HBL running on the PS Vita, Sonic says Hi


We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

100 Responses

  1. PT says:

    I just thought that can you edit the PSVita content manager’s code, and remove the internet connection use of it?

    • wololo says:

      This will need careful investigation of the PC part of the content manager, but hopefully yes. I’m also hoping there might be some legal solutions to that, I’m quite convinced doing this is illegal (or can be proven to be so) in some countries. So what we’ll do depends on the amount of lawyers who want to use a Vita 🙂

      • Harry says:

        What about the way TinyUmbrella uses? Start a TSS Server and pretend to be both connected to the internet and the vita is running the latest firmware?

      • ctr3k says:

        What about adding all the Sony URLs to your hosts file then installing the content manager? or does it need to connect to Sony servers to run even once? Does it have a “offline mode” for people without a internet connection? I hope Sony burn for this as you cant force this kind of DRM on people. Also everyone STAY AWAY FROM THE 3G VERSION they are probably spying on you from both ends.

  2. KID 0/Alpha/*BANNED* says:

    How did manage to put it on the memory card?

  3. santos says:

    ^ And you got it to work full screen 😀 Nice!

  4. jlo138 says:

    Congrats Wololo. It’s nice to see your work first for once. Being that it’s the Vita, your name will blow up quick in the scene. Not that your unknown or anything… Anyways, maybe there is a way to make your computer believe its connected actively online so when the Vita is connected to the computer it thinks its connected. If it actually shares info with Sony then this probably wouldn’t work. For all I know, it doesn’t work. I’m no programmer of any kind… Just a thought.

  5. cure says:

    HBL rise again !

  6. thecobra says:

    Hi wololo, Nice job porting HBL(even if it is in early stage)to the PS Vita :). On the Content Manager on the pc side, why not try to trick the content manager that it HAS the latest firmware using some custom type of proxy server to track all the package that it send between the program and the server 😉 i know you guys can do it even if is encrypted data. After all, this is sony we talking about and a system that only 1-2 week old.

  7. Kilua says:

    Hello wololo, may I make a request?

    Can you please check if the PS Vita Browser (Netfront, I believe http://en.wikipedia.org/wiki/NetFront) supports userscripts?

    It would be lovely to have all userscripts natively available…

    Thank you.

    Also, could you do a deep debugging regarding it? Things like adblock plus may be too far, but other simple things would be nice already.

  8. santos says:

    wololo: Can you advise me on what OFW I should stay on.. if there’s ever a chance to run HBL on the Vita?

    • wololo says:

      As far as I know, the Vita won’t let you stay for long on a lower firmware. The content manager which is a core feature of the system (and one of the vectors of hacks) won’t run if the vita does not have the latest firmware. I would say “stay on the lowest possible firmware” but I don’t think you can use the console correctly if you’re not on the latest firmware.
      The hack showcased in my video runs on 1.510

      • thecobra says:

        wololo: Ok, but does the PS Vita request/ask what is the latest firmware by the Content manager or does it search itself when it get online? if it ask the content manager “what is the latest firmware” then you just have to patch the request from the content manager so that it think is has the latest version. In other words(send it the packages that the server send it when it has the latest firmware) but if the PS Vita request it itself, then you would just have to do the same for both ;). Alot of work but i think it is worth it if it stable to use for homebrew.

  9. santos says:

    Ok. Thank You.. Id rather stay on the lowest firmware first.. hopefully something develops…
    In case anyone is interested .. this is an interesting insight on the Vita Hardware.. gives alot of info I havent seen before.. such as psvita Development tools used etc.

  10. Kilua says:

    Another thing I would like to tell you (you may already be aware) is of the PS Vita wiki


    Please, wololo, share any information you have (except for the ones that can be patched, of course). Through this wiki, all devs can gather faster and easier information to work with.

    Also, about you being lonely, maybe you can get in touch with SKFU (http://streetskaterfu.blogspot.com)

    “The tool is ment for those who will join the VITA scene as a little sign that you are not alone ;-)” – SKFU on his first VITA firmware extractor http://streetskaterfu.blogspot.com/2011/11/ps-vita-firmware-xtractor.html

    I think that’s all, thanks for everything, wololo.
    As a sidenote, this is all very nice, but what we are really starving for is some VITA level homebrew! Just to imagine it makes my *** erect…

  11. rafael707 says:

    its over… this exploit will be patched soon, US/EU will never see HBL.. man this sucks.. cmon wololo there must be something you can do to prevent this…

  12. deekay says:

    Hey check this guy out:

    He found a way to access some kind of Recovery Menu on the PS Vita

  13. svenn says:

    If the update information is coming from over interwebz, you should be able to decrypt the information pretty easy. So you could just throw a localhost answer.

    But Gz, seems you are the real deal again ! 😉 (though it was an unfair competition!)

  14. codestation says:

    Nostalgia!!!, i want to play Sonic & Knuckles again!

    Let me get this, i f i ever get a vita i will be forced to:
    – Forced to install windows to transfer music/videos (yes, i am on Linux).
    – Forced to have an internet connection at the time i want to transfer anything (i am a notebook user so i won’t have internet access most of the day).

    Wow, this console is getting less and less worthy everyday 🙁 . At least i assume that it won’t be that hard to reverse the ContentManager protocol (since this app is the weakest link of the chain) to create a custom client that one could use in offline mode (IMO this must be one of the first steps on the vita scene since it blocks the firmware updates and sony spying on us). Just my 0.02 cents.

  15. sony can kiss my ass says:

    i wonder or you can use a firewall to block any connection from the file manager to the internet.

  16. Asmith906 says:

    wait so is it impossible to put content on the vita without being connected to the internet?

  17. Nemesis says:

    Maybe it will be better to parse Content Manager in pieces, and write your synchronization software from Pc? I say this to the fact that Sony can sue for changing the program code (or simply “hacking”). And no one says you can not use third-party software synchronization, for them and so do not exist, and if that after just dismiss such there is nothing I do not know how it goes just happened to write a “miracle of heaven.” Although it is funny but in a USA could still work. While on the other side of the laws in different countries are different and the same Africa do not know what the “internet”. I am sure that the translation is terrible, I hope you will understand the essence of the text.

  18. TioSolid says:

    Wololo, explain me one thing. How exaclty does the Vita “does not run without the lastest firmware”? I mean, Does it check for new firmware as soon as you use it on wifi / 3G and refuse to turn on again / run games/ whatever until you update it or as soon as you plug it on the content manager after a new firmware is released this information is passed over to the vita and then it refuses to boot until you update it?

    • wololo says:

      The content manager doesn’t run without the latest firmware. PSN connectivity won’t be available without the latest firmware. Those two components are core parts of the PS Vita, therefore it seems to me the Vita is serously crippled when it’s not on the latest firmware.
      However, it will still run games, etc…

  19. DXFan619 says:

    HBL is back! Awesome! I’ve thought about purchasing a Vita, but I had no idea it forces you to update. Plus that Content Manager stuff worries me too. Thanks Wololo!

  20. Killua says:

    Do you know if:
    TyRaNiD, Fanjita, nem, Davee, neur0n, m0skit0 and others from Prometheus and C+D plan to get back?
    Also, could something similar to a Pandora Battery be possible? Why nobody has talked about it until now? Isn’t it a magnificent hack?

    Furthermore, why don’t you make a team? That should speed up development. I know all these people I mentioned are highly capable, as well as you.

    Thank you and please answer! Keep up!

    • silw says:

      It’s too early to talk about it right now… be proud of what we have right now and what we know, it’s a question of time but don’t ask with questions like that ;), be patient.

      • Killua says:

        Sorry, I was just wondering about the possibilities and got driven by excitement…

        Are you working with wololo for now? If so, then that’s already a “team” you know? Maybe you could get teck4 and neur0n that are active on the PSP scenes, and there is a great start! Create an irc, talk about developments, things would be done much faster, trust me! hahaahah here I go again… Sorry

        Anyway, good luck!

        • wololo says:

          Silw is not working with me, and is not involved at all in this hack. I never heard of him until yesterday, so he is literally coming from nowhere.

          I talked to him yesterday and saw as many reasons to trust him as reasons to not trust him, so for now let’s keep it at that. He has some knowledge, but also assumes too much, from what I could see. Also he is lacking the core dev skills to understand the basics of hacking.

          @Silw: no offense, that’s just how I see it for now, trust is not something I give easily, and on the scene, until proven otherwise, someone is fake by default

          • silw says:

            mmm i didn’t see that post.

            Lacking the core dev skills ? funny funny, when i was talking about making a native arm of mips program, you told me it’s impossible, also i was talking about silk and i have many reasons to think the PS Vita use this… i found strong possibility though the PS3, the web browser, just to let you something else, the PS Vita memory is a simple Micro M2 with encryption and it’s possible to check what have inside with

            Who talk about hack in here ? i don’t need to know how to hack a platform to work on this platform, dev and hack is 2 different think.

            Anyway i’m gonna stop to say something about my works in here, you don’t have any respect for other people that show you different possibility to exploit something and you think you are the only know about how to work, redescend sur terre, tu n’est pas le seul à travailler la dessus et je reviens sur le fait d’éviter d’être aussi égocentrique et de ne pas crasher sur l’aide des autres, avant de me juger, commence par apprendre le respect.

            Je te souhaite merde pour la suite 😉 je suis pas du genre à me prendre la tête la dessus ou à critiquer mais évite de me juger, sous prétexte que tu m’a seulement vu débarquer.

    • wololo says:

      Killua, this is not a movie, what are you expecting, “avengers” to rise as soon as a new console is out? I know a bunch of devs, but not so many who own a ps vita or are interested in it for now. The console was released in Japan 10 days ago, and is not even out yet in other countries, give it some time before people start getting interested in the device and start working together.

      About pandora, again, the console just came out. The pandora for the PSP was released 2 years after the PSP release, so don’t be too impatient 🙂

      • Killua says:

        Sorry, I always get impatient with these things, it’s so much excitement…

        Loved the avengers metaphor, though!

        Good luck with everything!

        PS: Could you please explain basically what the Pandora did and how it was discovered? Thank you!

        • Ty says:

          Pandora came about due to an utterly enormous amount of Sony messups, which all happened to coincide, so here is story time…

          There obviously had to be a PSP recovery mode for Service Personnel. When leaks started to surface about a battery that would make the PSP boot from serial/USB/Memory Stick, people were playing with it.

          Then Sony sent back a repaired PSP, to a customer, with a funny looking Memory Stick still inside it (derp). This was dumped and analysed but nothing much was on it, but it was a clue.

          The next step was dumping the bootrom from the main processor, which showed them that battery serial FFFFFFFF would make the PSP boot from a MagicGate protected sector 0 bootloader on a Memory Stick. This must be encrypted (properly), so they used a number of bugs in the security processor to slowly brute force a working, hacked bootloader.

          A side channel timing attack returned a FEW bytes of the encryption key, which was an enormous oversight. When they discovered that the decrpytion buffer was not cleared when a piece of the bootloader is decompressed, they used that to store code that would allow reflashing unsigned software, and signed a very small piece of header (by bruteforcing) that jumps to it.
          It’s a bit more complicated than that, but yeah.

          So, this doesn’t apply to the Vita because:
          1. They most probably have used an ARM protected boot on-die rom (this is an industry-standard, ROCK SOLID means of booting mobile devices securely). This probably cannot be broken.

          2. I don’t imagine service mode is going to be activated by a dodgy battery serial again. That was a seriously stupid idea if you ask me. There will be a service port on the mainboard that will interface properly over JTAG, and won’t accept anything less than a signed, complete firmware package (like the PS3).

          3. I would imagine they have actually studied y2k security principles now, and that there is some kind of supervisor ensuring that out-of-buffer jumps come from VERIFIED executables. The system should crash when the simple bugs that blew the PSP to pieces are attempted. IT SHOULD, but Sony never seem to get runtime security right.

          I can picture the PS Vita being hacked the same way the iPhone was: luck and loads of backdoors.

          tl;dr: PS Vita isn’t succeptible to the PSP boot chain hacks, and they really really probably don’t use a battery to start service mode. Probably

      • flayer says:

        Yeah i kind of feel left out here in the US.

    • Skud says:

      The pandora battery is just an end user level version of the jig kit sony used themselves to rebuild the software on bricked psp’s…..the answer isn’t a battery for a unit that doesn’t have one thats removeable. Wololo is “assuming from prior knowledge of his work” trying to run a homebrew environment that loads homebrew NOT iso,cso or hacked games and what not. This is the more difficult route but the safest. However for anyone capable, to do anything more we’d need a custom way to safely enter and exit debug mode first. Good work so far wololo….I understand your not doing anything but perfecting your hbl atm but that by itself is the start of the vita homebrew scene, but I assure you that you are far from alone in that respect. There are a hundred new and improved brick walls up that we gotta take apart piece by piec3, there’s quite a few folks working on other aspects of the device to make it less “evil” and more user friendly.

  21. sia4 says:


    Can you PLEASE have a look at this: https://github.com/MayhemYDG/4chan-x/issues/81

    We want to see if VITA’s browser can run scripts.
    PLEASE have a look at that.

    • silw says:

      If you talk about Silk, it’s not a browser but more a client, don’t work without connection/cloud, it’s a lite version of the actual silk of amazon kindle fire… pretty limited in action, you can run scripts right now, they

      • silw says:

        You can’t run script right now, you can’t use it as a explorer localhost… it work with specific direction.

        Silk -> search -> Cloud -> yes no maybe -> Silk display what the cloud said.

        • sia4 says:

          Could you PLEASE post this on github link I gave and discuss with the userscript developer? PLEASE!
          For you it’s easy, but I don’t understand anything about browsers…

          Just talk to him about these things you told me, an account on github is created in 1 minute (not even email verification)
          PLEASE and THANK YOU!

      • wololo says:

        Silw, try to get your facts straight. Until proven otherwise, there is nothing indicating that the PS Vita browser is using Silk. The documentation says they are using Netfront, and I would find very hard to believe that Amazon sold a Silk licence to Sony or anybody else.

        • coyotebean says:

          There is the word “Silk” at the end of the user-agent string

          • wololo says:

            Yes, I saw that but it’s not a proof. If you compare to the Kindle Fire’s user agent, the Kindle Fire says Silk/1.1 while the PS Vita says Silk/3.2 (In a completely different pattern too). Amazon would run their tablet on an 1.1 version, and let Sony benefit from a 3.2 version? I doubt that, it doesn’t make any commercial sense, and where did version 2 of silk go? Also, why would Sony say they use Netfront in the System information panel (they don’t mention Amazon at all) if they are actually using Amazon Silk? Finally, it simply doesn’t make business sense that Amazon is offering Silk on such a minor platform.
            In other words, what we see in the user agent seems unrelated to Amazon’s browser. I can be wrong, but so far all the information I get point me to this browser being netfront, not something else.

          • coyotebean says:

            Yes, I also think the web browser is most likely to be NetFront Browser than Silk. Also, IIRC, the web browser make direct connection to the web site and not via cloud server like Silk suppose to do.

  22. Guardian says:

    Hey wololo, can you use a system similar to the one used in the pokemon hack? You know changin the IP address to sent the pokemon from your computer to the DSI, a similar tactic might work on the Vita…You know, just saying.

  23. Enkeixpress says:

    Great work. You should make custom firmware for the PS Vita, I know you can do it. 🙂

    • flayer says:

      Um… yeah unless you want to write one without an exploit or a way to transfer the necessary files i don’t think you’re going to see a custom firmware anytime soon.

  24. mamo says:

    Good news!
    So when do we play games for free?
    We look forward to playing CFW.
    We dont want to pay *** sony consoles games.
    Pay no money and fun game lol

    • RED says:

      Yep. This is the inevitable end of all this hacking.

      • wololo says:

        HBL cannot technically be used to pirate games, because it only provides user access. For your piracy needs, go to another site, as it’s not what I do.

        • Pirate says:

          Riiiiiiiiiiight. ;D

          • flayer says:

            I know its tempting, but try thinking about the work that was put into that game the next time you want to save 40 bucks. And also ive never tried it but supposedly you could play backups with hbl by running a psp emulator, such as jcpsp, on your computer through pspdisp.

    • NoPiracy says:

      Seriously, do you only think about playing games for free on the Vita?! From my point of view i only want HBL on the Vita. ”we don’t want to pay … sony console games”. If you can’t even support the developpers of the games like killzone, CoD, Gravity daze, Uncharted, etc. They won’t make games anymore. So stop thinking about piracy. 1st of all it’s illegal and second piracy doesn’t support the game devs and Sony. Geez you can’t even save 30-50 bucks for the games. why do you even bother buying the Vita then? You can pay 250/300$ for the Vita. But when it comes to a game for 30 bucks you say no, it’s too EXPENSIVE i want to pirate, i want to play for free. I mean the games for the vita aren’t THAT expensive. They only game that has a little high cost is Uncharted Golden Abyss for 50 bucks. And that isn’t so much. So you better think at HBL or homebrew games instead of pirating the best games. Like wololo said go to another site if you want piracy

  25. squalldna says:

    that sucks! vita is getting more annoying! Offtopic: is saw wololo’s face when he flashed the vita logo on his psv.

  26. sia4 says:

    Wololo, could you ten , PLEASE, check if VITA is compatible with userscripts?
    Also, could something as Adblock plus be done to the browser?
    Thank you!

    I also believe to be Netfront due to the zoom options, 25& to 100% and lack of horizontal scroll.

    If possible, could you post your findings on VITA’s browser on https://github.com/MayhemYDG/4chan-x/issues/81 ?

    PLEASE, this would be incredibly useful!
    Thank you and keep up!

    • wololo says:

      I’m pretty sure the vita browser is not compatible with userscripts, if by userscripts you mean javascript run locally (which is what I think you mean). It’s crazy that you asked so many times about this for such a trivial matter, in an artice related to hacking the vita 😛
      Anyways, short answer to your question: the ps vita browser sucks big time, don’t expect to do anything useful with it, including advanced features such as loading your own javascript on other pages.

      • sia4 says:

        How sad…
        But do you believe, if the VITA is totally hacked, a new browser can be used on it and that will be compatible with userscripts? (here is an example of userscript that runs natively on Chrome http://pastebin.com/raw.php?i=4YLWwiwa )

        Also, could you post what you think on Github, so developer can know what you say? I am not aknowledge to talk about these things…

        Sorry for so much off-topic, this will be the only time I do this!

        • flayer says:

          Im sure there will be a homebrew browser eventually, like netfront beta 4 for psp. But most userscripts weren’t designed to be run in mobile browsers (and aren’t even that big of a deal imo) so support for them is unlikely.

          • sia4 says:

            Would adblock pluas be achievable some way? By ot loading all that advertisement *** (I whitelist wololo ust to support) the network experience would already be faster.

            Also, it was asked for PS VITA compatibility (not by me, but I am also interested) here https://github.com/MayhemYDG/4chan-x/issues/81 because that userscript already supports Opera Mobile.

      • Skud says:

        True I wonder why mozilla even decided to take part

  27. Killua says:

    UMD and ISO do not work on VITA. Demos don’t as well ( I think)
    So, the exploit teck4 uses is from a PSP game available on the PSN? If so, he, you and mamosuke had to buy that game?

  28. Killua says:

    Another question: PSP savedata is exploitable, but what about PS1 titles? Can they lead to anything?

    Also, can any other thing be exploitable? Browser, Near, Twitter thing, etc

    • wololo says:

      potentially, anything where you can read/write stuff is hackable with software means. So yes, the browser, etc… can all be potentially attacked

      • Killua says:

        What about savedata exploit VITA games? What is different about it and PSP savegame spartaaaaaaaaaaa… thing

        Can you make a tutorial as you did to PSP? Thanks

  29. silw says:

    I want to clarify something.

    I don’t work with Wololo and only try to give some help, i’m a dev working on 3D stuff (comp/console video games) i’m not a hacker.

    Why i said the PS Vita use Silk, it’s not only about the user agent but about routed information to the amazon servers, it doesn’t look like net front.

    Anyway i’m sorry if i made mistake and if i’m incorrect, but still think it’s weird.

    Now let’s show the good news
    as you can see, i can finally connect to my local server , i’m trying to execute some scripts.

    i hope i can talk more about it later 😉

  30. xino says:

    oh great…another emulator hack running on a new platform.

    seriously man publishers should not even care for this. They will keep doing this with every new platform that comes out.

    in the end these hackers who play emu on hacked platforms will never spend time playing emu on a new hacked console as they would be busy with other games on PC/Consoles.

  31. smokyyuwe says:

    Is it possible to see if you can edit the content manager so it redirects to a file hosted on your PC?

  32. mykmyk23 says:

    ur da best wololo

  33. Asmith906 says:

    when the psn was down I was unable to transfer any of my legally purchased ps1 or psp games to my psp go Which basically turned it into a paper weight. Is it the same with the vita. If so thats a major problem. Also do you have to be connected to the internet to transfer content to the internet. I used to be able to copy my games from the system so long as I left the license on it. Since we have to use the content manager i’m assuming will need an always on internet connection just to transfer stuff to it.

  34. China-zhang says:


  1. December 27, 2011

    […] Read the whole account from Wololo here […]

  2. December 28, 2011

    […] Link to wololo blog […]

  3. December 28, 2011

    […] Wololo &#1281&#959&#1077&#1109 &#1072n awesome “G&#959&#959&#1281/B&#1072&#1281/U&#609&#406&#1091” point &#959f view regarding th&#1110&#1109 exploit, wh&#1110&#1089h &#1091&#959&#965 &#1089&#1072n read &#1072t: Wololo’s Blog […]

  4. December 28, 2011

    […] with some help from Mamosuke, and I soon got enough information to start working on porting Half Byte Loader to this exploit (note that Teck4 is also working on exploiting this vulnerability further, but I […]

  5. December 29, 2011

    […] > ul'),navbar;if(container.length>0){navbar=new Tarski.Navbar(container);}});‹ HBL running on the PS Vita, Sonic says HiGA_googleFillSlot("Blog_header");PS Vita: content Manager and security concerns December 29, […]