PS Vita hack: (xmax) katsu attempts to exploit the Vita NAND
We’ve mentioned hardware hacker katsu a lot recently, first when he showed he was able to Dual boot 2 different firmwares on a Vita (and switch back and forth, which gave the community hopes for a potential downgrade), then later the same week when he announced he was able to copy the contents of a vita cartridge.
Today Katsu presents a video of him investigating what he can do to the Vita through his hardware modifications.
To be perfectly honest, this video is a tad less impressive than his previous ones, mostly because there’s nothing obviously groundbreaking in what he shows. It seems he is able to majorly confuse the “settings” menu of the Vita, leading it to show what appears to be string ids (such as msg_system_information and the like) instead of the correctly translated version.
My guess is that the NAND being encrypted, there’s not much in there that can be touched without getting the device to simply refuse to boot, but maybe some of these strings *are* unencrypted in there? Hmmmgrmmbl, unlikely… it’s more likely that something got slightly corrupted and the Settings application falls back on some failsafe thingy when it can’t find a translation for some specific Strings? yeah, I just decided I would think out loud on the blog now, and not even try to synthesize my thoughts into a readable result for you guys.
If anything, his video shows he is able to have some sort of interaction with the Device through his hacks, which is more than what many hackers have achieved (or at least, publicly shown) so far.
And there’s always the joy of seeing the guts of a Vita connected to a bunch of other naked electronic devices. Enjoy the video below
source: katsu on /talk
Hmm..interesting…this dude is on a mission.
Regardless if it’s groundbreaking, it’s still pretty cool. 🙂 Hopefully it leads somewhere.
Doubt the little Settings thing will do much, he’s just playing around and seeing what he can do. And maybe find some stuff. 😉
Him playing around will probably lead to something though.
(testing something, ignore this. These faces interest me slightly. xD)
(and ignore this too)
this as well?
The IDs error is probably cause of low time access to the SDCARD
Art is an explosion Katsu !! well done, it seems we are going to have a big change in the vita scene, thanks for your work
When will Deidara dissappear he’s everywhere. 😛
We’ll bring him our OLEDs and he’ll fashion them into 2000s.
keep going dude, your could be the next gen tn and dark alex lol
Can’t wait for a hack where you can have two psn accoutns.
I say even if you do have the Native hack try to hold off till 2016. Give the game devs some time make more games. You can always bluff to make Sony really nervous 😉
They’ve had 3 years, quite an impressive run. Not such an impressive handheld (yet). Hacking could bring life to the Vita, or at least more sales.
I think you got it backwards. The device has some pretty impressive hardware (if u ask me) but currently it is limited by sony’s unimpressive software, giving it the illusion of being an unimpressive device, even when it has so much potential. Hopefully that will change soon!
2 years, its been out for 2 years
More progress. Slowly but surely we’re gonna make the Vita our B*tch 😉
Yeahhhhhhhhhhhhhh, good job!!!! You are great! Something BIGG is coming, i know i know, TY guysssssssssss!
Whats the bg music ?
goal3 nes 😀
im not sure but it sounds like something from megaman
oops katsu beat me with the correct info
New FW update just around the corner. But no problem coz DG is possible for Katsu. Vita will be busted soon. And wololo what about new game? Waiting for ninja release…
It’s turkish hacker, am i the only one who noticed?
no
Yes, i did, as a Turkish Vita user
This is not an “exploit” but just the same thing that happens when you remove a PS1 disk while it is spinning. It attempts to read the data, but because the SD card was reset while trying to access the card (removing and plugging it in), it doesn’t load the string values properly. Most likely the Vita isn’t designed to re-initialize the eMMC if it ever resets (since it shouldn’t on a real unit with the eMMC soldered in). Without re-initializing the sd-card, the vita will fail to read from it and that’s why it doesn’t load the strings and crashes at the end. It’s an interesting glitch, but because of the encrypted nature of the NAND, there isn’t much you can do to it (since even if you hot-swap the blocks it reads, it wouldn’t do anything).
of course correctly identified +1000
EPIC sound!
Hopefully it leads to a dead end.
Last thing I want is for Devs to completely STOP publishing PS Vita games.
My thoughts exactly.
Inform yourself more.Take a look at PSP sales and compare them to PS Vita in the same period of time. And keep in mind PSP was hacked pretty fast.
Devs will stop publishing PSV games anyway. Why bother with an almost dead system when they can make a killer app for iOS or Android and make millions.Not to mention smartphones hardware is getting more and more powerful so the argument of making PSV games cuz of it’s great hardware and what it can do, will soon become INVALID. PSV is loosing it’s niche pretty fast. And this time you cant blame piracy. *** Sony blames iOS and Android apps lol!
Lol are u really that dumb?? Look at ps2,psp and xbox 360 they are still being sold till date and still have titles coming out for them and have the max amount of piracy etc too
This world needs a balance of good and evil,ying and yang, legit and non legit, payment and piracy……
Look at locked down systems which are unhackable no one buys them usually
People want open systems or even semi-open (read jailbreakable etc) systems
Ps4 and xbone will be doomed compared to their lack of media features etc
We don’t want to buy digital copies all the time for movies
Why have 2 blu ray players in my TV room when I can use my ps3 or hack my ps4 in future to enable it
^^my above comment is meant for Adam and John not 110706
People do buy locked down system though. Just look at the PS4, Xbox One and the 3DS (i know that piracy is possible on older 3DS firmware, but since it only works on older firmware, its not very easy to do piracy on the 3DS if you have upgraded the firwmare).
People buy stuff that appeals to them. I dont have any statistics, but i’m pretty sure that the people who do piracy on for example PS3 and Xbox 360 is a pretty small percentage of people who dont. I wouldnt be surprised if its less than 1 percent, meaning that about 99% of all PS3 and Xbox 360 owners dont care about hacking it. Its the same with phones as well. I dont know about the percentage there, but i’m very sure that tons of people dont care about hacking their phones because they dont have any need for it.
It can be very nice to have an open system for sure. For many, it has great appeal, and it is an extra selling point for many people. That is true. However, if the product itself is good enough on its own, then this will be the main selling point.
I dont think the Vita would have sold any better or worse if it was hacked after some weeks or after some years. Maybe the hardware sales would be a bit better, but then again, if people buy the hardware mainly for piracy, then the software sales might have been worse. That is kinda what happened with the PSP, at least in USA. The hardware sales were pretty decent, but the software sales werent very impressive.
No what I meant was once these systems are in the market for say 6 months no one will buy locked down systems once their limitations come to light , the vita is too locked down too
Even Microsoft understood that with wp7 which needed zune for everything and created wp8 which relied solely on normal mtp
The ps4 and xbone mark the decline in consoles and rise in PCs mostly
none of my friends bought either or even gonna
They are happier with ps3s and 360s
I understand. Well, time will show how the PS4 and Xbox One sales will be in 6 months from now. If the sales goes significantly down, i think its mostly because of the games available, not because of any other missing features.
By the way, the main reason for why Zune didnt sell very well was because of the competition from iPod. iPod required iTunes to transfer music to it, so its not really that different from requiring Windows Media Player 7 on the Zune.
@yes . No (pun intended),I wasn’t talking about the zune and windows media player 7…
I was talking abt wp7 ie windows phone 7 and zune as in the software zune which was an itunes style syncing software which basically “tethered” windows phone 7 devices to the pc same way itunes does to iphone(officially) this reduced its popularity amongst the younger gens who prefered android
Now after the release of windows phone 8 ie wp8 we(yes I have a lumia and <3 it 🙂 ) don't need to use zune or any software anymore and the platform is becoming more open and yet secure with zero piracy
In my country lumias and iphones now sell like hot cakes whereas android devices other than nexus are looked down on
Ah ok, sorry, i thought you ment Windows Media Player 7 =) Its nice that you dont need any specific software on Windows Phone 8, and this doesnt hurt on the sales, but i still think that the strong comeptition from Apple and Google (Android) is the main reason for why Windows Phones sells much less compared to iPhone and Adroid though.
Yeah Microsoft did lock it down a bit too much initially but with every new update its becoming more and more open and a very clean malware free os compared to even iOS forget android no piracy
It does have a few restrictions for games like minecraft pe (hasn’t been made yet coz it needs a certain access to the os to get playable frame rates)
Otherwise it’s got potential especially with Nokia devs working hard on the lumia variants of wp8 ,the latest update being the black update and the one prior being amber update and nokia also has a whole ton of people porting famous apps and writing their own apps too at the same time with great quality
I wish Sony makes a wp8 device too like the latest rumours suggest,not that Nokia is bad but like the vita even wp8 has great potential and great hardware/software
This is really interesting, i which i had the patience and knowledge this guy has!
yeah just some failsafe measure just like when psvimg corrupted. In case psvimg corrupt, it will ask you game cartridge.
There’s downgrade method which is piblicly unknown as you can see The Z videos about different firmware exploit, he jumped from 1 firmware to another flawlessly 🙂
Errr…no
sadly it is just fake, he was using TN V7 and you guys this he was downgrading his firmware. just try it yourself. load any game with the savedata and it will work brother.
just dont abandon your work, keep serch for an exploit and sooner or later u will find at least on 😉
*search
1* search
2* one
ps: awful tablet
You got this!
We are getting closer and closer, people.
Katsu starting the year off with a bang! q: PSVita hacks coming soon? *prepares to get 64gb psvita memory card to back up his cartilage psvita games* 😛 Good progress, Katsu, whereever you are.
cartilage?? the one with the bones??
LOL I meant game cartridge. q:
Best console ever!!! A cartilage ps vita , the thinnest lightest and most flexible console ever!!! with curved amoled display and use it as any shape u like
Want DS style , psp style or smartphone style!! 😀
Yeah the system is amazing but its usability is beyond useless, other than money sucking business process.
A ps vita made of cartilage? I would buy one
it just a mistake…
somethings strange….
Guys, this isn’t am exploit and won’t really lead to anything. Please read Katsu’s reply to Yifan
Not really.
While not so impressive on its own, experimentation could lead to findings and better understanding of the device.
Haven’t you read 10 days of hacking? (disc switch)
What if he switch the eMMC at certain loading point and the vita just loads unsigned stuff from the new eMMC? (not saying this is a possibility, it’s just an example, since we don’t event have unsigned stuff to run on the 1st place)
So you don’t know if it will lead to better findings or not.
> What if he switch the eMMC at certain loading point and the vita just loads unsigned stuff from the new eMMC?
I know you said it’s just an example, but you can’t load anything because it has to be encrypted.
Id agree, this video is less impressive; however, being bale to have the string tags and confuse the system so that it doesnt parse the string tags correctly can allow us to debug the location in the RAM and how the data is being accessed. Im sure since he is able to dump the NAND, he’d someone manage to find the memory address location and which proccesses associated to that location is being called and where.
Knowing the memory can allow memory exploits, or even better a proper vita shell exploit rather than the already discovered psp shell.
A small detail with lots of work in place, but still it presents positive hopes of where to begin.
> however, being bale to have the string tags and confuse the system so that it doesnt parse the string tags correctly can allow us to debug the location in the RAM and how the data is being accessed
Nope. Encrypted data being accessed. No ram sniffing. Both parts of your statement can’t happen.
> manage to find the memory address location and which proccesses associated to that location is being called and where
Again, memory addresses don’t mean anything to the nand. Also, knowing memory addresses doesn’t mean anything either. You need to DUMP the memory to get anything useful, and the memory is inside the SoC, not the eMMC.
I have no knowledge in any hacking but is there a way that you could swap sd cards without the PS Vita knowing?
Yeah you can coz the ps vita doesn’t use sd cards it has its own format I doubt it’ll restrict u from changing ur smartphones sd card when its in the same room LOL! 😀
Nah just buy Project Diva f and you are going to be fine :3
Me and my friends have psone,ps2,psp,xbox,xbox360,ps3,wii,pc…. but dont have nor will buy any ps4, xbox one, ps vita as far as till the near future unless otherwise these systems get hacked! :p
No offense sony, im not the only one nor a few of us.. I know alot of people been waiting for the hacked.. why dont we buy these systems? because they are not yet hacked! period!
Why buy systems and not original games? because the prices are not worth it, and to be honest, we dont have enough budget to spend for such price just for games. Its enough to already spend much for the hardware.
So…… Happy Hacking and God Speed to the hackers and Developers for an open system!
I love how sony flunked in their sales with vita and loss their overly invested money to securing the vita.. :p
Can’t we just use focused ion beams to probe the chip through the back?
Go x-ray this thing, maybe there are testpads inside the chip to probe as well.