Qwikrazor87 releases source code for the Vita Firmware 3.36 (PSP emulator) Kernel exploit

wololo

We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

28 Responses

  1. Merc says:

    Primera

  2. Stanislav says:

    Only psp games:(:(:(?

  3. Khoa says:

    Hope there will be a chance for Ben10 Alien Force: Vilgax Attack to work…. the only one that I’ve got.

  4. Interesting to see what the actual code of an exploit looks like even though I am unfamiliar with the language its written in.

  5. Zodiac says:

    I hope this PSP emulator is can play with Pangya Fantasy Golf game too.

  6. Ken says:

    Hmm, I was about to sell my 3.5 vita so I could buy a vita with 2.18 firmware.

    I don’t understand the technical details of this post but doesn’t kernel access on 3.6 and below mean we could eventually run ps vita roms?

    Should I sell my vita? :'( im so confused.

    • anonanon says:

      this is a psp exploit, running in the psp emulator of the vita. Not an actual vita exploit.

      • Wrozen says:

        The amount of clueless people i see on this site everyday is simply astonishing. There was nothing here that suggested a vita kernel exploit at all. Cant believe this guy.

  7. meysam25 says:

    i am unable to undrestand c++ :((

    • Acid_Snake says:

      This is C, not C++. There’s a big difference: C doesn’t have a crappy OOP design from the 90’s.

      • Rob says:

        Haha, heck yes!, C FTW

      • Anon says:

        You really thing bashing a language was necessary? Each language has its pros and cons.

        • Acid_Snake says:

          Yes, I have. There is absolutely no reason for C++ to miss out on modern OOP designs that are proven over and over again that are much better than 90’s OOP designs: properties are much better than private attributes with getters/setters, abstract/virtual methods overcomplicate things and add no extra value, private members should not be disallowed access on subclasses, that just prevents proper code-reuse, and many more things. After programming in SO MANY languages I can tell you what is a good language design choice that helps programmers write better code faster and easier and what is simply annoying and adds no value or complicates things.
          Unfortunately these languages with bad design choices are language created in the 90’s when every programmer was theorizing on OOP without thinking if it was going to be any good.

  8. Acid_Snake says:

    This is one of the many race condition exploits that the PSP’s kernel has.
    The targetted function loads an offset twice, the first time to check it for validity (check that it isn’t bigger than a given amount) and the second time to actually use it by adding it to an address.
    What the code does is create a thread to hopefully change this offset to a big number after the check but before the actual usage, this turns the resulting address into a kernel one where we can override parts of kernel ram.
    We basically want this:
    – Thread 1: sets the offset to a valid amount, calls the function, the function checks the offset and it passes.
    – Thread 2: changes the offset to an invalid value that gives you a kernel address when added to the user address.
    – Thread 1: loads the (now invalid) offset again and adds it to the user address.
    Due to the undeterministic properties of threads, this may or may not happen in the order that we want, so we have to have some loop that keeps trying until it works.

  9. DHZ210 says:

    sup wololo,im Dark hazama but Call me DHZ for short,i have a ps vita 3.18 version,im not going to upgrade or anything cuz of sony taking out all the exploited games,i know you guys work really hard on this developer programs,(i never use the word hacker,dont like it)and you guys rock on what u do,i hope Zett could do like and update for gladiator begins,i have that exploited game thanks to The Zett,my regards to him,if he can bring the exploit file for that game and turn it into for 3.36,that be awsome,cuz i could update with no problem and everyone else would as well.

    • warfaren says:

      Why do you want to update? You’ll miss your chance for a native CFW if the webkit exploit (that gets patched after 3.18) leads to something good.

  10. Arc says:

    Looks amazing. A couple lines of code that change a little bit of values in RAM and boom, exploit is done. I wonder, how much time went into actually getting to this code…
    Maybe the exact same amount of time and luck, system wide exploit requires to appear?

    • qwikrazor87 says:

      Writing the exploit code itself doesn’t take very long, the time consuming part is actually finding the kexploit in the MIPS disassembly of the firmware.

      • Arc says:

        Yeah, I know. It just looks funny – all great things have little code, but huge impact and require a *** ton of time to make with 90% of a time being consumed by thinking.

  11. gbro says:

    I’ve just posted a reverse of the involved syscall and subs in the forums with an explanation

  12. qwikrazor87 says:

    test

  13. qwikrazor87 says:

    The awaiting moderation thing is so irritating. |:

  14. 8Trigrams64Palm says:

    keep up the good work 🙂

  15. lol says:

    It’s very unsightly to see people bash on c++, I’m pretty sure c has its cons too, and c++ was developed as a means to solve underlying issues programmers were having such as encapsulation.

    • Acid_Snake says:

      How is encapsulation an issue? Encapsulation is a programming technique that helps developers know what data is sensitive and shouldn’t be used inappropriately.
      And encapsulation existed LONG before C++, C++ doesn’t add anything that C can’t have, it only overcomplicates things.

    • Rob says:

      Well, for some reason Java is used more than C++ (maybe because of its easiness) but Oh look! C is at the top.

      http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html

      What I like about C is that it is a really small programming language, easy to use and also you can easily create complex and large applications right away.

      Just look at their popular reference books K&R is like 300 pages long and Stroustrup’s book is about a 1000 pages long, so if you need to write an useful application right away it’s kind of impossible.

      And about encapsulation (and other stuff), they’re just design topics that depend mostly on the programmer, if you know what you’re doing you can implement them.

  16. lollypop says:

    do the psvita pspemulator exploits allso work on ps3’s pspemulator wololo ?
    if so howto change the backup without idps andso that game+exploit are injected ?