Sony patched up to 20 exploits with Vita firmware 3.00
We’ve mentioned several times in the past few days that firmware 3.00 has been a surprise to some of the veterans in the PSP/Vita scene, as Sony has patched several undisclosed psp exploits with this update.
It is fairly rare for Sony to patch an exploit before it gets publicly released, more so when it comes to exploits in the psp emulator, which in two years of Vita’s existence haven’t proven to be a security or business threat to Sony.
Nevertheless, firmware 3.00 appears to contain patches for several exploits that were known probably by a handful of people. Firmware 3.00 contains typical “blacklist” patches in the savedata_utility.prx, but also apparently deeper fixes in the psp kernel.
Savedata_utiliy.prx is a file that contains (among other things) a blacklist of exploits. I’ve described that file a while ago here: “When the PSP and the Vita show their battle scars“. With firmware 3.00, the savedata_utility.prx blacklist has been updated to block the “pawa pro” exploit from 173210 (this was expected), but also Frostegater’s Fieldrunners and Pipe Madness exploits and Yosh’s Half Minute Hero exploit, which hadn’t been publicly disclosed before the 3.00 release.
In addition to those, somewhere between 10 and 20 other undisclosed game exploits have been added to the blacklist, which means those exploits are now technically patched. (I have been asked by my sources to not be more precise than that)
It does not stop there, though, as it appears some techniques used in VHBL to increase compatibility are now patched in the psp kernel. The patches in general do not prevent VHBL from running, but limit the compatibility of some homebrews. Acid_Snake discussed this at length in his rant to Sony 🙂
Vita firmware 3.00 has put serious limits to ongoing efforts to open the psp emulator within the Vita. However, many devs/hackers have contacted me to let me know their own exploit wasn’t impacted, or that they had found workarounds. Total Noob’s long awaited TN-V4, an upcoming kernel exploit within the psp emulator on the Vita, does not seem to be impacted.
To me the big remaining question is the source of these fixes. Do you think Sony have a team looking for exploits in their PSP games? Or do they get contacted independently?
I love you
I don’t think Sony is really looking into anything but maybe they wrote a nice letter to the gamedevelopers to look out for bugs in theyr products. We all know how the lawyers at $ony work …
Features of Firmware 3.00 or exploits; I prefer exploits, hackers and modders tend to develop more fun apps than the companies themselves.
i believe Sony made special division to handle FW security on PSVita and PS4.
*for PSVita and PS4
It must be on their end somehow, if nobody is disclosing the names of exploited games, it could be some sort of detection system added to 2.61. My friend on PS3 once noticed (Through PSN) I was running a SNES emulator. As Devs are using private exploits, and connected to PSN it may be a red flagging Sony. This is just a thought, as I have no idea about the inner working of the Vita. Can anyone add anything to this theory?
Hey, maybe the capability to play on PSN with a lower firmware was put in place intentionally by Sony to flag the device or exploit(You know to thin out the crowd).
Unless you were using an SNES emulator on a PS3 that has CFW there isnt any way for them to see what homebrew you’re using on a Vita. VHBL is running within a game in the pspemu and the homebrew subsequent of that. Using VHBL is masked by the game you are playing.
That makes sense, I was in fact on CFW PS3. Still, how the heck do they know what Vita games have exploits?
There might be a double agent. Or I saw some people in this scene showing their MAC addresses in tutorials(or simply their PSN ID). Maybe they are tracking your purchases to narrow down what games could be exploited and well….trying to exploit it. I would recommend that you burn every trusted hacker and start the “Circle of trust” from scratch.
That isnt really possible, cause some games were bought months if not YEARS ago, and then used to exploit them at the vita.
That would have been a lot of luck to fix exactly the games that were exploitable.
The exploits where either detected, reported, or Sony has a time machine.
hey The Z, couldn’t they blacklist all psp games if they wanted to and end vhbl completely?
Considering there are some that haven’t been patched, I highly doubt this is the case.
You just want in don’t ya :3
Well, if I see the number of existing “private” exploits and compare it to the number of serious “hackers” out there, it’s not too difficult to find them. The problem is only limited to the costs of trying out every single mini game. Since this is priceless for sony, it’s probably enough to have one guy sitting there all day long, trying to create a buffer overflow on every single psp game. I guess, this is the easiest way to find a large number of exploits. If they don’t have an own “hacker”, there might be one out there, telling them exploits he or she has found for a certain amount of money. Let’s say 100 bucks per game or whatever. There will probably be many people out there, willing to do this for some amount of money.
The bigger problem in my opinion is, that we probably won’t have another exploited game released with TN-V. It might still be workin on the remaining exploitable games, but the virtue of such a game could be too great to release it, just for the fame and at the same time lose it with the next patch.
I’m guessing, that TN or another guys who still has a handful of games won’t share them. At least I wouldn’t, if I had them. Those who shared a game or two in the past, probably had 5 or 10 exploits running, ensuring, that they can continue their work after the next patch. The only reason to make an exploit publicly known, is to get some fame and still be able to continue working with other exploits, after the public one gets patched. Noone is going to release it’s one and only knows exploit. Possibly even not, if he or she has two or three exploits.
That’s what I think. So I guess, the PSP emulator will be closed for a loooong time.
Of course I still HOPE to see another exploitable game, but I don’t think so. – At least not very soon. I can imagine, the next official patches will maybe close another 10 exploits – maybe some, that aren’t known at all. Cause Sony has proven to us, that they are willing to test, test and test as much as they can. And believe me, they have the possibilities to test A LOT… I’m staying at 2.61 these days.
Try to think other way… maybe everybody now want to give their private exploits to public because it DOES NOT MATTER if they do it or not and their games will be patched anyway :)… think positive
Hehe, nice idea 😉 I q didn’t order oysters cause I couldn’t afford them. You’d buy a hundret, hoping to be able to pay them with the one pearl inside, right?
said mostly i mean there like way over five hundred psp game since the psp came out not counting mini so u would think there be a lot of games even with the psp there was a lot of updates weird tough it jus a psx in a ps2
can anyone help, I’m a little confused, I thought usermode exploits could only be usermode, but somehow TN-V4 is being ported to them all, how can this be if it doesn’t have access to the kernel commands in say, fieldrunners, which runs in “userland”. Maybe I’m just stupid, any help guise?
The usermode exploit and the kernel exploit are two different things. A kernel exploit isn’t in the game, but the pspemu itself. A usermode exploit is simply necessary to be able to run the code to trigger the kernel exploit. This is why any firmware below 2.02 can run the kernel exploit that was released with UNO, and any firmware(with a usermode exploit) will be able to run the TN-V4 kernel exploit until it is patched after release in 3.01 or higher.
There may be a tiny chance of Sony introducing a new bug that leads to a kernel exploit, but it’s 99% certain that any kernel exploit has always existed in the pspemu, and will work on any firmware below the one on which it is released. Unless, of course, it is caught in a wave of unexpected patching like these usermode exploits in 3.00.
So, in summary, usermode and kernel exploits are two different bugs in two different places, you just happen to need a usermode exploit in order to launch the kernel exploit. (the usermode exploit is in the specific game, the kernel exploit is in the PSP emulator)
it’s called privilege escalation, look it up
it’s well know that the largest companies like sony or microsoft. hire people just for playing, hacking or crashing their games to fix all the vulnerabilities for their consoles and the VBHL and TN topic is gaining fame (i’m from mexico and even here we’re tracking down all updates from this scene) so i believe that they’ve a team doing just like you but to make the patches before the game exploits get to public, to finish i want to congratulate everybody working on vita hacking because sony are selling us very expensive the save space to buy their games i.e here 32GB vita memory card cost about $120-130 us dollars
I thought it was going to impact the TN-V4 exploit for 3.0, i was wondering if it was the right choice to update.
Who the *** is going to upgrade now???? I’m keeping my 2.02 and UNO, who is with me?????
here’s my two cents: I don’t think Sony are actively looking for exploits, what I think is that when we released the Arcade games exploits they realized that publishers tend to reuse the same engine and code on all their games, so a publisher with a game that has a vulnerability has other potential games with similar vulnerabilities. Sony simply looked into other games from publishers with an already known game exploit. Take a look at who made each of the private exploits that got patched, chances are its the maker of another game that did go public. They just connected the dots. As for the utility thing, well it’s safe to assume that TN releasing his test binaries where the cause of it, as they hint to where the kxploit is (although not at the kxploit itself) so it’s natural that Sony at least tried to decrease the amount of games that have access to those utilities.
+1 Exactly what I was thinking.
Good point.
This seems plausible!
Wow if Sony would have taken actions like these in the beginning of the psp’s life time it might not have become the open pirate handheld that it has become.
maybe they have build in an exploit radar and when seen an exploit instead of preventing it now … blacklist for later ?
something like the buildin wifi radar on some jp firmware
wifi radar like the radar on f 16
Could this be a possible leak? Not meaning to pick at anyone here, just wondering. Also, are the exploits going to be released now? They could prove of some educational value.
3 of these exploits have already been released in the past 4 days. They all use the same buffer overflow techniques described in my tutorial, so there is not much educational value in them, really.
Maybe they should not release all exploits.. considering possibility that in next firmware update the patches are removed… and people on lower firmware can still put them on their Vitas, using the Open CMA or Clarles method 😉 Just a wild guess.
bytheway is there some sort of vita psp emulator sorta
psplink with nethost for vhbl ?
then maybe …
cheers
One Word “GeoHot” Remember They Gave him a position on thier security team
…Instead of Jail Time
Nah
Lol, Geohot does not work for Sony, not sure where you heard that stuff.
They’re pulling out all the stops.
That’s too bad. Sony has begin to patch undisclosed psp exploits. Maybe I should keep my vita in v1.8@GC.
So, when is the release date of new exploit for 3.00 ????
now till next year..
I smell a rat, please find the common denominator as soon as possible to prevent further damage.
I don’t like this idea because the “common denominator” would likely point to people I trust a lot on the scene, including… myself 😛
It just doesn’t make sense. Acid_Snake’s explanation (they audited games from the same development studios that had been exploited in the past) is much more likely
Pay for an audit on a per game, per auditor basis… or pay a hacker to infiltrate the community for all games and many auditors… I too dislike the idea.
I am sure this event has reminded the honest developers of the value of their treasures.
Has the release date really been changed till next year?
my guess, most exploits work threw savedata,
so testing each and every game in that or similar way won’t be impossible.
long but not impossible.
Hello
Is there any working exploit (kernel better I suppose) in PSVITA OFW 1.60 yet?
Can I use UNO fron the PS Store?
Thanks
You can log into PSN store and look for game named “UNO -Kernel Expolit Ready” that might work for you…
And UNO is not patched in the store now? (I have 1.60 OFW)
Games do not get patched. Firmwares are patched. If you manage to get UNO on your 1.60 console today, the exploit will work for you.
Sony is probably paying someone or a team of guys to keep up with forums and also to hack their consoles the best that they can.
i guess they can monitor online when a hack is in progess.
I’ve been following for some time now. Tried to make my vita “more psp friendly” when I had 2.06…. utter failure. Can anyone help me step by step so I am ready for an exploit that comes out for 3.0? Pretty please. Also, you must know that I am an idiot and need to be handled with kid gloves when it comes to ‘technical jargon’.
After updating I found that the Mortal Kombat 9 invite player option isn’t working at all. F**k u Sony X(
Not only the Vita is a sinking ship, but looks like Sony wants to take out the fun of homebrews and PSP emu stuff too. Keep it up Sony!
i already update to 3.00..huhuh…hoping they will exploit for ps vita tn v 4
They got us in a corner,, im getting closer and closer to putting up my white vita with uno exploit.. im just tired of lack of games. Tired of limited OS and bugs. Tired of this 4 core device being wasted. Things have changed,, they wont ever be the same. We have begun an era of secure devices,, exploits are a thing of the past.
Can you release the GameIDs or the game names and region, considering that now is too late? maybe the games has something in common that alerted Sony…
on another note, I am really suprised Sony released an update that did not include a feature or a function that attracts update so much, but included so much security patchs
in the process of trying to get vhbl+fieldrunners i updated my vita to 3.0 accidentally. i know theres no current exploits released… but i was wondering where i can find these “ninja releases” as i would like to beat sony to there next patch. i check wololo on the daily but id rather know for certain that im not just looking in the wrong area all together.
I too updated my firmware to 3.00 accidentally..
hoping for some trophy something…
but then when I tried placing some files, Open CMA 5 isn’t working anymore.. the PS vita asks me to update my said CMA..
I don’t care about the games that are being exploited yet.. as long as I can make use of my 32G memory for videos and songs, I’ll be as happy as before..
I Hope there will be an open CMa for firmware 3.00.
thanks.
Hi mates, its wonderful post ɑbout cultureand fսlly
defined, κeep it up all thhe time.
Mʏ web site :: dich vu seo uy tin