Yifan Lu dumps the Vita NAND, confirms it’s encrypted
I’ve mentioned a few weeks ago Yifan Lu’s ongoing experiment/attempt at looking at the vita’s hardware. Yifan’s been busy over the Christmas period, looking at the bowels of our favorite portable console. Earlier today he announced he was able to dump the Vita’s NAND.
Now before everyone gets excited for no good reason, all this really gives us today is confirmation that the vita onboard memory is encrypted. This in itself is interesting though, as this confirms Sony didn’t mess up their security on that point, and attempting to hack the Vita by modifying the NAND directly is not a possibility.
Yifan also shared a bunch of cool pictures and explanations on how he achieved the dump, something that I think is extremely valuable for all of us, especially those interested to know how hardware hacking works. As I’ve stated many times now, I believe Vita hacking will not come without massive help from hardware hackers.
Some of Yifan Lu’s interesting findings are that the eMMC NAND is about 3.78GB, with about 800MB used by the (encrypted) system, and the remaining 3GB or so potentially empty for now.
This experiment gave Yifan Lu new cool hardware skills that he’ll use to look at more stuff in the Vita’s internals. He also details the hardware cost of this experiment, something you’ll find interesting if you want to do something similar one day 🙂
Oh, and this goes without saying, but yifan Lu will not publicly disclose the dumped material. Not that it would be useful anyway, given that it’s encrypted.
This might sound like a disappointment, but to me, the fact that one guy went from no hardware knowledge to being able to dump the NAND of the Vita in a matter of weeks is extremely exciting. Again, more important than the result is how he achieved it, a process that he details on his blog. I wish I had the time to do the same 🙂
Source: Yifan’s blog
heck yeah! FINALLY!
Finally what?
maybe finally first comment >_>
mm0mmo- 1 , FiahSticksm- 0
noob
The only thing that came from this is proof it’s encrypted. As of this second, without the means to decrypt it it’s pretty useless.
finally !! NOTHING !!!
Finally, its started
Nothing has started, it’s just an experiment I believe.
This could mean a ***-ton of possibilities… POSSIBILITIES for the vita. 🙂
keep your delusion for yourself.
Unfortunately not. It means many thought-to-be possibilities are actually impossible. For example, I once thought maybe the bootloader is stored in the boot partition of the eMMC and that we could dump and examine it. That’s not possible.
aw for real …!?
Are you saying the bootloader is not on the NAND at all, or just that it’s encrypted along with the firmware? I’m asking because for the Zune HD, the bootloader was on the NAND with the firmware, but both were encrypted, which means there was (of course) something that took care of decrypting the bootloader in order for it to boot. I suspected the keys were stored in the ‘Atmel 8 kilobit AT88SC0808CA CryptoMemory EEPROM chip’ that is on the Zune HD’s board. Maybe I’m just an idiot and it doesn’t have anything to do with it, but that was my guess. Did you happen to see any crypto chips on the Vita’s board?
The first stage boot loader is not on the NAND but there could be many other stages. Encryption is done on the soc. No special chip.
Ignore my first question… I started reading your blog about the dumping and it seems to have answered that question. The rest of what I said might still be relevant. You mentioned a “mystery chip”, but that could be anything I suppose. I’m not that knowledgeable hardware-wise.
The ps3 is more or less hacked
So we can use the ps3 to decryped the dump
Then we also could use the hacked vita one the ps4!?????
Now theres an idea. Theres a good chance they used the same encryption on both consoles. Its worth taking a look at the very least.
same encryption, different key, so what !?
it won’t be, Sony would never use same key to different hardware
Sony used the same AES key from the PSP on the Vita lol…
that was only in the early test firmwares, they changed the key starting from firmware 1.00
You really think they wont encrypt everything after what happened to the PS3 and PSP?
Thats why the PS4 is missing so many good and standard features. Less features means less exploits.
I’m pretty sure the 3ds’s NAND was dumped the same way,w itht eh 3ds you could also upgrade/downgrade with your own nand dumps, could this be possible on the vita as well?
sure, it is nand after all 🙂
It is a possibility, I have not tested. They could block downgrades by changing the encryption keys for every upgrade or any number of ways. I didn’t test it because at this point, having the ability to downgrade is pretty useless.
what about with the development vitas, don’t they need to connect online to sony every 30 days?
With backing up and restoring the nand, this could be bypassed, right?
Vita RHG lol
nice job man.
My geek part of the brain is OC xD
Now Yifan Lu is working on a Video Out possibility!! Idk if Sony has even said what the mystery mini usb port is for…but we’ll own that shiit.
I believe the Video Out only works with a Sony TV. I have a Vizio and the Screen shows me “Not Supported” when I used the PS Vita’s USB. Try testing it on a Sony TV. I researched it when the Vita came out and Video Out was said to be only supported by a Sony TV.
I hope the Vita portion never gets hacked- at least not so early in it’s cycle.
It’ll truly be the end of the system that’s been struggling for so long if it does get hacked.
it’s about time it gets hacked
guys vita is a dead platform sell your OLED versions to hardcore monsterhunter fans in japan and be done with it.
I think even sony is ready to move on moving many of their vita teams from last year onto ps4.
vita is pointless because soon remote play will work on ipad and stuff effectively via playstation now.
seriously this console is 100% dead.. it picked it up as soon as my life become 100% dead.
give up its for the best I know.
No i’m going to use my vita as streaming device (as soon as it available in asia)
Because i don’t have other console
And smartphone? i’m not going to use touch screen
Well if i have iphone i would get powershell thought
You can play PS Now on your iPad..
I rather use real controls of the VITA without the need for a 3rd party overpriced controller.
You cant play it on iPad… i’m sure Sony will try to make sure its only optimized to work on their brand products. Like how they said it will work on TVs, only the new Bravia TVs, which is owned by Sony. Or Sony tablets and phones, etc.
yup, I second this…just see how playstation mobile goes….not even flagship andorid phones have it (S4, Nexus etc) only certain Sony phones, HTC etc (well rooted phone can install PS mobile tho)
Thats actually a good point and Im serious, Sony might as well had made remote play for the 3DSXL. By making it available to a huge market that directly competes with the struggling handheld; they signed its death warrant.
The Vita and all its glorious hardware and many are naive into thinking these independent 2-bit games are going to support it. Take a step back and look at the big picture and keep it real – we havent see *** on the handheld that really shows us what it can do. The Vita games I have, and I have a few are just boring. All I’ve played on it lately thats entertaining are PSP and PS1 games and as cool as they were and as great as they look on the display Im not getting my moneys worth. 95% of the games are ***. Im tired of SNES quality games when I have this $300 device. I myself want to see a freaking RPG that shows off what the handheld can really do and not ports. Something made for grown ups. Im jelious of Nintendo and the developers that pushed the SNES to do more and more (eg RARE). The devs making games for the Vita are keeping so much scaled back as half of them are porting the game to inferior tablets and phones as well.
In the end at least I have my emulators running on the Vita because of the $100’s Ive spent on Vita games, at least these are getting use on it. How sad I could have just ran these on my PC in the end. -_-
Killzone.
Its not dead till sony says it just like the dreamcast.. Borderlands 2 is still comin and we vita exploit owners can still play a glorified psp haha
No it suck
It doesn’t have vibration feature
So it suck
valid point
Interesting stuff.
Read some comments and..
Vita isn’t dead.
No system ever truly dies if there are people who are still using it.
DEAD is when you apply a hammer or a brick to your device.
-Microwave it
-Blend it
-Give it an acid bath
Now that’s dead.
You get the idea.
thanks guy.
I still think that it will be hard to hack the VITA. PSP 3000 is still not hardware wise hacked, like the older PSPs. We only manage to run an exploit that lets us use stuff. But it is not a permament hack. If we never managed to permament hack PSP 3000, I doubt we will ever hack the PS VITA permamently, so that Sony can’t patch it.
PSP 3000 & PSPgo, both had permanent cfw’s created by virtual flame.
I cant stop laughing now LOL now if it only vibrated! Quad-Shock controller or Octo-Shock the Vita would be a real pleasure toy then.
and a flash player for ubuntu 804 (SHELLSCRIPT INSTALLER)
and a vita bios decrypter encrypter vitabios-crypter
So the psn stream for the tablets android and the android second screen so it lets u play play pstwo games think if they let u download the games it be like in a seperate app that store the game think it would work on the psvita and stores the games but lets u emulate the pstwo to play pstwo games or is streaming faster some how since html Browser games cool.. wish …hack// for the vita thinking of getting phtasy star or soul sacrifice soul sacrifice seems more skyrim….
Nice. Job yifan … I guess the new psvita got two gig upgrade and twice ram… It setup or the vita dump reminds me of how I use two play my psp… Maybe head backto gamestop today get sum new games then ross…
this is some crazy *** guys!!! some ps3 *** hahah Geohots, it’s crazy how he is putting so much work into it and hopefully does find a cfw for the vita it’s about time!!!
Ok so yifan now has a nand dump which is encrypted. That limits the key to be in the vitas cpu. Rgh anyone?
Even if it never leads to anything, it’s still something worth congratulating. Nicely done, Yifan.
good yifan.. you are good student of mine…
keep up what i teach you… same goes to the z…
keep that up my student…
Wonder if DS/3DS like CPU’ed cartdriges will be the way to go for Vita “full” hack and/or bypass of encryption(s).
Niiiiiiiiiiiiiceeeeee at least :D. we are “sure” now that the vita won’t be hacked by “NAnd Dump” . Yifan will start digging in the memory card, game card , mysterious port and the “software” side :D. LET THE HACKING SHOW BEGIN 😀
Shut the heck up…
what about a signed psp bios dumper
that feeds a bios to pc and pc-tnvemu
660 on more arch!
@Ivo Everything related to the PSP has restricted access on the Vita. There is absolutely no way that, by digging into the PSP emu, will lead to a Vita “hack”.
Besides, it’s hard enough to relocate the cpu’s mem since its all in 1.
We just need to think out of the box a little more but kudos to Yifan lu-san for his skill set.
virtual breadboard psp plugin emu
http://www.virtualbreadboard.com/Main.aspx?TAB=4
read more about .net apps
The only reason i bought a Vita was to use in with a ps3/4 controller and play it on a big
screen TV, only to find out sony F**K me over. So if hacking will give me these things
singe me up.
TN and the dev that made psp emulating possible gave the Vita back some life.
but still there is no ps3/4 controller or TV out put.
Till then I will keeping using ppsspp emulator is the best on the market right know.
All ps4 games can use the vita as a controller aside from games that require move and or camera, and that’s a really stupid reason to buy a handle gaming device as a controller only thing, I mean I knew remote play on the ps3 wasn’t gonna be what the ps4 was, you spent 250-300$ for a controller? Yes Sony indeed *** you good sir, try buying some vita titles, yeah their maybe be only a few hundred but theirs alot well worth it, vita sales have been up since ps4, more devs are getting more interested in the vita, so there will be more games coming out, does anyone remember the psp when everyone cried baby waaah about it not getting games
I think he means that he want to use the Vita as a console, connecting it to a TV and using a PS3 or PS4 controller instead of playing on the Vita directly.
I dont know why he feels that Sony *** him over though. Sony never advertised that this was possible. Its kinda like saying that Nintendo *** you over because you cant connect the 3DS to a TV.
But Sony did however come up with a solution for this. They released the Vita TV. It allows Vita games to be played on a TV, and you use a PS3 controller to play the games. The only downside is that all Vita games wont work (because many uses the touch screen), but at least it works with some games 🙂
This really makes me want to do “Electronics” for college.
root levetation sploit vita ?.?
Well only a couple of weeks for someone who already knows the PSP as the back of his hand … And who has allot of exp. on consoles in general.
While his hardware skills might be “fresh” I doubt many could have an soldering iron and a vita, and do something usefull. Beside breaking it.
slow progress is always better than no progress. It doesnt seem like much but i for one am glad that there are still people working on the vita.
thanks for posting his findings
Thank you.
Keep up the good work and don’t give up !
okey 101 now works for me thanks to the fixes 7.3
🙂
megacheers xD
That’s a shame that it is encrypted, and that you can’t release it, but good job.
Where do you think the Vita gets the decryption key for the NAND?
what about a tnv2.71se and some libtiff sploits
…Theoretically if we dumped the slim vita nand and updated the phat vita NAND with it we would get an additional 2GB of onboard memory.
There’s a good chance that it’s a per-console encryption. Also, I know that the firmware/updater enables/disables specific features for each console (for example some apps aren’t copied into VitaTV), so the features may still not be enabled.
I believe its possible to figure this out watch some 13 year old kid will find a way . Anything is hackable even the world’s biggest supercomputers. There is alot of people that don’t want the vita hacked yet but don’t give up its only a matter of time
supercomputers aren’t stronger protected then say, any other computers … in fact there allot less protected then the vita, since speed and raw calculations is the target of super computers not gaming 😉
hack ps vita just like ps3 im sure boom many consumer buy ps vita… Like psp a lot people buy psp right it’s been a years people using psp now it’s time !!!
Thanks Wololo for the update – Great work Yifan Lu! Highly interesting read and we can only hope it leads on to better things!