Yifan Lu dumps the Vita NAND, confirms it’s encrypted


We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

You may also like...

91 Responses

  1. FiahSticksm says:

    heck yeah! FINALLY!

  2. Sarge127 says:

    This could mean a ***-ton of possibilities… POSSIBILITIES for the vita. :)

    • lol says:

      keep your delusion for yourself.

    • Yifan Lu says:

      Unfortunately not. It means many thought-to-be possibilities are actually impossible. For example, I once thought maybe the bootloader is stored in the boot partition of the eMMC and that we could dump and examine it. That’s not possible.

      • Galford says:

        aw for real …!?

      • Netrix says:

        Are you saying the bootloader is not on the NAND at all, or just that it’s encrypted along with the firmware? I’m asking because for the Zune HD, the bootloader was on the NAND with the firmware, but both were encrypted, which means there was (of course) something that took care of decrypting the bootloader in order for it to boot. I suspected the keys were stored in the ‘Atmel 8 kilobit AT88SC0808CA CryptoMemory EEPROM chip’ that is on the Zune HD’s board. Maybe I’m just an idiot and it doesn’t have anything to do with it, but that was my guess. Did you happen to see any crypto chips on the Vita’s board?

      • Netrix says:

        Ignore my first question… I started reading your blog about the dumping and it seems to have answered that question. The rest of what I said might still be relevant. You mentioned a “mystery chip”, but that could be anything I suppose. I’m not that knowledgeable hardware-wise.

  3. Bla says:

    The ps3 is more or less hacked
    So we can use the ps3 to decryped the dump
    Then we also could use the hacked vita one the ps4!?????

  4. NakedFaerie says:

    You really think they wont encrypt everything after what happened to the PS3 and PSP?

    Thats why the PS4 is missing so many good and standard features. Less features means less exploits.

  5. matt123337 says:

    I’m pretty sure the 3ds’s NAND was dumped the same way,w itht eh 3ds you could also upgrade/downgrade with your own nand dumps, could this be possible on the vita as well?

    • asfggggg says:

      sure, it is nand after all :)

    • Yifan Lu says:

      It is a possibility, I have not tested. They could block downgrades by changing the encryption keys for every upgrade or any number of ways. I didn’t test it because at this point, having the ability to downgrade is pretty useless.

      • asfggggg says:

        what about with the development vitas, don’t they need to connect online to sony every 30 days?
        With backing up and restoring the nand, this could be bypassed, right?

  6. joe says:

    Vita RHG lol

    nice job man.

  7. L2SSnake says:

    My geek part of the brain is OC xD

  8. mma_jedi says:

    Now Yifan Lu is working on a Video Out possibility!! Idk if Sony has even said what the mystery mini usb port is for…but we’ll own that shiit.

    • zxskylinekidxz says:

      I believe the Video Out only works with a Sony TV. I have a Vizio and the Screen shows me “Not Supported” when I used the PS Vita’s USB. Try testing it on a Sony TV. I researched it when the Vita came out and Video Out was said to be only supported by a Sony TV.

  9. necro_something says:

    I hope the Vita portion never gets hacked- at least not so early in it’s cycle.
    It’ll truly be the end of the system that’s been struggling for so long if it does get hacked.

  10. guys vita is a dead platform sell your OLED versions to hardcore monsterhunter fans in japan and be done with it.

    I think even sony is ready to move on moving many of their vita teams from last year onto ps4.

    vita is pointless because soon remote play will work on ipad and stuff effectively via playstation now.

    seriously this console is 100% dead.. it picked it up as soon as my life become 100% dead.

    give up its for the best I know.

    • Sky Yuki says:

      No i’m going to use my vita as streaming device (as soon as it available in asia)
      Because i don’t have other console
      And smartphone? i’m not going to use touch screen

      Well if i have iphone i would get powershell thought

    • Dark GOD says:

      You can play PS Now on your iPad..
      I rather use real controls of the VITA without the need for a 3rd party overpriced controller.

      • JeoWay says:

        You cant play it on iPad… i’m sure Sony will try to make sure its only optimized to work on their brand products. Like how they said it will work on TVs, only the new Bravia TVs, which is owned by Sony. Or Sony tablets and phones, etc.

        • dboyz says:

          yup, I second this…just see how playstation mobile goes….not even flagship andorid phones have it (S4, Nexus etc) only certain Sony phones, HTC etc (well rooted phone can install PS mobile tho)

    • Davey says:

      Thats actually a good point and Im serious, Sony might as well had made remote play for the 3DSXL. By making it available to a huge market that directly competes with the struggling handheld; they signed its death warrant.

      The Vita and all its glorious hardware and many are naive into thinking these independent 2-bit games are going to support it. Take a step back and look at the big picture and keep it real – we havent see *** on the handheld that really shows us what it can do. The Vita games I have, and I have a few are just boring. All I’ve played on it lately thats entertaining are PSP and PS1 games and as cool as they were and as great as they look on the display Im not getting my moneys worth. 95% of the games are ***. Im tired of SNES quality games when I have this $300 device. I myself want to see a freaking RPG that shows off what the handheld can really do and not ports. Something made for grown ups. Im jelious of Nintendo and the developers that pushed the SNES to do more and more (eg RARE). The devs making games for the Vita are keeping so much scaled back as half of them are porting the game to inferior tablets and phones as well.

      In the end at least I have my emulators running on the Vita because of the $100’s Ive spent on Vita games, at least these are getting use on it. How sad I could have just ran these on my PC in the end. -_-

    • Franz says:

      Its not dead till sony says it just like the dreamcast.. Borderlands 2 is still comin and we vita exploit owners can still play a glorified psp haha

  11. Sky Yuki says:

    No it suck
    It doesn’t have vibration feature
    So it suck

  12. Dark GOD says:

    Interesting stuff.

    Read some comments and..
    Vita isn’t dead.

    No system ever truly dies if there are people who are still using it.

    DEAD is when you apply a hammer or a brick to your device.
    -Microwave it
    -Blend it
    -Give it an acid bath

    Now that’s dead.
    You get the idea.

  13. xlovenuggetx says:

    thanks guy.

  14. Nazar_Ops says:

    I still think that it will be hard to hack the VITA. PSP 3000 is still not hardware wise hacked, like the older PSPs. We only manage to run an exploit that lets us use stuff. But it is not a permament hack. If we never managed to permament hack PSP 3000, I doubt we will ever hack the PS VITA permamently, so that Sony can’t patch it.

  15. dAVEY says:

    I cant stop laughing now LOL now if it only vibrated! Quad-Shock controller or Octo-Shock the Vita would be a real pleasure toy then.

  16. ivo says:

    and a flash player for ubuntu 804 (SHELLSCRIPT INSTALLER)
    and a vita bios decrypter encrypter vitabios-crypter

  17. gunblade says:

    So the psn stream for the tablets android and the android second screen so it lets u play play pstwo games think if they let u download the games it be like in a seperate app that store the game think it would work on the psvita and stores the games but lets u emulate the pstwo to play pstwo games or is streaming faster some how since html Browser games cool.. wish …hack// for the vita thinking of getting phtasy star or soul sacrifice soul sacrifice seems more skyrim….

  18. gunblade says:

    Nice. Job yifan … I guess the new psvita got two gig upgrade and twice ram… It setup or the vita dump reminds me of how I use two play my psp… Maybe head backto gamestop today get sum new games then ross…

  19. kelso says:

    this is some crazy *** guys!!! some ps3 *** hahah Geohots, it’s crazy how he is putting so much work into it and hopefully does find a cfw for the vita it’s about time!!!

  20. Thrawn says:

    Ok so yifan now has a nand dump which is encrypted. That limits the key to be in the vitas cpu. Rgh anyone?

  21. ViRGE says:

    Even if it never leads to anything, it’s still something worth congratulating. Nicely done, Yifan.

  22. The AtoZ says:

    good yifan.. you are good student of mine…
    keep up what i teach you… same goes to the z…
    keep that up my student…

  23. LuKe_AA says:

    Wonder if DS/3DS like CPU’ed cartdriges will be the way to go for Vita “full” hack and/or bypass of encryption(s).

  24. Abdou005 says:

    Niiiiiiiiiiiiiceeeeee at least :D. we are “sure” now that the vita won’t be hacked by “NAnd Dump” . Yifan will start digging in the memory card, game card , mysterious port and the “software” side :D. LET THE HACKING SHOW BEGIN 😀

  25. ivo says:

    what about a signed psp bios dumper
    that feeds a bios to pc and pc-tnvemu
    660 on more arch!

    • Unknows says:

      @Ivo Everything related to the PSP has restricted access on the Vita. There is absolutely no way that, by digging into the PSP emu, will lead to a Vita “hack”.

      Besides, it’s hard enough to relocate the cpu’s mem since its all in 1.

      We just need to think out of the box a little more but kudos to Yifan lu-san for his skill set.

  26. ivo says:

    virtual breadboard psp plugin emu

  27. Xperimental says:

    The only reason i bought a Vita was to use in with a ps3/4 controller and play it on a big
    screen TV, only to find out sony F**K me over. So if hacking will give me these things
    singe me up.
    TN and the dev that made psp emulating possible gave the Vita back some life.
    but still there is no ps3/4 controller or TV out put.
    Till then I will keeping using ppsspp emulator is the best on the market right know.

    • CrimsonRaven25 says:

      All ps4 games can use the vita as a controller aside from games that require move and or camera, and that’s a really stupid reason to buy a handle gaming device as a controller only thing, I mean I knew remote play on the ps3 wasn’t gonna be what the ps4 was, you spent 250-300$ for a controller? Yes Sony indeed *** you good sir, try buying some vita titles, yeah their maybe be only a few hundred but theirs alot well worth it, vita sales have been up since ps4, more devs are getting more interested in the vita, so there will be more games coming out, does anyone remember the psp when everyone cried baby waaah about it not getting games

      • yes says:

        I think he means that he want to use the Vita as a console, connecting it to a TV and using a PS3 or PS4 controller instead of playing on the Vita directly.

        I dont know why he feels that Sony *** him over though. Sony never advertised that this was possible. Its kinda like saying that Nintendo *** you over because you cant connect the 3DS to a TV.

        But Sony did however come up with a solution for this. They released the Vita TV. It allows Vita games to be played on a TV, and you use a PS3 controller to play the games. The only downside is that all Vita games wont work (because many uses the touch screen), but at least it works with some games :)

  28. yukon says:

    This really makes me want to do “Electronics” for college.

  29. ivo says:

    root levetation sploit vita ?.?

  30. svennd says:

    Well only a couple of weeks for someone who already knows the PSP as the back of his hand … And who has allot of exp. on consoles in general.

    While his hardware skills might be “fresh” I doubt many could have an soldering iron and a vita, and do something usefull. Beside breaking it.

  31. Calsolum says:

    slow progress is always better than no progress. It doesnt seem like much but i for one am glad that there are still people working on the vita.
    thanks for posting his findings

  32. xchatter says:

    Thank you.
    Keep up the good work and don’t give up !

  33. ivo says:

    okey 101 now works for me thanks to the fixes 7.3
    megacheers xD

  34. mlc says:

    That’s a shame that it is encrypted, and that you can’t release it, but good job.

    Where do you think the Vita gets the decryption key for the NAND?

  35. ivo says:

    what about a tnv2.71se and some libtiff sploits

  36. Ry says:

    …Theoretically if we dumped the slim vita nand and updated the phat vita NAND with it we would get an additional 2GB of onboard memory.

    • Yifan Lu says:

      There’s a good chance that it’s a per-console encryption. Also, I know that the firmware/updater enables/disables specific features for each console (for example some apps aren’t copied into VitaTV), so the features may still not be enabled.

  37. stonemandy says:

    I believe its possible to figure this out watch some 13 year old kid will find a way . Anything is hackable even the world’s biggest supercomputers. There is alot of people that don’t want the vita hacked yet but don’t give up its only a matter of time

    • svenn says:

      supercomputers aren’t stronger protected then say, any other computers … in fact there allot less protected then the vita, since speed and raw calculations is the target of super computers not gaming 😉

  38. Mr Genius says:

    hack ps vita just like ps3 im sure boom many consumer buy ps vita… Like psp a lot people buy psp right it’s been a years people using psp now it’s time !!!

  39. Jah Nix says:

    Thanks Wololo for the update – Great work Yifan Lu! Highly interesting read and we can only hope it leads on to better things!

  40. nevercall says:

    how ’bout the vita game card? maybe we can do the same trick they do on 3ds w/c they play backups(cough) from it?

    • Yifan Lu says:

      Gateway 3DS required a kernel exploit.

      • Hazer7 says:

        I thought we had a kernel exploit for the vita. Just not the native. And is decryption that hard. You should go further into details about what type of encryption it is.

        • Yifan Lu says:

          We don’t have native kernel exploit for the Vita. We have it for the PSP emulator ON the vita.

          “And is decryption that hard.”
          If done correctly, it would take more than the life of the universe to crack AES encryption of a reasonable key length (which is what they are using).

  41. 110706 says:

    “”I believe Vita hacking will not come without massive help from hardware hackers.”” and “Oh, and this goes without saying, but yifan Lu will not publicly disclose the dumped material.”.

    Translation : i want hardware hackers to help us hack vita, but i dont want to share what i have already discovered and maybe someone smarter than me can figure it out.

    Good luck getting more people interested in hacking Vita if you act like this. PS Vita chances of getting hacked are slimmer by each day…meanwhile each day newer and more powerful hardware arrives for handheld devices, ultimately making Vita totally not worth it.

    • JS22 says:

      Exactly what I was thinking. I was wondering what he meant by saying: “I won’t be able to release data I obtain from the device for legal reasons (including any actual dumps made) but I WILL post instruction for REPRODUCING everything I do.”

      Which means, he won’t be releasing the actual dumps, and most likely, won’t release a Native Hack for the PS Vita, BUT, someone who is following his instructions can reproduce it and release it. Unlike Yifan, he is just avoiding Sony haunting him down. Understandable, but that’s where most people got confused, or mislead, and donated right away because they thought they were going to see a Native Hack and Homebrews on their system…ONLY by following his instructions that he post up, NOT by downloading a Ninja Release or a Nand Dump, or anything like that.

      The real question is…no, the real question was, “are we going to see a Ninja Release of a Native Hack for our PS Vita? The only people that would most likely to have it (in the future), would be the massive help from the hardware hackers and coders, not people who donated, UNLESS they are following Yifan instructions. So you donated AND must purchase the items that Yifan bought by your donations, and follow his instructions on how to do a Nand Dump. Please correct me if I am wrong. I have nothing against anyone. Just trying to make it clear for myself and maybe others.

      • Yifan Lu says:

        Let me quote my entire disclaimer for reference.

        “Before we talk business, I want to be as open and honest as possible. I am not a hardware hacker. I have very minimal experience with hardware (I know how to solder and I know what resistors look like), so by no means am I the best person for this job. In fact, I wish there was someone else doing this. My only qualification is the small amount of knowledge I have running userland Vita code and exploring the USB MTP protocol. It could turn out that I’m completely incompetent and not get anything useful. It could turn out that everything works out but my goals were set in the wrong direction. It could also take a very long time before any results are found (since this is a hobby after all). But, I will always be as open as possible; documenting any small discoveries I make and posting details and guides about what I’m doing. I’ll post any large transaction that takes place within the scope of this project and admit any mistakes I’ll definitely make. I won’t be able to release data I obtain from the device for legal reasons (including any actual dumps made) but I will post instruction for reproducing everything I do. I have seen other “scene” fundraisers and the problems that arises in them (mostly lack of response from the developer(s)) and will try to avoid making such mistakes. If you still believe in me, read on.”

        Please note that it was posted BEFORE the donation button. You must scroll past the large “Disclaimer” text before even getting to donate. If you still haven’t read it by then, I’m sorry but I don’t think I’m misleading anyone by not releasing any (encrypted, aka useless without key) information.

        ‘The real question is…no, the real question was, “are we going to see a Ninja Release of a Native Hack for our PS Vita?”‘
        Nowhere in my original post did I even mention a native hack, an exploit, or anything. All I said was that I want to dump the NAND and explore the hardware and if you want to help, feel free to contribute some money.

        “So you donated AND must purchase the items that Yifan bought by your donations, and follow his instructions on how to do a Nand Dump. ”
        Nope. If you read the posts, you can see that all you need are three pieces of wire and an SD card reader that supports 1-bit read mode. The tools I bought allowed me to analyze the hardware so I can find this. It’s like saying everyone who wants to run this homebrew must download the SDK.

        Furthermore, if anyone DOES feel like they have been misled, I will happily refund their donation.

    • Yifan Lu says:

      Real Translation: If you are working on the Vita feel free to contact me. However, I cannot release any materials because Sony is known to be very hostile towards hackers and don’t want to give them any reason to sue me.

    • wololo says:

      @110706, your comment is just so out of place it baffles me.

      Obviously, you completely missed the point of the “this goes without saying” part, so I’ll say it anyway:

      – there are legal implications to distributing the content of the NAND, which is made of copyrighted material from Sony. Yifan couldn’t do it without risking legal action from Sony (even if, in encrypted form, that arguable)

      – The content of the NAND is encrypted, and therefore totally useless to anyone. (NO, other hackers won’t find a magical way to decrypt it!)

      As a conclusion of these two obvious (for anyone with a minimum of experience) points, the files will not (do not need to) be released.

      Makes sense? Next time, comment only if you know what you are talking about.

  42. euss says:

    Not only is it encrypted (psp2000 and later is anyhow), it is also perconsole tied – so it is not like you are going to do anything usefull with it other than comparing and documenting its rough structure with other encrypted flash dumps.

    The standpoint about not releasing full dumps is understandable, even when censored to remove personal data. It is certainly not surprising to see reluctancy to open up for legal debate. Ever since Sony sending DMCA to virtually anyone remotely hinting to Sony owned material or even removing content that is not even owned by them but opensource/public domain you can hardly find a website/person willing to pay for the legal expenses for such debates.
    It is also not exclusive Sony either, as generally other (console) hackers try to keep their releases legally safe (e.g. Wii/WiiU:Nintendo, Xbox/XboxOne: Microsoft etc.). I don’t hear you guys/commenters asking for WiiU or XboxOne dumps/keys either or making a fuss about it (hopefully that is a sign of intelligence :P).

  43. open source lover says:

    PS vita has open source software that might help with decoding or finding a exploit.
    google “psvita-license open source” it should be the first one that pops up.
    I would really love to upgrade my memory card without paying a lot, and some open source apps

  1. January 22, 2014

    […] It didn’t take long for Yifan Lu’s investigations to become useful for other hardware hackers! Our community member katsu, guided by Yifan’s precise description of the Vita’s NAND pinouts, was able to hack his PS Vita in order to boot from a previous firmware, technically performing something very similar to a downgrade. Check the video below, it’s cool and full of “electronics ***”, like your favorite cyberpunk movie. Yifan Luさんの調査が他のハードウェアハッカーの役に立つのに、そう長くはかかりませんでした。私達のコミュニティーのメンバーであるkatsuさんは、YifanさんによるVitaのNANDのピンアウトの的確な説明のおかげで、以前のファームウェアから起動するというハックに成功しました。技術的にはダウングレードに非常に近いことを成し遂げています。以下のビデオは、我々のお気に入りのサイバーパンクなムービーのように、かっこよくてエレクトロニクスポルノにあふれています。 […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding