PS Vita hack: (xmax) katsu attempts to exploit the Vita NAND

We’ve mentioned hardware hacker katsu a lot recently, first when he showed he was able to Dual boot 2 different firmwares on a Vita (and switch back and forth, which gave the community hopes for a potential downgrade), then later the same week when he announced he was able to copy the contents of a vita cartridge.

Today Katsu presents a video of him investigating what he can do to the Vita through his hardware modifications.

To be perfectly honest, this video is a tad less impressive than his previous ones, mostly because there’s nothing obviously groundbreaking in what he shows. It seems he is able to majorly confuse the “settings” menu of the Vita, leading it to show what appears to be string ids (such as msg_system_information and the like) instead of the correctly translated version.

My guess is that the NAND being encrypted, there’s not much in there that can be touched without getting the device to simply refuse to boot, but maybe some of these strings *are* unencrypted in there? Hmmmgrmmbl, unlikely… it’s more likely that something got slightly corrupted and the Settings application falls back on some failsafe thingy when it can’t find a translation for some specific Strings? yeah, I just decided I would think out loud on the blog now, and not even try to synthesize my thoughts into a readable result for you guys.

If anything, his video shows he is able to have some sort of interaction with the Device through his hacks, which is more than what many hackers have achieved (or at least, publicly shown) so far.

And there’s always the joy of seeing the guts of a Vita connected to a bunch of other naked electronic devices. Enjoy the video below

source: katsu on /talk

  1. darkshin0b1’s avatar

    Hmm..interesting…this dude is on a mission.

    Reply

  2. gameus’s avatar

    Regardless if it’s groundbreaking, it’s still pretty cool. :) Hopefully it leads somewhere.

    Reply

    1. Quade321’s avatar

      Doubt the little Settings thing will do much, he’s just playing around and seeing what he can do. And maybe find some stuff. ;)

      Him playing around will probably lead to something though.

      Reply

      1. Wuade321’s avatar

        (testing something, ignore this. These faces interest me slightly. xD)

        Reply

        1. Wuade’s avatar

          (and ignore this too)

          Reply

  3. Zer01neDev’s avatar

    The IDs error is probably cause of low time access to the SDCARD

    Reply

  4. Henssou’s avatar

    Art is an explosion Katsu !! well done, it seems we are going to have a big change in the vita scene, thanks for your work

    Reply

    1. Faiz’s avatar

      When will Deidara dissappear he’s everywhere. :P

      Reply

      1. VitaMeansLife’s avatar

        We’ll bring him our OLEDs and he’ll fashion them into 2000s.

        Reply

  5. jd20dog’s avatar

    keep going dude, your could be the next gen tn and dark alex lol

    Reply

  6. Faiz’s avatar

    Can’t wait for a hack where you can have two psn accoutns.

    Reply

  7. Hazer7’s avatar

    I say even if you do have the Native hack try to hold off till 2016. Give the game devs some time make more games. You can always bluff to make Sony really nervous ;)

    Reply

    1. Dmasell92’s avatar

      They’ve had 3 years, quite an impressive run. Not such an impressive handheld (yet). Hacking could bring life to the Vita, or at least more sales.

      Reply

      1. wizardinblack’s avatar

        I think you got it backwards. The device has some pretty impressive hardware (if u ask me) but currently it is limited by sony’s unimpressive software, giving it the illusion of being an unimpressive device, even when it has so much potential. Hopefully that will change soon!

        Reply

      2. Aces’s avatar

        2 years, its been out for 2 years

        Reply

  8. MPSP’s avatar

    More progress. Slowly but surely we’re gonna make the Vita our B*tch ;)

    Reply

  9. newrcc’s avatar

    Yeahhhhhhhhhhhhhh, good job!!!! You are great! Something BIGG is coming, i know i know, TY guysssssssssss!

    Reply

  10. dfg’s avatar

    I WANT CPU GPU CUSTOM CLOK
    FUCKING FRAME DROP

    Reply

  11. iCE’s avatar

    Whats the bg music ?

    Reply

    1. rjwboys’s avatar

      im not sure but it sounds like something from megaman

      Reply

      1. rjwboys’s avatar

        oops katsu beat me with the correct info

        Reply

  12. kada’s avatar

    New FW update just around the corner. But no problem coz DG is possible for Katsu. Vita will be busted soon. And wololo what about new game? Waiting for ninja release…

    Reply

  13. maxxxivo’s avatar

    It’s turkish hacker, am i the only one who noticed?

    Reply

    1. memoplayer’s avatar

      Yes, i did, as a Turkish Vita user

      Reply

  14. Yifan Lu’s avatar

    This is not an “exploit” but just the same thing that happens when you remove a PS1 disk while it is spinning. It attempts to read the data, but because the SD card was reset while trying to access the card (removing and plugging it in), it doesn’t load the string values properly. Most likely the Vita isn’t designed to re-initialize the eMMC if it ever resets (since it shouldn’t on a real unit with the eMMC soldered in). Without re-initializing the sd-card, the vita will fail to read from it and that’s why it doesn’t load the strings and crashes at the end. It’s an interesting glitch, but because of the encrypted nature of the NAND, there isn’t much you can do to it (since even if you hot-swap the blocks it reads, it wouldn’t do anything).

    Reply

    1. katsu’s avatar

      of course correctly identified +1000

      Reply

  15. romain337’s avatar

    EPIC sound!

    Reply

  16. john’s avatar

    Hopefully it leads to a dead end.
    Last thing I want is for Devs to completely STOP publishing PS Vita games.

    Reply

    1. Adams Myth’s avatar

      My thoughts exactly.

      Reply

    2. 110706’s avatar

      Inform yourself more.Take a look at PSP sales and compare them to PS Vita in the same period of time. And keep in mind PSP was hacked pretty fast.

      Devs will stop publishing PSV games anyway. Why bother with an almost dead system when they can make a killer app for iOS or Android and make millions.Not to mention smartphones hardware is getting more and more powerful so the argument of making PSV games cuz of it’s great hardware and what it can do, will soon become INVALID. PSV is loosing it’s niche pretty fast. And this time you cant blame piracy. Retarded Sony blames iOS and Android apps lol!

      Reply

    3. shapeshifter0100’s avatar

      Lol are u really that dumb?? Look at ps2,psp and xbox 360 they are still being sold till date and still have titles coming out for them and have the max amount of piracy etc too
      This world needs a balance of good and evil,ying and yang, legit and non legit, payment and piracy……
      Look at locked down systems which are unhackable no one buys them usually
      People want open systems or even semi-open (read jailbreakable etc) systems
      Ps4 and xbone will be doomed compared to their lack of media features etc
      We don’t want to buy digital copies all the time for movies
      Why have 2 blu ray players in my TV room when I can use my ps3 or hack my ps4 in future to enable it

      Reply

      1. shapeshifter0100’s avatar

        ^^my above comment is meant for Adam and John not 110706

        Reply

      2. yes’s avatar

        People do buy locked down system though. Just look at the PS4, Xbox One and the 3DS (i know that piracy is possible on older 3DS firmware, but since it only works on older firmware, its not very easy to do piracy on the 3DS if you have upgraded the firwmare).

        People buy stuff that appeals to them. I dont have any statistics, but i’m pretty sure that the people who do piracy on for example PS3 and Xbox 360 is a pretty small percentage of people who dont. I wouldnt be surprised if its less than 1 percent, meaning that about 99% of all PS3 and Xbox 360 owners dont care about hacking it. Its the same with phones as well. I dont know about the percentage there, but i’m very sure that tons of people dont care about hacking their phones because they dont have any need for it.

        It can be very nice to have an open system for sure. For many, it has great appeal, and it is an extra selling point for many people. That is true. However, if the product itself is good enough on its own, then this will be the main selling point.

        I dont think the Vita would have sold any better or worse if it was hacked after some weeks or after some years. Maybe the hardware sales would be a bit better, but then again, if people buy the hardware mainly for piracy, then the software sales might have been worse. That is kinda what happened with the PSP, at least in USA. The hardware sales were pretty decent, but the software sales werent very impressive.

        Reply

        1. shapeshifter0100’s avatar

          No what I meant was once these systems are in the market for say 6 months no one will buy locked down systems once their limitations come to light , the vita is too locked down too
          Even Microsoft understood that with wp7 which needed zune for everything and created wp8 which relied solely on normal mtp
          The ps4 and xbone mark the decline in consoles and rise in PCs mostly
          none of my friends bought either or even gonna
          They are happier with ps3s and 360s

          Reply

          1. yes’s avatar

            I understand. Well, time will show how the PS4 and Xbox One sales will be in 6 months from now. If the sales goes significantly down, i think its mostly because of the games available, not because of any other missing features.

          2. yes’s avatar

            By the way, the main reason for why Zune didnt sell very well was because of the competition from iPod. iPod required iTunes to transfer music to it, so its not really that different from requiring Windows Media Player 7 on the Zune.

          3. shapeshifter0100’s avatar

            @yes . No (pun intended),I wasn’t talking about the zune and windows media player 7…
            I was talking abt wp7 ie windows phone 7 and zune as in the software zune which was an itunes style syncing software which basically “tethered” windows phone 7 devices to the pc same way itunes does to iphone(officially) this reduced its popularity amongst the younger gens who prefered android
            Now after the release of windows phone 8 ie wp8 we(yes I have a lumia and <3 it :) ) don't need to use zune or any software anymore and the platform is becoming more open and yet secure with zero piracy
            In my country lumias and iphones now sell like hot cakes whereas android devices other than nexus are looked down on

          4. yes’s avatar

            Ah ok, sorry, i thought you ment Windows Media Player 7 =) Its nice that you dont need any specific software on Windows Phone 8, and this doesnt hurt on the sales, but i still think that the strong comeptition from Apple and Google (Android) is the main reason for why Windows Phones sells much less compared to iPhone and Adroid though.

          5. Shapeshifter0100’s avatar

            Yeah Microsoft did lock it down a bit too much initially but with every new update its becoming more and more open and a very clean malware free os compared to even iOS forget android no piracy
            It does have a few restrictions for games like minecraft pe (hasn’t been made yet coz it needs a certain access to the os to get playable frame rates)
            Otherwise it’s got potential especially with Nokia devs working hard on the lumia variants of wp8 ,the latest update being the black update and the one prior being amber update and nokia also has a whole ton of people porting famous apps and writing their own apps too at the same time with great quality
            I wish Sony makes a wp8 device too like the latest rumours suggest,not that Nokia is bad but like the vita even wp8 has great potential and great hardware/software

  17. Milky’s avatar

    This is really interesting, i which i had the patience and knowledge this guy has!

    Reply

  18. lolwut’s avatar

    yeah just some failsafe measure just like when psvimg corrupted. In case psvimg corrupt, it will ask you game cartridge.

    Reply

  19. suspicious’s avatar

    There’s downgrade method which is piblicly unknown as you can see The Z videos about different firmware exploit, he jumped from 1 firmware to another flawlessly :)

    Reply

    1. wololo’s avatar

      Errr…no

      Reply

    2. Abdou005’s avatar

      sadly it is just fake, he was using TN V7 and you guys this he was downgrading his firmware. just try it yourself. load any game with the savedata and it will work brother.

      Reply

  20. maxxxivo’s avatar

    just dont abandon your work, keep serch for an exploit and sooner or later u will find at least on ;)

    Reply

    1. maxxxivo’s avatar

      *search

      Reply

    2. maxxxivo’s avatar

      1* search
      2* one
      ps: awful tablet

      Reply

  21. Capcomlegend’s avatar

    You got this!

    Reply

  22. pploco1996’s avatar

    We are getting closer and closer, people.

    Reply

  23. NeonAera’s avatar

    Katsu starting the year off with a bang! q: PSVita hacks coming soon? *prepares to get 64gb psvita memory card to back up his cartilage psvita games* :P Good progress, Katsu, whereever you are.

    Reply

    1. ulquiorrA_schifeR’s avatar

      cartilage?? the one with the bones??

      Reply

      1. NeonAera’s avatar

        LOL I meant game cartridge. q:

        Reply

        1. shapeshifter0100’s avatar

          Best console ever!!! A cartilage ps vita , the thinnest lightest and most flexible console ever!!! with curved amoled display and use it as any shape u like
          Want DS style , psp style or smartphone style!! :D

          Reply

  24. beandip’s avatar

    A ps vita made of cartilage? I would buy one

    Reply

  25. darkstorm-ud’s avatar

    it just a mistake…

    Reply

  26. tokia’s avatar

    somethings strange….

    Reply

  27. NoKsOr’s avatar

    Guys, this isn’t am exploit and won’t really lead to anything. Please read Katsu’s reply to Yifan

    Reply

    1. DS_Marine’s avatar

      Not really.
      While not so impressive on its own, experimentation could lead to findings and better understanding of the device.
      Haven’t you read 10 days of hacking? (disc switch)
      What if he switch the eMMC at certain loading point and the vita just loads unsigned stuff from the new eMMC? (not saying this is a possibility, it’s just an example, since we don’t event have unsigned stuff to run on the 1st place)
      So you don’t know if it will lead to better findings or not.

      Reply

      1. Yifan Lu’s avatar

        > What if he switch the eMMC at certain loading point and the vita just loads unsigned stuff from the new eMMC?
        I know you said it’s just an example, but you can’t load anything because it has to be encrypted.

        Reply

  28. adriandevera’s avatar

    Id agree, this video is less impressive; however, being bale to have the string tags and confuse the system so that it doesnt parse the string tags correctly can allow us to debug the location in the RAM and how the data is being accessed. Im sure since he is able to dump the NAND, he’d someone manage to find the memory address location and which proccesses associated to that location is being called and where.

    Knowing the memory can allow memory exploits, or even better a proper vita shell exploit rather than the already discovered psp shell.

    A small detail with lots of work in place, but still it presents positive hopes of where to begin.

    Reply

    1. Yifan Lu’s avatar

      > however, being bale to have the string tags and confuse the system so that it doesnt parse the string tags correctly can allow us to debug the location in the RAM and how the data is being accessed
      Nope. Encrypted data being accessed. No ram sniffing. Both parts of your statement can’t happen.
      > manage to find the memory address location and which proccesses associated to that location is being called and where
      Again, memory addresses don’t mean anything to the nand. Also, knowing memory addresses doesn’t mean anything either. You need to DUMP the memory to get anything useful, and the memory is inside the SoC, not the eMMC.

      Reply

  29. mrjaredbeta’s avatar

    I have no knowledge in any hacking but is there a way that you could swap sd cards without the PS Vita knowing?

    Reply

    1. shapeshifter0100’s avatar

      Yeah you can coz the ps vita doesn’t use sd cards it has its own format I doubt it’ll restrict u from changing ur smartphones sd card when its in the same room LOL! :D

      Reply

  30. Killy’s avatar

    Nah just buy Project Diva f and you are going to be fine :3

    Reply

  31. dagoberto olmos’s avatar

    hola soy nuevo en esto, pero señor wolololo el juego personas 2 que esta en la pgina games torrent juegos de psp me podría servir de xploit para vita si lo transformo en archivo pkg y lo pasa a la ps3 y después lo paso a la vita cree que pueda funcionar ya que el juego lo sacaron de la psn respuesta. inocente sin gracias por su aporte

    Reply

Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>