Warning for ENSO users (in future everyone)

Discussion in 'PS Vita - Hacking & Homebrew' started by SKGleba, Jul 6, 2017.

  1. SKGleba
    OP

    SKGleba O ja pierdole!

    Member
    299
    149
    Nov 11, 2016
    Poland
    Warsaw
    Warning for ENSO users (in future everyone):
    According to Voxel's way to run selfs at start i successfully created an Bricker/formatter for Vita which is installed by an app (moved to memcard and edited bootconfig.txt). (OFC no way to exit)
    No signals when installed app (looks normally) but when rebooted it formats vita. Also it can access psp2bootconfig.
    And last: Psvita is able to connect to wifi and access net. (at boot)
    So there is a way to make a ransomware for playstation vita/tv.
    So pay attention.
    To devs: can u create pls a plugin/app that checks the bootconfig.txt?
    Edit1: Wat happens if i delete psp2bootconfig.suprx? You can still access safemode? -- no
     
    Last edited by SKGleba, Jul 6, 2017
  2. yifan_lu

    yifan_lu @yifanlu

    Member
    663
    1,387
    Apr 28, 2007
    United States
    Look if you install a kernel/shell plugin, all bets are off. You need to disable safe homebrew to even get there. It's like if you're on Windows and you type in your admin password to install a driver. There's nothing Windows can do to stop yourself from shooting your own foot. Maybe devs can write more security conscious plugins (for example taihen is written that way) but who's gonna force them?
     
  3. iCEQB

    iCEQB GBAtemp Advanced Fan

    Member
    682
    447
    Nov 2, 2013
    United States
    Just don't be the first to install apps that sound too good to be true :D
     
  4. SKGleba
    OP

    SKGleba O ja pierdole!

    Member
    299
    149
    Nov 11, 2016
    Poland
    Warsaw
    I mean u can place this in a real dump.
    (bootconfig and self renamed and hidden in /manual and when app starts it rename&place in correct folders.)
    As you were able to detect os0 string in eboot in this is a little harder. (cuz everything in self)
     
  5. Voxel

    Voxel u wot

    Member
    GBAtemp Patron
    Voxel is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    5,218
    5,965
    Jun 27, 2015
    United Kingdom
    England, UK
    Deleting boot_config.txt just defaults to the official boot config on os0. Restoring the Vita system while on Enso seems to do this (but doesn't completely uninstall Enso, so it allows you to reinstall the config via the installer as soon as you've set up the system again).
     
    MKKhanzo and SKGleba like this.
  6. SKGleba
    OP

    SKGleba O ja pierdole!

    Member
    299
    149
    Nov 11, 2016
    Poland
    Warsaw
    meh my bad, i mean psp2bootconfig.skprx
     
  7. MyLegGuy

    MyLegGuy Moron

    Member
    542
    331
    Nov 26, 2014
    United States
    But you still need it to be an unsafe homebrew for that, and nobody is going to install a closed source unsafe homebrew or game dump.

    If only GBAtemp let you edit posts.
     
    Last edited by MyLegGuy, Jul 6, 2017 - Reason: huh. Turns out, you can edit posts. What a world we live in.
    MKKhanzo likes this.
  8. SKGleba
    OP

    SKGleba O ja pierdole!

    Member
    299
    149
    Nov 11, 2016
    Poland
    Warsaw
    Yup but a lot of people have "unsafe homebrew" on
    I can edit.Just wanted to keep it clear
    Also enso install require "unsafe homebrew" on
     
    Last edited by SKGleba, Jul 6, 2017
  9. CMDreamer

    CMDreamer GBAtemp Regular

    Member
    299
    116
    Oct 29, 2014
    Mexico
    "Nobody" are just too many people out there... Plugins/homebrew should be as safe as possible from design, that's what a good developer must know. And yes, any "closed source" homebrew/plugin should be avoided. Game dumps are always closed source, no matter what.

    I would like Ensö to ID plugins (by a trusted developer's signature perhaps?) and recognize malicious one's just before installing/running them, so user would know beforehand and decide (at own risk) to install/run them.

    As always, homebrew and plugins must be downloaded/installed from secure sources and from well known developers. Sometimes a "novel" functionality is not worth the risk of bricking the system.
     
    cvskid likes this.
  10. Felek666

    Felek666 retarded memekid which no one likes

    Member
    3,520
    4,004
    Jan 3, 2017
    Poland
    reddit.com/r/satania/
    Just don't download "Free PSVita hacks" from the internet.
     
    Ikilledzeus likes this.
  11. SKGleba
    OP

    SKGleba O ja pierdole!

    Member
    299
    149
    Nov 11, 2016
    Poland
    Warsaw
    You can analyze plugin/app for "bricker" code (os0/vs0 string).
    But this only add a line to ur0:tai/bootconfig (or ux0) and copy the self to a specified place in ux0.
     
  12. CMDreamer

    CMDreamer GBAtemp Regular

    Member
    299
    116
    Oct 29, 2014
    Mexico
    So then, the risk is on configuring a hombrew/plugin to run on boot? May I ask if bootconfig.txt is "protected" somehow by Ensö from any "external" modification while booting and after? Shouldn't it be for exclusive use of Ensö? (Don't know that's why I'm asking).

    I know that running a plugin/homebrew on boot is a nice feature, but don't think is worth the risk of bricking.
     
  13. SKGleba
    OP

    SKGleba O ja pierdole!

    Member
    299
    149
    Nov 11, 2016
    Poland
    Warsaw
    Even if you totally break your bootconfig.txt you can restore via safemode.
    This is not a added feature, its just an load order.
    Also just encrypt/move safemode and you wont be able to do anything (ofc after infected boot)
    IDK about protection (it can be made) im not a dev of enso.
     
    Last edited by SKGleba, Jul 6, 2017
  14. MyLegGuy

    MyLegGuy Moron

    Member
    542
    331
    Nov 26, 2014
    United States
    Homebrews are usually safe. If they aren't, they have a good reason to not be and are usually open source. Game dumps should always be safe homebrew, no exceptions. They're not really a problem.

    Safe homebrew can safely be downloaded from anywhere because it's safe homebrew. What you said only applies to unsafe homebrew.

    Yes, a lot of people have unsafe homebrew on. But you still get a notification when you try to install an unsafe one, so it's not like anybody will install one by mistake.
     
  15. SKGleba
    OP

    SKGleba O ja pierdole!

    Member
    299
    149
    Nov 11, 2016
    Poland
    Warsaw
    Only notif i get: This app has got access to ur personal info etc...
     
  16. MyLegGuy

    MyLegGuy Moron

    Member
    542
    331
    Nov 26, 2014
    United States
    That warning isn't enough for you?
     
  17. CMDreamer

    CMDreamer GBAtemp Regular

    Member
    299
    116
    Oct 29, 2014
    Mexico
    Game dumps are a problem actually, I do remember bricks coming from modified dumps. So then, I would suggest that game dumps get a signature (SHA-256 maybe?) from the trusted dumper on any site. And I mean the file itself (RAR, 7Zip, Zip and so on). So getting the file and comparing the signature would increase safety.

    Game dumps (from carts) are not homebrew (afaik) and they are closed source too.

    Everytime I get into a discussion here I learn more, thanks guys.
     
    MKKhanzo likes this.
  18. SKGleba
    OP

    SKGleba O ja pierdole!

    Member
    299
    149
    Nov 11, 2016
    Poland
    Warsaw
    Just make a eboot.bin which will make the job and start second eboot with game. (like enso bypasser/crack works)
    sigs:
    OFC but who will want to check sig
     
  19. CMDreamer

    CMDreamer GBAtemp Regular

    Member
    299
    116
    Oct 29, 2014
    Mexico
    Anyone getting the file. I would do it if that would increase my Vita's safety and reduce the bricking risk.
     
  20. SKGleba
    OP

    SKGleba O ja pierdole!

    Member
    299
    149
    Nov 11, 2016
    Poland
    Warsaw
    But if you download a lot...
    Also IDK if all sites, hosters with those files suddently deleted them from servers and wait for new dumps with sigs