Vita hack: Proof of concept code updated to support up to firmare 3.18, and credits
Earlier this week, Davee released a proof of concept Native exploit within Webkit for the Playstation Vita. The code would only work on firmware 2.60, but with the implicit promise that firmwares up to 3.18 included are vulnerable.
Given the fire that propagated through the scene within minutes of us mentioning this release, hackers left and right were quick to contact me about giving proper credit for the exploits; Davee also got busy upgrading the exploit with BBalling (CodeLion) to make it work for all supported firmwares. That is, all firmwares up to 3.18 included (no, as we said several times over the past few weeks, this specific Webkit exploit does not work on 3.30, and if you upgraded, you made the decision intentionally).
It is also now confirmed that this is the same exploit that was mentioned by Acid_snake and CodeLion in this article: Native Vita Hacking: What’s the situation so far? (Part 2)
In a short blog post, Davee stated that the driving force behind this exploit is CodeLion. Josh_Axey and Archaemic have also leveraged this exploit in their own ongoing experiments.
He also updated the exploit, after CodeLion posted his own 3.18 compatible version. Davee’s version ends up being more self contained for the end user, so that’s the one I’m showing below (CodeLion’s code needs netcat to run on the server, which can be extremely useful for debugging purposes, devs might want to give it a look).
Test on your vita
You can test if your vita is vulnerable with the link below. Vulnerable vitas should see something like this (screenshot thanks to @WAFLNeo):
Non vulnerable vitas will see an error code, most likely, something similar to the screenshot below:
Test links:
http://www.lolhax.org/vita.htm
https://wololo.net/v/webkit/vita.htm (mirror)
So, is your vita vulnerable? Did you avoid the temptation of updating to 3.30?
Thanks for this. Could someone please now go through and explain each part of the code and what it is doing? The codes comments are pretty good but an in depth tutorial would be awesome! Again thanks to all the dev involved, you guys are awesome! 🙂
REMEMBER TO RESTART YOUR VITA AFTER TESTING THIS!!!! The one I tried yesterday, after I checked and confirmed my Vita 1000 3.18 works with this, tried connecting to my PC and it said to Update to the latest FW. After I Restarted, it is now working perfectly fine. So just in case, better safe than sorry.
On another note, getting so giddy with this. Seriously hope this is a step in the right direction for Homebrew and Emulators.
Anyone know if Sony is going for a 128GB Vita Card soon. If this works and Emulators start coming out, gonna need more space. LOL. Either that or just have one card for Vita Games, and another one for Homebrew/Emulators. LOL
**** i upgraded to 3.30 because i don’t need tn-v, but i want native, seems i missed info about it….. hate myself now
I wouldn’t be so hard on yourself. Not like this means there will be a native hack anytime soon. Just means 1 step has been done that may help way down the line in producing one.
yeah you right, it’s just words, anyway im enjoying Persona 4 Golden now with all PSN features 🙂
Did anyone try 3.20? Since it’s supposed to be 3.18, it SHOULD work. I suppose I’ll boot up my PSTV when I get home. FINGERS CROSSED!
There are so much thing I’d like to see once the vita is natively hacked. I’d love to see a Retroarch port for th vita, I’d look amazing with shaders and the OLED screen, but I don’t know how long it would take. I’m still patiently waiting the 1.1 version that was promised to be released late september IIRC and the PSP port.
Yes indeed Retroarch is also on the top of my list
ohhhh yeah thats what im talking about ps vita running 3.18 at first it showed found webkit then tryed again and got congrats this vita is vulnerable took a min or so but it showed up 🙂 wooot now just to wait and see what happens next come on homebrew cheers guys
So what can we get from this??
Worked for me on 3.18. 1000 series vita
works on 2.61
On 1.81 getting error but tbh I’m gonna keep it on 1.81 until something can be achieved with this web exploit.
Already plays all emulators perfectly just haven’t bothered with ps1 stuff yet. Still on TNV2 or v3.
I have the same error I am still on 1.81 urbanix but I can’t send nothing to my vita from ps3 or web Store BUT, WITH KOF NES PSP PSONE SEGA SNES CAPCOM.
“Congrats, this vita is vulnerable” Works on PCH-1004 FW3.18
Looks like Sony is looking forward to banning PSN accounts. 😛
Works on 3.01. Got “Congrats, this vita is vulnerable” message after 2-3 minutes of waiting for the Javascript to complete its run.
i have heard that the PS4 also uses webkit but the upcoming fw 2.00 will patch this vulnerability…is this true and could the PS4 be hacked through webkit also?
No, the PS4 version of Webkit is already patched as far as I understand
According to PS4 and PSV Dev Wiki the PS4 1.76 is on the same Webkit Version as PSV 3.18 and PS4 2.00 and PSV 3.30 are on the higher Webkit Version.
http://hack.ee/hack/31308.html
try it on psVita 3.30 or in PS3 4.65 😀
lol yeah…the guys working on this don’t intend to support piracy…yet leave the door wide open to it.
Who are you trying to fool? Anyone who works on hacking a console/handheld IS supporting piracy. Period.
Even if they really JUST want emulation of other consoles/handhelds or homebrew (which CAN lead to more piracy too), they KNOW that one of the consequences of hacking is piracy. So you only don’t support piracy by not hacking the hardware. There’s no other way around. They’re linked. One leads to the other. You’re not off the hook because you only want a piece of the hack. If you did the hack you’re held accountable for ALL it’s effects even if they’re not used by you or are used by someone else. Just man up and admit it, stop pretending you took the high road by not supporting the leeches. You didn’t.
In the unlikely case that you come back to read an answer: http://wololo.net/2012/03/25/the-responsibility-of-hackers/
I wrote this 2 years and a half ago.
Although what you say makes sense, we see comments like yours almost on a daily basis on this blog, and frankly I stopped caring about that type of opinion a very long time ago (I did care back when I wrote that article). I’ll assume that most of these hackers don’t care either.
Side note: triple check if you have never pirated a piece of software, music, movies, books, or cat pictures that you downloaded from the internet without paying the copyright owner. I have yet to find an “anti game piracy white knight” who applies their holy thinking to all forms of copyright infringements.
Thanks for the reply.
I disagree with this:
“It is perfectly lame to blame a handful of hackers for the childish behavior of hundreds of thousands of people who pirate digital contents: games, music, videos, you name it.”
No, it isn’t. The hackers have the means to facilitate piracy and do so when release an hack. I don’t care if your original intent is just hombebrews or whatever. You can’t shift the blame solely to people who create the ISOloaders and other similar things. The fact is, who creates the hack, many times, knows damn well it can be exploited to other purposes beyond the original. They leave the door wide open for that to happen. You aren’t accountable for others actions but you can’t deny the influence of the hack. The thing is, without the hack, it would be much more difficult to pirate. So who created it should be blamed even if it doesn’t use it for piracy. YES, it should.
I don’t need to check anything. Of course, I pirated and still pirate. I’m a leech too. I never denied it. With the internet it’s very easy to access loads of content and I take advantage of that fact. There’s no defending that. But that doesn’t mean that I don’t acknowledge I’m doing something wrong. Because I do. I don’t hide behind a mask and say I don’t condone piracy.
Piracy is a complex issue:
People who have the means to buy everything they want may still pirate every now or then something;
People who can afford a fraction of content may be satisfied with it or may pirate to acquire more;
People who are poor because there are things more important than entertainment, necessary it may be. (And it is, who likes to do the same monotonous tasks every day without any distractions between them? ).
All of them: greed. The same greed companies and their executives are fueled with.
Maybe if wealth distribution was different, piracy would be a lesser issue. Maybe. Maybe not.
Why would someone in this “scene” feel the need to state they don’t condone piracy?
Because they truly believe that and practice it every day, exhorting others to do the same or because they want to say “We don’t condone criminal activities in this place” as a self-defense mechanism from a third party, i.e. company, regardless if they are, indeed, condoned somewhere else? Is the word “pirate” to heavy for you?
The second is hipocrisy at it’s finest.
10 years ago where I’ve worked, without piracy I probably be left out from this world. The Vita is worth 3 months of my salary in a 3rd world country. But now I can tell you up front I don’t support piracy and I never use any piracy stuff for the last 8 years. Till today I followed this blog for 1 reason….extend the potential of my vita…
If you still pirate I think you should stop critising other people because you are doing what all those that support piracy are doing. If you want to critise piracy, i am telling you again…. “Go to the fuxking site you’ve downloaded your piracy stuff and comment, this is not site for you”
Otherwise call up sony to 1st request account can be transfer to another region (this is the 4th country I worked in and I can’t transfer my freaking games to another region account. And I’ve call sony about this twice… And they don’t fuxking care)
2. tell them to release the games they only do for Japan to other region…..
And Guess what ISOLoader made these possible.
have you ever wanted to play some old school games but your machine is far too advance for it. These people assist to create these possibility and another two group of people who just spoils the rest.
1. People who pretend to be a white knight like you targeting the wrong group of people.
2. And those that support piracy
This is not the place for you mate, you should be leaving comment on pages that download piracy stuff.
Also if it wasnt for these people…. you probably get stuck in th stone age vita without fresh application where sony learns from.
Got my Vita in time then just before 3.30 and if it needs updating to be more compatible with PS4, like I think Project Morpheus may be like 3D panoramic images or usb compatible, then hopefully there’s a custom firmware by then similar to original PSP firmware integrated.
Congrats, this vita is vulnerable and not just from Sony bullies…
it seems it will cost a loooong time before it congrates to me ? about 1 or more min….
does this right ??
hey can youy run now run ps vita games or not ?
Yeah..just download from PS store or buy the physical version lol.
Thankfully my PTEL Test Vita is at 2.60. Takes like 4 minutes to process but works, deemed exploitable. Would be nice if something can be done with an expired PTEL……
Works on my vita 1000 model 3.18. what’s next? big news i hope.
Slow progress towards a native hack. Don’t expect anything big any time soon.
What’s a Native Vita hack? Is it similar to a VHBL exploit?
It runs on the PSVita firmware itself. It doesnt rely on a PSP game or mini. It also means it has more memory access, but in the early stages like this, you need to wait as an user for the devs to bring out the exploit. This website wololo has linked you to just states that your psvita is vulnerable or not. If it is, just wait and don’t update.
Hello there. I have a question, the compatibility depends on firmware or depends of what? I’m in 3.01 and it shows the second image in the post (the start button). So, can I do something to get compatibility? Thanks.
1.06 says:
Error: ReferenceError: can’t find variable: Unit32Array
1.61 show Start buton…why?