Advertising (This ad goes away for registered users. You can Login or Register)

Alleged first Vita flashcart

Open discussions on programming specifically for the PS Vita.
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
User avatar
DS_Marine
Developer
Posts: 276
Joined: Wed Oct 10, 2012 1:32 pm
Location: Argentina
Contact:

Re: Alleged first Vita flashcart

Post by DS_Marine » Wed Dec 09, 2015 1:42 am

reckless-0 wrote:I guess I am kind of confused by the need for the P2P aspect.... If they have the ability to send the "authentication" over the network why can't they capture that authentication as is and store it on the SD card with the games themselves? I am no programmer or hacker but the whole P2P aspect seems especially shady.
Your answer is on post #6 of the thread. Did you only read OP and skip every other post?
Advertising
ImagePSP-Controlled drone
"Hackers don't have superpowers. Just a hackable PSP and a brain (ships by default on most humans models)" - A famous guy
Image

reckless-0
Posts: 12
Joined: Fri Jan 31, 2014 5:14 pm

Re: Alleged first Vita flashcart

Post by reckless-0 » Wed Dec 09, 2015 2:10 pm

DS_Marine wrote: Your answer is on post #6 of the thread. Did you only read OP and skip every other post?
Skimmed it. Later read the whole thing and realized my post was useless. Thanks for not just letting this one go.... I'll go back to lurking now.
Advertising

ViRGE
Posts: 81
Joined: Mon Oct 08, 2012 8:31 am

Re: Alleged first Vita flashcart

Post by ViRGE » Thu Dec 10, 2015 4:37 am

Well this is really neat. It's both a bit brute force and a bit genius. I certainly question whether it's smart to pre-order it, but I definitely want to see how this plays out, because even if it's not the perfect piracy solution it may be "good enough" for most users.

P2P Networking: It seems to me that any concerns about cartridge hosts could be resolved by using TOR/I2P to route the requests. That way Sony can't see the real hosts. There are several unknowns here such as how much latency can be tolerated and how much data the authentication handshake requires, but if the answer is "a large amount of latency" and "a small amount of data" then I don't see why this has to be run against a public network. In which case I don't see hosting as being too difficult; I'd gladly plug my carts into my server and call it a day as long as it's cloaked.

One-To-Many: The bigger question, I think, is whether this system only allows 1 Vita to authenticate to a cart over the entire gaming session (one-to-one), or if the hosted cart is only needed for initial authentication (one-to-many). If it's the latter, then you only need a handful of copies of each cart for a viable service since a cart is only unavailable in that short window where another Vita is being authenticated. Get enough carts to ensure that a user only needs to try an average of less than 2 times to properly launch, and that would be a sufficiently sized network, I am willing to guess. Otherwise if this is a one-to-one service I'm not entirely sure why Cobra is even launching it. Even if everyone hosts all of their own games, the service is going to be useless for newer, high-demand games.

Incentives: I also agree that even in a one-to-many scenario, the service needs some kind of incentive for sharing. For the moment I'm going to work on the assumption that this can be cloaked (to be visible to Sony as validating other Vitas would be crazy), which does make incentives a bit harder. Even if you know who is who inside the network, you'd need some way to use that information to reward hosts. Physical rewards that can be traced back to anyone - including hardware discounts - seem risky. Otherwise what can you do? Some sort of priority access on the network? It's possible incentives may not be needed to ensure enough hosts on the network, but I have my doubts.

Console Bans: Assuming there is P2P cloaking, the only real risk is having your console banned if Sony finds a way to detect this in the Vita firmware. Which would be unfortunate, but that's the name of the game with piracy, and we went through this with the PS3 already. For that matter they could likely do the same thing to us over Rejuvinate, though there's obviously a big difference between piracy and homebrew. Ultimately it means there's some risk involved, but the worst thing Sony can do is keep you off of PSN. MP games haven't been a massive draw here, and preventing people from buying games doesn't seem to be a major loss when the entire purpose of this in the first place is piracy...

Cost: They'll have to find a way to keep this under $100 USD. This is purely supposition on my part, but I don't see how this can be successful if it costs as much as a Vita itself. The problem is that this may be tricky given that it's a 3 part system[/b]: the Vita dongle, the wireless (Bluetooth?) adapter, and the Black Fin card reader. Cobra will want to make a tidy profit on top of that.

Simplicity: In some ways this is definitely worse than Rejuvinate right now - and Rejuvinate is definitely one of the harder to use hacks right now - but in other ways it's easier. You still need the PC host to access the P2P network, but if I'm understanding the technology right, this is all fairly automated. The dongle reaches out to the PC, where a daemon is listening and then reaches out to the network. This is going to be easier than the "push" nature of Rejuvinate that requires manipulating both the Vita and the PC. Plus there's no need to deal with the email hack to renew any licenses or the fact that you lose Rejuvinate the moment you quit PSM. The benefit, for better or worse, is that this gets you access to retail quality games rather than just emulators and a small amount of homebrew, so people are going to be more willing to jump through hoops here. The unknown is whether the market for this device is big enough. How many people want to buy a piracy dongle that only works when networked? There is definitely some kind of market, but I don't know if one can really do enough research to predict this one.

Detection: I don't know if there's enough information out here yet to really answer this one, but what are Sony's options for detection? If we're just passing off the authentication request to a real cart, then it seems like Sony can't radically change the auth mechanism since it will still pass. Maybe tighten up the timing mechanism to require a response sooner than a global network could deliver it? I think yifanlu may be the best person to comment on that, as while it's obvious that the Vita isn't vulnerable to replay attacks, it's otherwise not very clear what the authentication mechanism will tolerate.

Future Firmwares: Along those lines then, a lot of the viability of this product will depend on if Sony can block it. If you can't use future Vita firmwares, and hence can't play newer games, then this is a de facto legacy game solution. Which isn't killer - it's not like there is much development in the west going on these days - but forward compatibility is better. Having to pick between newer games and Rejuvinate is already an annoying problem that has me pondering giving up Rejuvinate in the first place.
GonnaGetPSVita wrote:It's straight up piracy device and inconvenient one at that, without homebrew capability. Wow.. i don't even know how to respond. :lol: i
Most people want to pirate games. This is bad for people that want homebrew, but it's great for that larger audience...
yifanlu wrote: The gamecart is not just a storage device. There's a computer chip inside of it too that can respond to requests. Cobra has not figured out how to fake this computer chip (typically flashcarts do this; see: sky3ds). Likely they never will because sony is actually good at these sorts of things.
Yifanlu, normally I wouldn't argue with you. But looking at your own tear-down images for a game cart, they show a single chip that appears to be a custom NAND solution. Perhaps I'm being a bit too literal here, but are you sure there's an ASIC of any kind in that package?

yifanlu
Guru
Posts: 760
Joined: Sun Mar 11, 2012 6:42 am
Contact:

Re: Alleged first Vita flashcart

Post by yifanlu » Thu Dec 10, 2015 6:54 am

ViRGE wrote:Well this is really neat. It's both a bit brute force and a bit genius. I certainly question whether it's smart to pre-order it, but I definitely want to see how this plays out, because even if it's not the perfect piracy solution it may be "good enough" for most users.

P2P Networking: It seems to me that any concerns about cartridge hosts could be resolved by using TOR/I2P to route the requests. That way Sony can't see the real hosts. There are several unknowns here such as how much latency can be tolerated and how much data the authentication handshake requires, but if the answer is "a large amount of latency" and "a small amount of data" then I don't see why this has to be run against a public network. In which case I don't see hosting as being too difficult; I'd gladly plug my carts into my server and call it a day as long as it's cloaked.
Well, there's a potential that sony can decrypt the tokens sent through the network and identify your console/PSN ID. Remember, this isn't just sharing ROMs, it's sharing unique encrypted data sent from YOUR Vita.
ViRGE wrote: One-To-Many: The bigger question, I think, is whether this system only allows 1 Vita to authenticate to a cart over the entire gaming session (one-to-one), or if the hosted cart is only needed for initial authentication (one-to-many). If it's the latter, then you only need a handful of copies of each cart for a viable service since a cart is only unavailable in that short window where another Vita is being authenticated. Get enough carts to ensure that a user only needs to try an average of less than 2 times to properly launch, and that would be a sufficiently sized network, I am willing to guess. Otherwise if this is a one-to-one service I'm not entirely sure why Cobra is even launching it. Even if everyone hosts all of their own games, the service is going to be useless for newer, high-demand games.
I'm willing to bet it's the latter. The problem is a) you won't find more rare games/games from regions like japan where the ban on flashcarts are more enforced, b) in the far future, the device will be useless when people stop hosting.
ViRGE wrote: Simplicity: In some ways this is definitely worse than Rejuvinate right now - and Rejuvinate is definitely one of the harder to use hacks right now - but in other ways it's easier. You still need the PC host to access the P2P network, but if I'm understanding the technology right, this is all fairly automated. The dongle reaches out to the PC, where a daemon is listening and then reaches out to the network. This is going to be easier than the "push" nature of Rejuvinate that requires manipulating both the Vita and the PC. Plus there's no need to deal with the email hack to renew any licenses or the fact that you lose Rejuvinate the moment you quit PSM. The benefit, for better or worse, is that this gets you access to retail quality games rather than just emulators and a small amount of homebrew, so people are going to be more willing to jump through hoops here. The unknown is whether the market for this device is big enough. How many people want to buy a piracy dongle that only works when networked? There is definitely some kind of market, but I don't know if one can really do enough research to predict this one.
Apples to oranges. Rejuvenate can't run pirated games. Black Fin can't run homebrew. I'm willing to bet if Rejuvenate can run pirated games, there'll be more people willing to put up with the "difficulties."
ViRGE wrote: Detection: I don't know if there's enough information out here yet to really answer this one, but what are Sony's options for detection? If we're just passing off the authentication request to a real cart, then it seems like Sony can't radically change the auth mechanism since it will still pass. Maybe tighten up the timing mechanism to require a response sooner than a global network could deliver it? I think yifanlu may be the best person to comment on that, as while it's obvious that the Vita isn't vulnerable to replay attacks, it's otherwise not very clear what the authentication mechanism will tolerate.
Timing is an obvious identifier, but I'm not sure if the FW even handles the low level cart auth stuff. Newer carts may have hardware features to counter this (I doubt they'll invest in R&D for a 2nd gen vita cart though). Otherwise, if it works, it may be hard for sony to "patch" (as it really isn't doing any hacking).
ViRGE wrote: Yifanlu, normally I wouldn't argue with you. But looking at your own tear-down images for a game cart, they show a single chip that appears to be a custom NAND solution. Perhaps I'm being a bit too literal here, but are you sure there's an ASIC of any kind in that package?
Of course, like any modern electronic, it is a SoC. I don't think you understand the words you're using here but: "custom NAND solution" if you mean it uses NAND storage technology, you're likely to be right. I don't know what you mean by "custom" because if by "custom" you mean the protocol to access it is different from a standard NAND access protocol. You're also likely to be right because I've observed SDIO-like communications. Now how do you implement this custom protocol? With a controller. What is a controller? Just a tiny computer. And if by "ASIC" (which means application-specific-integrated-circuit, and is usually used to refer to custom computation tasks) you mean "it does stuff in a chip other than just plan storage" then yes, it's an "ASIC", but we can just say IC.

ViRGE
Posts: 81
Joined: Mon Oct 08, 2012 8:31 am

Re: Alleged first Vita flashcart

Post by ViRGE » Thu Dec 10, 2015 7:41 am

yifanlu wrote: Well, there's a potential that sony can decrypt the tokens sent through the network and identify your console/PSN ID. Remember, this isn't just sharing ROMs, it's sharing unique encrypted data sent from YOUR Vita.
Aye. Sony finding clients will likely be easier than hosts. Worst case scenario they can run their own hosts as a honey pot. But that said, Sony's never been one for taking clients to court. The worst they can do is ban you.

BTW, do we know what exactly is exchanged between the Vita and a game cart at authentication? I ask since game carts are portable, it's not clear that they really care about console IDs.
yifanlu wrote:Apples to oranges. Rejuvenate can't run pirated games. Black Fin can't run homebrew. I'm willing to bet if Rejuvenate can run pirated games, there'll be more people willing to put up with the "difficulties."
Agreed. Not to be too harsh on homebrew authors, but pirated games has always been a bigger user base for hacking. People will put up with more to get free games.
yifanlu wrote: Timing is an obvious identifier, but I'm not sure if the FW even handles the low level cart auth stuff. Newer carts may have hardware features to counter this (I doubt they'll invest in R&D for a 2nd gen vita cart though). Otherwise, if it works, it may be hard for sony to "patch" (as it really isn't doing any hacking).
Interesting. I would have assumed virtually everything is controlled at the firmware level. But if this is tied down in hardware, then that certainly limits Sony's options. The Vita is basically dead in the west; whether Asia is a big enough market on its own to justify the cost of breaking Black Fin is a really good question.
yifanlu wrote:Of course, like any modern electronic, it is a SoC. I don't think you understand the words you're using here but: "custom NAND solution" if you mean it uses NAND storage technology, you're likely to be right. I don't know what you mean by "custom" because if by "custom" you mean the protocol to access it is different from a standard NAND access protocol. You're also likely to be right because I've observed SDIO-like communications. Now how do you implement this custom protocol? With a controller. What is a controller? Just a tiny computer. And if by "ASIC" (which means application-specific-integrated-circuit, and is usually used to refer to custom computation tasks) you mean "it does stuff in a chip other than just plan storage" then yes, it's an "ASIC", but we can just say IC.
Well I use "custom NAND solution" in that it clearly has a different pin-out than standard SD, and Sony is obviously doing something to manage what portion of the NAND space is open for storing game saves versus the static content. So even at the storage level there's obviously some non-standard/custom stuff going on.

In any case, I guess it's a matter of me being too literal. Obviously all SD cards include a microcontroller, since a card has to self-manage its cells and otherwise handle SDIO requests. A better way to state the question perhaps is are we sure there's any real encryption going on here, either in the normal NAND controller or a separate controller? My impression has always been that game carts were just semi-dumb NAND devices.

User avatar
DS_Marine
Developer
Posts: 276
Joined: Wed Oct 10, 2012 1:32 pm
Location: Argentina
Contact:

Re: Alleged first Vita flashcart

Post by DS_Marine » Fri Dec 11, 2015 1:42 pm

yifanlu wrote:Well, there's a potential that sony can decrypt the tokens sent through the network and identify your console/PSN ID. Remember, this isn't just sharing ROMs, it's sharing unique encrypted data sent from YOUR Vita.
I think I'm missing something or you guys are missing something.
If I was implementing this stuff, the device would look like this:
vita <sdio> cart.emu <usb io> user pc <internet> blackfin server <internet> seeder pc <usb io> blackfin reader <sdio> original cart
OR
vita <sdio> cart.emu <wifi internet> blackfin server <internet> seeder pc <usb io> blacthkfin reader <sdio> original cart
OR
vita <sdio> cart.emu <zigbee> client blackfin <usb io> client pc <internet> blackfin server <internet> seeder pc <usb io> blacthkfin reader <sdio> original cart

If there's encrypted packets for everything (https and another extra layer if you want) then there's no way that $ony could sniff your traffic and know that you are using black fin. The whole idea is that the vita can't see a difference. You could use the vita in flight mode and this would still work.
Of course for the wifi model you still need a pc to configre it (select which AP to connect, security, etc).

Now if they buy one of these devices themselves, they could decrypt the response from the original cart, but since no vita was involved in the IO, they can not ban. If some cart unique ID is involved, then they could blacklist all carts present in the network and ban these in a future update. Now that could hurt the system and force you to stay on lower fw.
But any other data doesn't need to be shared/leaked. (psn ids/ vita ids)
/Edit Humm yeah, I can think in one way... but I'm not helping them .D
ImagePSP-Controlled drone
"Hackers don't have superpowers. Just a hackable PSP and a brain (ships by default on most humans models)" - A famous guy
Image

yifanlu
Guru
Posts: 760
Joined: Sun Mar 11, 2012 6:42 am
Contact:

Re: Alleged first Vita flashcart

Post by yifanlu » Fri Dec 11, 2015 6:26 pm

You'll always leak information just from the fact that it's P2P. If "HTTPS" can solve this, then why don't people use "HTTPS" instead of bittorrent (answer: different protocols, different problems). I'm also not saying that there are console unique information being sent, only that there COULD be. For example, if to prevent replay attacks, the console might send a unique token to the cart which is a hash of "console unique info + random seed".

fugelmir
Posts: 52
Joined: Mon Nov 19, 2012 9:32 pm

Re: Alleged first Vita flashcart

Post by fugelmir » Fri Dec 11, 2015 9:43 pm

I find there are so few Vita games, I have no trouble buying the good ones...

The only thing I ever wanted on the Vita was

SNES Emulation, PSP Games I own that are not on the PS Store for vita, and PS1 emulation.

Unless this new dongle can help with homebrew, I'm just not interested.

Are a lot of you folks planning on buying this?

lafrog
Posts: 2
Joined: Fri Mar 27, 2015 4:06 pm

Re: Alleged first Vita flashcart

Post by lafrog » Mon Dec 14, 2015 9:31 pm

@fugelmir
I gonna buy one, as long as it does not cost over $ 100...
I would seed a few games too.

Legion
Posts: 27
Joined: Mon Sep 28, 2015 12:07 pm

Re: Alleged first Vita flashcart

Post by Legion » Thu Dec 17, 2015 11:49 am

I dont want a flash cart... i want my psv flashed.

Post Reply

Return to “Programming and Security”