Hacking Warning for ENSO users (in future everyone)

[SKGleba]

Warning for ENSO users (in future everyone):
According to Voxel's way to run selfs at start i successfully created an Bricker/formatter for Vita which is installed by an app (moved to memcard and edited bootconfig.txt). (OFC no way to exit)
No signals when installed app (looks normally) but when rebooted it formats vita. Also it can access psp2bootconfig.
And last: Psvita is able to connect to wifi and access net. (at boot)
So there is a way to make a ransomware for playstation vita/tv.
So pay attention.
To devs: can u create pls a plugin/app that checks the bootconfig.txt?
Edit1: Wat happens if i delete psp2bootconfig.suprx? You can still access safemode? -- no

 

[yifan_lu]

Look if you install a kernel/shell plugin, all bets are off. You need to disable safe homebrew to even get there. It's like if you're on Windows and you type in your admin password to install a driver. There's nothing Windows can do to stop yourself from shooting your own foot. Maybe devs can write more security conscious plugins (for example taihen is written that way) but who's gonna force them?

 

[FR0ZN]

Just don't be the first to install apps that sound too good to be true

 

[SKGleba]

Just don't be the first to install apps that sound too good to be true

I mean u can place this in a real dump.
(bootconfig and self renamed and hidden in /manual and when app starts it rename&place in correct folders.)
As you were able to detect os0 string in eboot in this is a little harder. (cuz everything in self)

 

[Deleted User]

Edit1: Wat happens if i delete bootconfig.txt? You can still access safemode?

Deleting boot_config.txt just defaults to the official boot config on os0. Restoring the Vita system while on Enso seems to do this (but doesn't completely uninstall Enso, so it allows you to reinstall the config via the installer as soon as you've set up the system again).

 

[SKGleba]

meh my bad, i mean psp2bootconfig.skprx

 

[Deleted User]

snip

 

[SKGleba]

But you still need it to be an unsafe homebrew for that, and nobody is going to install a closed source unsafe homebrew or game dump.


If only GBAtemp let you edit posts.

Yup but a lot of people have "unsafe homebrew" on
I can edit.Just wanted to keep it clear
Also enso install require "unsafe homebrew" on

 

[CMDreamer]

[...], and nobody is going to install a closed source unsafe homebrew or game dump.

"Nobody" are just too many people out there... Plugins/homebrew should be as safe as possible from design, that's what a good developer must know. And yes, any "closed source" homebrew/plugin should be avoided. Game dumps are always closed source, no matter what.

I would like Ensö to ID plugins (by a trusted developer's signature perhaps?) and recognize malicious one's just before installing/running them, so user would know beforehand and decide (at own risk) to install/run them.

As always, homebrew and plugins must be downloaded/installed from secure sources and from well known developers. Sometimes a "novel" functionality is not worth the risk of bricking the system.

 

[Deleted User]

Just don't download "Free PSVita hacks" from the internet.

 

[SKGleba]

"Nobody" are just too many people out there... Plugins/homebrew should be as safe as possible from design, that's what a good developer must know. And yes, any "closed source" homebrew/plugin should be avoided. Game dumps are always closed source, no matter what.

I would like Ensö to ID plugins (by a trusted developer's signature perhaps?) and recognize malicious one's just before installing/running them, so user would know beforehand and decide (at own risk) to install/run them.

As always, homebrew and plugins must be downloaded/installed from secure sources and from well known developers. Sometimes a "novel" functionality is not worth the risk of bricking the system.

You can analyze plugin/app for "bricker" code (os0/vs0 string).
But this only add a line to ur0:tai/bootconfig (or ux0) and copy the self to a specified place in ux0.

 

[CMDreamer]

You can analyze plugin/app for "bricker" code (os0/vs0 string).
But this only add a line to ur0:tai/bootconfig (or ux0) and copy the self to a specified place in ux0.

So then, the risk is on configuring a hombrew/plugin to run on boot? May I ask if bootconfig.txt is "protected" somehow by Ensö from any "external" modification while booting and after? Shouldn't it be for exclusive use of Ensö? (Don't know that's why I'm asking).

I know that running a plugin/homebrew on boot is a nice feature, but don't think is worth the risk of bricking.

 

[SKGleba]

So then, the risk is on configuring a hombrew/plugin to run on boot? May I ask if bootconfig.txt is "protected" somehow by Ensö from any "external" modification while booting and after? Shouldn't it be for exclusive use of Ensö? (Don't know that's why I'm asking).

I know that running a plugin/homebrew on boot is a nice feature, but don't think is worth the risk of bricking.

Even if you totally break your bootconfig.txt you can restore via safemode.
This is not a added feature, its just an load order.
Also just encrypt/move safemode and you wont be able to do anything (ofc after infected boot)
IDK about protection (it can be made) im not a dev of enso.

 

[Deleted User]

snip

 

[SKGleba]

Yes, a lot of people have unsafe homebrew on. But you still get a notification when you try to install an unsafe one, so it's not like anybody will install one by mistake.

Only notif i get: This app has got access to ur personal info etc...

 

[Deleted User]

snip

 

[CMDreamer]

Homebrews are usually safe. If they aren't, they have a good reason to not be and are usually open source. Game dumps should always be safe homebrew, no exceptions. They're not really a problem. [...]

Game dumps are a problem actually, I do remember bricks coming from modified dumps. So then, I would suggest that game dumps get a signature (SHA-256 maybe?) from the trusted dumper on any site. And I mean the file itself (RAR, 7Zip, Zip and so on). So getting the file and comparing the signature would increase safety.

Game dumps (from carts) are not homebrew (afaik) and they are closed source too.

Everytime I get into a discussion here I learn more, thanks guys.

 

[SKGleba]

Game dumps are a problem actually, I do remember bricks coming from modified dumps. So then, I would suggest that game dumps get a signature (SHA-256 maybe?) from the trusted dumper on any site. And I mean the file itself (RAR, 7Zip, Zip and so on). So getting the file and comparing the signature would increase safety.

Game dumps (from carts) are not homebrew (afaik) and they are closed source too.

Everytime I get into a discussion here I learn more, thanks guys.

Just make a eboot.bin which will make the job and start second eboot with game. (like enso bypasser/crack works)
sigs:
OFC but who will want to check sig

 

[CMDreamer]

[...] OFC but who will want to check sig

Anyone getting the file. I would do it if that would increase my Vita's safety and reduce the bricking risk.

 

[SKGleba]

Anyone getting the file. I would do it if that would increase my Vita's safety and reduce the bricking risk.

But if you download a lot...
Also IDK if all sites, hosters with those files suddently deleted them from servers and wait for new dumps with sigs