PS Vita: the “first F00D hack” and what it means for the scene
The Vita hacking scene started boiling earlier today as the news spread that developer xyz, a member of team molecule, has released what is named the first public F00D hack for the PS Vita.
What is F00D?
F00D is considered to be the “level 0” of the PS Vita security chain. Security checks on FOOD happen before other systems are even accessed.
It is believed that exploiting F00D could lead to a permanent hack, that possibly couldn’t be patched without a hardware upgrade of the PS Vita. Update: that last sentence has been confirmed to be incorrect. Specifically, Yifanlu said: The stuff people want: 3.63 psn spoofing, 3.61+ game decryption/running, permanent henkaku hack, hacks for 3.63, etc is orthogonal to hacking f00d. It is much “easier” to do though other means like finding a kernel exploit or porting an existing WebKit exploit. We (molecule) have retired from all that stuff so it’s up to other people to pick it up. See here for details.
YifanLu, one of the hackers behind the HENkaku Vita hack, has stated recently that he would focus his reverse engineering efforts on F00D moving forward. This was followed by lots of progress from various hackers in January, including a deeper understanding of the F00D protocol (see motoharu’s psvkirk work on github!)
What was just released by team Molecule?
I’m seeing lots of speculation on the source code that was released by xyz a few hours ago. As I’m still waiting for a comment by xyz himself, I’ll have to speculate a bit on my own, and will be sure to update this article once the members of Team molecule publicly bash my complete ignorance 🙂
Drumroll
Looking at the code released by xyz, “all” there seems to be here is an implementation of the state machine used by the F00D protocol, as (partially) described here.
Although it does seem to be a great tool that could be used to try some attacks on F00D, it doesn’t appear to me to be the actual “exploit” that people are hoping yet. In particular, there’s nothing mentioning any exploit in this hack, and team molecule haven’t released any official statement claiming they already hacked F00D. Furthermore, the henkaku wiki still states that most of the things the team knows about F00D is still based on educated guesses at this point.
Some “blobs” of code can be found in rvk.c and sm.c. Those would typically be where one would expect a payload of some sort in an exploit, but in this case I feel this is not what they are. Bottom line, these could be:
- Blobs of data acquired one way or another from the Vita, that are required for the F00d protocol implementation to be valid. For example the code is clear that without rvk (the revoke list?), nothing will actually work
- Or they are actually payloads for an exploit, and this article completely misses the mark, in which case I fully expect Team Molecule to call me out (and I’ll of course fix the article)
What’s next for the end user?
A full exploit on the F00D processor of the Vita could possibly mean a “permanent” hack (no need to run HENkaku each time you reboot), or potentially a hack that works on current firmwares such as 3.63, and that Sony could not necessarily fix with a firmware update. There’s lots of speculation here but this is the general expectation.
At the moment however, I see no reason for the end user to be overly excited. Whether my analysis is right or wrong, Xyz’s release is useful for the people who already know what to do with it. Today, that’s a handful of hackers worldwide. Soon, this could mean something useful will be out for the end user though. How long this will take depends on how far off my interpretation above is: if there is actually an exploit that just got released, things could happen much faster than I think.
Update: Team molecule have reached out to confirm that most of the speculation above is incorrect. Specifically, Yifanlu said: The stuff people want: 3.63 psn spoofing, 3.61+ game decryption/running, permanent henkaku hack, hacks for 3.63, etc is orthogonal to hacking f00d. It is much “easier” to do though other means like finding a kernel exploit or porting an existing WebKit exploit. We (molecule) have retired from all that stuff so it’s up to other people to pick it up. See here for details.
Update: some trusted people have come back to me to confirm that I understood things correctly. There is no exploit in this release, it is an implementation of the F00D protocol to help hackers tinkering with the deeper levels of the PS Vita. The blobs of data in rvk.c and sm.c and probably the revoke list and the sm self file, acquired directly from the Vita, as I assumed they were. Furthermore, hacker motoharu has contacted me to mention people should also have a look at his work on psvkirk to start digging deeper.
Source: xyz on twitter
It’s always nice to see vita progress. Especially delicious food related news.
I am looking forward to this.
I love everything in this menu, please send me your best dish
Im really hyped lvl.0 acces is the best thing that could happen to the Vita ,we have so mutch more options now 😀
The best thing that happened to the Vita is henkaku. F00D is icing on the cake.
This is making me hungry
Can’t wait for what’s coming next!Good job guys,nicely done.
As an end user I am very excited even if no exploit is found. People are learning more about the Vita and we have a scene that seems to have stagnant then explosive cycles. Either way everyone is learning more (some more than others) and we continue to improve. Huge Thanx to all the devs that make it all possible.
Segund dice @DaveeFTW es solo una Broma para @Yifanlu
https://twitter.com/DaveeFTW/status/826830516414447616
pues aparentemente solo se refiere al hack para 3.63. no dice nada en particular al f00d.
OK ! a esperar nuevas Noticias! Gracias
I Cant belive my eyes to finally see a day like this …. after all of these years with Vita….
Awsome , really awsome , thanks guyz
Awesome news! Also, I love those little Carambola quizzes at the bottom of the page.
a true CFW for the Vita would be great, just like the PS3
Make food to fast food
What’s next for the end user?
F00D poisoning!
I see ARM architecture …please…someone…port android to the vita….plz find a way….
Nice work!… Keep it up!… (^^)
I swear I only clicked this because I thought it said food hack.
Nonetheless, it looks very promising.
Huh i haven’t updated my vita since HENkaku v3 or something, looks like i have some reading and upgrading to do.
Looks like this leaves Lvl 0 with less than a year to being broken by someone big in the Vita field. Good luck and have fun.
Finally!!! 😀 Something to look forward to:)
Good web site! I truly love how it is simple on my eyes and the data are well written. I’m wondering how I might be notified when a new post has been made. I have subscribed to your RSS which must do the trick! Have a great day!
un gran aplauso para los desarrolladores que trabajan en ps vita
un gran aplauso para los desarrolladores que trabajan en ps vita que nos dan esperanza
If you are going for most excellent contents like myself,
simply pay a visit this website every day for the reason that it offers feature contents,
thanks