Advertising (This ad goes away for registered users. You can Login or Register)

why is a usermode exploit possible on PSP, but not on VITA?

Open discussions on programming specifically for the PS Vita.
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Locked
grief3r
Posts: 358
Joined: Sat Nov 09, 2013 4:12 am

why is a usermode exploit possible on PSP, but not on VITA?

Post by grief3r »

im sure there's plenty of PS vita games with vulnerabilities , as does the PSP

so is there more protection that the VITA contains that the PSP emu doesn't , or do we simply have more knowledge of the PSP internals that allows us to more easily find exploits

in theory if we know the imports of a PS VITA game, and got control of what gets executed, it should be possible to write some type of native homebrew for it, that doesn't rely so heavily on PSP emu based exploits,considering there's already some work on a PSP2SDK, how hard would it be to inject some pre compiled code into a hypothetical usermode exploit on the vita, unless of course the vita had some hash or some other security *** that would make this dang near impossible
Advertising
PSV1001 2.61 FieldRunners
PSP1001 6.60 Pro-C
PSP 3001 6.20 Pro-C2
yifanlu
Guru
Posts: 760
Joined: Sun Mar 11, 2012 6:42 am
Contact:

Re: why is a usermode exploit possible on PSP, but not on V

Post by yifanlu »

grief3r wrote:some other security *** that would make this dang near impossible
This.
Advertising
chocoboss
Posts: 6
Joined: Fri Feb 12, 2016 12:26 pm
Location: France

Re: why is a usermode exploit possible on PSP, but not on V

Post by chocoboss »

Everything is harder on PSV, nothing is easy, security is high level now, everything is signed, checked, re-checked

Why not try something simple as in old PSP ? something like :
http://securitytracker.com/id/1034142

Making buffer overflow to take controle about something or just to grant kernel access ? I'm sure it can be possible, but it depend on how PSV security is.

I don't know how is designed the PSV system ( bsd / freebsd ) or something really different maybe, so not easy

Btw, the better we can hope is that someone find the key's to sign / encrypt our EMU / HB ,then, the VITA will be better than the PSP ( for retro-gaming I mean )
HarmfulMushroom
Posts: 752
Joined: Wed Dec 25, 2013 10:02 pm

Re: why is a usermode exploit possible on PSP, but not on V

Post by HarmfulMushroom »

chocoboss wrote:Everything is harder on PSV, nothing is easy, security is high level now, everything is signed, checked, re-checked

Why not try something simple as in old PSP ? something like :
http://securitytracker.com/id/1034142

Making buffer overflow to take controle about something or just to grant kernel access ? I'm sure it can be possible, but it depend on how PSV security is.

I don't know how is designed the PSV system ( bsd / freebsd ) or something really different maybe, so not easy

Btw, the better we can hope is that someone find the key's to sign / encrypt our EMU / HB ,then, the VITA will be better than the PSP ( for retro-gaming I mean )
You make it sound easy haha. Fairly certain the only reason we have the signing keys for PSP is because they were extracted from the PS3 when it was jailbroken. No way Sony would make the same mistake again with the PS3 or PS4. And brute forcing it will take decades. Finding keys will be very unlikely.
grief3r
Posts: 358
Joined: Sat Nov 09, 2013 4:12 am

Re: why is a usermode exploit possible on PSP, but not on V

Post by grief3r »

chocoboss wrote:
Making buffer overflow to take controle about something or just to grant kernel access ? I'm sure it can be possible, but it depend on how PSV security is.
well right off the top of my head there's DEP ,which marks sections of memory, potentially ( and often) the stack, as non-executable

and ASLR which randomly offsets and and randomizes base addresses of modules

and lastly, canary values, which are special ints that are placed right on top of the return address in the stack, it gets checked,and if overwritten, then the program will know somebody's messing with the stack

so there you have it 3 ways to deal with stack overflows, doesn't mean you can't get around to it, and stack overflow isnt the only way to trigger an exploit

no idea what type of security measures the vita uses tho, or if it uses *** beyond this, that is beyond me
PSV1001 2.61 FieldRunners
PSP1001 6.60 Pro-C
PSP 3001 6.20 Pro-C2
chocoboss
Posts: 6
Joined: Fri Feb 12, 2016 12:26 pm
Location: France

Re: why is a usermode exploit possible on PSP, but not on V

Post by chocoboss »

I remember now for PS3's keys, you are right.

In fact, we need to know more about about how is build PSV system.

We can also imagine than the system on PSV is more or less the same as PS4 so we will probably have to wait someone find something with PS4 and then try to adapt this for our vita.

A kernel Exploit has been found on PS4 :
https://cturt.github.io/ps4-3.html

But only for 2.0 max if I understand so maybe patched or not applyable to psv :/

http://www.vitadevwiki.com/index.php?ti ... r#Supports
Seems some ppl already tryed to use webkit vulenrability. It seems that there is nothign to exploit for 3.50 +

EDIT : I'm not a dev ( at least a bad dev ), so everything is harder for me to understand since everything is not simple :')
Locked

Return to “Programming and Security”