Shaggy wrote:Let's say I had a 1.61 Vita. Would that be useful to devs?
Yes. If there are any good chances of finding a kernel vulnerability, it's in a pre-1.80 Vita.
The reasons for this have been mentioned several times by
Yifan Lu (no KASLR and no NID poisoning).
Some developers already have a pre-1.80 Vita (
Davee,
Proxima, etc.).
iCEQB wrote:I see that some say that the decryption of the file takes place at several points during runtime?
So how was the key gathered? Can you calculate the key once you have the file in plaintext?
Or was it snatched from the place where the vita stores them ?
What I'm trying to ask is, if there were more keys stored where you got this one from?
Or was the key exposed at a point where you had control of certain regions in RAM?
The keys were grabbed from memory and, unfortunately, they are the only ones we currently have access to.
As I stated earlier, they were likely used on low firmware versions when doing the secret combo on the
Settings application (the combo was patched later on, but they remained accessible to the application as it needs them to decrypt index.dat for other reasons). It's easy to conclude that they were obtained by exploiting this particular application and looking for the memory region were the keys were temporarily stored.
Anyway, as
Yifan Lu just stated, they are pretty much useless since the only thing we could pull off from this would be index.dat spoofing. Regardless, it's an impressive achievement from
Proxima considering we have so little data from the Vita.
