HENkaku offline support is incoming (Video)
We thought life was good with the possibility to host HENkaku on our phones and access it from within our local network. We knew nothing, Jon Snow. Developer xyz, part of Team Molecule, is working on a self-contained version of HENkaku that just runs on the PS Vita, without any network access (in other words this also works with the Wifi turned off).
The teaser video below was shared by Yifanlu a few hours ago on twitter.
This evolution of the HENkaku hack apparently relies on the email client, and it’s difficult to guess solely from the video, but it looks like the email is triggering a self contained version of the webkit browser, probably through an html email. There was some dynamic aspect to the response from the HENkaku server so it would be interesting to know how this is handled offline. Everything in Javascript?
Of course this is strictly for people running a PS Vita 3.60, and will not be of help to the poor souls who upgraded to PS Vita firmware 3.61.
Update: more details on the inner workings from the HENkaku IRC channel, thanks to StepS:
[22:29:48] <xyz> enjoy https://usercontent.irccloud-cdn.com/fi ... G_0378.MP4 [22:32:24] <xyz> I'll provide a vpk that will do all setup [22:32:33] <xyz> you don't have to enter any email account manually [22:32:47] <xyz> the vpk will add an account to email app which will have 1 email in inbox [22:33:35] <xyz> soon(tm) [22:37:15] <xyz> yifanlu always says how vita is secure but they have such lame bugs, like 2 years outdated web browser, email app executing javascript in html emails, email app even used to allow ".." and "/" in file names [22:52:11] <xy2_> xyz: does it also support initial install [22:52:22] <xyz> no [22:53:30] <xyz> there are several complications with that and ultimately I don't see the need for it to do initial install [22:53:50] <xyz> don't worry about the details [22:54:13] <xyz> you will just launch the installer vpk when you have internet and then it will download newest payload for email [23:29:55] <dkabot> I wonder if someone will try editing the name of the email/acct [23:30:12] <dkabot> Just like "Free $1,000,000! Open to claim!" [23:30:33] <xyz> actually you cannot just forward this mail and have it work on another person's vita [23:30:47] <xyz> it also uses some data from filesystem that gets installed by the installer vpk [23:30:48] <dkabot> xyz: I meant editing it in db, if at all possible [23:31:03] <dkabot> Just for basic image gags, not to forward it [23:31:05] <xyz> yeah sure [23:31:10] <xyz> it's just sqlite
Source: Yifanlu on twitter
First? Please
k thx
Why does first matter? When did that all of a sudden become a thing? What makes it “cool” to do?
It’s been a thing since the internet started hosting comment boards so it’s nothing new, and sudden it’s actually quite old, and unoriginal anymore .
here we can clearly see someone salty about not being the first.
FIRST!!!
Nope.
According to xyz on the IRC, this will be installable as a .vpk after installing for the first time. It indeed triggers javascript in an html email. The .vpk will add an account to the email application that already has the email in its inbox. He also says that you can’t make this mail work by just sending it to someone’s vita as it relies on some data from the filesystem that the .vpk installs. That’s what we know for now.
If that’s true, then that is a very cool way to handle the process.
Stuff like this makes me want to go back to school and learn how to handle stuff like this
This is great! 😀 Can’t wait to play around with it!
CFW 3, 2, 1 … september 9
(confirmed)
are you serious?
So you are a fortune teller too?
But my inner peace mind says it will be released on august 20 🙂
can the same hack be install in the PS3 4.80 like they did on the ps4?
i wish but nobody cares about the PS3. Even if its possible no one will port it
Probably not because the ps4 and vita are more closely “related” than the vita is to the ps3. Also I’m pretty sure a newer method isn’t being developed for it since it’s easy enough to do already. (E3 Falsher)
Yeah, so easy that you only have to solder that *** and risk damaging your hardware and internal memory in the process LOL.
All those hardware mods are useless expensive risky *** just for enabling homebrew. Cobra sucks donkey ***, nothing worse that hackers and pirates trying to make a profit from other pirates. *** that *** really, along with anyone else that comes with a new dongle.
Great! Now when I’ll be during the travel, I could use my homebrews without being afraid of battery discharging or turning off Vita. Another great achievement of team Molecule! Excellent work guys! 🙂
I’m really impressed with the nightlies of retroarch.
SNES9x – The only game that isn’t quite right is ff6 (the speed is fine but the sound modulation is f*@#ed and it is very noticeable. But star ocean, tales of phantasia, super mario rpg, work perfectly.
Unfortunately, the .srm internal saves aren’t working yet so make sure you save with the emulator before you quit!
this scene is getting better everyday I check in!
So… Should we update now to 3.61 in order to get the stability that our PSVita systems need?
Yes, you should. 3.61 is so stable that it doesn’t even support the hack anymore.
I hope for your own dignity that was sarcasm (don’t take offence)
Obvious sarcasm is obvious.. nobody needs these “stability” patches.. LOL.. I only do it on my ps4 because of ps plus
Please do it.
I Dare You!!! XD
How about some Sony “Vita support” ?
Could we get some of that ??
We did. They gave us a system update to 3.61.
LoL. Soooooooo much stability.
Blew my pants right off.
Finally that stupid email app is going to be useful…he he
Wait, does this mean it will work on 3.61 as well or the exploit is still dependent on the main webkit from the web browser?
The email app uses the same WebKit as the browser, so no, it won’t work on 3.61.
Also from the context of it, henkaku is required to install this “offline standalone henkaku” as the installer will come in “.vpk” format.
i.e. vita needs to connect to internet at least once to activate henkaku. (or any other local way to activate henkaku)
no its just another way to trigger the exploit. The native exploit is the same
Well, I just thought that Sony might be just patching the browser and left the email webkit outdated lol
nah it took 2 weeks to patch the exploit. I think they did there job
Read people READ: “Of course this is strictly for people running a PS Vita 3.60, and will not be of help to the poor souls who upgraded to PS Vita firmware 3.61.”
So does that mean I should update?
Yes, idiot.
I Dare You Too!!
i wonder why Sony still waste their resources to focus on Vita security.. Does this happen to PSP too nowadays?
Anyway great work u guys~ Finally my Vita rock!
Yo what happened to the comment asking about Sony regarding ther position on supporting the PSP still. I wanted to remind them that Sony pushed an update for that almost a decade or something after the previous one was released to patch i think it was davees infinity thing or something. Idk that was over a year ago.
Foursth
Hey Wololo, you mispelled “Follow” in the homepage (follolow). Unless this is meant to be like that ,lol.
🙂
I wonder how long it will be until this has cfw similar to the ps3 then a psninja and psnpatch like port
Keep dreaming. That’s a long way away. User mode exploit does not mean kernel exploit follows.
Henkaku is kernel but kernel is not kernel. Its not like if you have kernel you can do everything. The Ps Vita have so much security checks that its a real pain to locolice and patch it without any kind of debugger. Same thing on PS4. You have full kernel access on 1.76 but you can do not very much with it NOW. It need much more time to get things working.
Well, seems like it’s already a kernel exploit : http://wololo.net/2016/08/07/henkaku-steps-exploit-reverse-engineered/
“This seems to confirm, for those who still doubted it, that HENkaku indeed ships with a Kernel exploit. The Kernel vulnerability apparently lies in some APIs of the Vita’s Network library (SceNet).”
Henkaku uses a kernel exploit.
I think sony patch the henkaku because they afraid we can mess around with the trophy. So they relaese new update to prevent that happen
And something bigger than that, this hack have enabled piracy and first Vita “backup” has been uploaded and downloaded by many pirates
But i read that was an unprotected DRM backup
what about henkaku.offline that has vitablocker360-offline?
Yeah it easy, I manage it too, just create an email with html format, and embed the payload.js and it’s done
put manually in /temp/ is do the work
Offline Installer released 🙂 https://twitter.com/yifanlu
It works for me haha, fking genius =P
Just like in Jason Bourne, they “hacked it with SQL”.