Wololo.net http://wololo.net PS4, PS Vita, PSP Programming, Security and Homebrews Fri, 31 Oct 2014 01:50:04 +0000 en-US hourly 1 http://wordpress.org/?v=4.0 The last missing piece: Permanent 6.60 CFWs for all PSPs in near future!?http://wololo.net/2014/10/31/the-last-missing-piece-permanent-6-60-cfws-for-all-psps-in-near-future/ http://wololo.net/2014/10/31/the-last-missing-piece-permanent-6-60-cfws-for-all-psps-in-near-future/#comments Fri, 31 Oct 2014 01:50:04 +0000 http://wololo.net/?p=22308 Some of you might remember the uprising as the first signed homebrew for the PSP appeared.

Some of you might remember the first betas of the permanent patch, which worked surprisingly well (for most of us, at least).

The current permanent patch is, as of now, the number one thing to install, if you have one of the newer PSP devices, since it enables you to automatically boot into a CFW, no (manual) launcher required.

Something (similar enough) that has only existed (while being far superior, by the way) in the form of a custom IPL for the older PSP devices exclusively.

How about this would be available for the latest PSP firmware, version 6.60? How about this would now natively support the previously ‘unsupported devices’ – 3000 07g*, 3000 09g (no enforced downgrades anymore) and the PSP E1000?

If this interests you, then keep reading! Davee has a surprise up his sleeves!

Hardware & Software talk – Different PSP models

Motherboard Overview Old

This is the current state of the most recommended things you can do with your PSPs (made by myself – You can see this on the emphasis of the ME/LME CFW recommendations, hehe).

While the enforced downgrade method for the PSP 3000 09g is not the cleanest and most secure thing to do, all other recommendations are safe to follow and should work without problems.

This currently leaves us with 3 categories: Old devices, new devices and too new (or rare) devices.


The first category contains the PSP 1000s and PSP 2000s (except for the ‘doomed TA-088v3′ series), that are fully capable of using a full CFW, a CFW that uses a cIPL to load the custom firmware modules. Those are also the only devices that can use (and create, depending on the motherboard) a Pandora battery.


The second category contains most of the newer PSPs. The PSP 2000 with the TA-088v3 motherboard, the PSP 3000 03g, the PSP 3000 04g, the PSP 3000 09g (only as forced downgrade, though) and any PSP Go. Those devices are fully capable of using a permanent CFW, a CFW that uses the current version of the permanent patch.

The permanent patch loads the modules of the custom firmware very early in the boot chain (not as early as & good as cIPL, but get what you can), which will slightly lengthen the initial boot time of your PSP, but will automatically load the CFW on the startup and provides you a method to recover your device, if you (only) semi-bricked it.

A full brick will still be fatal and unrepairable on these new devices. The current version of the permanent patch works up to firmware 6.20 and has been (randomly) patched as of firmware 6.30, due to new security checks.


The third category contains only (2 devices), depending on personal opinions and technicalities, 3 devices, the PSP E1000 (due to its inability to run a firmware other than 6.50 or 6.60), the PSP 3000 09g (while being capable to perform an enforced downgrade to firmware 6.20, which is below its intended lowest firmware limit of firmware 6.30) which should stay on firmwares 6.30 to 6.60, due to firmware stability and IDstorage reasons, and the 09g’s similar twin sister, the PSP 3000 07g (a very rare model of the PSP, which shares the same motherboard characteristics as the 09g), a PSP so rare, that we were unable to properly investigate it (this is also the reason why the 09g supports the enforced downgrade and the 07g does not).

Devices of this third category are unable to use the current version of the permanent patch, since they lack the ability to natively support the PSP firmware 6.20, which is (as of now) required to use a permanent patch CFW. These devices only support the firmwares 6.30 to 6.60 (3000 07g & 09g) and 6.50 to 6.60 (E1000 11g).

Back on track: A permanent 6.60 CFW

While I’ve talked a lot about the different hardware models of the PSP, their restrictions, their current best possible software, and a lot of other stuff, lets head back to Davees surprise and a potentional ‘permanent patch’ for the latest PSP firmware, version 6.60 – Which would enable any PSP device, old or (too) new, to run a cIPL or permanent CFW, respectively.

While the old PSPs can already run a full CFW (something better than a permanent or temporary CFW), the newer PSPs can not (yet).

chickhen chick hen

Developer Davee, well known for his 5.03 ChickHen exploit (Scene old-timers might remember this) and his Chronoswitch Downgrader for the 6.xx firmwares, has one more trick up his sleeves, which supposedly will enable any kind of PSP to run a permanent CFW on the latest firmware, version 6.60.

While this still has to be fully debugged and tested on ALL the different hardware models (one of each generation – 0Xg – should be enough), Davee seems to be confident in his knowledge, which is more than enough to call this a ‘secured thing’.

Since this method is not necessary on the PSP 1000s and most PSP 2000s, which means 2 less devices to fumble with, it will be necessary on all the other devices, which will leave us with 7 different devices: A PSP 2000 TA-088v3, a PSP 3000 03g, a PSP 3000 04g, a PSP 3000 07g, a PSP 3000 09g, a PSP Go and a PSP E1000.


I myself donated my PSP E1000 to Davee, so he is able to port his work to this new PSP. Davee himself bought a refurbished PSP 2000 TA-088v3, which still leaves 5 devices left.

I have already talked about the rarity of the PSP 3000 of the ‘7th Generation’, so this one will only be covered theoretically, which would still mean that 4 different hardware models are left.

This is exactly the moment where my good friend Nzaki comes into play. He is such a generous person that he offered Davee all missing devices (as long as he has access to them).

Nzaki's PSP Go collection!

Nzaki’s PSP Go collection!

And believe me, when I say this man has a lot of PSPs, then I mean it! Nzaki offered Davee a PSP 3000 03g, a PSP 3000 04g, a PSP Go (05g) and a PSP 3000 09g, which will complete the missing pieces of the hardware scavenger hunt.

This brings me to the end of this blog post.

Conclusion: Permanent 6.60 CFW soon?

Yes and no.

We can definitely say that Davee has something up his sleeves, and that he, most likely, does have, what he tells us he is having – a solution to bring the permanent patch to firmware 6.60.

While neither I nor you can say how long Davee will take to fully finish his work on this, I can say that this would make a good Christmas present for the PSP users among us.

Since the annually PS Vita kernel exploit has already been released for firmware 3.18, some months ago, this pretty much leaves us with nothing for this Christmas… Or does it?

Stay tuned for this masterpiece of the post-mortem PSP hacking scene, and more hacking news regarding the PS Vita!

Paypal Donation:

Do you like the work that Davee has done in the past? Do you like this news about a 6.60 permanent CFW for all PSP devices? Do you want to buy a well known and talented PSP & PS Vita developer and hacker a beer?

In that case you might want to consider donating to Davee via PayPal.

Davee's PayPal donation page :)

http://wololo.net/2014/10/31/the-last-missing-piece-permanent-6-60-cfws-for-all-psps-in-near-future/feed/ 12
Vita Webkit hack: Davee releases HTMLIt for Vita firmwares below 2.00http://wololo.net/2014/10/30/vita-webkit-hack-davee-releases-htmlit-for-vita-firmwares-below-2-00/ http://wololo.net/2014/10/30/vita-webkit-hack-davee-releases-htmlit-for-vita-firmwares-below-2-00/#comments Wed, 29 Oct 2014 23:16:25 +0000 http://wololo.net/?p=22298 If you happen to be a dev, and have a 1.xx PS Vita handy, this will be good news to you.

Other people will probably not have much interest in this release, besides the excitement to see a bunch of hack-related news these days, and the hope that this could lead to something good later on.

Davee released a new tool called HTMLIt. This tool basically makes it easier to inject code into the exploitable HTML files with ROP, by converting ROPTool scripts (reminder, ROPTool is Davee’s very own project as well). In other words, the beginning of “real” code running through the exploit.

This is getting complex for me as I haven’t found the opportunity to try any of this myself, but Davee mentioned he will be publishing sample ROPTool scripts soon, as samples of what can be done.


ROPTool Script

In the meantime, you can download ROPTool and HTMLIt at the urls below.

Additional Credits for the tool go to proxima and Bubbletune (wow, haven’t seen that name in a loooong time :) )


ROPTool can be downloaded here

HTMLIt can be downloaded here

Source: Davee

http://wololo.net/2014/10/30/vita-webkit-hack-davee-releases-htmlit-for-vita-firmwares-below-2-00/feed/ 24
Is now the right time to buy a second PS4/PS Vita?http://wololo.net/2014/10/29/is-now-the-right-time-to-buy-a-second-ps4ps-vita/ http://wololo.net/2014/10/29/is-now-the-right-time-to-buy-a-second-ps4ps-vita/#comments Wed, 29 Oct 2014 14:47:16 +0000 http://wololo.net/?p=22251 We’re geeks. All of us in this community. In particular you. And you. And you, in the back. And many of us are hardware geeks. I’ve seen some of you share with me pics of your collection of 4, 5, 6 PSPs on twitter. We love our hardware. And some of us are strongly considering buying a second PS4, or a second vita, right now.

I’ve actually bought a second Vita last week. The motivation for me was not to get the “better” hardware of the Vita slim, but to get a Vita with a firmware as low as possible, so I could keep one vita for the future development of homebrew, and one for my PS+ subscription. So I actually intentionally got myself a Vita 1000 (the “fat” vita). It was slightly less expensive, and I could guarantee it would ship with a low firmware. I got firmware 2.60, by the way, if you want to know. Not bad, but not as good as I had expected (you’ll want lower than 2.00 if you can).



The same is now true for the PS4: firmware 2.00 patched the recently revealed webkit exploit, and people who want to enjoy the future of PS4 hack might only be able to do so on consoles that come with firmware 1.76 or lower. With firmware 2.00 out just a few days ago, now might be the right time for people who had been considering a second PS4. And I can see this is becoming a trend, with people asking me what firmware the glacier white console ships with. One thing is guaranteed: today, it does ship with one of the vulnerable firmwares, since 2.00 was out so recently. Time to get a Destiny bundle maybe?

Color selection, as crazy as it might sound, is another reason people want to buy a second device. White Vitas are gorgeous, and so are White PS4s. You can always customize your black PS4 with decals, but it doesn’t feel the same. Are you the kind that falls in love with a color? Do you resell the previous model when you buy a white one, or do you keep both?


With the holiday season soon, we might see some discounts on the Vita or the PS4, but I wouldn’t hold my breath: the PS4 has been selling like hot cakes, and I don’t see a good reason for Sony to discount it during the holiday, especially since they’ve been apparently enjoying a very comfortable advance in terms of sales, compared to the Xbox One or the Wii U. So waiting for the holiday might not be the right move.

From the pure hacking point of view, now might be the right time. Nobody can predict if these hacks will ever become extremely interesting, but it’s pretty sure that with higher firmwares, Sony will reinforce their security.

Do you think now’s a good time to get a second Vita? A second PS4? What would be your reasons for buying a second console?

Disclaimer: the amazon links in this article are affiliate links. If you buy from my links, this doesn’t cost you anything more, but I get a percentage of the sale. Thanks for your support.

http://wololo.net/2014/10/29/is-now-the-right-time-to-buy-a-second-ps4ps-vita/feed/ 61
Vita webkit hack: memtools_vita 0.3.2 availablehttp://wololo.net/2014/10/29/vita-webkit-hack-memtools_vita-0-3-2-available/ http://wololo.net/2014/10/29/vita-webkit-hack-memtools_vita-0-3-2-available/#comments Wed, 29 Oct 2014 09:03:21 +0000 http://wololo.net/?p=22296 Codelion (@bballing1) has been hard at work improving his memory dumper for the Vita running through the Webkit vita hack. The tool is becoming much more of a “community” project and has also received significant contributions from several other devs.

Codelion recently bumped the version to 0.3.2, which he says could be a candidate for a “version 1.0″ (meaning he’s happy with the features and stability, I assume)

Changes since we last talked about this tool include hex Search, reverse Search (contributed by @MrNetrix), support for Kernel support, and many, many stability improvements and bug fixes.


Contributors to memtools_vita’s code are, in addition to CodeLion: @hgoel0974, @Josh_Axey, @Archaemic, @MrNetrix, @Aquynh, @PureIso, and “a good friend”. Davee and Yifanlu are also thanked in the credits for help and hints. Testers: @psxdev, @logomorph, @Macia10, @smoke587.


memtools_vita 0.3.2 can be downloaded here

As a reminder, this tool relies on the webkkit vita exploit, which requires a PS vita 3.18 or lower to run.

Source: Codelion

http://wololo.net/2014/10/29/vita-webkit-hack-memtools_vita-0-3-2-available/feed/ 47
PS Vita Firmware 3.35 – What changed under the hood?http://wololo.net/2014/10/29/ps-vita-firmware-3-35-what-changed-under-the-hood/ http://wololo.net/2014/10/29/ps-vita-firmware-3-35-what-changed-under-the-hood/#comments Tue, 28 Oct 2014 22:54:29 +0000 http://wololo.net/?p=22287 While we have already told you what the new firmware 3.35 officially does, let us take a look ‘under the hood’, and check if they’ve added new security features, patched new exploit games, and so on…

It is well known that Sony patched the WebKit exploit and blocked the Package Installer as of firmware 3.30, but basically every leaked firmware 3.18 exploit game was somewhat usable on firmware 3.30.

FW 3.30 hello world

This was demonstrated with the game Go! Sudoku, which has now been patched as of firmware 3.35. This makes it the second patched ‘firmware 3.18 exploit game’, next to Z.H.P. – Zettai Hero Project, while most others are technically still usable.

I said technically because some special restrictions apply to these ‘well known exploit games’, which prevent an easy port of the VHBL to these games.

Some of these games were already VHBL compatible on firmware 3.18 (those were never released, since we had something better for you: ARK-2 & TN-V), but now struggle to run anything at all.

The one game we worked on and tried to port VHBL to it, for firmware 3.30, that is, was Go! Sudoku. Sony noticed this and patched the exploit in firmware 3.35.

Technically one could grab one of the other ‘leaked firmware 3.18 exploit games’ and try the very same we tried with Go! Sudoku, but to be honest, the results weren’t the best, so it might be better to let those restricted exploits rest in peace.

If one uses a new exploit game, one that has not been part of the leaked games for firmware 3.18, one will see that it is much easier to port anything at all to it, since these ‘special restrictions’ do not apply.

As you can see in the embedded video, it is possible to run the Half Byte Loader on a firmware 3.35 PS Vita, as long as you use the right game for this.

In the end I would like to remind you to not ask us about another kernel exploit, because as of now no eCFW, neither TN-V nor ARK-2, has been confirmed to run on firmwares 3.3x, at least publicly.

http://wololo.net/2014/10/29/ps-vita-firmware-3-35-what-changed-under-the-hood/feed/ 53