Vita Hack: proof of concept code updated, confirmed to be compatible with Playstation TV’s firmware 3.20
Davee confirmed a few hours ago that the recently released webkit hack indeed works up to firmware 3.20 included, and not “only” up to firmware 3.18 as I initially thought.
It is likely the problem with firmware 3.20 so far was a minor glitch. Davee has updated his proof of concept code with what seem to be minimal changes to basically increase the range of “search” for the ROP gadgets, as it seems those were not found correctly on firmware 3.20.
The proof of concept code also has been improved to mention that “finding the gadgets” could take several minutes. Many people contacted me yesterday asking if the “found webkit” message was a good or a bad sign. It is a good sign, and you then just have to wait, potentially for a few minutes, until the “your Vita is vulnerable” message pops up.
good news for psvita tv 3.20, it works now!
— Davee (@DaveeFTW) October 19, 2014
Screenshot thanks to @HarryKnucklez
Again, this will not work on Vita firmware 3.30. or any other device that gives you an error code. This includes devices that fail at the very basic initial steps, not recognizing the Uint32Array type.
You can confirm if your vita is vulnerable on the links below
Test Links
http://www.lolhax.org/vita.htm
http://wololo.net/v/webkit/vita.htm (mirror)
Just wondering..
What exactly could this be used for?
I see people dumping ram but i don’t know if this is related, can we run unsigned code?
yep, but homebrew devs need user friendly sdk.
i also wonder what can be done…
what does a webkit? what are the possibility’s.
what has already happend to other device’s by using a webkit?
this all is very promising but i really don’t know what this wil do for us in the future
A webkit is the thing in a browser, that runs JavaScript. That itself isn’t very interesting when you want to run code natively on a devices OS. But under the hood the webkit runs on C++, of course (which is pretty near to the hardware/OS). And by JavaScript you can run homebrew code (of course, that is what Javascript is for, but only in the browser). With those two findings, you can’t run C++ code yourself, but you can provoke the webkit to run unsafe code, causing some exploit, that can eventually lead to an entry point to run homebrew code natively.
It is better described here: http://wololo.net/2014/09/21/native-vita-hacking-whats-the-situation-so-far-part-1/
This proof of concept shows, that people like Davee found exploitable portions in the Vita browsers webkit. The webkit. btw, is not written by Sony, but just used by them for the Vita browser. It is a general thing used by many browsers (That’s why you see the term “Apple Webkit”). So hackers for the Vita can fall back to exploits that are already found by other hacking communities.
Thank you very much
@Brenza @Fawkes
This means absolutely nothing for end users, as stated when first mention of the webkit vulnerability. But for coders, it means potential. Potential to update homebrew, create new homebrew, etc… I don’t code, but I know that’s what’s up. Don’t get too excited, unless you code…
Did this on 3.18, and now I can’t connect to the content manager without it asking me to update the firmware. I reset both my PC and vita and tried running them through airplane mode. Either says can’t connect or update to latest software. I even reinstalled the manager from my vita. Anyone can help with this?
You need OpenCMA:
http://wololo.net/downloads/index.php/download/1252
Yeah I’ve done that. Same thing.
I ` m in 3.18 and openCMA work well 4 me;
A few days I spend the same;
clean and reinstalling everything I returned to work
good luck
This can happen sometimes, but I could not find specific reason why it happens because it happened to me too. All I did before was restart PC, turn off and on the Vita again, and disable WiFi on Vita. Then, I tried re-apply OpenCMA again and run it, then connect Vita to PC and it works again.
I could assume that the Vita asks the update if your PSN account on Vita has been connected to PSN server or at least tried to connect to from any online sync app like Near, Messaging system, Trophies or Friend system, but I could not confirm that.
when u connect your vita through usb try to unnistall the usb driver and try again, it works for me.
just turn off the wifi and restart your psvita and you can conect to the openCMA o QCMA
well that works for me
it works now the ps vita is open?
I did the test, it works, and now the psvita hack?
It is only a first step, a beginning to the devs.
One question @wololo:
With the knowledge, that hackers generally don’t spend their efforts for piracy, but to run homebrew software, which eventually leads to other programmers finding ways to run game roms and isos, in mind:
Do you think, that as soon as hackers find ways to run homebrew code in the PS Vitas kernel mode (I know, we are still far away from that), the effort will once again not be as much for programmers to run Vita games on the Vita and thus open the path for piracy?
Or do you think, this time, the Vitas protection is so strong thanks to some über-protection, that prevents Vita cardridges from being copied or another security measure in the Vitas system, that prevents licenced non-DRM-games from being executed from the memory card, that still render it impossible to pirate games, and would thus require further hacking, which no one is actually interested in doing?
It would be great, to just have jailbroken Vitas, where you can run your own software on, but at the same time have a secure system without piracy.
Historically, piracy is easier to achieve than homebrews, because for homebrews we need to build an SDK from scratch, and potentially a full loader (like we did for VHBL), while for pirated games, the whole structure is already in place and it is only a matter of removing the security checks
after a lot of reading i decided that for my needs the raspberry pi is a far greater choice as emulation station.
I already have my vita, and it runs great thanks 2 you guys but for my kid retropie it is
I have a question @wololo. With the webkit exploit already in effect for further research and hacking, would it be possible to remove PSN’s firmware requirement firewall to access services like Netflix and Crunchyroll?
I say who cares if piracy begins. The console is already dead.
This feat had enabled emulators run in high quality? I wish I could play the old consoles on my vita with emulators that have several filters. xD
csm… Si tan solo le pudiera dar like o +1 a tu comentario
jajaja… típico chileno.. jajjaja
i dont speak spanish, but you have a filthy mouth, high five… with a chair in the face
Im more curious if this will lead to letting us Activate offline or something like that.