Hacking (Warning)Vita Vpks that Brick your vita are surfacing online! (Warning)

[Abu_Senpai]

Some people want to see the world burn.

This news is really sad. I've seen a lot of victims in reddit because of this release.

I feel you man. I too have seen those affected over on Reddit!

But then the ultimate question is this?

Did they deserve it? I myself see two answers to said question

1st Answer= Well, They were pirating so they should have foreseen that there might be risks related to bricking if they are installing random .Vpks from stangers.
2nd Answer= Despite them pirating vita games, they diddnt deserve to have their vitas bricked permanently!

Regardless of what answer people wanna go with. The reality of the matter is that Yes it happened and it YES could happen again if people aren't careful enough when Downloading/installing .vpks.

I myself believe that the following "Patience is a virtue" should be used whenever a new dump is uploaded on the net.

 

[ov3rkill]

@Abu_Senpai
Yeah, I totally agree.

People should be cautious when it comes to piracy. Malwares are all over the scene even in PC, Android, iOS, PSP, 3DS, etc.
I am just appalled at these developers wasting time developing malicious softwares. Heck, what's worse are those official apps taking your private information.

 

[einhuman197]

Sounds like the good old CrashMe, I LOVE it .

 

[Tony_93]

"Well, let's say you can't cry foul when you been playing dirty yourself..."
Implies you deserve it..

No, it implies that if you go around installing shit you shouldn't and then you get hit there is no one to blame but yourself for not being careful... Just like downloading infected android apks, just like downloading craked windows or office apps from the internet, just like downloading from torrents... Most people will have no problems, some people will get all kinds of viruses on their PC's.

As I said before I have pirated in the past too and always knew all the risks that it brought when I did.

If you play with fire you may or may not get burned, but when you do you can't go around crying like a lil brat that you did.

Wether or not it happens to you, you have to do it at your own risk from the start, that's not impliying you deserved it.

Go back to reading comprension class ok

 

[thealgorithm]

One question. If the VPK is marked as safe, is there absolutely no way the game/application can still somewhat override this permission and cause a brick? I would assume later on down the line, this type of brick method would get more sophisticated.

 

[einhuman197]

When you have the permissions to launch stuff, you can automatically edit the nand. That's how consoles work.
Both need kernel, you have kernel.

 

[Alex658]

Well if you only use safe homebrews, you won't be able to brick your vita ever. But I didn't know that the mai people never implemented the checks. They might not have known about it. But that's on them.

svcBackdoor lets you run kernel code from homebrew. A big security hole that just begs for someone to write a bricker. I don't know which cfw doesn't do it, so I don't have any recommendations.

But this changed in version 11.0, right?
Some CFW re-enable it but take it for an example, Luma3DS gives you the option whether to re-activate it, or not. As long as that option is disabled users should be safe. Not even sure if arm11 code alone can wipe the firm protections without control of the arm9. But i know that arm9 can blow the firm protections out of the window on any moment, and leave you with a pretty paperweight if it's not hardmodded.

 

[thealgorithm]

This post was in regards to vita bricking. For the 3DS it should be more secure with A9LH

 

[yifan_lu]

This post was in regards to vita bricking. For the 3DS it should be more secure with A9LH

No, the 3ds equalivant of "unsafe homebrew" can just as well fuck up your system. Maybe not wipe the nand, but other things can make your device just as unplayable.

 

[Aurora Wright]

svcBackdoor lets you run kernel code from homebrew. A big security hole that just begs for someone to write a bricker. I don't know which cfw doesn't do it, so I don't have any recommendations.

svcBackdoor was there in kernel11 up to 10.7 though (10.4 FIRM). Nintendo then removed it on 11.0 because it made kernel exploits easier to write and it was unused by official stuff anyway. Cfws re-add it because several homebrews use it and thus break on >= 11.0 (like NTR cfw and emulators). It's not a cfw-only feature.

 

[Vlad_78]

what's up guys? someone could help me with this playstation tv?
http://gbatemp.net/threads/as-i-con...52-on-my-pc-by-qcma-3-12.439313/#post-6630553

This came from my zenfone GO using fuckstaka

 

[yifan_lu]

svcBackdoor was there in kernel11 up to 10.7 though (10.4 FIRM). Nintendo then removed it on 11.0 because it made kernel exploits easier to write and it was unused by official stuff anyway. Cfws re-add it because several homebrews use it and thus break on >= 11.0 (like NTR cfw and emulators). It's not a cfw-only feature.

I know I'm just saying that people shouldn't be mistaken that 3ds homebrew cannot harm their system.

 

[Pokem]

This is bad. How do we know the dumps are good?

Spoiler

DinduStuffin 17 points 2 days ago*

For those who want a simplified version of what happens, here's the gist of it.

1) Kung Fu Bunny/Fruit Ninja mount your VS0 and OS0 partitions for modification. In English, this means that it gains access to your Vita's operating system and the software on it that makes it operate, including stuff like recovery/safe mode.

2) It erases everything on it, rendering the Vita completely unrepairable and unable to boot. There is absolutely NO way to recover from this whatsoever.

The best security measure I can think of is to download VPK files, then open them up with 7zip, and look at any .suprx file with Notepad++ and CTRL+F search for OS0: , vshPowerRequestColdReset, and vshIoMount. If you find any of these, especially the first two, you have a malicious .suprx file and should NOT under any circumstances install the .vpk.

I'll try to think of a simpler solution, but this is pretty much the only one I have in mind. Maybe moderators could look at VPKs for malicious content and report them? I don't know, maybe some sort of screening process before VPKs can be posted would be a good solution here.

Sorry if my explanation wasn't very simple.

This is what I found while searching up things regarding this situation.

 

[wzzzzt]

Just to confirm, can I convert dumped VPKs to safe mode without losing any major functionality? I'd like to be able to run games with plugins if possible.

 

[Abu_Senpai]

BUMP:

UPDATE 6th October 2016:

This morning, a new bricker was released, masquerading as a homebrew recreation of Duck Hunt. The eboot was again marked unsafe, and was obscured from the checking mechanisms detailed below. The functions used were given dummy names and the os0: string was built while the program was running rather than being present in the file to begin with. The same basic method was used as the two previous methods but the obfuscation meant that just searching in the file wouldn’t show the issue, and the method that MaiDumpTool uses when installing does not detect it or throw an error upon trying to install an unsafe eboot. Currently all I can suggest is using SafeDump to make the eboots safe, this should remove most of the risk, but I stress again do not install things from unknown/new users, or at least wait for confirmation from more trusted members of the community.

Good Luck

 

[SonsofOcelot]

BUMP:

UPDATE 6th October 2016:

This morning, a new bricker was released, masquerading as a homebrew recreation of Duck Hunt. The eboot was again marked unsafe, and was obscured from the checking mechanisms detailed below. The functions used were given dummy names and the os0: string was built while the program was running rather than being present in the file to begin with. The same basic method was used as the two previous methods but the obfuscation meant that just searching in the file wouldn’t show the issue, and the method that MaiDumpTool uses when installing does not detect it or throw an error upon trying to install an unsafe eboot. Currently all I can suggest is using SafeDump to make the eboots safe, this should remove most of the risk, but I stress again do not install things from unknown/new users, or at least wait for confirmation from more trusted members of the community.

Good Luck

Damn...

Like I just posted in the other thread on this I think I'm gonna just wait on the scene groups to do their thing. I may still try random vpks if they are marked safe but until this settles down I'll go back to my wii and GameCube for a while. I got a bit of a safe backlog to tide me over for a while anyways.

 

[Abu_Senpai]

Damn...

Like I just posted in the other thread on this I think I'm gonna just wait on the scene groups to do their thing. I may still try random vpks if they are marked safe but until this settles down I'll go back to my wii and GameCube for a while. I got a bit of a safe backlog to tide me over for a while anyways.

Yeah man i feel ya but LUCKILY i have like 35 dumps which all work on vitamin so im kinda preoccupied on them or i will when i beat SMT IV and its unrelated midequel

 

[shadowcopalypse]

Would credibility be found with Nico's blog?

I've not tried any of the vita stuff but everything else works like a charm.

ibid - I'VE NOT TRIED ANY OF THE VITA STUFF.

 

[shadowcopalypse]

So an article over at the above mentioned has VPKShrink listed -- Check the bold text below

VPKShrink is a software that automatically extracts our “[GameID].vpk” files into 2 differet objects:
-The first is a small “Install-[GameID].vpk” that will be installed with VitaShell and will set the ground for
-The “[GameID] Folder“. This folder contains the game data and we just have to move it with VitaShell to the correct place.

So, into the actual install we go:

1) Take your “[GameID].vpk” and drop it over VPKShrink, a window will open:
-Change to Safe Mode? Y > This will make the vpk safe and you won’t risk briks when you install.


Once again I've not tried this but it looks promising.

 

[Onepunchbruh]

BUMP:

UPDATE 6th October 2016:

This morning, a new bricker was released, masquerading as a homebrew recreation of Duck Hunt. The eboot was again marked unsafe, and was obscured from the checking mechanisms detailed below. The functions used were given dummy names and the os0: string was built while the program was running rather than being present in the file to begin with. The same basic method was used as the two previous methods but the obfuscation meant that just searching in the file wouldn’t show the issue, and the method that MaiDumpTool uses when installing does not detect it or throw an error upon trying to install an unsafe eboot. Currently all I can suggest is using SafeDump to make the eboots safe, this should remove most of the risk, but I stress again do not install things from unknown/new users, or at least wait for confirmation from more trusted members of the community.

Good Luck

So you suggest us to use maidumps instead of vitamin?

 

[Abu_Senpai]

So you suggest us to use maidumps instead of vitamin?

I would recomend Vitamin to the People who want to play the following :

Assassin's Creed III: Liberation (G)
A.W: Phoenix Festa (G)
Conception II: Children of the Seven Stars (G)
Criminal Girls 2: Party Favors(G) Danganronpa Another Episode: Ultra Despair Girls (G)
Dengeki Bunko: Fighting Climax (G) Digimon Story: Cyber Sleuth (G)
Dead or Alive Xtreme 3: Venus (G) Dungeon Travelers 2 (G)
Freedom Wars (G)
Gal*Gun: Double Peace (G)
God of War Collection (G)
Gravity Rush (G)
Hyperdimension Neptunia Re;Birth 1 (G)
Hyperdimension Neptunia: Producing Perfection (G)
Hyperdimension Neptunia U: Action Unleashed (G)
Killzone: Mercenary (G)
Moe Chronicles (G)
One Piece: Burning Blood
Persona 4: Golden (G)
Persona 4: Dancing All Night(G)
Phantasy Star Nova(G)
Physco Pass Mandatory Happiness (G)
Resistance: Burning Skies (G)
Ray Gigant (G)
Steins;Gate (G)
Street Fighter X Tekken (G)
Sword Art Online: Hollow Fragment (G)
Tokyo Twilight Ghost Hunters
Ultimate Marvel vs. Capcom 3 (G)
Uncharted: Golden Abyss (G)
Uta No Prince Sama 3 Music 3 (G)
Valkyrie Drive: Bhikkhuni (G)
Yakuza 0 Vita App

(G)= that i own said game

Sorry about the (G) thing its due to the fact that i copied the list from my backlog

But yeah if your ONLY intrested in them then YES i personally would say Vitamin Over MaiDump.

But Mai is what most of the people like so yeah not much i can say tbh