Yifan Lu dumps the Vita NAND, confirms it’s encrypted
I’ve mentioned a few weeks ago Yifan Lu’s ongoing experiment/attempt at looking at the vita’s hardware. Yifan’s been busy over the Christmas period, looking at the bowels of our favorite portable console. Earlier today he announced he was able to dump the Vita’s NAND.
Now before everyone gets excited for no good reason, all this really gives us today is confirmation that the vita onboard memory is encrypted. This in itself is interesting though, as this confirms Sony didn’t mess up their security on that point, and attempting to hack the Vita by modifying the NAND directly is not a possibility.
Yifan also shared a bunch of cool pictures and explanations on how he achieved the dump, something that I think is extremely valuable for all of us, especially those interested to know how hardware hacking works. As I’ve stated many times now, I believe Vita hacking will not come without massive help from hardware hackers.
Some of Yifan Lu’s interesting findings are that the eMMC NAND is about 3.78GB, with about 800MB used by the (encrypted) system, and the remaining 3GB or so potentially empty for now.
This experiment gave Yifan Lu new cool hardware skills that he’ll use to look at more stuff in the Vita’s internals. He also details the hardware cost of this experiment, something you’ll find interesting if you want to do something similar one day 🙂
Oh, and this goes without saying, but yifan Lu will not publicly disclose the dumped material. Not that it would be useful anyway, given that it’s encrypted.
This might sound like a disappointment, but to me, the fact that one guy went from no hardware knowledge to being able to dump the NAND of the Vita in a matter of weeks is extremely exciting. Again, more important than the result is how he achieved it, a process that he details on his blog. I wish I had the time to do the same 🙂
Source: Yifan’s blog
how ’bout the vita game card? maybe we can do the same trick they do on 3ds w/c they play backups(cough) from it?
Gateway 3DS required a kernel exploit.
I thought we had a kernel exploit for the vita. Just not the native. And is decryption that hard. You should go further into details about what type of encryption it is.
We don’t have native kernel exploit for the Vita. We have it for the PSP emulator ON the vita.
“And is decryption that hard.”
If done correctly, it would take more than the life of the universe to crack AES encryption of a reasonable key length (which is what they are using).
“”I believe Vita hacking will not come without massive help from hardware hackers.”” and “Oh, and this goes without saying, but yifan Lu will not publicly disclose the dumped material.”.
Translation : i want hardware hackers to help us hack vita, but i dont want to share what i have already discovered and maybe someone smarter than me can figure it out.
Good luck getting more people interested in hacking Vita if you act like this. PS Vita chances of getting hacked are slimmer by each day…meanwhile each day newer and more powerful hardware arrives for handheld devices, ultimately making Vita totally not worth it.
Exactly what I was thinking. I was wondering what he meant by saying: “I won’t be able to release data I obtain from the device for legal reasons (including any actual dumps made) but I WILL post instruction for REPRODUCING everything I do.”
Which means, he won’t be releasing the actual dumps, and most likely, won’t release a Native Hack for the PS Vita, BUT, someone who is following his instructions can reproduce it and release it. Unlike Yifan, he is just avoiding Sony haunting him down. Understandable, but that’s where most people got confused, or mislead, and donated right away because they thought they were going to see a Native Hack and Homebrews on their system…ONLY by following his instructions that he post up, NOT by downloading a Ninja Release or a Nand Dump, or anything like that.
The real question is…no, the real question was, “are we going to see a Ninja Release of a Native Hack for our PS Vita? The only people that would most likely to have it (in the future), would be the massive help from the hardware hackers and coders, not people who donated, UNLESS they are following Yifan instructions. So you donated AND must purchase the items that Yifan bought by your donations, and follow his instructions on how to do a Nand Dump. Please correct me if I am wrong. I have nothing against anyone. Just trying to make it clear for myself and maybe others.
Let me quote my entire disclaimer for reference.
“Before we talk business, I want to be as open and honest as possible. I am not a hardware hacker. I have very minimal experience with hardware (I know how to solder and I know what resistors look like), so by no means am I the best person for this job. In fact, I wish there was someone else doing this. My only qualification is the small amount of knowledge I have running userland Vita code and exploring the USB MTP protocol. It could turn out that I’m completely incompetent and not get anything useful. It could turn out that everything works out but my goals were set in the wrong direction. It could also take a very long time before any results are found (since this is a hobby after all). But, I will always be as open as possible; documenting any small discoveries I make and posting details and guides about what I’m doing. I’ll post any large transaction that takes place within the scope of this project and admit any mistakes I’ll definitely make. I won’t be able to release data I obtain from the device for legal reasons (including any actual dumps made) but I will post instruction for reproducing everything I do. I have seen other “scene” fundraisers and the problems that arises in them (mostly lack of response from the developer(s)) and will try to avoid making such mistakes. If you still believe in me, read on.”
Please note that it was posted BEFORE the donation button. You must scroll past the large “Disclaimer” text before even getting to donate. If you still haven’t read it by then, I’m sorry but I don’t think I’m misleading anyone by not releasing any (encrypted, aka useless without key) information.
‘The real question is…no, the real question was, “are we going to see a Ninja Release of a Native Hack for our PS Vita?”‘
Nowhere in my original post did I even mention a native hack, an exploit, or anything. All I said was that I want to dump the NAND and explore the hardware and if you want to help, feel free to contribute some money.
“So you donated AND must purchase the items that Yifan bought by your donations, and follow his instructions on how to do a Nand Dump. ”
Nope. If you read the posts, you can see that all you need are three pieces of wire and an SD card reader that supports 1-bit read mode. The tools I bought allowed me to analyze the hardware so I can find this. It’s like saying everyone who wants to run this homebrew must download the SDK.
Furthermore, if anyone DOES feel like they have been misled, I will happily refund their donation.
Real Translation: If you are working on the Vita feel free to contact me. However, I cannot release any materials because Sony is known to be very hostile towards hackers and don’t want to give them any reason to sue me.
@110706, your comment is just so out of place it baffles me.
Obviously, you completely missed the point of the “this goes without saying” part, so I’ll say it anyway:
– there are legal implications to distributing the content of the NAND, which is made of copyrighted material from Sony. Yifan couldn’t do it without risking legal action from Sony (even if, in encrypted form, that arguable)
– The content of the NAND is encrypted, and therefore totally useless to anyone. (NO, other hackers won’t find a magical way to decrypt it!)
As a conclusion of these two obvious (for anyone with a minimum of experience) points, the files will not (do not need to) be released.
Makes sense? Next time, comment only if you know what you are talking about.
Not only is it encrypted (psp2000 and later is anyhow), it is also perconsole tied – so it is not like you are going to do anything usefull with it other than comparing and documenting its rough structure with other encrypted flash dumps.
The standpoint about not releasing full dumps is understandable, even when censored to remove personal data. It is certainly not surprising to see reluctancy to open up for legal debate. Ever since Sony sending DMCA to virtually anyone remotely hinting to Sony owned material or even removing content that is not even owned by them but opensource/public domain you can hardly find a website/person willing to pay for the legal expenses for such debates.
It is also not exclusive Sony either, as generally other (console) hackers try to keep their releases legally safe (e.g. Wii/WiiU:Nintendo, Xbox/XboxOne: Microsoft etc.). I don’t hear you guys/commenters asking for WiiU or XboxOne dumps/keys either or making a fuss about it (hopefully that is a sign of intelligence :P).
PS vita has open source software that might help with decoding or finding a exploit.
google “psvita-license open source” it should be the first one that pops up.
I would really love to upgrade my memory card without paying a lot, and some open source apps