psp2sdboot: PS Vita Service mode utilities
Released by SKGleba yesterday, psp2sdboot is a set of tools to access Service mode on the PS Vita. This is the result of years of research by the involved hackers, and follows some of their earlier experiments this year. This will be useful in particular to help unbrick PS Vitas.
What is psp2sdboot
PSP2sdboot is a series of guides, payloads, schematics and scripts for use with PSP2’s “SD boot mode”. (Service mode with boot from an SD Card). From the readme:
On all Playstation Vita/TV units the System Controller (“syscon”, “ernie”) has an RPC server activated by a specific hardware circuit. When activated, syscon listens over UART for commands that can range from simple diag checks, fuse reads, calibrations, to special features such as NVS R/W that require authorization using handshakes with secret keys. More information as well as circuit schematics and RPC clients can be found in the bert repository.
An authorized JIG interface client can trigger a special, alternative boot mode inside the BootROM. In this mode, which we dubbed “sdboot”, a signed second_loader.enp is loaded from an unauthenticated MMC/SD storage inside the GameCard slot and decrypted using an alternative set of per-console keys.
In sdboot, after copying itself from 0x40000 to 0x5c000, BootROM first reads a single block (0x200 bytes) from the external storage to 0x40000, verifies if second_loader offset and size fields are valid, then reads second_loader to 0x40000.
The issue is that the exception vectors are hardcoded to 0x40000, so any exceptions in BootROM during (or after) second_loader is read will cause a “jump” to the read data – resulting in arbitrary code execution.
A simple way to trigger an exception is to perform a Fault Injection attack. Because all faults/exceptions result in code execution, the FI setup does not need to be precise, and can be approached in a spray-and-pray manner.
This project makes use of Voltage Fault Injection, specifically the “crowbar” method, performed by a low cost setup with the Teensy 4 mcu system at heart.
The result is a consistent BootROM code execution of a arbitrary code blob loaded from an unauthenticated MMC/SD storage inside the GameCard slot.
With psp2sdboot, the default code blob is bob, it starts an RPC server that can be used for research or executing additional specialized payloads with functionality such as key retrieval, data dumping, unbricking and more.
How to use psp2sdboot
At this point, the repository is very much work in progress, and the details are sparse. From the readme:
- Insert SD with bob, alice and dram init
- RPC run a keydumper payload
- Use keys to build an EMMC recovery image and (if needed) SNVS recovery block
- Remove SD, flash the image, insert SD
- Run the EMMC flasher RPC payload
- (if needed) Flash the SNVS block via JIG
Keep in mind that this is work in progress.
Just started to write the readmes, it’ll take a while.
Targeting EOY for everything.
— SKGleba (@skgleba) December 9, 2023
you can download the files on the project’s github at https://github.com/SKGleba/psp2sdboot