You are currently browsing articles tagged security.

We waited more than 3 months for a new PS Vita firmware, which happened to drop a few days ago. Some users are reporting that their PS Vita refuses to read the memory card after said new firmware 3.10 dropped, and the tech support of Sony replied that an upcoming update to adress this issue will be available very soon!

Read the rest of this entry »

Tags: , ,

A new PS Vita firmware update is now available

The changelog of the new firmware is at the very end of the news!

Sony just released a new firmware update for the PS Vita, which fixes the TN-V kernel mode exploit and the usermode exploit titles for firmware 3.01.

This new firmware also fixes exploits in various undisclosed exploit titles.

Please skip the following wall of text if you are not interested in a little flashback to firmware 3.01 from 3 months ago and what happened in these 3 months.
Read the rest of this entry »

Tags: , , , , , ,

It was just a matter of time until Sony removes our latest exploit title, Persona 2: Innocent Sins, from the Playstation Store. To our surprise they did not remove the game while the Store was down due to maintenance, but a few hours later. The game was available up to 11:59 am (CET) in europe, and up to the late afternoon in japan.

Read the rest of this entry »

Tags: , , , , ,

PS4 Update

Even though Sony did not officially announce the PS4 Firmware 1.60 yet, there are already some rumours about an upcoming PS4 Firmware Update 1.60.

It is known that currently just a few Headsets are working with the Playstation 4 and that some official PS4-certified Headsets are being released pretty soon.
But what has the new Firmware to do with those Headsets? Well, I will explain this in the following part…

Read the rest of this entry »

Tags: , , , , , ,

PS Vita piracy now possible?

After Yifan Lu’s great hardware reports about the PS Vita, its motherboard and its nand, our user Katsu found a way for dual booting the PS Vita, which can kind of be seen as a downgrade solution.

But that is not everything that he was able to do. Katsu is on fire and also looked at the Vita cartridges… see below for some more electronics joy!

Read the rest of this entry »

Tags: , , , , , ,

TN-V4 at a PS Vita Slim

… this little devil of a Firmware patched again some (at least 2) usermode exploits. This time two games were patched, one that wasn’t used at all, it just functioned as a hello world, and one game, that might got leaked some weeks ago. But what about our kernel mode relase and TN-V4? Well …

Read the rest of this entry »

Tags: , , ,

PS Vita Firmware 3.00 is LIVE

My friend Jd8531 just wrote an article, that the new Firmware 3.00 will be released very soon, and there it is.
The PS Vita Firmware 3.00 is now LIVE (In the USA and Europe atleast), and adds a bunch of new functions and stuff. Let’s take a look at it.

Read the rest of this entry »

Tags: , , , , , , , , ,

For those of you still interested in the PlayStation 2, and use the Softmod known as FMCB (Free McBoot) this will come of great interest to you as FMCB has received a huge overhaul from developer SP193.

For those of you who do not know, FMCB is a softmod for the PS2 that allows one to run homebrew applications (including but not limited to various loaders, ftp clients and emulators) and play backups of their games through either a disc based medium* or through a HDDLoader. It’s best asset however comes from the fact that it’s installed on the memory card so once installed it’s available on most PS2 consoles – in essence, you’ve hacked “every” PS2 console you’ve come into contact with. Furthermore, if your friend wants to have it you can place it on their card using your own.

Read the rest of this entry »

Tags: , , , , , , , ,

Now here’s a strange turn of events. After all that complaining about the DRM and enforced internet connection, there is now a petition to actually bring back the ridiculous policies that Microsoft had planned to release on the Xbox One.

Read the rest of this entry »


In my previous article on Charles Proxy many people have been stating that Fiddler 2 is free, and asking for guides regarding that. As I have had time to look into Fiddler, I thought I’d write a quick tutorial for those who wish to use this as an alternative to Charles.

Read the rest of this entry »

Tags: , , , , , , ,

Since the latest firmware is now out, that seemingly leaves us without PSN or any form of Online gaming which does take some of the fun out of the Vita, and with all the Sales and free games coming from Sony at the moment it’s horrible that if you wish to keep your exploit then you have to update, right? Wrong. There is a simple way around this by using a Proxy server.

Read the rest of this entry »

Tags: , , , , , , ,

(Note from Wololo: this was posted a while ago, but we wanted to contact YifanLu to make sure he was ok with us copying the article, and sadly we dropped the ball, with Christmas and everything… but we finally got through! ) A few days back YifanLu posted an entry to his blog explaining where UVL is now, and also speculating on some of the software and system security. For those of you wondering about the current state of this project, or why hacking a console takes such a long period, then it’s most certainly worth reading. It’s rather a long read, but most certainly worth it for those of you with the patience to do so.

Read the rest of this entry »

Tags: , , , ,

Note from Wololo, a bit of context on this article: if you’re running a CFW on your 6.60 PSP such as Pro CFW, you are regularly using the 6.60 kxploit without knowing it. The vulnerability was exploited and released by developers Davee and some1, about a year ago, and pro CFW relies on it. Today jigsaw gives a full explanation of the inner working of this exploit.

660 kxploit is within ifhandle.pfx, which is the PSP port of mbuf[1]. mbuf is the basic unit of memory management for network packets and socket buffers. It’s originated from BSD, and is widely adopted by commercial products due to BSD license. ifhandle is obviously ported from FreeBSD 4 release with slight changes. Some routines of ifhandle are 100% duplication of original mbuf code[2].
Read the rest of this entry »

Tags: , ,

I’ve described in a previous article how to look for exploits in games on the PSP. But as you may or may not know, the new PSPGo’s business model made game exploits useless for the average user.

Let me explain: if an exploit is found (and revealed) in a Game on the PSP, Sony will simply remove the game temporarily from the PSN Store, and it will be available again only if the game’s developers fix the issue. So the only people who will be able to benefit the exploit will be those who downloaded the game from the PSN Store before the exploit was made public. (unless you didn’t know, the PSPGo has no UMD drive, and therefore all games for this machine must be bought on the PSN)

Yep, that’s not cool, and it explains why Freeplay doesn’t want to make the recent hack of the PSP Go public (the exploit is still useful for hackers as it allows to run unsigned code on the PSPGo, and therefore analyze its firmware more precisely). It also explains why we should now be looking for vulnerabilities in the PSP Firmware (such as the laughman tiff exploit that led to chickHEN a few months ago) rather than games.

In this article I will explain how to monitor the PSP Menu with PSPLink. If you haven’t read my previous post on savegames exploits, I suggest you do it, as  it is a nice introduction to PSP exploits. Disclaimer: I’m not the best PSPLink user in the world, so this article might be incomplete on some parts.


Imagine you have a file that crashes your PSP. It can be a video file, an mp3, an image, etc… (I will explain later how you can find or create these files). How would you tell if it can become an exploit or not? Well, as usual, the answer is clear: PSPLink.

PSPLink is a very usueful tool to analyze the Ram of the PSP. If you don’t have it yet, google for it. I personally have the version included with the minimalist PSPSDK.

PSPLink has two parts of interest for this: one that goes on the PSP (basically, an EBOOT, as most homebrews), and two executables that run on the PC (they will display the information sent by the PSP to the PC).

Once you have installed PSPLink on your PSP and plugged your PSP to your computer with a USB cable, open 2 command-line windows, in which you will run respectively usbhostfs_pc and pspsh.

When this is done, you can run the PSPLink EBOOT on your PSP. If everything goes well, pspsh on your computer will display “host0:/” and usbhostfs will say “Connected to Device”. It should look like this:

If you need more information on PSPLink, google for it.

Running the XMB/VSH

Now that’s the interesting part. If you’re a developer, you might know how to run your homebrews’ prx files from there. But how can you access the PSP Menu? Well that’s actually very easy, as you only need to type the two following commands in pspsh:

reset vsh


And that’s it! Let me tell you, it is way easier than doing it for savegames, as no plugins are required.

Test your crash

Then what? Well, you do whatever is needed to reproduce your crash. In my case, I have an mp3 file that crashes the PSP, so on my PSP I go to the music menu, and try to play the files.

When the crash occurs, pspsh should display the current state of the registers, and lots of useful information.


From here, what you need is MIPS assembly knowledge, and lots of patience. But I can’t teach you that :). For the basics, you can still read my article on Savegames, as we are looking for the exact same thing: a way to overwrite $ra

By the way, you need a hacked PSP to run PSPLink, so don’t try this on Official Firmwares.

Tags: , , , ,