PS Vita Bootrom hack “broombroom” released
Developer SKGleba has released a Playstation Vita bootrom hack, which would typically be the holy grail of console hacking. But here’s the catch: the exploit only works on prototype units running on firmware 1.03. In other words, this release is really cool for those of us who like to think of themselves as “historians” of the scene, and people who want to understand the inner workings of a console hack, but will not be directly useful for the vast majority of Vita users.
As the developer notes:
This hack has been used to dump a DEM-3000L’s first_loader as well as some keys.
The vulnerability it exploits is only present on prototype units so I am sharing this code for archival purposes.
…But as a reminder, those of you with a PS Vita can easily hack it with already existing tools. We emphasize once again that this release is useful for “intellectual” reasons, not for the end user, but you’re still good to go 🙂
What is Broombroom for PS Vita?
From the project’s readme:
Playstation Vita first_loader hack for prototype units on firmware 1.03
This hack grants “bootrom”-level code execution on the PSP2 by exploiting a first_loader vulnerability discovered by Team Molecule
Download and use Broombroom – PS Vita bootrom exploit
You can download the source code for the exploit on the developer’s github.
Usage notes from the readme:
Usage
- You will need mepsdk and vitasdk
- Compile all the cmep-payloads, make sure that resulting byte arrays are static const
- Compile the main code, the result should be kexec.bin
- Run kexec.bin in THUMB mode with a kernel exploit such as this one
Notes
- By default, broombroom expects arg to be a user-space pointer to a decrypted 3.65 second_loader.enc
- it is only used for convenience, it is not required for the hack itself
- Porting to a firmware different than 1.03 requires offset changes in the kernel and tz payloads
Credits
- ‘Proxima‘ for help and guidance over discord
- ‘Team Molecule‘ for the user, kernel, bootloader, trustzone, update_sm and bootrom exploits as well as mepsdk and sceutils
- ‘Zecoxao‘, ‘LemonHaze’, ‘Princess Of Sleeping’
- All henkaku wiki and vitasdk contributors
- ‘Yasen’ for providing a type B prototype devkit and lots of electrons.
Source: SKGleba
first
Useless…both above comment and this hack.
⚰️
I can say all of this thread’s comments are useless but…
You clearly don’t understand why broombroom exists. It may be useless to you and me, but it’s already been used to dump the firmware of what may be the rarest vita dev unit.
Loader* sorry, I skimmed through. My point still stands though.
So ?
Dyslexia moment
Btw, this person is a known sociopath. Best to avoid him.
3RD!!!!!!!
Tang alottt