Vita hack: Proof of concept code updated to support up to firmare 3.18, and credits
Earlier this week, Davee released a proof of concept Native exploit within Webkit for the Playstation Vita. The code would only work on firmware 2.60, but with the implicit promise that firmwares up to 3.18 included are vulnerable.
Given the fire that propagated through the scene within minutes of us mentioning this release, hackers left and right were quick to contact me about giving proper credit for the exploits; Davee also got busy upgrading the exploit with BBalling (CodeLion) to make it work for all supported firmwares. That is, all firmwares up to 3.18 included (no, as we said several times over the past few weeks, this specific Webkit exploit does not work on 3.30, and if you upgraded, you made the decision intentionally).
It is also now confirmed that this is the same exploit that was mentioned by Acid_snake and CodeLion in this article: Native Vita Hacking: What’s the situation so far? (Part 2)
In a short blog post, Davee stated that the driving force behind this exploit is CodeLion. Josh_Axey and Archaemic have also leveraged this exploit in their own ongoing experiments.
He also updated the exploit, after CodeLion posted his own 3.18 compatible version. Davee’s version ends up being more self contained for the end user, so that’s the one I’m showing below (CodeLion’s code needs netcat to run on the server, which can be extremely useful for debugging purposes, devs might want to give it a look).
Test on your vita
You can test if your vita is vulnerable with the link below. Vulnerable vitas should see something like this (screenshot thanks to @WAFLNeo):
Non vulnerable vitas will see an error code, most likely, something similar to the screenshot below:
Test links:
http://www.lolhax.org/vita.htm
http://wololo.net/v/webkit/vita.htm (mirror)
So, is your vita vulnerable? Did you avoid the temptation of updating to 3.30?
Works great on my Vita@3.18, but does not seem to be working on the Playstation TV@3.20 – after pressing ‘ok’ at the initial prompt, a ‘please wait’ message is displayed and the page is then reloaded instead of showing ‘this Vita is vulnerable.’
This means that it’s still exploitable but the code is needs to be ported to support 3.20
3.20 looks vulnerable, possibly.
Just wanted to thank all the people working to make a native hack on ps vita a reality.
So i am wondering, does this code actually hack the vita, or is just scratching the surface of the native vita
As it is right now it does nothing but search for the webkit and tell you if your vita is vulnerable.
Barely scratches the surface, but it should be possible to do some cool stuff with it.
Then people should probably stop calling it a native hack. If it’s barely scratching the surface (“Barely”) is it worthy of being called a native hack at all?
I think it deserves the title “native hack”. This officially confirms to all vita users that the native hack exploiting has begun and that the devs are going to begin working on this project. FW 3.18 will probably be the last firmware that will allow epsp or a future VitaCFW. So if your on 3.18 or below, then rejoice. This sign of hope is the cover of an awesome adventure of exploiting the Vita to the fullest potential.
Nice! I actually hope that who ever finds this hack doesn’t make it used to pirate VITA games because then that would mean even less developers would want to develop for it. I do hope that this gives us a way to overclock the cpu and gpu so that some games would run better (Borderlands 2), and give us a way to play it on the big screen without vita tv.
I wonder how would webkit be capable of that…
3.18 says ‘found webkit at ‘ then hangs again and displays ‘this vita is vulnerable 🙂
after pressing start … ma vita 3.18 says” found webkit at:81b00b78″
nuthing about the vita is vulnerable. after pressing “o.k.” it goes like u can not reload webpage or go to another url. i have to restart the vita browser …
does this mean the hack works ?
“this vita is vulnerable”.
Huh, no it doesn’t work for you. Sorry.
You didn’t give it enough time, you need to be patient.
I get a similar error on my PS Vita Gen 1 on FW 3.18 :
Found webkit at: 81b00a38
My PS VITA shows “Found webkit at: 81a00628” meaning?
I clicked “Start” again after getting that message and it displayed the confirmation of the vulnerability.
To run my code without netcat, make log.php empty.
What sucks is my younger brother updated my vita without my consent …
3.01 for me
ahhh
nevermind. i had to wait some … about 1 minute. then got the displayed “congrats” this vita is vulnerable”
YAY
my vita also shows found webkit and an address. im on 3.18
yey! mine too it hangs in webkit thing and then it says its vulnerable. what thus that mean if your vita is vulnirable? im on ps vita 3.18
edit…but at a differnt address than the previous post above
mine finally says vulnerable. funny each time i run it it finds a new address.
The “new address each time” thing is ASLR, one of the reasons modern systems like the vita are much harder to hack than the PSP was.
lol 1.81 I got Error: RefenceError: Can’t find Variable: Uint32Array
it’s from 2.00 to 3.18, probably 3.20
yea i dunno if i can just update it to 2.00 instead of 3.35 or something
You can – the Z has a sticky in talk about this
Thanks For the information, but I’ll wait for something more then a proof of concept
Why are you still on 1.81!?
Why wouldn’t he be? 🙂
I still have the Urbanix exploit and it seems to work just fine so I had no need to update
My PS Vita 3.18 displays – ” Found Webkit at : 81b00848 ” . I press OK. After 30-60 seconds it displays – congrats, this vita is vulnerable. I press OK. Then it reloads the page. Very happy to see some native work in progress for the Vita. Love the word Vulnerable, VULNERABLE ! HUHU 🙂
On my vita running 3.18 it says (Found webkit at: xxxxxxxx), where x are numbers and letters…I think my vita is vulnerable…amazing!
i tried this on my vita at 3.01 and it finds the webkit!!
1.06 not working. Webkit 531.22.8
================
ReferenceError: Can’t find variable: Unit32Array
================
feels batman
Ohh shieeeet u r still in 1.06
mine is 1.80, same as you
Don’t suppose you want to sell that unit to aid research? PM me on the forums if you do. 🙂
Please donate it to josh_axey or codelion lol.
I’m on FW2.01… heh…
ahora, muestra este espectacular sms, que sigue? como utilizo eso? puedo llamar una aplicacion Como PKG Installer ,agregando lineas? :3
Now , this spectacular show sms, Who`s next? as I use that? I can call an application as PKG Installer by adding lines ? : 3
PSvita TV 3.20 is confirmed by Davee to be vulnerable. Source, his twitter.
Not working on my 1.80
3.18 is vulnerable!!!!! Let the good times roll!!! Thanks to everyone who is working on this keep up the great work.
Confirmed working on VitaTV 3.01
I would get vita tv soon then (as soon as you released hack)
Because i already updated to 3.30
I can’t live without online on vita
Found webkit at:7d965cc9…what does this mean?
my only question is will there be any attempts to look for other native exploits for 3.30 ?
when do you guys think 3.30 will be exploited?
thank you mr. davee and mr. wololo.net more power
works mymy vita is vurnable im 3.18 tnv exploit
on FW 3.01 have: Found webkit at:819fff68
3.12 confirmed working
3.12 is working wonders
FW 3.01
When I hit the start button I get a popup that displays “Found webkit at :819fff68” If click ok and wait a bit I get the Congrats , this vita is vulnerable popup. So I guess it works.
it is work but what i do next ?
wait until someone developes something of use for end users like you and me! This is only the beginning!
Works on Vita 2.61
I’m happy 😀 Thanks for all this work
Works on 3.15. Very interested in seeing what this all leads to.
I simply need to copy link in ps vita browser to test? But if i re-enalbe connection, vita not ask me to update??