he found for 2.05 and get it over with.

    • Jd8531

      Lol logic. Lets waste another kernel exploit to get fixed quickly and then have people complain for another one. Its his work and his finding, he can do as he pleases with it.

  10. Thrawn

    It’s interesting, the whole playstation scene (and I mean all of it) is screaming for cfw, the psp scene, the ps3 scene, the vita scene.
    On the contrary the nintendo scene, especially the ds dsi and 3ds scene is not into cfw, there has been a cfw for the nds but its an old story that never got far as the more and faster advancing flash carts took over.
    Also the same was for the gc and wii, there never was a gc cfw and in the beginning of the wii, there was only the wiikey and no cfw.
    And now we are slowly seeing the end of “cfw” as we know it, as real software weaknesses are progressively patched out. I don’t say there is no way at all (where a will is, is a way) but it will become harder and harder. Ultimately leading us back to hardware solutions to trick the software like its already done a million times. Some may think “i don’t support paid piracy” thus no mod chip but that is moral and ethic and those differ from person to person.
    The downside to “hardware” solutions is, that upon a change it might become “unable” what this chip is supposed to do (seen a trillion times on the dsi,3ds,xbox,360).
    So the ps scene should be thankful what has been accomplished as on other scenes something like that never really took of.

    • Acid_Snake

      you can’t have cfw on systems that don’t even have a firmware (case of the gamecube), and in the case of the nds a cfw would do nothing as you still needed a cart to adapt SD cards. As for the wii, I believe modchips were necessary for tweaking the laser into reading standard DVDs

      • Thrawn

        Well the gamecube had a bios, pal, ntsc, ntsc-j and ntsc-k, there were bios mods, available through a mod chip (viper gc extreme) I had one of those myself. With different bios on banks, you were able to load imports without probs, that was the main advantage.
        And for the ds there was a cfw called “flash me”, afaik developed from the (in)famous hacker darkfader who also made the only two available r0ml0ader firmware destroyers. 😉
        And flashcarts (slot 2) were already available by that time as chishm had already written the dldi. There were even mods for the gba slot to hook up a cf or microdrive.
        Yeah for the wii, the first modchip was from “wiikey” which was based on the “xeno-gc” chip, infact it was a xeno gc on a different small piece of pcb, same chip.
        And yes, it did trick the wii in believing it was a original disk by always answering the checks and overlaying the “ok” signal directly on the drive chip pins.

      • Ryan86me

        All of thats true except the bit about the wii. It could read standard DVDs without modchips (at least the older models could). I watch DVDs on my wii entirely through software hacks 😀

  11. Pholly

    It really is, it’s hard to believe people are really this stupid.

  12. aerinas

    We still play vita games, you know….

  13. Me

    Now who wants to buy my 1.81 MBA 6.60 TN-V vita?

  14. mystic shadow

    Personally I play my emus on my psp and my isos. I liked ecfw but whats the point psp can play ps1 and psp plus emus. Just get a psp why buy a $300 system again. Also you can upgrade a psp stick to 100 gigs in mem.

  15. Davee

    Man, why does this guy make posts?

    PSP kernel exploits are not scarce, and you clearly don’t know what you’re talking about if you think they are.

    Trust me when I say that there are plenty left.

    Also, “Starting with the release of pre-IPL consoles”. Seriously? As if the other PSPs didn’t have bootroms either?

    • Acid_Snake

      how are they not scarce when no body with the knowledge to find them is interested? there might be a thousand out there, there’s simply not enough devs interested in the tedious process of finding one and then release it for some kids that only wanna pirate games and give nothing back, most of the time not even a simple “thanks”. Just go back to the posts made around the time frostegater announced his exploit, there’s loads of comments from people urging him to release it, calling him an idiot, and telling me to shut up about my retro gaming posts because they wanted “the damn exploit from that idiot frostegater”

      • Davee

        You’re dead right, but you’ve got the argument wrong; devs are scarce, not exploits. I know how selfish the PSP scene is, I don’t need an education in that.
        The reason devs are leaving isn’t just because of that though, there is a lack of achievement on the PSP now. Everything meaningful has been discovered and homebrew devs have other platforms that offer better functionality and a more official toolset (Android, IOS, Win8, etc).
        It’s unlikely a developer is going to invest time reversing the BT functionality for no developers to jump onto the bandwagon and write useful apps. It is really kind of supply and demand.
        However, if you’re not interested in eCFW and kernel exploits because of piracy, try and enhance HBL. I’m almost certain every game can run under HBL conditions if work is given to investigate p5.

        • Acid_Snake

          I agree, and I am interested in kernel exploits and such, because I want knowledge. P5 is interesting, I just don’t feel I have the knowledge to do anything as of now, I’m simply a learner for now

        • Jd8531

          I just want to say that there positively are more than one left. However saying there are plenty left is a exaggeration. I do agree that HBL could be upgraded and improved but finding someone with any free time or the will to do so is the issue.

          • Acid_Snake

            just like davee said, not enough devs interested. I for one I’m interested, but mostly for knowledge, I don’t care about releasing anything.

          • Yifan Lu

            Plenty is relevative, but I trust Davee’s observation.

          • wololo

            This is a time where I wish the comments system here wasn’t so limited, because this is an interesting discussion.

            There are lots of interesting things remaining in the user mode that could be investigated. HBL could indeed be dramatically improved to largely increase compatibility if some people still had time to work on it. There are some techniques that nobody cared to implement which would help a lot, including things that used to be major “secrets” but that could be harmlessly released today I think.

          • Acid_Snake

            @wololo I know one of them, but lack enough knowledge to implement it

          • svenn

            The question is perhaps whats the return value for finding an exploit, creating some matching hack, finalizing a user-friendly tool.

            Rarely I have read its impossible, but who is going to spend the time, to release to a bunch of teenagers, against a multi-million corp, w/o the possibility to ever get credit;

            The return is just to little and I love making a proof-of-concept, but building something use-able is boring and is no-fun.

  16. inicuo

    Low ps vita sellings = NO interest in game development = NO hack scene

    I loved PSP, as i love now PSVITA, it is truly awesome!, i just wish Sony can low the price for it, and then we might see the game begin…

  17. francis

    simple thanks to the devs will do. you hv to thank them you fools!

  18. squiggs

    now I want to know how the image exploit worked.

  19. >_>

    Speak for yourself, stupid.

  20. PermaNull

    Sorry but this really wasn’t all that well written lol, for those of us that are actually experienced with exploitation of various systems outside the PSP/VITA/Consoles in general.

    We get it sure, but the general public who download and use these exploits aren’t going to understand it at all, and while these exploits are rare to find and are of course being patched all the time that’s when some researcher finds some backdoor to keep accessing a kernel level and never releases it there will always be private exploits people keep in their hands.

    Maybe not in the case of the PSP due to the fact that it’s already been hacked beyond belief but the one way to reliably be able to reverse engineer feature code is to actually have access to it meaning a ‘hacker’ who’s intention is to release an exploit to the public usually follows the general principle of keeping one for them selves to still be able to audit the new code they wouldn’t have access to without an exploit.

    While this isn’t an issue in most non-console exploitation it is when it comes to console exploitation because we have limited access to the code and if that access were to be restricted we’d pretty much get sc***.

    Regardless with all of the above being said it’s not that I disagree but I’d like to state any large Company even those bigger then Sony, even when the software isn’t being updated exploits are ALWAYS being discovered.

    Older versions of Windows still have various 0-days in them, just a few years ago the TCP/IP stack on linux had an issue in it that had been there for 10 years and gone un-discovered.

    It just goes to show researchers aren’t always going to find every single little exploit in the life span of the console and Sony isn’t going to patch every single little exploit throughout the life span of the console.

    Beyond that the next step when exploits grow thinner in the kernel of the PSP emulator ( Which hacking such isn’t impressive anymore at all, considering Nintendo made this same mistake when it came to the Wii U and Wii Emulation, Where as M$ seem to be the only ones that did not make the mistake… with the 360 )

    People need to step it up, While intending to run Homebrew without promoting Piracy on the system with a certain level of access to the VITA it should be possible to Overwrite the Firmware being used within the PSP Emulator.

    In no means am I saying I have the capability of doing this, have done this or such.

    I’m just saying you’re being so dramatic about PSP Kernel exploits growing thin, when there’s a whole other world of exploitation which has yet to have been explored to the fullest extent due to the fact it seems everyone gave up on the VITA it’s self and moved onto “Oh well, We can execute unsigned code with less power or capabilities this way goal reached!”.

    • Jd8531

      >People need to step it up
      Good Idea, you do that.

      >should be possible to Overwrite the Firmware being used within the PSP Emulator.
      Its not, it would reset. Before attacking something atleast know the foundation.

      >In no means am I saying I have the capability of doing this, have done this or such.
      Then why talk?

      >I’m just saying you’re being so dramatic about PSP Kernel exploits growing thin, when there’s a whole other world of exploitation which has yet to have been explored to the fullest extent due to the fact it seems everyone gave up on the VITA it’s self and moved onto “Oh well, We can execute unsigned code with less power or capabilities this way goal reached!".

      The ignorance in that one post makes me cringe. Right, like no one is trying at all to hack natively. Like it isnt harder than the sorry excuse of security the PSP had. Like there are still devs willing to do such hard work for people like you who complain. No one gave up, contrary to your theory. Either do it yourself or quit telling others to get better. You cant bite the hand that feeds.

  21. ioriel

    firmware downgrade is all we need 😀

  22. Bullshiters

    because people want to try to play PSP games with 2 analog stick

  23. smitty88oh

    Everyone has to be a critic! If you don’t like the article..Don’t read it! If your going to criticize this man’s or women’s work. Then start your own site, and post your own thread. I for one appreciate everyone here at this site who post information about hacking and trying to explain how it is all done! Thank you Acid_Snake for all your hard work and time! I know I’m not the only one who appreciates you work and effort

  24. Chuckthetekkie

    Great article but too bad I don’t understand one iota of what was said.

    I will keep my one Vita on 2.02 with Uno so I can play my purchased PSN PSP games that are still not in the Vita store like ModNation Racers PSP until something better comes along.

    Too bad we couldn’t just repack the Vita updates so the PSP emu isn’t updated with the patches we don’t want.

  25. Yoti


  26. PermaNull

    I’m starting to think that people who write comments here are scared of using the enter key…

    Reading through the comments it’s all jumbled together like one long sentence or paragraph in some cases really annoying to read guys.

    I was being a critic but that’s not always a bad thing there is corrective or good criticism and that’s necessary to teach/help/or give advice to someone when their articles aren’t fully understood by the general public.

    Which is what I was getting at and my point was proven by someone else saying they didn’t understand a single iota of what was said.

    Beyond that I was also stating that what he said was factually incorrect in certain ways as while exploits in theory would get thin it’s not common that this actually happens with the life span consoles currently maintain.

    • smitty88oh

      That user never proved your point! I am willing to bet that Chuckthetekkie is the type of person that doesn’t know how to hack, Just reads instructions on how to do this or that. And that’s his ideal of hacking. Download this put the file here and i’m good to go..I am a hacker now!!
      I know I could be completely wrong!
      I know how to hack gaming consoles along with computers. So I understood a good deal of what Acid_Snake wrote.
      The fact that someone called you a critic. You decided to go on the defense and attempt to prove yourself right!

      Could the article been written better? Of course it could.
      Nothing is ever perfect!

      Now if I hurt your feelings. I will apologize!

  27. Henriquebrasil

    even seems that everyone forgot UVL … one day I use my RIFF BOX …

  28. isnizal

    the *** is….we need jailbreak ps vita..