Warning, PS vita brickers in the wild
The following information comes from MPT, who contacted us through user realshotgun, to spread the word. We at wololo.net have not verified this information, although the explanation from MPT below sounds valid enough that we feel the word needs to be spread.
On the one hand if you’re trying to pirate content then you’re probably asking for trouble. It’s not our role here at wololo.net to judge, but clearly here there was no legitimate use to downloading these games. On the other hand with this kind of stuff now out in the wild, it wouldn’t be surprising to see similar virus-like data spread in otherwise legit use of your hacked PS Vita, so please be careful what you download and where you download it from.
Based on the explanation below, you will hopefully see how easy it could be for people to not only brick your ps vita, but also to alter their virus to make it less obvious to detect.
The issue would obviously only impact people running on a hacked PS Vita, not “regular” users of the system (in particular people who have updated to firmware 3.61 are not at risk with this)
Below, the article from MPT:
Warning: Vita brickers are now in the wild
A few days ago, two malicious game backups were posted that would perma-brick vitas, with no chance for repair unless someone develops a hard mod..
The backups claimed to be “Fruit Ninja [US] [TESTED] [MAIDUMP]” and “kung fu rabbit – tested working – maidump v233.2z8” and indeed, inspecting the eboot, the overall file size, and game files, appeared to be normal game dumps. However, the mai.suprx file that is injected into mai dumps for functions like plugin and DLC support had been replaced with code that would mount and delete vs0: and os0: (which are the system partitions of the vita) and reboot the vita. Most damagingly the file deleted os0:KD where the drivers for interfacing with the hardware for things like safe mode are kept, rendering the vita irreparable short of a hardmod being developed.
The reason this code was able to run is because the eboots of both dumps were not marked as safe, meaning that HENkaku allowed them to run with full permissions. This would have happened whether they were packaged as a VPK and installed through vita shell, or installed with MaiDump (though in the case of vita shell, a warning would appear that the user would have to dismiss).
In this case the malicious code was in mai.suprx, but could feasibly have been in any of the executable files. A file can be checked for this by opening it in a hex or text editor and searching via ctrl+f for ‘os0’ ‘vshPowerRequestColdReset’ and ‘vshIoMount’ if you get a result then DO NOT INSTALL the game.
This is an example of a malicious mai.suprx
And this is a mai.suprx from a known good dump:
As of the latest version of MaiDump released several hours ago, both it and vita shell will warn the user before any dump with possibly malicious code is installed, if you see a warning, DO NOT CONTINUE WITH THE INSTALL, either try and find another dump, or if you must use that particular dump, use a tool like VPK Tool which will check games packed as VPKs, but bear in mind, this is not a guarantee that it cannot brick your vita, merely a mitigation of the risk. Presently there is no tool available to check a zip file or extracted Mai Dump, but one should surface soon.
Thanks to shotgun and MPT for spreading the word.