Vita hack: Proof of concept code updated to support up to firmare 3.18, and credits
Earlier this week, Davee released a proof of concept Native exploit within Webkit for the Playstation Vita. The code would only work on firmware 2.60, but with the implicit promise that firmwares up to 3.18 included are vulnerable.
Given the fire that propagated through the scene within minutes of us mentioning this release, hackers left and right were quick to contact me about giving proper credit for the exploits; Davee also got busy upgrading the exploit with BBalling (CodeLion) to make it work for all supported firmwares. That is, all firmwares up to 3.18 included (no, as we said several times over the past few weeks, this specific Webkit exploit does not work on 3.30, and if you upgraded, you made the decision intentionally).
It is also now confirmed that this is the same exploit that was mentioned by Acid_snake and CodeLion in this article: Native Vita Hacking: What’s the situation so far? (Part 2)
In a short blog post, Davee stated that the driving force behind this exploit is CodeLion. Josh_Axey and Archaemic have also leveraged this exploit in their own ongoing experiments.
He also updated the exploit, after CodeLion posted his own 3.18 compatible version. Davee’s version ends up being more self contained for the end user, so that’s the one I’m showing below (CodeLion’s code needs netcat to run on the server, which can be extremely useful for debugging purposes, devs might want to give it a look).
Test on your vita
You can test if your vita is vulnerable with the link below. Vulnerable vitas should see something like this (screenshot thanks to @WAFLNeo):
Non vulnerable vitas will see an error code, most likely, something similar to the screenshot below:
Test links:
http://www.lolhax.org/vita.htm
http://wololo.net/v/webkit/vita.htm (mirror)
So, is your vita vulnerable? Did you avoid the temptation of updating to 3.30?
Humm.. I need to check this, I’m still on 2.01
interesting
any idea how to use this webkit i have no idea
Found webkit at: 7d9371a1
after that it reloads the site.
I´m on FW 2.02 😉
so, expect more webkit exploits for later version too?
This is exciting! Big Thx to everyone, who is working on this!
Yes confirmed to work on 3.15 with the message as shown above ! Thanks 😉
What exactly does mean: Found webkit at: 81b006f8
some Screenshots: http://puu.sh/cinYO/6151bd541a.jpg
http://puu.sh/cinX0/203124e7dd.jpg
Nice to see a proof of concept of a native exploit.
I bought a Vita from someone with 3.30. 🙁 Hopefully, exploits on older firmwares will make it easier for people to find exploits in the newer firmwares.
PsVita 3G with Firmware 3:01 i can confirm that is vulnerable.
Great work guys. I’ll wait update on this! Keep it Up!
I have a psvita 3.01 I do the test I click start and tells me: ” Found webkit at : 81919fff68 ” , is a good sign?
it did the same for me. but i pushed ok and hit start again and waited a min and then it told me that my vita is vunarable ( ps vita 2000 model ) do that and find out
Works on 3.01. Thanks!
Works in 3.01 ur amazing guys! Thanks u
I can’t seem to get to the ‘your vita is vulnerable part’. I get the ‘found webkit at xxx’ part, though.
I haven’t updated my browser in a long time. Should I?
press ok and let it sit for a bit longer, a min or 2, it will pop up again and say congrats..
Considering how long it’s taking for this, it mite be better if the exploiter saves the release until the Vita’s EOL….which won’t be too long if the PS TV doesn’t sell well.
works 🙂
What’s next step ,can someone posts any tutorials with this tool?
next step is launch vita games on vita )devs already can do that
So cool
Joke aside, next step is attacking Vita’s kernel. And someone to make use full vita power to emulate that heck weak 3DS. Yeah, i’m salty because Monster Hunter is on 3DS and at 240p without any trophies.
There is no working 3ds emulator for pc so don’t get your hopes up for the Vita
Yeah, I seriously doubt the Vita will ever have a 3DS emulator in its lifetime. If you wanna play Monster Hunter games, buy a 3DS and the game. It’s really not that hard. Even if the Vita /could/ emulate the 3DS it isn’t gonna magically add trophies or HD graphics to it.
They use the same cpu architecture and similar gpu’s so emulation could be fairly fast and straightforward. The 3DS has a weak cpu/gpu and low resolution so it shouldn’t be an issue to emulation on pc if the interest was there.
There is a 3ds emulator for PC. It is called Citra. It can only run small homebrews for now. I tried mandelbrot on it.
http://gbatemp.net/threads/citra-new-3ds-emulator.365154/
will have to wait, themes and akibas trip where to tempting^^
Akiba’s Trip works on 3.15 and possibly lower…
congrats 😀
really interessting this way
Wow,
I can’t believe I’m still on 1.80? What should I do?
You could donate your vita for science… We’re working on a ultra low fw exploit but I really need to obtain a <2.06 vita.
Good job keeping that FW though!
Ermmmm…… Besides the good job part….. Are you serious?
You can update to any specific firmware that you want: http://wololo.net/talk/viewtopic.php?f=65&t=23013
Downgrade is working with Open CMA?
You can’t downgrade the Vita in any way… yet
On the PS TV 3.20, it displays “Found webkit at [address]” then refreshes.
On 2.02 too
I tried again on the PS TV 3.20 and it displayed the correct message “Your vita is vulnerable” etc.
Works Fine on 3.18
Works on 3.01 Thanks what happens now anyone know when it is coming out
btw anyone tested it with ps tv (fw 3.20?).. i´m european and still waiting for it so i´m not sure how it will be with it, but i mean that the eu pstv will also be 3.20.. so, does it work for the us model?
Works good on 3.18 on my Vita.
now all we need is a way to do this in 3.30 or a way to downgrade cause im sure im not alone in my sadness
Worst comes to worst, people can just buy a cheap Playstation TV that ships with 3.20 (3.18)
Really work’s grettings!
oke we can load text within the web kit, can we also getout the webkit? or is this the psp box problem all over again but now in the node webkit (I understand that now we are not limited to the performence of the psp)?
works on 3.15 btw
Mine shows the error message on 3.18. Is there a difference from one 3.18 to another? :/
Nvm, apparently I wasn’t smart enough to press start lol. Thought that the error was the white screen itself lol. Awesome work!
I get Found webkit at: 7d965cc9 on 2.12 but I can’t get it to show the Congrats, your vita is vulnerable message. I let it sit for a couple minutes on that message and let it sit a couple minutes after hitting OK and it goes back to the webpage where the start button is
Any ideas?
I get the same message on 2.10 as well.
AFAIK it goes from FW 2.60+
Yours is too old.
AFAIK it goes from FW 2.60+
Yours is too old apparently
No no. Works perfectly fine even at 2.10. Your grandma is too old.
me too work perfectly on 2.1
Can’t wait to see a cfw for psv 😀
thats work 🙂 3.18 fw
q:^) Wooo, works for me on firmware 3.18. Got a message that said webkit was found and I clicked start several more times, and I got the congrats your vita is vulnerable message.
Mine found a webkit and its vulnerable ☆☆☆☆☆☆☆☆☆★★★★★★★
Sorry 4 my english, but there’s nothing we can do with psm development 4 downgrade or something on 3.30 psvita?
Lol at the people who updated to 3.30!!! Next you should do a post about what has been achieved so far and what are the capabilities of this exploit.
I just wanna thank all the devs who are working so hard on this project. Ya know who y’all are. Thanks for finally taking the first step for making this happen. If ya could find a way to separate, remove, or bypass PSN’s FW update requirement for apps like Netflix, and Crunchyroll, I would donate as much money as ya need to make that happen. That’s all I need. Thanks again guys, take as much time as ya need and good luck!
Amen to all of what you said, Rum. q:^) I’m willing to donate too.
yea you should explain what could be or are the capabilities of this exploit..