The current state of Vita hacking
I receive an increasing number of messages asking me if the PS Vita scene is dead before it is even born. My typical answer is: there’s some stuff happening, you just don’t see everything, because some things are not worth mentioning, others are “too important” to be publicly mentioned until they’re more mature.
Today I want to make a summary of the stuff I know. Some of the things you will read below are a mix of things I know and of personal guesses… but in general I tend to be right about these things 🙂
Currently, the only public way to run unsigned content (homebrews) on the PS Vita is VHBL. The hack in itself is fairly limited (it only allows to run a subset of PSP homebrews), and is also not widely spread since only a few thousand lucky people are able to grab the releases (the other 2 million vita owners are people who are still not following this blog, how foolish of them) before Sony patches the exploits (or, rather, pulls out our attack vectors).
I’m not completely stupid, and I know that running fanmade homebrews is not exactly hat most people expect from a console hack. So, besides VHBL, what could or could not be done currently with Vita hacking?
I’ll first describe what’s going on with the PSP emulator side, because it’s the one I know the best, and then I’ll move on to other stuff.
Attacking the PSP emulator, more than 5 teams in the race
The PSP emulator is a nice attack vector for Vita hacking, for various reasons. The most obvious one is that we know the PSP system quite well since the scene has been studying it for years now. VHBL itself relies on user mode exploits in the PSP emulator. Those of you who have been on the PSP scene for a while know that when it comes to the PSP, the holy grail is to get access to a kernel exploit. A Kernel exploit on the PSP is synonymous with the possibility to run a Custom Firmware, with all the benefits that come with it (perfect homebrew compatibility, plugins, but also the controversial iso loaders).
Before we get any further, I want to clarify that when I am talking of a kernel exploit in this article, I am talking of a PSP kernel exploit, running inside the psp emulator, sandboxed on the vita. It is essential to understand that a psp kernel exploit alone will not give us any access to the PS Vita specific content, including its ram, its hardware, or its games. A PSP Kernel exploit, at best, would give us the equivalent of a PSP CFW inside the emulator itself. It would be a sandboxed CFW (SCFW) <– hehe coining a new term here, does any of you remember who came up with the term “LCFW” ? 🙂
- Related Read: Flash0 dump, then what?
Ok, now that this clarification is made, what do we have? Well, what I can tell you is that I have been personally contacted by 5 different teams or individuals who have access to psp kernel exploits that do work on the Vita. Now, this does not necessary mean there are 5 different kernel exploits out there (some of these teams might be using the same exploits, either through random luck, or because they are communicating with each other), and it does not necessarily mean that a release is around the corner either.
Let me develop on that last bit. The people I’ve talked to (the anonymous “Tony” is one of them) all have various goals and constraints with their hacks.
Some of them just want to use the hacks for personal experiments, and have no plans to release their work (for those of you who are shocked by this form of egoism, please remember that depending on your country, the laws against hacking on devices such as the Vita can be pretty convincing…). Others have plans to release their hacks “one day, maybe”, but not in the foreseeable future.
Others strongly believe that making those psp kernel exploits public now would be a bad move, as a psp kernel exploit on the vita emulator could be one step closer to a real vita hack. Revealing such a hack too soon would mean it would get patched by Sony, closing a possible “door” to more interesting vulnerabilities. Their point is therefore: would you like to do on your vita what you can already do on a hacked PSP, or would you rather wait a few months, or maybe a few years (sob) in order to see a true vita hack? Of course, there is no guarantee that a psp kernel exploit can be a valid entry point to a vita hack, but surely digging into the interface between the psp emulator and the vita (the now famous “kermit” module) could prove to be interesting.
- Related Read: Who’s Kermit?
Other people, finally, are hard at work to release “something” for the scene, but could not provide any specific date to me. Although there doesn’t seem to be any specific technical obstacle to run a PSP SCFW on the Vita, these things take time, and timing is the essence here, as basically all the hackers I have been in contact with agree that psp kernel exploits are quite rare and should be used wisely.
Nevertheless, the fact that so many people are working on hacking the vita with positive results is, I think, good news, and should lead to good stuff in the months to come.
Of course, none of this makes VHBL irrelevant. As a matter of fact, it actually makes VHBL, or rather, our ninja releases, more relevant than ever. PSP Kernel exploits need to be run through a user mode exploit. User mode exploits on the PSP emulator are currently found in games, and Sony can pull those games out of the store fairly fast. The ninja releases tend to counterbalance that by giving people a chance to grab the games before the information goes public. Of course, as these releases get more and more popular, they also become more and more difficult to handle, so I guess the message here is, if you already have access to a user mode exploit through one of our VHBL releases, it might be wise to not give it up, assuming you are ready to stay on the same firmware for a few months. If not, fear not, there will most likely be other ninja releases to give more people the opportunity to run VHBL on the latest firmwares.
Hacking the Vita, not going through the PSP emulator
In addition to the ongoing work on the psp emulator, some people have contacted me with “leads” on hacking the vita through other means. If you think about it, every “interface” on which the user can control the input to some extent, is a possible attack vector. With the PSP emulator, we used the savegames so far, but other entry points exist, such as the media files we copy on the device (images, music, movies), the web browser, some of the internet-connected apps (facebook, youtube,… <– although it might not be wise to attack Sony through a vulnerability in a Google or Facebook, unless you really like to make several powerful enemies at once).
As I mentioned a while ago though, all these leads are useless without knowing anything about the ram layout of the Vita (which is also why it is much simpler to hack into the PSP emulator, since the PSP Ram layout is well known).
- Related read: Where are the real Vita hacks?
Initial reports also show that the Vita is integrating several “anti hack” measures. This is not a surprise since the Vita ships for example with an ARM Cortex 9 processor, which includes a bunch of security measures. Of course, this is Sony we’re talking about here, and they are known to mess with the stuff they use in a way that eventually backfires on them, so there are probably still ways to get into the system 🙂
What are your expectations regarding Vita hacks? would you be happy with “just” PSP access? Or would you rather wait for something bigger? Should Sony be worried of “just” a psp breach on the vita?
tell it like it is: all (or almost) seriously expect a hack of life with the possibility of starting up. I do not think that the owners are happy just the start VHBL or psp. Sorry for my English, I have recently begun to study it.
I think that there is no reason not to release a usefull kxploit in the emulator, and by usefull I mean its a full sandboxed hen of some kind and not just hey look I can load isos. A vita exploit needs time because we have to decide how everything is going to work and how are not signed apps going to get to the masses? are they going to be copied via cma or is there going to be something like cydia?
lol looks like your “dev kit fund raiser ” has cone to a halt, better think of something else
everyone says how they want all this stuff, i think we should donate more to SKFU, when i get some more money I will donate again. he’s like 26% there, come on guys!
As long there is no ISO loader out there a homebrew is awesome. But a easy and common iso loader will destroy the console :/
I agree. I honestly would prefer just to get my hands on vhbl to run some psp and ps1 games and older emulators, not hack the vita entirely destroying any chance the system has for the future.
to be honest i just want to play psp games on this. the vita is new and if it is hacked and games are downloadable this early in or at any other point then developers will stop creating games leading to an early death of the vita 🙁
I dont really care for an iso loader, psp’s dead, I want the psp CFW on vita, i want my homebrews and the psp hack on my psp. Were bored with our vitas now. I hope to see the CFW soon. wololo can you get an answer from the anonymous guy on when he will release this hack.
I bought my second playstation console (Vita) a couple of days ago and I’ve read alot about hacking it on this site.
I agree with many of you about not to use the Vita iso’s since that could damage Vita game market. What I would like to play on my Vita are ps1, psp, gameboy, and snes games.
Lets face it guys. Anyone reading this… VITA simply isnt gonna cut it the way it is right now.
Its locked, somber, LIFELESS. Popularity? is there still any? really?
Only CFW can save Vita from total fail. Everyone was talking about the PSP, when even a new tiny cool hack, app, emulator came out. People were excited about it. What is to talk about Vita? nothing. And ultimately save the hurt sales BULLLSHIT for yourself.
God of War, GTA’s, sold millions. Oh and Gran Turismo topped 1.8mil sales in three months. And unless you were living under a rock, when GT for PSP came out, the CFW scene was at it’s peak i could say.
Ironically, Custom Firmware will save Vita from sinking even futher into the dark depths. It’s a *** booring junk right now.
I am curious:
With the vita being pretty much a merge of gaming system & smart phone, perhaps the idea is being attacked from the wrong perspective.
Has anyone tried to figure out a way to ‘root’ the vita instead of just a hack or exploit?
How do you think phones are rooted exactly?
I’ll be the first to admit that I do not know. I was merely posing the question, because the terminology is different.
Would it be possible to attack through a false cell tower for the 3g models, or a router for the wifi models?
Like I said, I know next to nothing about the intricacies involved, but sometimes it helps to ask a question. You never know how you might get the ball rolling.
Rooting is hacking its gaining superuser,kernel or root permissions all the same *** just means you have administrative control of device.
A “group” said something about a fake WIFI point.
When logging into PSN this, “emulated” server
would catch teh PSVs comm.
Then you could download your games “iso’s” that way
and the PSV thinks they are legit and stores them away
you can play. BUT they didnt get past initial stages becase
they cant deceode some signature or something and
the ISO downloaded but when run on the vita it gave a
“corrupt file, redownload” error.
they abandoned the project.
I long lost the web URL but google may show something
for those interested. they gave up too soon I think
or maybe they realized dead end? I dont know for sure
they never said why they stopped.
Hey I like the progress thanks for keepin us updated. Me myself I’d prefer that the whole system gets hacked instead of just the psp emulator but, why not have both going on at the same time? It’s too bad we cant use these devices the way we can a psp. If I could help I would but I’m just a leecher xD good luck!
I believe we should wait, so that developers can still sell games without it being Downloaded and we could create a cfw which attempts to block pirated games (idk how maybe make a homebrew signature known only by Wololo & Others) Dark_Alex……. HELP US (jokes i no he wont but m3h)
I would be okay for the PSP access ONLY. At least with that, there are still some value into owning a Ps Vita, where you have to buy games every now and then. Also, unless you want to happen what happened in the PSP scene where developers stopped making games, it is best to just leave the vita unhack (for now at least). The Vita hack with a PSP access isn’t bad, at least you only carry one piece of gadget.
Hey wololo… don’t post this, but why not hack the vita through the accessory port. I looked into it and it seems to be a possible way to getting in to the system using the reboot menu… can you pass this through… Thanks.
Buenas!! he estado mirando al menos unas 3 horas en las webs hoy
y no he visto nada tan sensacional como tu escrito. Me ha impresionado mucho el modo que gastas al escribir creo que es lo que me ha llegado.
Personalmente, si muchos de los propietarios de webs exponen estos escritos, Internet seria mucho mas practico.
Espero que sigas por estos lares y pueda seguir comentando relatos de la calidad de este.