Yifan Lu dives deep into hardware analysis of the PS Vita

You might remember Yifan Lu from a more or less private project of running unsigned code on the PS Vita through a native exploit. Or if you’re not very familiar with that aspect of the vita scene, you might know him as the guy who came up with a jailbreak for the kindle several years ago.

As he stated himself recently, the Vita has been out for 2 years, and nobody has even dumped its NAND yet (at least not publicly), while it happened for the PS4 2 weeks after its release. Deciding to take the matter in his own hands, Yifan Lu started a donation drive to get some hardware in order to look closely at the Vita’s hardware.

Namely, his goal for now is to try and dump the NAND. Now, depending on how well you know computer systems, such a goal might either sound like Klingon to you, or appear to be a trivial task that doesn’t deserve any excitement, or sound like a useless attempts… but let me describe why I think this is very cool.

vita_motherboard

I have no doubt that Sony have made their best to secure the Vita, both from hardware and software perspectives, so you shouldn’t expect a magical and immediate breakthrough from this attempt.

But that’s not why I am excited about this project. As a matter of fact, Yifan Lu admitted to have extremely limited experience in hardware hacking. And, as paradoxical as it may sound, this is exactly why I am interested in his experiment: he promised to document and report all his findings, and I think the project is extremely interesting for all of us who have absolutely no experience in that kind of stuff. His articles, including the donation drive itself, are a nice introduction into the world of hardware hacking, from a “noob’s” perspective.

In his first articles, Yifan Lu describes the hardware he uses, how he uses it, the mistakes he made, etc… That’s the type of information you will never get from seasoned hardware hackers, as they forgot how these basic things simply sound like voodoo magic to the rest of humans. A chosen bit:

“To remove the actual eMMC chip, keep the heat gun directed at the chip for a while, then use your pointy device to try to pry it off. Use a bit of force but not extreme force and be slow with the prying. This is because even though the solder below melts fairly quickly, the chip is held in place with some kind of glue”

Additionally, Yifan Lu has been posting cool pictures of the Vita motherboard, which in themselves are worth the read. Greg describes it better than I would:

vita_nand_pinout

Vitan Nand pinout, as documented by YifanLu

 

Again, I am not expecting any huge breakthrough from that anytime soon, but the attempt in itself and the experience that Yifan Lu is sharing with us, makes it completely worth it in my opinion. Can’t wait for more articles!

More pictures and detailed articles on YifanLu’s blog

  1. BOOGIE2988’s avatar

    FURST!!!

    Reply

    1. Bobby_Chad’s avatar

      So?!?!

      Back to topic, there is a video of how to open up a vita, however, what he is doing is going a little bit further which is cool!!

      Reply

      1. gunblade’s avatar

        right i seen like they had to put the screen in a toaster to get the glue off prety smart

        Reply

    2. ANALOVER’s avatar

      HOLY SHIT ITS BOOGIE

      Reply

      1. Acid_Snake’s avatar

        the real boogie2988 is not a dumb asshole

        Reply

    3. >_>’s avatar

      ………………../´¯/)
      ………………,/¯../
      ……………../…./
      ………../´¯/’…’/´¯¯`·¸
      ……../’/…/…./……./¨¯\
      ……(‘(…´…´…. ¯~/’…’)
      …….\……………..’…../
      ……..”…\………. _.·´
      ……….\…………..(
      …………\………….\…

      Reply

  2. bayou billy’s avatar

    Vita is getting hacked next year by yifan or someone this has gone to far!

    Reply

    1. gunblade’s avatar

      all goood u got like secound think iam like fourth or sumthing

      Reply

  3. bayou billy’s avatar

    idiot@ booger2988

    Reply

    1. Mr. MaGoo’s avatar

      You must be new to the site. This has been a tradition dating back years. To get first on this site with as many followers as Wololo has is something special and should be cherished as an “OG”. try checking some of the early posts and you will see that it is one of the unspoken gaems.

      Can I get a second from an OG?

      Reply

      1. ps4beast’s avatar

        well thats a load of shit ive been on here for years and everytime i put first i get told to grow up! im nearly 30 years old i thought it was the done thing

        Reply

      2. titegtnodI’s avatar

        The only comments I’ve seen about the people who post “FIRST!” are usually “stfu” or “dude, it’s always been a tradition don’t you know?”, dating back to since people started saying first on every blog post made. It’s not unique to this site, it’s everywhere on the Internet and is often considered “annoying”.

        Reply

    2. gunblade’s avatar

      lol boogenation

      Reply

  4. hashcheck’s avatar

    Could you read the NAND the same way we can read a 3DSXL Nand
    http://gbatemp.net/threads/nand-flash-dump-3ds-xl.350668/

    Reply

    1. Yifan Lu’s avatar

      You can read the nand the same way. Except the 3DS has nice unfilled pads that you can solder wires to while the Vita has tiny 0.5mm resistors that is hidden under a base mount that you need to remove.

      Reply

      1. imbapete’s avatar

        man! you are sick!
        this is so cool! i wish i know some of this stuff so i can help out.. too bad that i only love gaming not programming :)

        Reply

  5. mma_jedi’s avatar

    Great job YifanLu. It has to start somewhere. I say by 2015 we’ll be having VCFW..from SoMeBoDy or abother

    [[crossing fingerz]]

    Reply

  6. gunblade’s avatar

    right on yifan lu thks… i could zone at the vita board for days looking at how it works weird iam i guess lol

    Reply

  7. alpmaster’s avatar

    If Native can get us the ability to have sund on PSX then i would care. If its just to get vita roms then i could care less =D

    Reply

    1. SSJ-Vita’s avatar

      Yeah screw free vita games who cares, bring on android or ios :D

      Reply

  8. jake’s avatar

    By native exploit… do you mean… A “proper” PS Vita hack? Like back with PSP cfw when you had to buy games like GTA ect?

    Reply

    1. oreo’s avatar

      I believe that when they say a “Native” Hack it means one that doesn’t go through the psp emulator inside the psvita’s software.

      Reply

  9. SSJ-Vita’s avatar

    It’s really good sony decided to take extra measures to make sure their chips would remain in place extending vita life and all, but can’t seem to shake the idea that maybe they took extra measures to help keep it from being fully hacked. It’s hard to believe that 2 years in and the vita is still deathly allergic to being anything like a normal handheld touchscreen :/

    Reply

  10. Maverick81PL’s avatar

    Yifan Lu go to Jail!!! DOnt hack Vita! When someone hack Vita developers will go to another console and Vita will die like PSP!!

    Reply

    1. afehst’s avatar

      whoawy, you stupidness hurts, i mean when a jailbreak came out for the ps3, sony gave a update to it, and the jailbreak was gone, and let’s be honest, there are not much games for the psvita out yet (after two years), and especially not great games, and it’s a little bit annoying that whenever you bought a psvita, for a lot of money, that you also have to give like at least 40 bugs for a game that isn’t worth it

      Reply

    2. Yifan Lu’s avatar

      If I pass “Go” on my way, do I still get to collect $200?

      Reply

    3. Darth_Vexen’s avatar

      Literally, the best thing that could happen to the Vita right now is getting hacked… maybe that way the sales would improve.

      Reply

  11. franz’s avatar

    wow keep doing ur thing i know somedaity willeadl to something i remember when they said ps3 is unhackable lol look at tht scene now nothing is unhckable

    Reply

    1. trininja’s avatar

      Uhm, the circustances why the PS3 was hackable are different than for the Vita. Sony did a mistake with a magic number that was fixed and not radnom, so it was possible to get into the PS3.

      But I think as soon as someone can get the JTAG on a Vita working with the first commands, the rest will be just a matter of time. But until this day, well, live with what you have. The JTAG thing is always difficult, I can remember my old hacking days on the X360 and how hard we tested the JTAG for month, hell, years until someone found the bug we needed on an old console with an older software version.

      Question is, has sony eFuses on the Vita? Nobody could tell by now, and if it is so, there might be a problem in the future.

      Reply

      1. Chuck’s avatar

        But they patch the keys ihe ps3 still theirs a work around it like ode, true blue etc, if dark alex or guy liek geo hotz try to break the vita its go get done or some progress will be made but their to scared cause of sony… Every device that i know of gaming console hanheld etc pc are all hackable as far as i know well not the newest focourse ps4 and xbox one thats just my point nothing is unhackable

        Reply

  12. poe’s avatar

    Excuse me if I got the wrong guy, but wasn’t yifan yu the one who had a donation drive to get a vita dev kit and then we heard nothing more? What happened to that money?

    Reply

    1. Thorwak’s avatar

      No that was SKFU IIRC. I fail to see how it would be relevant even if it was though? Were there any promised made of a certain result?

      Reply

      1. poe’s avatar

        If you read the post, yifans was asking for donations. If he had a previous project that he asked for donations for, then after he got the money, nothing was ever said about it – then I wouldn’t donate again. Especially for buying a vita devkit,you expect some sort of reassurance that the money was spent on what it was intended for. Though, since that was not yifan, you can disregard this and my previous posts.

        Reply

    2. wololo’s avatar

      That was skfu.

      Reply

      1. 110706’s avatar

        and i wonder what he achived with it?

        Reply

  13. Thorwak’s avatar

    Credz, Yifan Lu, for starting from scratch, and for sharing the experience! If you keep it up (and can keep supplying new hardware to wreak havoc on) you definately will learn a lot and eventually most likely produce a proper dump.

    I agree it’s a bit weird there’s no (public) dump to be found yet btw. Perhaps the dump will turn out to be completely random data (encrypted by HW controller) and a dump has to be done in SW from the OS to be useful?

    Reply

  14. TVT’s avatar

    S***t…I spilled my coffee..I read “Yifan Lu dies” in the title.

    Reply

  15. 110706’s avatar

    At least hes trying something. And man that sentence about PSVita and PS4 NAND says alot about how interested hackers are about Vita…no wonder it’s 2years already, a Slim Vita was released, and still no sign of CFW even for old Vita.

    All we get is some trash VHBL stuff and TN-V. People are excited about emu crap on their PS Vita. When they can simply get PPSSPP, crank the graphics filters to max, set to 1080p and make a crappy PSP game look better than a game made for Vita. Cant belive people are wasting their own life with developing VHBL and TN-V eCFW crap. And yet those are pretty much the only ones who keep Vita “scene” “alive” a bit. PS Vita the first hack proof console? nah less likely. No one seems to give two flyings about it. “Vita has been out for 2 years, and nobody has even dumped its NAND yet (at least not publicly), while it happened for the PS4 2 weeks after its release.” That looks promising! 0.0

    Reply

  16. Hazer7’s avatar

    Wait, I thought you were only allowed to call it a jailbreak if its by Hotz?

    Reply

  17. user’s avatar

    But here’s the thing. This hack is running through an exploited game. Which may get patched just like the PSP 3000. I mean if that’s what he is trying to achieve, then I don’t really think it’s that exciting, because once Sony releases a patch, you gonna have to decide whenever you want to continue playing online, or will you stay on the exploit and play the homebrews.

    Or did I read it wrong? I mean, I couldn’t find any mention on installing the hack on the PSV it self. If it just going to run through an exploited game like on the PSP 3000, then it’s not really that exciting.

    Reply

  18. Vincent L.’s avatar

    Keeping a hot air gun over the chip ? Nice way to fuck it up. If you need to desolder surface-mounted chips on a limited budget and not a lot of experience use Chipquik, not tools that can destroy your electronics.

    Reply

    1. wololo’s avatar

      I think that type of comment is what we need. I think this is mostly unknown territory for YifanLu (and for me as well), but clearly some people (including you) have experience enough to let us avoid the most obvious mistakes. Things that sound obvious to you given your experience, are probably not to 99.99% of the people on this site, so that type of comment is (would have been) valuable.

      Reply

      1. y-seyf’s avatar

        So, I would recommend you to use a 6 Watt thin soldering iron, because these make it much easier to solder to very little connections or pads and they are cheap to get from ebay (got mine for 8€). Trust me, I had a similar issue with the connection pads to be very little when I soldered my WiiKey Fusin to my Portable Gamecube with its FFC Cable and its very little connector.
        Also, use Soldering Paste (I don’t know the english word, but it is like soldering flux with a thicker consistence that makes it musch easier to apply to little connections and it would not flow into unwanted spots.

        And pay attention to the condensators on the vita’s MB ’cause these are likely to blow up easily when hot air is applied (have experience with similar case pf desoldering something).

        I wish you much luck and hope you succeed on it, because i like the idea of finding more stuff out about the vita than just about the psp emulator sandbox thing :D

        Reply

    2. 110706’s avatar

      Someone on his blog also told him to use Atten 858d+ for example instead of a regular heatgun. Looking at some youtube footage, it’s definately a night and day difference. Yifan should listen you people advices.

      Reply

  19. nevercall’s avatar

    whenever there’s an update about HACKING… I always get eager to try it myself…

    so guys, can u please LIST THE STEPS on how you get the knowledge to hack a device STARTING FROM NOTHING?

    starting from the most basic, like did you take a course or just studied it yourself? projects, etc…. until the time you got enough knowledge to hack a device… :)

    thanks and merry christmas

    Reply

  20. nevercall’s avatar

    whenever there’s an update about HACKING… I always get eager to try it myself…

    so guys, can u please LIST THE STEPS on how you get the enough information to hack a device STARTING FROM NOTHING?

    starting from the most basic, like did you take a course or just studied it yourself? projects, etc…. until the time you got enough knowledge to hack a device… :)

    thanks and merry christmas :)

    Reply

  21. wisest.guy’s avatar

    certainly one of the more entertaining comment sections i’ve read in awhile lol.

    Reply

Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>