Kernel Exploits, how they work and why they are scarce.

Acid_Snake

I like beer.

You may also like...

68 Responses

  1. ZacUAX says:

    This is exactly why I don’t plan on leaving the UNO exploit until something better presents itself. Kernel exploits don’t come every day, y’know.

  2. wartaf says:

    nice, so Having eCFW still possible :D

  3. MarSprite says:

    Yeah, I’ve been debating buying another Vita. If Phantasy Star Online 2 comes to the Vita in the US, I will be playing it. Plus the games I’ve been anticipating should start raining into the lineup soon. As a sidebonus, I can use my eCFW Vita to multiplayer PSP ad-hoc games with my friends, but I already have 2 PSPs for that..
    Right now the only advantages I have of the eCFW are: I can play Phantasy Star 2 on my Vita, I have an endless Nyan Cat animation on my Vita, I can make ISOs of my UMDs(that I don’t play anymore anyway) using my PSPs and play the ISOs on my Vita.
    I really don’t want to miss out on CFW for the Vita if the attack vector is through the eCFW though. I hate the GUI for the Vitas menu and I’m probably willing to drop 300 usd just on the offchance that I may someday be able to do something about it.

    Anyone have any Ideas on how to get more out of my eCFW?

  4. garrei says:

    what is this the 10th time a post has been made explaining kernel exploits?

  5. XDarkMario says:

    Wow this is very advanced stuff 0_0

  6. slap slap slap says:

    Fascinating information. It would have been nice if you mentioned the names and tasks of the Sony functions used in each of the hacks, its interesting… to a geek like me.

  7. Moon says:

    The good thing about having no piracy is that for once noone can blame piracy for the lack of software releases. Looks like a device can fail all by itself, without piracy being there to take the blame. Who would have thought.

    • jeebs says:

      well said

    • Acid_Snake says:

      true, and we don’t need the vita to know this. The gamecube wasn’t exactly a success yet it had a late hacking scene, the wii on the other hand was a huge success yet it had piracy all over it

      • aerinas says:

        That is because the wii had almost exactly the same anti-piracy measures as the gamecube, the main one being that they reversed the data on the discs. Because of that, the wii was hacked (in theory) before it even launched!
        The thing is, the gamecube was a regular console with a broad spectrum of games, while intendo shifted it’s audience to kids/family with the wii. That was the wii’s biggest copy protection, the audience. Ever seen a 45 year old mom and her 12 year old son install CFW? :P

        • Acid_Snake says:

          actually, that’s what made the wii more prone to hacking. Kids don’t have any money to buy games, so it’s simpler for them (and the parents) to pirate those games. Oh and I think that thing about the reversed blocks is not true. I’m not an expert but I’ve hex edited GC isos and the data looks normal, GC discs only have a special dye that only the modified GC laser can read, plus it has a purposely damaged TOC (the burst cutting area) so standard DVD readers wouldn’t even detect the disc.

  8. psgarsenal says:

    so… to find a vita kernel exploit (not in the psp emulator) we need to have access to the sdk to disasemble every kernel functions?

    • Yifan Lu says:

      If it were that easy. You need a kernel exploit to dump the kernel. Regardless of retail or devkit.

  9. Frostburn says:

    If they are so scarce why doesn’t Total Noob release the kernel he found for 2.05 and get it over with.

    • Jd8531 says:

      Lol logic. Lets waste another kernel exploit to get fixed quickly and then have people complain for another one. Its his work and his finding, he can do as he pleases with it.

  10. Thrawn says:

    It’s interesting, the whole playstation scene (and I mean all of it) is screaming for cfw, the psp scene, the ps3 scene, the vita scene.
    On the contrary the nintendo scene, especially the ds dsi and 3ds scene is not into cfw, there has been a cfw for the nds but its an old story that never got far as the more and faster advancing flash carts took over.
    Also the same was for the gc and wii, there never was a gc cfw and in the beginning of the wii, there was only the wiikey and no cfw.
    And now we are slowly seeing the end of “cfw” as we know it, as real software weaknesses are progressively patched out. I don’t say there is no way at all (where a will is, is a way) but it will become harder and harder. Ultimately leading us back to hardware solutions to trick the software like its already done a million times. Some may think “i don’t support paid piracy” thus no mod chip but that is moral and ethic and those differ from person to person.
    The downside to “hardware” solutions is, that upon a change it might become “unable” what this chip is supposed to do (seen a trillion times on the dsi,3ds,xbox,360).
    So the ps scene should be thankful what has been accomplished as on other scenes something like that never really took of.

    • Acid_Snake says:

      you can’t have cfw on systems that don’t even have a firmware (case of the gamecube), and in the case of the nds a cfw would do nothing as you still needed a cart to adapt SD cards. As for the wii, I believe modchips were necessary for tweaking the laser into reading standard DVDs

      • Thrawn says:

        Well the gamecube had a bios, pal, ntsc, ntsc-j and ntsc-k, there were bios mods, available through a mod chip (viper gc extreme) I had one of those myself. With different bios on banks, you were able to load imports without probs, that was the main advantage.
        And for the ds there was a cfw called “flash me”, afaik developed from the (in)famous hacker darkfader who also made the only two available r0ml0ader firmware destroyers. ;)
        And flashcarts (slot 2) were already available by that time as chishm had already written the dldi. There were even mods for the gba slot to hook up a cf or microdrive.
        Yeah for the wii, the first modchip was from “wiikey” which was based on the “xeno-gc” chip, infact it was a xeno gc on a different small piece of pcb, same chip.
        And yes, it did trick the wii in believing it was a original disk by always answering the checks and overlaying the “ok” signal directly on the drive chip pins.

      • Ryan86me says:

        All of thats true except the bit about the wii. It could read standard DVDs without modchips (at least the older models could). I watch DVDs on my wii entirely through software hacks :D

  11. Me says:

    Now who wants to buy my 1.81 MBA 6.60 TN-V vita?

  12. mystic shadow says:

    Personally I play my emus on my psp and my isos. I liked ecfw but whats the point psp can play ps1 and psp plus emus. Just get a psp why buy a $300 system again. Also you can upgrade a psp stick to 100 gigs in mem.

  13. Davee says:

    Man, why does this guy make posts?

    PSP kernel exploits are not scarce, and you clearly don’t know what you’re talking about if you think they are.

    Trust me when I say that there are plenty left.

    Also, “Starting with the release of pre-IPL consoles”. Seriously? As if the other PSPs didn’t have bootroms either?

    • Acid_Snake says:

      how are they not scarce when no body with the knowledge to find them is interested? there might be a thousand out there, there’s simply not enough devs interested in the tedious process of finding one and then release it for some kids that only wanna pirate games and give nothing back, most of the time not even a simple “thanks”. Just go back to the posts made around the time frostegater announced his exploit, there’s loads of comments from people urging him to release it, calling him an idiot, and telling me to shut up about my retro gaming posts because they wanted “the damn exploit from that idiot frostegater”

      • Davee says:

        You’re dead right, but you’ve got the argument wrong; devs are scarce, not exploits. I know how selfish the PSP scene is, I don’t need an education in that.
        The reason devs are leaving isn’t just because of that though, there is a lack of achievement on the PSP now. Everything meaningful has been discovered and homebrew devs have other platforms that offer better functionality and a more official toolset (Android, IOS, Win8, etc).
        It’s unlikely a developer is going to invest time reversing the BT functionality for no developers to jump onto the bandwagon and write useful apps. It is really kind of supply and demand.
        However, if you’re not interested in eCFW and kernel exploits because of piracy, try and enhance HBL. I’m almost certain every game can run under HBL conditions if work is given to investigate p5.

        • Acid_Snake says:

          I agree, and I am interested in kernel exploits and such, because I want knowledge. P5 is interesting, I just don’t feel I have the knowledge to do anything as of now, I’m simply a learner for now

        • Jd8531 says:

          I just want to say that there positively are more than one left. However saying there are plenty left is a exaggeration. I do agree that HBL could be upgraded and improved but finding someone with any free time or the will to do so is the issue.

          • Acid_Snake says:

            just like davee said, not enough devs interested. I for one I’m interested, but mostly for knowledge, I don’t care about releasing anything.

          • Yifan Lu says:

            Plenty is relevative, but I trust Davee’s observation.

          • wololo says:

            This is a time where I wish the comments system here wasn’t so limited, because this is an interesting discussion.

            There are lots of interesting things remaining in the user mode that could be investigated. HBL could indeed be dramatically improved to largely increase compatibility if some people still had time to work on it. There are some techniques that nobody cared to implement which would help a lot, including things that used to be major “secrets” but that could be harmlessly released today I think.

          • Acid_Snake says:

            @wololo I know one of them, but lack enough knowledge to implement it

          • svenn says:

            @Jd8531
            The question is perhaps whats the return value for finding an exploit, creating some matching hack, finalizing a user-friendly tool.

            Rarely I have read its impossible, but who is going to spend the time, to release to a bunch of teenagers, against a multi-million corp, w/o the possibility to ever get credit;

            The return is just to little and I love making a proof-of-concept, but building something use-able is boring and is no-fun.

  14. inicuo says:

    Low ps vita sellings = NO interest in game development = NO hack scene

    I loved PSP, as i love now PSVITA, it is truly awesome!, i just wish Sony can low the price for it, and then we might see the game begin…

  15. francis says:

    simple thanks to the devs will do. you hv to thank them you fools!

  16. squiggs says:

    now I want to know how the image exploit worked.

  17. PermaNull says:

    Sorry but this really wasn’t all that well written lol, for those of us that are actually experienced with exploitation of various systems outside the PSP/VITA/Consoles in general.

    We get it sure, but the general public who download and use these exploits aren’t going to understand it at all, and while these exploits are rare to find and are of course being patched all the time that’s when some researcher finds some backdoor to keep accessing a kernel level and never releases it there will always be private exploits people keep in their hands.

    Maybe not in the case of the PSP due to the fact that it’s already been hacked beyond belief but the one way to reliably be able to reverse engineer feature code is to actually have access to it meaning a ‘hacker’ who’s intention is to release an exploit to the public usually follows the general principle of keeping one for them selves to still be able to audit the new code they wouldn’t have access to without an exploit.

    While this isn’t an issue in most non-console exploitation it is when it comes to console exploitation because we have limited access to the code and if that access were to be restricted we’d pretty much get sc***.

    Regardless with all of the above being said it’s not that I disagree but I’d like to state any large Company even those bigger then Sony, even when the software isn’t being updated exploits are ALWAYS being discovered.

    Older versions of Windows still have various 0-days in them, just a few years ago the TCP/IP stack on linux had an issue in it that had been there for 10 years and gone un-discovered.

    It just goes to show researchers aren’t always going to find every single little exploit in the life span of the console and Sony isn’t going to patch every single little exploit throughout the life span of the console.

    Beyond that the next step when exploits grow thinner in the kernel of the PSP emulator ( Which hacking such isn’t impressive anymore at all, considering Nintendo made this same mistake when it came to the Wii U and Wii Emulation, Where as M$ seem to be the only ones that did not make the mistake… with the 360 )

    People need to step it up, While intending to run Homebrew without promoting Piracy on the system with a certain level of access to the VITA it should be possible to Overwrite the Firmware being used within the PSP Emulator.

    In no means am I saying I have the capability of doing this, have done this or such.

    I’m just saying you’re being so dramatic about PSP Kernel exploits growing thin, when there’s a whole other world of exploitation which has yet to have been explored to the fullest extent due to the fact it seems everyone gave up on the VITA it’s self and moved onto “Oh well, We can execute unsigned code with less power or capabilities this way goal reached!”.

    • Jd8531 says:

      >People need to step it up
      Good Idea, you do that.

      >should be possible to Overwrite the Firmware being used within the PSP Emulator.
      Its not, it would reset. Before attacking something atleast know the foundation.

      >In no means am I saying I have the capability of doing this, have done this or such.
      Then why talk?

      >I’m just saying you’re being so dramatic about PSP Kernel exploits growing thin, when there’s a whole other world of exploitation which has yet to have been explored to the fullest extent due to the fact it seems everyone gave up on the VITA it’s self and moved onto “Oh well, We can execute unsigned code with less power or capabilities this way goal reached!”.

      The ignorance in that one post makes me cringe. Right, like no one is trying at all to hack natively. Like it isnt harder than the sorry excuse of security the PSP had. Like there are still devs willing to do such hard work for people like you who complain. No one gave up, contrary to your theory. Either do it yourself or quit telling others to get better. You cant bite the hand that feeds.

  18. ioriel says:

    firmware downgrade is all we need :D

  19. smitty88oh says:

    Everyone has to be a critic! If you don’t like the article..Don’t read it! If your going to criticize this man’s or women’s work. Then start your own site, and post your own thread. I for one appreciate everyone here at this site who post information about hacking and trying to explain how it is all done! Thank you Acid_Snake for all your hard work and time! I know I’m not the only one who appreciates you work and effort

  20. Chuckthetekkie says:

    Great article but too bad I don’t understand one iota of what was said.

    I will keep my one Vita on 2.02 with Uno so I can play my purchased PSN PSP games that are still not in the Vita store like ModNation Racers PSP until something better comes along.

    Too bad we couldn’t just repack the Vita updates so the PSP emu isn’t updated with the patches we don’t want.

  21. Yoti says:

    frostegatEr

  22. PermaNull says:

    I’m starting to think that people who write comments here are scared of using the enter key…

    Reading through the comments it’s all jumbled together like one long sentence or paragraph in some cases really annoying to read guys.

    @smitty88oh,
    I was being a critic but that’s not always a bad thing there is corrective or good criticism and that’s necessary to teach/help/or give advice to someone when their articles aren’t fully understood by the general public.

    Which is what I was getting at and my point was proven by someone else saying they didn’t understand a single iota of what was said.

    Beyond that I was also stating that what he said was factually incorrect in certain ways as while exploits in theory would get thin it’s not common that this actually happens with the life span consoles currently maintain.

    • smitty88oh says:

      That user never proved your point! I am willing to bet that Chuckthetekkie is the type of person that doesn’t know how to hack, Just reads instructions on how to do this or that. And that’s his ideal of hacking. Download this put the file here and i’m good to go..I am a hacker now!!
      I know I could be completely wrong!
      I know how to hack gaming consoles along with computers. So I understood a good deal of what Acid_Snake wrote.
      The fact that someone called you a critic. You decided to go on the defense and attempt to prove yourself right!

      Could the article been written better? Of course it could.
      Nothing is ever perfect!

      Now if I hurt your feelings. I will apologize!

  23. Henriquebrasil says:

    even seems that everyone forgot UVL … one day I use my RIFF BOX …

  24. gunblade says:

    so we ran out of a few old tricks from the psp think need to find new ones then good thing the vita has skype n email n twitter..

  25. gunblade says:

    welll sony like make use off hacker n homebrew guess makes sense to make use of the java psp(miss how sony use to welcome third party user with outher os)werd how sony made a fon olmost like the psp go

  26. LTTp says:

    I am kinda sad to see that the vita may never be fully hacked, but wasn’t that said about the PS3?

    I still think one day in the future their will be a full hack for vita but we will have to wait…

    I got a vita cheap pretty much for a vita hack, tho I run uno exploit, it kinda sucks waiting on uno atm…

    I wish I could update vita and keep uno exploit so I can still get vita games and such but… what ever I guess.

  27. Pholly says:

    It really is, it’s hard to believe people are really this stupid.

  28. aerinas says:

    We still play vita games, you know….

  29. >_> says:

    Speak for yourself, stupid.

  30. Bullshiters says:

    because people want to try to play PSP games with 2 analog stick

  31. PermaNull says:

    Just please brush up on your writing skills before attempting to write a blog post explaining something to the general public.

  32. wololo says:

    Although I’m getting your point and I agree that some portions of the article could have been much clearer, you’d be amazed at how hard it is to find people who have the writing skills AND the technical skills to write such an article, AND still care about actually explaining stuff to the general audience.

    Based on that, I’d say that Acid_Snake does an ok job in general.

    As a matter of fact, every time I’ve approached other hackers to write such an article, the answer has always been “why bother? It’s not like one can write a tutorial ‘how to find kernel exploits'”, but I actually believe it is possible to at least give the basics, a list of tools used and how to use them (I’m sure LOTS of people would actually start looking for kernel exploits if they were given the right explanations on how the firmwares are decrypted and Reverse engineered)

  33. Yuu says:

    As someone who has never delved into programming, i could give it a shot if the basics and tools where mentioned. Totally agree with you.

  34. z2442 says:

    Wololo I think articles like this are very helpful for those people just starting out in the homebrew scene. It just give out an idea of what is going on behind the curtains or even a place to start.

  35. Acid_Snake says:

    and that’s exactly what this article does, it gives the basic idea and examples of three kernel exploits. All I’ve done here is vaguely summarize what I’ve learned about kernel exploits by doing a lot of google searching and reading already released exploits, I wish I had an article like this when I started learning kxploits, it would have made my life a lot easier.

  36. Acid_Snake says:

    this was supposed to be a replied to wololo a few comments up, how it ended up here I have no idea o_O

  37. gunblade says:

    were running out of expoits make me wont to go back to making my psp 3000 with a psp go and a hard drive or a psp 3000 and a psp go with a hard drive that way i can play to game at once or play music while playing on the go 3000

  38. gunblade says:

    think u placed an extra to at the ending of the article…

  39. gunblade says:

    all good tough

  40. gunblade says:

    well psp terms we need a downgrade and a custom firm

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>