Hacking (Warning)Vita Vpks that Brick your vita are surfacing online! (Warning)

[CMDreamer]

I would recomend Vitamin to the People who want to play the following :

Assassin's Creed III: Liberation (G)
A.W: Phoenix Festa (G)
Conception II: Children of the Seven Stars (G)
Criminal Girls 2: Party Favors(G) Danganronpa Another Episode: Ultra Despair Girls (G)
Dengeki Bunko: Fighting Climax (G) Digimon Story: Cyber Sleuth (G)
Dead or Alive Xtreme 3: Venus (G) Dungeon Travelers 2 (G)
Freedom Wars (G)
Gal*Gun: Double Peace (G)
God of War Collection (G)
Gravity Rush (G)
Hyperdimension Neptunia Re;Birth 1 (G)
Hyperdimension Neptunia: Producing Perfection (G)
Hyperdimension Neptunia U: Action Unleashed (G)
Killzone: Mercenary (G)
Moe Chronicles (G)
One Piece: Burning Blood
Persona 4: Golden (G)
Persona 4: Dancing All Night(G)
Phantasy Star Nova(G)
Physco Pass Mandatory Happiness (G)
Resistance: Burning Skies (G)
Ray Gigant (G)
Steins;Gate (G)
Street Fighter X Tekken (G)
Sword Art Online: Hollow Fragment (G)
Tokyo Twilight Ghost Hunters
Ultimate Marvel vs. Capcom 3 (G)
Uncharted: Golden Abyss (G)
Uta No Prince Sama 3 Music 3 (G)
Valkyrie Drive: Bhikkhuni (G)
Yakuza 0 Vita App

(G)= that i own said game

Sorry about the (G) thing its due to the fact that i copied the list from my backlog

But yeah if your ONLY intrested in them then YES i personally would say Vitamin Over MaiDump.

But Mai is what most of the people like so yeah not much i can say tbh

I'm new to the Vita scene, and I'm already reading to learn about it. Had forgotten I had an account here, sorry for that.

If I may ask for, could you please provide SHA1 hashes of the VPK files you have, so I can (somehow) check/compare dumps I might get/have of said games?

Actually (unknown to me) the scene's VPK dumpers (trusted one's), should provide a hash (maybe SHA1) so downloaders can check if the VPK's they have are equal as the one provided by them.

I'm not sure if Vitamin does generate a hash of the dumped VPK file, so I can be sure the VPK is correct when moving between places for backup. Is there a way for me to generate a hash of a cartridge (game data) that would be dumped using Vitamin, so I can check the VPK file after having the dump?

I'm not willing to lose the only Vita I have, so I'd like to be extra cautious. Thanks in advance.

 

[Tony_93]

I'm new to the Vita scene, and I'm already reading to learn about it. Had forgotten I had an account here, sorry for that.

If I may ask for, could you please provide SHA1 hashes of the VPK files you have, so I can (somehow) check/compare dumps I might get/have of said games?

Actually (unknown to me) the scene's VPK dumpers (trusted one's), should provide a hash (maybe SHA1) so downloaders can check if the VPK's they have are equal as the one provided by them.

I'm not sure if Vitamin does generate a hash of the dumped VPK file, so I can be sure the VPK is correct when moving between places for backup. Is there a way for me to generate a hash of a cartridge (game data) that would be dumped using Vitamin, so I can check the VPK file after having the dump?

I'm not willing to lose the only Vita I have, so I'd like to be extra cautious. Thanks in advance.

Vitamin dumps games while they are on ram, so even 2 dumps done on the same system will have a different hash due to ASLR.

Unless you download from the exact same source he downloaded from, your hashes won't match.

 

[CMDreamer]

Vitamin dumps games while they are on ram, so even 2 dumps done on the same system will have a different hash due to ASLR.

Unless you download from the exact same source he downloaded from, your hashes won't match.

Thanks. After reading about ASLR, I can understand why "hashing" would be somewhat useless. But it could provide a way so trusted scene dumpers, would upload APK's and allow users to trust on their dumps, isn't it? Best regards.

 

[ManuelKoegler]

BUMP:

UPDATE 6th October 2016:

This morning, a new bricker was released, masquerading as a homebrew recreation of Duck Hunt. The eboot was again marked unsafe, and was obscured from the checking mechanisms detailed below. The functions used were given dummy names and the os0: string was built while the program was running rather than being present in the file to begin with. The same basic method was used as the two previous methods but the obfuscation meant that just searching in the file wouldn’t show the issue, and the method that MaiDumpTool uses when installing does not detect it or throw an error upon trying to install an unsafe eboot. Currently all I can suggest is using SafeDump to make the eboots safe, this should remove most of the risk, but I stress again do not install things from unknown/new users, or at least wait for confirmation from more trusted members of the community.

Good Luck

I honestly have to say, jesus, they're going out of their way to f*ck you over.
I mean trolling wise, it can be fun to poke a little fun at people sometimes, but there's a little difference between that and straight up destroying someone's property.


Sent from my iPhone using Tapatalk

 

[Abu_Senpai]

I honestly have to say, jesus, they're going out of their way to f*ck you over.
I mean trolling wise, it can be fun to poke a little fun at people sometimes, but there's a little difference between that and straight up destroying someone's property.


Sent from my iPhone using Tapatalk

Thats the world we live in these days. As tech gets better the hackers are not too far behind. Some of them are awesome and some are complete assholes who dont deserve the title.

 

[deSSy2724]

Can anyoone confirm if the Touch my Katamari (eur) .vpk is safe from the Portal rom site? I checked the vpk with an hex editor and found something with os0 and vs0.

VitaOrganizer 0.5.2 gives me a warning (extended permissions etc) and VPKTool 1.8 says the eboot is not right but at the same time "the vpk seems safe".... so, what I did? I repacked the .vpk with the VPKtool 1.8 and installed it trough VitaOrganizer 0.5.2 and the game works fine.....

I have downloaded numerous 3DS and PS3 titles from that particular site and I had zero problems, now my question is. Is/was the .vpk really suspicious or what?

 

[Joe88]

Can anyoone confirm if the Touch my Katamari (eur) .vpk is safe from the Portal rom site? I checked the vpk with an hex editor and found something with os0 and vs0.

VitaOrganizer 0.5.2 gives me a warning (extended permissions etc) and VPKTool 1.8 says the eboot is not right but at the same time "the vpk seems safe".... so, what I did? I repacked the .vpk with the VPKtool 1.8 and installed it trough VitaOrganizer 0.5.2 and the game works fine.....

I have downloaded numerous 3DS and PS3 titles from that particular site and I had zero problems, now my question is. Is/was the .vpk really suspicious or what?

use safedump which removes those permissions for vpk's and maidumps and turns the dumps back to safe mode
https://github.com/MPTSakurada/SafeDump/releases

 

[dankzegriefer]

My common sense tells me that the same can't be archieved on 3DS since games run on Arm11. But is possible?

With an exploit.

 

[Metoroid0]

We knew something like this was going to happen which is why safe homebrew was a thing. We worked with the_flow to implement it and that's why you wouldn't get such a virus from using vitashell + vitamin. Unfortunately other people aren't as cautious.

--------------------- MERGED ---------------------------


Sure, just use that svc back door that cfws love to insert.

What does "vitashell + vitamin" actually means? i know vitashell is vita app, file manager like... but what is vitamin, and why "+" And how can i be sure its safe install...is there some brick blocker idk...nand backup like wii?

--------------------- MERGED ---------------------------

This just was announced over on Reddit at /VitaPiracy

Apparently a Reddit User uploaded TWO vpks earlier today which were:

"Fruit Ninja [US] [TESTED] [MAIDUMP]"

"kung fu rabbit - tested working - maidump v233.2z8"

Those unfortunate pirates who downloaded said Vpks and installed them have been had meaning that their Ps Vitas have been BRICKED PERMENANTLY!.

So be EXTRA Cautious when it comes to using backups guys!

Here is a explanation of what happened in more detail:

"Technical explanation from /u/tuxdude143;

I have been analysing the vpks along with a friend and we have found that both of them make calls to OS0. The particular cause for concern is how they call for OS0 to be mounted along with OS0:KD and VS0. Now once those are mounted it basically just wipes them clean. The consequence is the vita had no operating system to boot at all, nor does it even have any drivers to interface with any of the components (which are contained in OS0:KD. Basically the result is an UNRECOVERABLE BRICK which leaves the nand completely wiped and unbootable.

Consider it the first ever serious vita virus"


"Been analysing this with a friend and from what we have found out it seems the mai.suprx mounts some rather odd things, namely vs0 and os0 before nuking vs0, os0 and most destructively, os0:KD aka the driver directory"


The user who uploaded said .vpks definately did so with malicious intent so id be extra weary when installing .vpks

How exactly to be "safe" with VPK??

 

[SuperDan]

wasn't this like a year ago !?~

 

[Metoroid0]

wasn't this like a year ago !?~

nope, its happening now with me, i just got my vita.

 

[Abu_Senpai]

What does "vitashell + vitamin" actually means? i know vitashell is vita app, file manager like... but what is vitamin, and why "+" And how can i be sure its safe install...is there some brick blocker idk...nand backup like wii?

--------------------- MERGED ---------------------------


How exactly to be "safe" with VPK??

Just use Nonpdrm when backing up your vita games or when downloading them. Dont use MaiDump or Vitamin since they are outdated now.

What is the problem with you anyways? is it a dumped game? or a downloaded one? and what did you use dump it?

--------------------- MERGED ---------------------------

wasn't this like a year ago !?~

Yeah it was, what is the thread bumping rule again?

 

[SuperDan]

Just use Nonpdrm when backing up your vita games or when downloading them. Dont use MaiDump or Vitamin since they are outdated now.

What is the problem with you anyways? is it a dumped game? or a downloaded one? and what did you use dump it?

--------------------- MERGED ---------------------------



Yeah it was, what is the thread bumping rule again?

bumping rule ~!?~ nahh i was wondering if it happened again .. if that was dragon quest builder's ( which was a game alot of people wanted at the time ) including me .. i bet alot more people would be hurtin ...........

--------------------- MERGED ---------------------------

nope, its happening now with me, i just got my vita.

Really ~!~ You Got Bricked ~!?~