Finding the memory layout of the vita?

[Notn4]

I just read through the thread so im rather new to vita hardware but one thing I noticed was that the vita uses a Cortex A9 cpu... has someone looked into other devices that run the same processor? I know that the one in vita only exists in the vita but there are many cpus used by mobile phones that seem rather similar, some of them even open source...

For example the Galaxy Nexus runs an Cortex A9 with a GPU made by the same company that made the vita GPU, the Nexus is OpenSource..

don't know if this is to any use at all, just noticed that the cortex a9 is used in many opensource devices.

also is anyone here into mobile development ? I find the hardware on the vita to be quite similar to the mobile phones of today, maybe some of the hardware hacks on some high-end phones could be implemented to the vita? such as the unbrickable mod that can be used for all Cortex A8 phones.

sorry if none of this was helpfull

[m0skit0]

The problem is not about the CPU. PSP also used a known CPU model (slightly modified by Sony). The problem is about how everything else is put together with the CPU.

[jrbo]

Has anyone looked at the battery, mabey if a hardware hacker can look at that and try to come up with a Pandora type service mode.
Although now that I think about it Sony probably took extra precautionswhen developing it

[Notn4]

i was thinking more in the way of communicating with the cpu with aldready know debug/download modes to find out more about the hardware, for example the samsung captivate with a cortex a8 cpu has Rx and Tx pads close to the CPU that allow UART to be hooked up to the device, also on some Cortex CPUs you can get them into a developement mode by removing an xOM resistor and soldering a wire on the active pad of that resistor to another xOM resistor, this (i think) allows to read info directly from the ROM on the CPU, it also allow to flash custom bootloaders for different OSs...

but I think this going a bit off topic as this is currently only supported on the samsung and Texas Instruments manufactured CPUs

[m0skit0]

i was thinking more in the way of communicating with the cpu with aldready know debug/download modes to find out more about the hardware

PSV's CPU is embedded on a single chip with RAM and probably other critical components as well, to prevent such dumps. I would highly doubt any JTAG/UART debug pins will work (it did not work on the PSP's CPU dice despite several attempts).

[honorface]

Ram com is not encrypted per say. There are security checkpoints though, meaning not just anything can communicate. I still cannot tell if it is a onetime check or continually. I highly doubt it would be continually seeing as that is basically encryption. What I really need is a third party "DEVICE" that needs to communicate to the vitas inards. So yes access to the ram is checked by the cpu.

I would highly doubt any JTAG/UART debug pins will work

Correct sadly

What I can tell you guys is that the vita IS VERY PRONE TO BRICKING. Due to a burning hatred of game developers I assume that this was done purposefully to protect the device. It could also easily be done by my eager hands. I have two vitas that are stuck booting forever. I somehow removed somesort of authorization. Be careful you guys! I am almost out of tax return money sooooooo I may call it quits if I get spooked/start developing a serious relationship with my current Vita hahahah. Have fun though! Without us Sony will never see humility, NEVER stop innovating

[43tklj3n_43kj]

They do it through kernel exploits. Exploiting a low-privileged processes just yields virtual allocation and some HV and API calls.

Vita is the same arch as Apple products, it uses ARM lpar and tz bits. PS3 is more complex cause good stuff is in SPE LS loaded by a ROM chain of other hardware isolated loaders; it's why you can't root it without breaking bootldr anymore.

EDIT: good luck using the mentioned "chips" on POP or buses with no external clock.. which is everything now.

[Acid_Snake]

How about finding a way to use the memory card? I understand it's encrypted, but I believe is a safer attempt.

[DeadlyData]

My assumption to this about most other consoles was the hackers had the ability to start with an SDK/Devkit first...
Generally the SDK supplies enough information for the programmers about the system's CPU and memory layout that a hacker with the intentions of gaining access to the system would be able to get somewhere with it.

But currently as I see it no SDK has been publicly leaked for the VITA and I've really never looked into them for any of the $ony consoles either,

I guess on the PS3 due to otherOS being present in the begging things may have been a bit easier because they could just poke around and bruteforce ranges of memory for results, no concern about the exploit being patched if you haven't published it so you've got unlimited amounts of time to discover the internals of the system.

All in all though I don't have the experience in doing this myself,
If I were to go about doing it I would take the approach of buying a devkit considering I have contacts to people in the industry and I could provide the funds it wouldn't be hard to accomplish and a lot of security researchers have this, why it hasn't been exploited is just a matter of who has the time aside from their own hobbies interests and work.

Most people don't want to put the time into the exploitation of something that could be seen as legally questionable ( With what happened to geohot and the PS3 ) and there's nothing more to gain then either 1 running unsigned code on your own console or 2 fame and most people don't care about this stuff when it comes to this scene.

They do it for the fun of it, and for their own benefit they don't release it because the fear of $ony mostly.

[pikachu82]

@DeadlyData - your suggested approach is being attempted by SKFU (see http://wololo.net/2012/06/09/vita-skfu- ... -a-devkit/).