wololo.net/talk

As the topic says, can someone please explain what nid poisoning is and
how it affects the vita hacking scene
Or is Acid_snake going to explain in his 3rd article

It's a term I made up to describe sony's defeat (or hinderance) of userland homebrew loading in native vita mode.

Some history:
Like the psp, most of the interesting functions on the Vita are exposed as syscalls. These are numbers that you give to the kernel to ask it to do a certain function (like open a file). Back in the early psp days, syscalls were static, which means for example the id for opening a file is always "300" or something. HBL would load homebrews by "linking" these ids to function calls. Later on sony decided to randomize the syscalls but didn't do it well enough because the numbers could be predicted with syscall estimation.

On the Vita, syscall randomization is pretty well now. On each boot, the id for opening a file can be "300" or "402" or "520" or any number between 256 and 4096. However, before fw 2.50, there was a way to get around this. The way UVLoader works is that it looks at the "NID" which is another number that is static and exposed to developers via the SDK and match it with the syscall number found in memory. That means no matter how random the syscall numbers are, we just find the NID and match it to the syscall.

Unfortunately, sony knew about this bypass because of uvloader being open source and as of 2.50 implemented a feature that replaces all syscall NIDs in memoryr with a random number. That means after 2.50, you can no longer write a purely usermode homebrew loader without manually finding and providing a large amount of data to uvloader. Such a feature is not implemented yet.

Thanks for the reply yifan

Meaning Sony read the source code and used it to there advantage

Am sorry to ask this what were dev's doing at that time as i did my research the uvloader was discovered n made by YOU 2 years ago

afaik UVLoader has to be ported to a usermode exploit and that didn't happen.

link2sai wrote:Thanks for the reply yifan

Meaning Sony read the source code and used it to there advantage

Am sorry to ask this what were dev's doing at that time as i did my research the uvloader was discovered n made by YOU 2 years ago

The devs were [lolwut] and playing with Psp emulator

I personally don't have time to continue deving as I have lots of other obligaions.

yifanlu wrote:

link2sai wrote:Thanks for the reply yifan

Meaning Sony read the source code and used it to there advantage

Am sorry to ask this what were dev's doing at that time as i did my research the uvloader was discovered n made by YOU 2 years ago

The devs were [****] and playing with Psp emulator

I personally don't have time to continue deving as I have lots of other obligaions.

If further steps were took back than, things would be different than the current state
I guess TN-A/B/C was a diamond back then
Dev's should have thought out the sandbox