Vita hack: what you can and can’t do with the recently released Webkit hack
Developer Davee released 3 days ago a webkit hack proof of concept for the PS Vita and Playstation TV. The exploit works up to firmware 3.20 included. The release sparkled a bunch of questions, so I think a quick explanation is needed here.
What can we do with this hack?
Long story short, if you’re asking the question, the answer for you is probably “nothing”. The hack, in its current form, just checks your vita browser for a specific vulnerability, and confirms if the vulnerability works or not. If it works, and if you are interested in future developments of this exploit for your vita, then the only thing you can really do as the end user is wait, and more importantly, not update your firmware.
Eventually, if you’re lucky, some homebrew support or other cool stuff might come out of this.
If you are on firmware 3.30, this exploit will not work for you. It is still interesting for you to try and not update, as, in general, the lower your firmware, the best from a hacking perspective.
Wait, this does not end here
Most of you will probably think this is useless and tell themselves, “well, I’ll come back in 3 months and see how it evolved”. I want to stress the fact that if everybody was thinking this way, console hacking would never make any progress. If nobody steps up now, the excitement could die and the hack will go nowhere.
This proof of concept is the very first step of hacking the vita to see what cool homebrew and stuff we can come up with in the future. But for now, the rest is mostly uncharted territory, except for the handful of people who did have this hack in their possession over the past few months.
In other words, now’s the right time to dig into the exploit yourself, and start and understand how it works, and how you can extend it. You might think, as an individual, that you do not have the “skills” to help the scene. For many of us, that might be true. But it is essential to understand that there is no “Vita hacking school”. The people who came up with these exploits and tools did not have “secret” knowledge available to them that is not available to you. Of course, they used their experience and knowledge in related fields (security, programming, hacking of other devices, you name it…), but the main fuel for console hacking is patience, motivation and free time.
Although I am not the best example out there, when I worked on HBL and the patapon PSP exploit back in 2009, I did not have any extensive hacking knowledge. I did, it is true, have a strong programming background which helped me dramatically, but what I want to insist on is that motivation and patience are the things that drove HBL to completion at the time. When we worked on HBL, I received lots of help from other people who had figured things out before me, for example m0skit0 (who wrote most of the code for HBL initially). The main reason these people trusted me with their time though, is that I had shown my motivation, I had shown that I had taken the necessary time on my own to dig into the existing information that google could send me.
Bottom line is, anybody can help at this point, because everyone now has access to the “difficult” first step: an entry point into the Vita’s memory (or at least the webkit bits). From there, you’ll probably have to take baby steps, such as “how do I connect to this netcat thing that CodeLion mentioned?”, or “***, I actually need to install linux for that?”. But trust me, every single step can be rewarding.
If you manage to run Codelion’s code (here: https://github.com/BrianBTB/codelion_poc) and interact between your vita and your server, you’ll be one of the maybe 30 people in the world who know more than anybody else. It’s not much, but it will take you to the next point, of understanding how to update the code, for example to dump the ram. Or things like that.
Others will probably make progress as well, maybe more skilled people than you. Once you show them that you have been able to run this or that code, you’ve proven that you have enough motivation for them to spend time helping you. After all, you might be the guy who finds the next vulnerability for 3.30 🙂
Now I won’t lie, if you have no programming skills or interest in programming whatsoever, there’s close to no chance you’ll be able to go very far. But anyone who has basic programming skills should be able to give it a try.
Really fantastic tool by a friend. Module dumps coming along nicely. Yes, that is vita memory pic.twitter.com/GPjn2q7cyg
— Brian B (@BBalling1) October 19, 2014
It is worth mentioning that this is a very time consuming hobby. Trial and error are the majority, and this can damage your relationship with your significant other, because it is so addicting.
What you can try next
These are the things I would try to understand myself in the days to come (assuming I had the time, sigh…)
- Understand the basics of ARM assembly (some documentation here, here, and a book here)
- Understand the basics of ROP programming (the basics on wikipedia, a nice intro to ROP here)
- Try to run CodeLion’s POC with netcat running on your machine: https://github.com/BrianBTB/codelion_poc
- Based on the newly-gained knowledge above, what are the gadgets that Davee’s exploit POC is looking for, what do they actually do?
- Some people on twitter (@bballing1 a.k.a. codelion, @173210) are already apparently dumping ram from the exploit. Try to reproduce.
- Scout /talk for any knowledge that others are willing to share on their own progress, and try to see if I understand it, and if I can reproduce their progress on my own
Rally PA No Beta was under attack?
Puedes probarlo? Algún video o fotos de por medio?
Durka durka waka laka ching chong so.
one quick question
i have chrome/safari
so why are there no gadgets ? lol
Wololo achieved successfully install the package instaler running 3.30 psvita games installing the same update lately pkg.Tambien and achieve a custom upgrade that allows games iso. be installed even easier.
I’m sorry but I also can’t help in this, as much I can wait and be patient and have a corage to proof your exploits and wish for al the scene GOOD luck, buena suerte amigo 😀 :8
Anyway you can prove it? Alguna forma de mostrar que no estas hablando boludeces?
I wasn´t telling you that i want that. I want you to show me. Otherwise, you are bluffing and spamming the site.
No te dije que lo quiero, dije que me lo muestres. De otra manera, estarias hablando boludeces.
Friend wololo installer can install the package on the ps vita 3.30 and installed the pkg files seamlessly .Also hize one .pup presonalizado upgrade file that installs psp iso files.
hi guyz i need help im on 3.18 right now but i miss all exploit game so should i just update to 3.30 and then buy psplus or just stay at 3.18 then wait for a free hack without buying an exploit game at psn store?
When next psp exploit 3.30??
With this hack, will we be able to overclock the Vita?
Yes! And you will be able to make phone calls with the 3G version.
So what exactly did Spanish Wololo discover?
hello! I am 中国人
Hello , I am shikhar 🙂 do you also do programming ?
Interesting. I think this will be my next project. I might learn something new from it.
I would check to see if there was a webkit exploit in 3.30, but I don’t know where to start with it. It’s been years since I last did actual programming, so I doubt I’d be much help in the scene.
It’s a great thing that you share this i have been looking forward to something like this and since i’m in 3.18 it’s gonna be even better, i would have done this myself in the past but i was too lazy to look things up.
I have been reading the ARM documentation and i think i am going to start working on something for it, if anyone else is doing this you can share or ask for anything that you need regarding this vita hack, or even chat about programming i’m on twitter at: @AlexeyYevgeny
After finishing installation of Python27 and the capstone and then i run the serv.py file ,it opens then dissappear..
i wrote in the Python path:-
”’
chmod a+x serv.py
./serv.py
”’
but after that it gives me ‘\nchmod a+x serv.py\n./serv.py\n’
whats wrong might i do ?
Not hack
How to use Python?