http://pastebin.com/QvZ5h2Ew
On all firmwares.
-BASICS
- Reading
- Dump ux0
- Dump any file (blind)
- Dump cartridge
- Writing
- Write to ux0
- Write to any partition (except RO partitions, e.g: vs0)
- Delete
- Delete in ux0
- Delete in other partitions
-TRICKS
- All models
- Custom themes
- Full bubble customization (PSP/PSVita)
- Bubble spawning (Hidden apps)
- ePSP bubble creation (re-birth)
- Package installation
- Cartridge backup installation
- Free trophies
- PSTV
- Run unplayable games
- Registry edition
- Switch PSN account
- Make CMA backups for anyone (without linked PSN account)
- Fake region
- Semi-debug
MagStaff EDIT from Tom Bombadildo: More information on some of thee few things this "hack" will do:
On all firmwares.
-BASICS
- Reading
- Dump ux0
- Dump any file (blind)
- Dump cartridge
- Writing
- Write to ux0
- Write to any partition (except RO partitions, e.g: vs0)
- Delete
- Delete in ux0
- Delete in other partitions
-TRICKS
- All models
- Custom themes
- Full bubble customization (PSP/PSVita)
- Bubble spawning (Hidden apps)
- ePSP bubble creation (re-birth)
- Package installation
- Cartridge backup installation
- Free trophies
- PSTV
- Run unplayable games
- Registry edition
- Switch PSN account
- Make CMA backups for anyone (without linked PSN account)
- Fake region
- Semi-debug
MagStaff EDIT from Tom Bombadildo: More information on some of thee few things this "hack" will do:
You may want to change this thread's title as it's highly misleading.
These "tricks" revolve around the same bug in the Email app that has been in use for PSM+. At a first glance, the bug itself is pretty limited, but mr.gas came up with some interesting ideas to use it.
First and foremost, this doesn't allow homebrew/piracy/CFW or any other kind of advancement on Vita hacking, so the title is greatly exaggerated.
Yes, you can dump files. The Email app doesn't parse file paths properly and let's you attach any file from inside the Vita's NAND file system.
Can you do anything useful with them? No. All the relevant files are encrypted, including files dumped from cartridges.
Yes, you can write to files inside the Vita's file system. This is only allowed for user partitions, which means, you can't write to anything particularly relevant. Plus, the Vita wouldn't deal with unsigned files. Same concept applies for deleting files.
However, certain files are handled completely unencrypted in the Vita's file system. Files like XMLs, databases and part of the registry.
Can you "blow the Vita wide open" with this? Of course not.
Nonetheless, you can still achieve some nice workarounds for things that Sony doesn't want us to have. That's where mr.gas and Major_Tom were truly ingenious.
By modifying certain database files you can have certain applications accessing files that they shouldn't be accessing. Obviously, the Vita protects most of those accesses, plus, those database files can be regenerated from recovery mode (that serves to demonstrate how unimportant they actually are).
Themes, for example, come from unencrypted XML files (not counting with PFS encryption, which is not applied when the Email app messes with files): http://vitadevwiki.com/index.php?title=Themes#theme.xml_structure
If you modify them, you can make your own theme. "Bubbles" follow the same logic.
Package installation is also limited. What's new is the ability to call it again on firmwares that blocked it.
Cartridge backup installation is not what you think it is. This something that mr.gas found while messing around with game files.
It revolves around copying license files so the Vita starts a game from it's own file system, instead of reading the cartridge.
However, this requires the original cartridge to be inserted first, then removed, each time you want to start the game. This is merely a proof of concept and can't really be exploited any further.
Free trophies, again, follow the same logic. Modifying trophy files gives you any trophy you want. These files are not protected, since they aren't really important.
The highlight, in my opinion, is the PSTV whitelist bypass. Essentially because Sony could have just, well, allowed any game to work?
The logic is the same. You modify an unprotected file (in this case it's list_launch_vita.dat) and you're done.
Registry edition is also possible due to part of the registry being saved in plain format (for logical reasons).
If you play around enough with this, you can easily achieve things like region spoofing and account switching, since most of that data is stored in plain database files that can be edited with this bug.
In older firmwares (3.01 and less) you could also pass specific arguments to the "pspemu". This would let you install an ePSP CFW without using any exploit game.
Another interesting tidbit, Yifan Lu originally published this file list for us to blindly dump files using the bug: http://yifan.lu/2014/10/17/ps-vita-3-30-filesystem-listing/
"However, now there’s reports of people obtaining the facility to dump files from the Vita file system."
Anyway, don't expect anything else coming from this particular bug. It was published now due to people finally stopped updating their consoles to use Rejuvenate. The bug is incredibly simple and will certainly be patched on the next firmware release.
If you're wondering how I know all this, I was one of the first people to know about and use this bug.
All of those "hacks" are, of course, real. Please support mr.gas and Major_Tom, their findings and nifty tricks have helped the Vita scene a lot.
Last edited by Tom Bombadildo,
, Reason: Added detailed information from later post in the thread