HENkaku PS Vita 3.60 hack: Team molecule challenges hackers to reverse the hack


We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

41 Responses

  1. meysam25 says:

    i feel really good feeling about this . something great will come .

  2. Crusader says:

    Exploit has to do something with rows attribute. Figured out that they’re probably somehow causing buffer overflow there.

  3. Asurey says:

    “Sony engineers are already looking at ways to understand the bug and patch it.”
    By removing Web Browser entirely from their next PS console, like they removed any form of internal media playing on PS4. -_-

    • Dav_Dabz says:

      They sure know how to party.

    • makak1984 says:

      It is not funny, because Nintendo do not provide internet browser for their 3DS out of the box… You must update in order to get it. There was much problems with that in order to get most current hacks.

    • 1 says:

      How can they remove something that never was there to begin with? 😛 PS4 never had internal media playing. The web browser wont be removed.

  4. Franky says:

    Watch the Vita get cracked open and sales mysteriously pick up out of nowhere.

  5. sowhat says:

    I knew it. The needed help and stil ldare to create a group with a stupid name selling it as their own.

  6. Franky says:

    Are there any plans to make it possible to launch this from a local server just in case some of us have a computer, but no internet?

  7. Dudebro says:

    Oh please no, not @Mathieulh… please nooooooooooo.

  8. Derek says:

    It is possible to create plugins?

    Can we expect PSP/PS1 image support?

  9. Runehasa says:

    Should offer a price to someone who figures out how to dump and play backups. Come on you know you all want it

  10. Alperoot says:

    Wait what? I’ve already seen the source code at github yesterday. Or I just spotted the wrong thing lol.

  11. Gutpunch says:

    This is a joke charmram a hongkong hacker already had this hack sometime ago so the reverse part should be out shortly.

  12. Darien says:

    Is this hack worth updating for?
    I own two vitas the 1000 model running 3.36, and a 2000 running 3.51
    Im debating updating my1000 its old and beaten up anyway

  13. Bobesal says:

    This îs the chance for the ps vita to be revived.

  14. 173210 says:

    I’m not actually reversing. As I always say, I’m not good at and interested on reversing. I just downloaded the payload and looked for strings (e.g. http://go.henkaku.xyz/x). That’s it.
    The binary is a bit small, but it seems obfusticated. Go ahead if you like reversing. Maybe it is pleasant for you (but not for me)

    Here are some hints:
    * Not confirmed, but probably consisted of three vulnerabilities: WebKit, code execution, and privilege escalation
    * The WebKit exploit was already known in 2014. (Google tells you.)
    * Code is in Thumb. (probably you can figure out that as soon as you look at it with hex editor!)

    Anyway, I was bored with playing Tetris on PC and seeing the binary. I want a PS Vita!

  15. Yifan Lu says:

    You do know he’s trolling by posting a random hex dump right?

  16. orange says:

    “an anonymous contributor”.
    i think this should have been mentioned earlier. or at least given a bit more attention. as far as i knew before all the credit went to ‘molecule’.
    not getting at anyone but its an important part of the story

  17. TheDemon says:

    1. – Spoof browser useragent to mimic Vita’s agent
    2. – Access http://henkaku.xyz and install
    3. – Intercept browser requests and figure out the redirect to http://go.henkaku.xyz
    4. – Download the page source code and take a look at the exploit: http://pastebin.com/tmuHDreY
    5. – Follow the execution path and reach the bootstrap binary at http://go.henkaku.xyz/x (or https://www.sendspace.com/file/3asukv)
    6. – Pair the payload/relocs (http://pastebin.com/ZJNPFn3k) obfuscation with this binary
    7. – ???
    8. – PROFIT!!

    – Find out the molecularShell binary at http://go.henkaku.xyz/pkg/eboot.bin (or https://www.sendspace.com/file/663jt9)

    – The browser exploit is a reimplementation of the sort() bug that was not properly fixed.
    – The “x” binary is deobfuscated and loaded at the last stage of the exploit using the scrollLeft attribute.

    Am I cool yet? 😛

  18. lollypop says:

    somebody got a working quake12 vpk with pak1 ?

  19. lollypop says:

    TheDemon does this make for a permanent molecule on 3.60 ?
    what about henkaku updateblocker ? or downdowndown boy lol

  20. rainman671 says:

    How do I put emulators?

  21. gunblade says:

    Cool. Might get into it finally got a new laptop. Going to try get a new 3g vita a realise bundle of I can find one.

  22. gunblade says:

    Lol. Notice how the exploit work j is bu watching a YouTube video. Nice jobs guys. Thks.

  23. isabel says:

    hello! please someone tell me what to do
    should i update my 3.18 vita to 3.60?

  1. August 6, 2016

    […] mentioned before that Yifanlu was planning on challenging hackers to reverse engineer the HENkaku code. Today’s he’s announced it officially on his blog, with a hacking CTF contest to go […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding