Hacking More Henkaku source code released.

[Vampirex]

A User by the name of St4rk has reversed engineered stage 1-2 of the Henkaku exploit code!!
http://st4rk.net/2016/08/29/henkaku-ps-vita-ctf-reverse-engineering/

As promised Yifan Lu has released full source of stage 1 and 2 written in roptool.

Blog and comment by Yifan Lu
http://yifan.lu/2016/08/28/yes-its-a-kernel-exploit/

 

[VinsCool]

Oh this is pretty nice! St4rk is known hacker too, nice to see they figured this out

 

[nxtgamer]

yassss

--------------------- MERGED ---------------------------

Sorry I spammed by accident

 

[ShinichiKudo]

NICE!

 

[Qwertyqwerty]

Cool!

 

[guitarheroknight]

Fuck i need a Vita now.

 

[Vappy]

Neat, kernel exploit confirmed. I'm massively ignorant on the Vita's security system, but makes me wonder if Henkaku would be capable of more significant changes to the OS with some further research, maybe something like disabling the authentication steps for memory cards so you could use a mSD with an adapter instead. NAND redirection, possibly? Or maybe I'm just being too blind hopeful.

 

[Mazamin]

And now let's see who will reverse stage 3!

 

[Ushio]

And now let's see who will reverse stage 3!

What will happen if they got the stage 3?

 

[DinohScene]

Neat, kernel exploit confirmed. I'm massively ignorant on the Vita's security system, but makes me wonder if Henkaku would be capable of more significant changes to the OS with some further research, maybe something like disabling the authentication steps for memory cards so you could use a mSD with an adapter instead. NAND redirection, possibly? Or maybe I'm just being too blind hopeful.

MSD usage with adapter might be possible, tho it's external only.
No way a Photofast like solution will exist for the Vita.

NAND access to write protected areas is possible with VitaRW.

 

[Vappy]

MSD usage with adapter might be possible, tho it's external only.

Yeah, slot's too small to fit a mSD plus adapter. I'm sure some kind of not-entirely-ugly solution can be thought of.

NAND access to write protected areas is possible with VitaRW.

By "NAND redirection", I meant something like 3DS's emuNAND/redNAND, system software stored in a separate location so it can be updated while still keeping the console on 3.60.

 

[DinohScene]

Yeah, slot's too small to fit a mSD plus adapter. I'm sure some kind of not-entirely-ugly solution can be thought of.


By "NAND redirection", I meant something like 3DS's emuNAND/redNAND, system software stored in a separate location so it can be updated while still keeping the console on 3.60.

If anything, it would look like this

Albeit much much slimmer.

Unfortunately, that isn't really possible.
The Vita memorycards are bound to a specific firmware.
If you update your Vita (in this case, EmuNAND), the Vita memorycard will be set to FW 3.61.
Your SysNAND would still be on 3.60 but your memorycard won't work anymore.
Unless a CFW comes out which patches that (but you'll need to have it on SysNAND then anyway)

Ofcourse, this is all theorized and I could be completely wrong about it.

 

[Vappy]

Unless a CFW comes out which patches that (but you'll need to have it on SysNAND then anyway)

Well yeah my thinking is if, theoretically, Henkaku is capable of any of this, it'd be capable of patching out checks like that too. But yes all just blind speculation from someone who doesn't know any better for now. Hopefully if/when someone posts up the reverse engineered stage 3, we'll get some more definitive answers.

 

[DinohScene]

I'd much rather see a dual NAND chip but that's just me ;p
Personally, I could live with two Memcards (one for hacks and one for PSN) and having to solder in a dual NAND chip.

 

[BasedIndex]

Stage 3 is impossible. It's too complex.
Also on the other note if anyone hopes for 3.61 kernel exploit. I read that if someone would ever get into kernel memory on 3.61 it would be a totally rewritten code compared to 3.60.

Spoiler: FEELS

I was planning to get a vita this summer but every used console is on 3.61. EVERY. SINGLE. ONE. Though usually local people sell them for like 100 usd with a couple of games and a mem card. It's a good deal for a brick.
Guess I gotta spend 300 bucks on a new vita/mem card. fml

 

[Vappy]

Seeing yifanlu's posts on dumping the Vita NAND, how small the contacts are on the Vita board, and for the most part having to piggyback off some surface mount resistors, I'm not sure I'd want to rely on soldering in any capacity.

 

[Vampirex]

If anything, it would look like this

This wouldn't be so bad for a PS TV, but for the Vita portable use, might be too bulky..

Well the blackfin device did come with a gamecart with microsd slot (confirmation needed).

Hopping something similar will be viable/released soon.

 

[Mazamin]

And now let's see who will reverse stage 3!

I suppose vita piracy.

 

[DinohScene]

This wouldn't be so bad for a PS TV, but for the Vita portable use, might be too bulky..

Well the blackfin device did come with a gamecart with microsd slot (confirmation needed).

Hopping something similar will be viable/released soon.

PSTV hasa USB port, makes more sense to utilize that