1. WiiUBricker

    OP WiiUBricker News Police
    Banned

    Joined:
    Sep 19, 2009
    Messages:
    7,828
    Country:
    Argentina
    image.jpeg


    Team Molecule's Henkaku challenge was a great way to lure in engage talented people in hacking the PS Vita's solid security. One of the hackers that took the challenge goes by the handle hexkyz who successfully reverse engineered all three stages of Henkaku. However, that was not the end of the road. While Henkaku enabled access up to the lv2 layer of the Vita, there are two more security layers to exploit, the Secure World Kernel (lv1) and F00D (lv0). After the challenge was over, hexkyz went on a mission to hack the remaining layers. Getting around those layers proved to be exceptionally difficult on firmware 3.60 due to constant interferences of lv1 sanity checks. So he figured out his best bet to make any progress is to hunt down a Vita on a low firmware. Ideally it would had to be a launch Vita with no firmware updates installed at all. Unsurprisingly it turned out to be very hard to get ahold of one, so he decided to go after something a bit higher.

    Since the F00D processor was updated only once on firmware 1.60, hexkyz decided to get a Vita with a firmware at least lower than 1.60 in case some critical lv0 bugs were patched there. Fortunately he managed to get a firmware 1.50 Vita. From there the real fun began.

    Basically, while he was able to achieve everything what Henkaku does on firmware 1.50, in the end, he went even further than Henkaku and achieved arbitrary lv1 code execution on firmware 1.50. So what does this mean for the average dude? Since the vulnerability he found was patched around firmware 1.80, nothing. At least for now. Still this is useful for hackers with a low firmware Vita who want to help hack the system even further.

    Currently, hexkyz is fuzzing with the main interface of the F00D processor on firmware 1.50, while looking for new lv1 vulnerabilities for firmware 3.60. And who knows, maybe from all of that, someday the system will be hacked further on 3.60 or even 3.63. Visit hexkyz's blog to read the full post with all the details.

    :arrow: Source: hexkyz's blog via Yifan Lu's Retweet
     
  2. DinohScene

    DinohScene hail p1ngpong
    Moderator

    Joined:
    Oct 11, 2011
    Messages:
    21,247
    Country:
    Antarctica
    Interesting.
    Didn't took to long for lv1 code execution.
     
  3. Stephano

    Stephano pessimism = Realism
    Member

    Joined:
    Feb 18, 2016
    Messages:
    1,570
    Country:
    United States
    This is so hype:toot::yaypsp:
     
  4. Pandaxclone2

    Pandaxclone2 Pokemon Sprite Artist Hobbyist
    Member

    Joined:
    Aug 17, 2015
    Messages:
    1,114
    Country:
    Australia
    It almost makes me weep for my 3.60 Vita. On one hand I did want what henkaku offered but on the other hand I had to give up the lower firmware for it. Then again who knows what could happen down the Vita hacking road? Maybe one day we'll be able to make a downgrade app to get more out of our systems.

    At any rate I won't be updating the system anymore but it sucks thinking that Vita hacking/homebrew as it currently stands is so restricted.
     
  5. Bonestorm

    Bonestorm Banned
    Banned

    Joined:
    Jan 15, 2017
    Messages:
    541
    Country:
    Canada
    why would you need a lower firmware.... 3.60 is the golden FW
     
  6. Pandaxclone2

    Pandaxclone2 Pokemon Sprite Artist Hobbyist
    Member

    Joined:
    Aug 17, 2015
    Messages:
    1,114
    Country:
    Australia
    Basically the further you go back in a system's firmware history, the more exploits there could be/are. Case in point, this thread. Even the 3DS's best exploitable firmware is 9.2 but going further back than that gives you access to more, like the otp.bin needed for A9LH.
     
    Assasin1990 likes this.
  7. Vitaminer

    Vitaminer Banned
    Banned

    Joined:
    Nov 22, 2016
    Messages:
    286
    Country:
    United States
    So long as I can play vita and psp titles, 3.60 is good enough for me, it's not like the vita is powerful enough to emulate gamecube or ps2, even if you can fully hack the vita and unlock its full hardware potential, it's not gonna be good enough
     
  8. WiiUBricker

    OP WiiUBricker News Police
    Banned

    Joined:
    Sep 19, 2009
    Messages:
    7,828
    Country:
    Argentina
    Probably worst comment of the year so far.
     
  9. Vitaminer

    Vitaminer Banned
    Banned

    Joined:
    Nov 22, 2016
    Messages:
    286
    Country:
    United States
    Explanation? Maybe I am missing out on something?
     
  10. perkel

    perkel GBAtemp Regular
    Member

    Joined:
    Dec 28, 2015
    Messages:
    246
    Country:
    Poland
    Well if he has access to it then it also means he will be able to "test" it from inside thus helping him find exploits far easier which later on could be used on newer firmware.
     
    Pandaxclone2 likes this.
  11. lincruste

    lincruste GBAtemp Fan
    Member

    Joined:
    Jan 13, 2008
    Messages:
    353
    Country:
    Antarctica
    I can't answer for WiiUBricker, but here are a few reasons to dig further into the PSVita inners:
    - Knowledge. This can't be overseen.
    - Improved ability to hack it (permanent hack, 3.63 vulnerabilities, 100% success rate, etc)
    - Side effects (possible usage for another Sony device)
    - Access to low level informations (ultimately a way to sign, inject and run arbitrary code without an exploit)
    - Because if it bleeds, we can kill it.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - execution, achieves, firmware