First Vita Savedata Decryption by mr.gas
Today mr.gas started a thread at /talk forums:
maybe someday we will be able to launch our user land exp.
I replaced my account id and psid with asterisk (***) .
linked to a dropbox file. When you download and open the files, you will see pictures of details of a Final Fantasy X HD savegame for Vita and more importantly both encrypted and decrypted versions of savegames. There is a sce_sys directory and data000.bin, data001.bin and data002.bin files in the decrypted folder. These 3 data files match the 3 savefiles we see in the picture of the savegame.
Here are the hex statistics of both encrypted and decrypted versions of data000.bin by HXD:
You should spot the difference of encrypted and decrypted files from the distribution of the bytes. What does decrypting a savefile mean? Well, it means mr.gas has access to the Vita filesystem to be able to extract a savefile (CMA stores savefiles in savedata.psvimg, savedata.psvinf, savedata.psvmd format) and if that isn’t enough mr.gas also can decrypt the savefiles. mr.gas just confirmed he can not reencrypt the savedata files back yet, but if he or someone else can succeed to reencrypt savedata files back, this can be used to exploit the save files just like how most of PSP hacks out there works. It is of course too early to speculate but this is major progress.
From what mr.gas says in the thread, i got the impression that mr.gas wants/tries to boot a userland exploit through a savedata exploit. Hope mr.gas can succeed and we can finally have a native exploit for PS Vita.
We will be sure to share more news about this as soon as we can.