Yifan Lu dumps the Vita NAND, confirms it’s encrypted


We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

91 Responses

  1. nevercall says:

    how ’bout the vita game card? maybe we can do the same trick they do on 3ds w/c they play backups(cough) from it?

    • Yifan Lu says:

      Gateway 3DS required a kernel exploit.

      • Hazer7 says:

        I thought we had a kernel exploit for the vita. Just not the native. And is decryption that hard. You should go further into details about what type of encryption it is.

        • Yifan Lu says:

          We don’t have native kernel exploit for the Vita. We have it for the PSP emulator ON the vita.

          “And is decryption that hard.”
          If done correctly, it would take more than the life of the universe to crack AES encryption of a reasonable key length (which is what they are using).

  2. 110706 says:

    “”I believe Vita hacking will not come without massive help from hardware hackers.”” and “Oh, and this goes without saying, but yifan Lu will not publicly disclose the dumped material.”.

    Translation : i want hardware hackers to help us hack vita, but i dont want to share what i have already discovered and maybe someone smarter than me can figure it out.

    Good luck getting more people interested in hacking Vita if you act like this. PS Vita chances of getting hacked are slimmer by each day…meanwhile each day newer and more powerful hardware arrives for handheld devices, ultimately making Vita totally not worth it.

    • JS22 says:

      Exactly what I was thinking. I was wondering what he meant by saying: “I won’t be able to release data I obtain from the device for legal reasons (including any actual dumps made) but I WILL post instruction for REPRODUCING everything I do.”

      Which means, he won’t be releasing the actual dumps, and most likely, won’t release a Native Hack for the PS Vita, BUT, someone who is following his instructions can reproduce it and release it. Unlike Yifan, he is just avoiding Sony haunting him down. Understandable, but that’s where most people got confused, or mislead, and donated right away because they thought they were going to see a Native Hack and Homebrews on their system…ONLY by following his instructions that he post up, NOT by downloading a Ninja Release or a Nand Dump, or anything like that.

      The real question is…no, the real question was, “are we going to see a Ninja Release of a Native Hack for our PS Vita? The only people that would most likely to have it (in the future), would be the massive help from the hardware hackers and coders, not people who donated, UNLESS they are following Yifan instructions. So you donated AND must purchase the items that Yifan bought by your donations, and follow his instructions on how to do a Nand Dump. Please correct me if I am wrong. I have nothing against anyone. Just trying to make it clear for myself and maybe others.

      • Yifan Lu says:

        Let me quote my entire disclaimer for reference.

        “Before we talk business, I want to be as open and honest as possible. I am not a hardware hacker. I have very minimal experience with hardware (I know how to solder and I know what resistors look like), so by no means am I the best person for this job. In fact, I wish there was someone else doing this. My only qualification is the small amount of knowledge I have running userland Vita code and exploring the USB MTP protocol. It could turn out that I’m completely incompetent and not get anything useful. It could turn out that everything works out but my goals were set in the wrong direction. It could also take a very long time before any results are found (since this is a hobby after all). But, I will always be as open as possible; documenting any small discoveries I make and posting details and guides about what I’m doing. I’ll post any large transaction that takes place within the scope of this project and admit any mistakes I’ll definitely make. I won’t be able to release data I obtain from the device for legal reasons (including any actual dumps made) but I will post instruction for reproducing everything I do. I have seen other “scene” fundraisers and the problems that arises in them (mostly lack of response from the developer(s)) and will try to avoid making such mistakes. If you still believe in me, read on.”

        Please note that it was posted BEFORE the donation button. You must scroll past the large “Disclaimer” text before even getting to donate. If you still haven’t read it by then, I’m sorry but I don’t think I’m misleading anyone by not releasing any (encrypted, aka useless without key) information.

        ‘The real question is…no, the real question was, “are we going to see a Ninja Release of a Native Hack for our PS Vita?”‘
        Nowhere in my original post did I even mention a native hack, an exploit, or anything. All I said was that I want to dump the NAND and explore the hardware and if you want to help, feel free to contribute some money.

        “So you donated AND must purchase the items that Yifan bought by your donations, and follow his instructions on how to do a Nand Dump. ”
        Nope. If you read the posts, you can see that all you need are three pieces of wire and an SD card reader that supports 1-bit read mode. The tools I bought allowed me to analyze the hardware so I can find this. It’s like saying everyone who wants to run this homebrew must download the SDK.

        Furthermore, if anyone DOES feel like they have been misled, I will happily refund their donation.

    • Yifan Lu says:

      Real Translation: If you are working on the Vita feel free to contact me. However, I cannot release any materials because Sony is known to be very hostile towards hackers and don’t want to give them any reason to sue me.

    • wololo says:

      @110706, your comment is just so out of place it baffles me.

      Obviously, you completely missed the point of the “this goes without saying” part, so I’ll say it anyway:

      – there are legal implications to distributing the content of the NAND, which is made of copyrighted material from Sony. Yifan couldn’t do it without risking legal action from Sony (even if, in encrypted form, that arguable)

      – The content of the NAND is encrypted, and therefore totally useless to anyone. (NO, other hackers won’t find a magical way to decrypt it!)

      As a conclusion of these two obvious (for anyone with a minimum of experience) points, the files will not (do not need to) be released.

      Makes sense? Next time, comment only if you know what you are talking about.

  3. euss says:

    Not only is it encrypted (psp2000 and later is anyhow), it is also perconsole tied – so it is not like you are going to do anything usefull with it other than comparing and documenting its rough structure with other encrypted flash dumps.

    The standpoint about not releasing full dumps is understandable, even when censored to remove personal data. It is certainly not surprising to see reluctancy to open up for legal debate. Ever since Sony sending DMCA to virtually anyone remotely hinting to Sony owned material or even removing content that is not even owned by them but opensource/public domain you can hardly find a website/person willing to pay for the legal expenses for such debates.
    It is also not exclusive Sony either, as generally other (console) hackers try to keep their releases legally safe (e.g. Wii/WiiU:Nintendo, Xbox/XboxOne: Microsoft etc.). I don’t hear you guys/commenters asking for WiiU or XboxOne dumps/keys either or making a fuss about it (hopefully that is a sign of intelligence :P).

  4. open source lover says:

    PS vita has open source software that might help with decoding or finding a exploit.
    google “psvita-license open source” it should be the first one that pops up.
    I would really love to upgrade my memory card without paying a lot, and some open source apps

  1. January 22, 2014

    […] It didn’t take long for Yifan Lu’s investigations to become useful for other hardware hackers! Our community member katsu, guided by Yifan’s precise description of the Vita’s NAND pinouts, was able to hack his PS Vita in order to boot from a previous firmware, technically performing something very similar to a downgrade. Check the video below, it’s cool and full of “electronics ***”, like your favorite cyberpunk movie. Yifan Luさんの調査が他のハードウェアハッカーの役に立つのに、そう長くはかかりませんでした。私達のコミュニティーのメンバーであるkatsuさんは、YifanさんによるVitaのNANDのピンアウトの的確な説明のおかげで、以前のファームウェアから起動するというハックに成功しました。技術的にはダウングレードに非常に近いことを成し遂げています。以下のビデオは、我々のお気に入りのサイバーパンクなムービーのように、かっこよくてエレクトロニクスポルノにあふれています。 […]