Vita hacking: TheFlow shares writeup of the trinity exploit
Yesterday, the developer shared a writeup of the hack. With an impressive amount of vulnerabilities (6 of them) used to lead up to full access of the Vita system, this is a long and complex read.
The adventure starts with a kernel exploit in the PSP emulator, takes us into looking for Kermit vulnerabilities via a fuzzer, to ultimately defeat ASLR and craft an ARM Kernel exploit on the Vita CPU.
Old timers like me will enjoy the whole part related to controlling and escaping the PSP emulator through a MIPS Kernel exploit, then will appreciate getting totally lost in the deeper layers of the Vita kernel. In any case, for anybody interested in how gaming consoles are exploited, this is a must read!
TheFlow Credits Qwikrazor87 and Team Molecule for some of their work on the PSP emulator and the Vita respectively. I’ll leave you with his conclusion from the writeup, which hopefully you’ll find as inspirational as I did:
This was the coolest exploit chain that I had ever written and certainly also my proudest project. I enjoyed exploring these new attack surfaces and it gave me nostalgia as it combined a decade of knowledge and research by the PSP/PS Vita community. This project also concluded the end of my work for the PS Vita scene and I hope that my write-up would inspire other people to begin with reverse engineering, finding vulnerabilities and exploitation. I believe that I am only here where I am today thanks to these kind of write-ups and I believe you can all achieve the same, if you just want to.
The full writeup here: https://theofficialflow.github.io/2019/06/18/trinity.html