Finding the memory layout of the vita?

[wololo]

Another option might be to look for jtag (or similar) debug ports. The vita uses proprietary soc but uses the cortex a9 cpu. IMO, this might be just as hard as dumping the memory.

If sony learned from their mistakes, they removed or disabled the JTAG ports on the vita. This is what they eventually did for the PSP if memory serves well.

Now people with more knowledge should correct me if I'm wrong, but most if not all the "first" console hack required a hardware hack of some sort right? Because only after extracting system software and/or hardware information can the developers work on "user level" exploits.

Right, this sounds correct. The first hello world on the psp was done by Nem, who was, at the core, a hardware hacker.
http://forums.ps2dev.org/viewtopic.php?t=1570
http://forums.ps2dev.org/viewtopic.php?t=1599

This was largely helped by the fact that firmware 1.0 could run unencrypted binaries.

[m0skit0]

I hope that the RAM isn't encrypted, logically, it wouldn't, as that would use precious battery and cpu cycles that wouldn't be an issue a console

You're right. For a portable console it's highly unlikely that RAM is encrypted.

That means someone needs to do a hardware RAM dump in the worse case.

You need to find memory layout first before doing a memory dump. Otherwise you'll get incomplete memory dump (if any at all).

I don't want to sound like I have any authority, but I think our top priority should be doing this

Definitely right.

Another option is somehow getting unsigned code to run

If you can "patch" RAM (I mean connect a hardware device that allows RAM chip manipulation) that should be quite easy (if needed pins -R/W, data and address- are accessible).

Is it too much to wish for a hidden debug mode?

Possible if Sony committed a mistake, also highly unlikely, as wololo points out.

Another option might be to look for jtag (or similar) debug ports. The vita uses proprietary soc but uses the cortex a9 cpu. IMO, this might be just as hard as dumping the memory.

Hmmmm not very likely retail A9 has JTAG enabled, but could be. Anyway IMHO this is harder than memory dump, specially because JTAG pins are likely to be more hidden than RAM's.

only after extracting system software and/or hardware information can the developers work on "user level" exploits.

I agree.

[yifanlu]

We (I guess excluding me since I don't want to poke around my $300 device) should also attempt a NAND dump. It is much more likely that the NAND is encrypted (I mean, even the 3DS has an encrypted NAND), but no harm trying. From reading the hacks of other consoles (PS3, 360, 3DS), there is usually an easy way to dump the nand (and easy as in only having to find and solder 4 points).

This http://www.ubmtechinsights.com/teardown ... n_id=13825 gives more information on some of the chipsets found in the vita. The complete guide costs like $500 (and I might be under-estimating) and would be of little use anyways.

Also, IF someone gets a devkit, anyone knows if it is possible to get information that way? I assume the vita devkit would be similar to the PS3, so how good are the ps3's remote debugging features? Is there access to the memory and the registers like gdb or windbg? If so, instead of having to open up a retail vita, we can "test" our exploits on a debug vita and port them to retail.

This was largely helped by the fact that firmware 1.0 could run unencrypted binaries.

If we can only struck luck like this. All it takes is one hole in the system, and we can use that to find more and bigger holes. The first hack is always the hardest.

[qwerty12]

Is it too much to wish for a hidden debug mode? Maybe someone can get their hands on an official devkit and use debugging features to find memory layout?).

There's this thread that talks of a debug mode. I can't verify its validity, however - note that the guy makes a video of a Content Manager freeze but he/she never took a picture of the supposed debug menu - just a pastebin dump of the options.

EDIT: Fair enough; it's BS. Apologies.

[wololo]

Err...No comment on the credibility of that source, lets stop wasting time with people who can never provide a proof of what they say, whatever the reason.

[yifanlu]

Is it too much to wish for a hidden debug mode? Maybe someone can get their hands on an official devkit and use debugging features to find memory layout?).

There's this thread that talks of a debug mode. I can't verify its validity, however - note that the guy makes a video of a Content Manager freeze but he/she never took a picture of the supposed debug menu - just a pastebin dump of the options.

So he knows how to type "strings | /Applications/CMA.app/Content/MacOS/CMA" into terminal. Congratulations.

My biggest hope right now aside from someone physically getting a ram dump is someone we know getting a devkit. Unless someone tells me that my hopes for the devkit are not true.

[SymphoniC]

Like I pointed out in another thread... Mathieulh mentioned to me that he either had or was getting a dev kit for the Vita. I don't know how that's turned out but maybe I can contact him and see what's become of that and if he can help us.

[wololo]

As much as possible we'd like to avoid looking into things acquired illegally. People who own an official dev kit can share information from it if they want, it's their responsibility. But we on this site shouldn't acquire those tool illegally to gather information from them, that would just backfire badly.
I'm not saying Mathieu got his files illegally, just saying that *you* should be careful to only receive information that sdk owners are allowed to transmit, by contract.

I also assume you do not mean the Playstation Suite SDK, that would be useless for the vita, most likely.

[SymphoniC]

Oops, I had no idea of the legal sensitivity of this whole thing. Thanks for pointing that out. Also, I'm not sure specifically what dev kit Mathieulh was referring to, Playstation Suite or not. Now please bear in mind, this was an IM convo we had several months ago at best and my memory isn't particularly the best. But I know for fact that he's either acquired a dev kit or will acquire one. If I can get more information about this, I will and probably keep the information exchange to a private team circle here... I really don't want to get anyone in legal trouble over this.

[yifanlu]

I agree that we should not use anything acquired illegally. I am talking about an acquiring an actual physical dev kit though, not the SDK. In an unrelated note, I am in the PS Suite beta, and the tools do not currently support the vita.