PSVita Hacking @ 35C3: Summary of talk, F00D (Bootloader) key revealed and Team Molecule releases various decryption tools – Now, the PSVita’s security is effectively blown wide open!


I'm a girl that's liked technology from day 1. Mostly interested in the PSVita/PSP scene but I've always modded my stuff when it's possible, that is :)Contact me via DM at @KawaiiAuroraA on Twitter if you have any questions/concerns about my articles or if you have any article requests.

18 Responses

  1. Basam Zayniaie says:

    I love vita…and really great job…but I’m more excited about the ps4 news….the end of the year is near…we want the kernel exploit..!!

  2. Sebastien Gregoire says:

    Does this mean we get a 3.68 permahack soon?

  3. Coco says:

    So what’s stopping 3.69 enso from happening now? If the security processor of the console has been hacked doesn’t it mean unsigned code at startup is a possibility regardless of firmware?

  4. Codeman785 says:

    So in conclusion this was a breakthrough, and and there are things to come from it?

    • Andrew says:

      You now have the root keys to decrypt every single file for the Vita OS, including it’s kernel. This allows you to more easily find exploits for the system, or in some cases you could install a complete custom firmware in place of it, instead of something like H-encore.

      With these keys, you could theoretically replace the Vita OS completely with Android or Linux, instead of running them as kernel plugins. There’s more to it to make that possible, but now exploits can be created to run by the bootrom instead of the OS, much like with the 3DS and B9S.

      • yoshi314 says:

        you don’t have those keys, to be fair. they were not released with the decryption code.

        but they extracted them.

      • StepS says:

        That’s not correct. You can’t just replace the official firmware files with custom ones, because it’s not just about decryption, but also signature checks. And we do not have Sony’s private keys to sign firmwares or games.
        An exploit for the bootrom is also unlikely. As Yifan said himself, the bootrom is super-simple and the attack surface is very low. Therefore, you’re unlikely to find a vulnerability that would let you take control over it beyond the voltage glitching procedure he performed (which will probably never become user-friendly or convenient to use).
        So, in those terms, we’re still limited to exploits in the upper layers of the Vita boot-up process.

  5. Andrew says:

    Good lord. The Master Key is so… well, it’s about as smart as a password being 12345. Not complex enough to be impossible to guess, but dumb enough that you wouldn’t guess it when assuming they were smart with their security, which in this case is not. If you didn’t assume they’d go for something so stupid, you never would guess it either.

  6. bolo says:

    Hope it can help boot android on vita in the future 😀 Android 2.3 would be perfect to run GTA SA on vita 😀

  7. Smoker1 says:

    The only thing I am currently interested in right now, is getting a PSM Game (Everybody’s Arcade), and getting the Klondike Solitaire unlocked, which I already Paid for Years ago. It wont work on my 3G Vita, even with it Backed Up/Restored with QCMA. Worked perfectly on my other Vita. But wont on the 3G Vita.

  8. Gr8n00d1e says:

    I wonder if something like Pandora Battery is possible now for Vita.

  9. Jefphar says:

    Wouldn’t Sony sue them now they show themselves in Broad Day light (Hackers Yifan Lu and Davee). This is a question for their own security for now.

  10. SilicaAndPina says:

    PSM Developer apps are MINE

  11. Ein Owl says:

    Now we need multi-bootloader with vita\android\linux\etc etc OS =)))

  1. January 1, 2019

    […] PSVita hacking, 2018 ended with a bang thanks to Team Molecule’s revelations at 35C3 and this brought about a new era of Vita hacking, an era in which every security measure […]