how it affects the vita hacking scene
Or is Acid_snake going to explain in his 3rd article
Advertising
Nid poisoning
Nid poisoning
As the topic says, can someone please explain what nid poisoning is and
how it affects the vita hacking scene
Or is Acid_snake going to explain in his 3rd article
how it affects the vita hacking scene
Or is Acid_snake going to explain in his 3rd article
PS3 Slim 3004 320GB-OFW
PSP 2000 96GB-6.60 ME-2.3
PS Vita 1104 3G/Wi-Fi 16GB-3.18 OFW(TN-V ,WebKit,PSM n Unity & TN-X)
PC:CPU-i5 3470 GPU-R9 290X RAM-GSKILL 2133 2x(4GB)1600MHz
HDD-500GB & 3TB
PSP 2000 96GB-6.60 ME-2.3
PS Vita 1104 3G/Wi-Fi 16GB-3.18 OFW(TN-V ,WebKit,PSM n Unity & TN-X)
PC:CPU-i5 3470 GPU-R9 290X RAM-GSKILL 2133 2x(4GB)1600MHz
HDD-500GB & 3TB
Re: Nid poisoning
It's a term I made up to describe sony's defeat (or hinderance) of userland homebrew loading in native vita mode.
Some history:
Like the psp, most of the interesting functions on the Vita are exposed as syscalls. These are numbers that you give to the kernel to ask it to do a certain function (like open a file). Back in the early psp days, syscalls were static, which means for example the id for opening a file is always "300" or something. HBL would load homebrews by "linking" these ids to function calls. Later on sony decided to randomize the syscalls but didn't do it well enough because the numbers could be predicted with syscall estimation.
On the Vita, syscall randomization is pretty well now. On each boot, the id for opening a file can be "300" or "402" or "520" or any number between 256 and 4096. However, before fw 2.50, there was a way to get around this. The way UVLoader works is that it looks at the "NID" which is another number that is static and exposed to developers via the SDK and match it with the syscall number found in memory. That means no matter how random the syscall numbers are, we just find the NID and match it to the syscall.
Unfortunately, sony knew about this bypass because of uvloader being open source and as of 2.50 implemented a feature that replaces all syscall NIDs in memoryr with a random number. That means after 2.50, you can no longer write a purely usermode homebrew loader without manually finding and providing a large amount of data to uvloader. Such a feature is not implemented yet.
Some history:
Like the psp, most of the interesting functions on the Vita are exposed as syscalls. These are numbers that you give to the kernel to ask it to do a certain function (like open a file). Back in the early psp days, syscalls were static, which means for example the id for opening a file is always "300" or something. HBL would load homebrews by "linking" these ids to function calls. Later on sony decided to randomize the syscalls but didn't do it well enough because the numbers could be predicted with syscall estimation.
On the Vita, syscall randomization is pretty well now. On each boot, the id for opening a file can be "300" or "402" or "520" or any number between 256 and 4096. However, before fw 2.50, there was a way to get around this. The way UVLoader works is that it looks at the "NID" which is another number that is static and exposed to developers via the SDK and match it with the syscall number found in memory. That means no matter how random the syscall numbers are, we just find the NID and match it to the syscall.
Unfortunately, sony knew about this bypass because of uvloader being open source and as of 2.50 implemented a feature that replaces all syscall NIDs in memoryr with a random number. That means after 2.50, you can no longer write a purely usermode homebrew loader without manually finding and providing a large amount of data to uvloader. Such a feature is not implemented yet.
Advertising
Re: Nid poisoning
Thanks for the reply yifan
Meaning Sony read the source code and used it to there advantage
Am sorry to ask this what were dev's doing at that time as i did my research the uvloader was discovered n made by YOU 2 years ago
Meaning Sony read the source code and used it to there advantage
Am sorry to ask this what were dev's doing at that time as i did my research the uvloader was discovered n made by YOU 2 years ago
PS3 Slim 3004 320GB-OFW
PSP 2000 96GB-6.60 ME-2.3
PS Vita 1104 3G/Wi-Fi 16GB-3.18 OFW(TN-V ,WebKit,PSM n Unity & TN-X)
PC:CPU-i5 3470 GPU-R9 290X RAM-GSKILL 2133 2x(4GB)1600MHz
HDD-500GB & 3TB
PSP 2000 96GB-6.60 ME-2.3
PS Vita 1104 3G/Wi-Fi 16GB-3.18 OFW(TN-V ,WebKit,PSM n Unity & TN-X)
PC:CPU-i5 3470 GPU-R9 290X RAM-GSKILL 2133 2x(4GB)1600MHz
HDD-500GB & 3TB
Re: Nid poisoning
afaik UVLoader has to be ported to a usermode exploit and that didn't happen.
Re: Nid poisoning
The devs were [lolwut] and playing with Psp emulatorlink2sai wrote:Thanks for the reply yifan
Meaning Sony read the source code and used it to there advantage
Am sorry to ask this what were dev's doing at that time as i did my research the uvloader was discovered n made by YOU 2 years ago
I personally don't have time to continue deving as I have lots of other obligaions.
Last edited by fate6 on Fri Oct 31, 2014 7:34 pm, edited 1 time in total.
Reason: Easy now :3
Reason: Easy now :3
Re: Nid poisoning
If further steps were took back than, things would be different than the current stateyifanlu wrote:The devs were [****] and playing with Psp emulatorlink2sai wrote:Thanks for the reply yifan
Meaning Sony read the source code and used it to there advantage
Am sorry to ask this what were dev's doing at that time as i did my research the uvloader was discovered n made by YOU 2 years ago
I personally don't have time to continue deving as I have lots of other obligaions.
I guess TN-A/B/C was a diamond back then
Dev's should have thought out the sandbox
PS3 Slim 3004 320GB-OFW
PSP 2000 96GB-6.60 ME-2.3
PS Vita 1104 3G/Wi-Fi 16GB-3.18 OFW(TN-V ,WebKit,PSM n Unity & TN-X)
PC:CPU-i5 3470 GPU-R9 290X RAM-GSKILL 2133 2x(4GB)1600MHz
HDD-500GB & 3TB
PSP 2000 96GB-6.60 ME-2.3
PS Vita 1104 3G/Wi-Fi 16GB-3.18 OFW(TN-V ,WebKit,PSM n Unity & TN-X)
PC:CPU-i5 3470 GPU-R9 290X RAM-GSKILL 2133 2x(4GB)1600MHz
HDD-500GB & 3TB