Vita hack: Davee releases a Vita Native exploit through Webkit (but there might be a catch)

by wololo · October 19, 2014

It’s been long awaited, teased a few times recently, and it might finally be here: a native vita hack.

Famous ex-psp hacker Davee released yesterday a proof of concept exploit for the PS Vita, running through the webkit browser. (and yes, you get to try it, hold on!)

Davee came back to life a few weeks ago, releasing a framework to help with the development of exploits on ARM CPUs, through RO programming based hacks. It wasn’t long before he announced this exploit.

Now here’s the catch: in its current form, the exploit only runs on Vita firmware 2.60. Davee stated that it should be easy enough to port to other firmwares (there are a few entry point addresses to update, it seems), but it is extremely likely that it is patched in firmware 3.30. I have no full confirmation of that (although I did test), but my gut feeling tells me Davee would not release “just” a proof of concept if there was a possibility this could still be used on the latest Vita firmware. Yifan Lu stated that this might actually be the same exploit found by other people independently, that had been confirmed to be patched after firmware 3.18.

@frwololo @DaveeFTW will know for sure, but it's my understanding that the same exploit was found independently by other parties and patched

— Yifan (@yifanlu) October 18, 2014

This confirms once again that people waiting for an exploit should stay on lower fiwmares as much as possible (says the guy who just updated to 3.30 yesterday…).

Give it a try

On firmware 3.30, unless I messed up some of my copy/paste, the hack fails at the very first step, which isn’t firmware specific. This indicates that the exploit is indeed patched on 3.30. Feel free to give it a try in particular if you are on firmwares 3.18 or lower. We’ll have more details on the exploit very soon!

Try the exploit on your PS Vita: https://wololo.net/v/260.htm

Update: many people are asking what the exploit should look like when it is “working”. The “full” proof of concept only works on 2.60, but on other firmwares, anything else than an error code is a good sign. For example, people on 3.18 and 3.20 report that the page stays there for a few seconds then reloads: this is a good sign.

Source: Davee’s bitbucket, via YifanLu

Zacdee316 says:

November 23, 2014 at 4:53 am

Tried on mine, page reloaded. No errors to speak of on v3.12

Vita hack: the webkit exploit fully explained (+ more code for you to look at!) - Wololo.net

November 2, 2014

[…] the blue: Developer Amat Cama just posted an article on his blog explaining all the details of the Webkit exploit that was recently revealed for the Vita, including how he and a group of friends leveraged […]
The Vita Homebrew Bounty - Wololo.net

April 12, 2015

[…] still no public way to execute native ARM code on Vita. There is work for that generally around the webkit exploit depending on ROP, but it is still not at the stage where you can code your own homebrew in C, […]
New Webkit Exploit found for Vita and maybe Playstation 4 - Wololo.net

April 22, 2015

[…] has been about 6 months since we first heard about a webkit exploit for Vita. After that we have seen several applications of it, like the Pong and the Package Installer for […]

Vita hack: Davee releases a Vita Native exploit through Webkit (but there might be a catch)

147 Responses

Popular

CHECK OUT OUR BOARD GAME SISTER BLOG:

Latest entries on our Smart TV dedicated sister site

Featured

Popular Downloads

Archives