How the Sony PS VITA Security Was Defeated | MVG

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

This reminds me of the super-forced product placement of the PS VITA in the Netflix series, House of Cards.

Kevin Spacey's character was like "Is that a PS VITA**? I have ALL the games." or something ridiculous like that. And, I was thinking Frank must really love JRPGs and other obscure JP titles because that's all I can think of that was worth playing on the PS VITA during the time that episode aired lol. Fitting for a man scheming and back-stabbing his way to President, I guess?

Anyway, I enjoyed my time with the PS VITA, if only because it got me into Persona and was a Persona 4 Golden machine practically. I played Uncharted, Teraway, and some other non-JRPG games on it though. After I hacked it, I pretty much just used it for emulation much like the PSP before it.

It was good hardware crippled by its propeitary memory card, lack of long-term game support besides ports and JRPGs. I suppose the Nintendo 3DS's success and the phone/tablet games also hurt it too. Not sure if I'd like to see a successor to it, and besides Sony is more focused on the PS5 and the next PSVR headset.

👍︎︎ 80 👤︎︎ u/CitizenJoestar 📅︎︎ Feb 14 2022 🗫︎ replies

Vita is my favorite system of all time and I will shill it to the ends of the earth. I own 6 of the suckers.

👍︎︎ 35 👤︎︎ u/ArokLazarus 📅︎︎ Feb 14 2022 🗫︎ replies

If it removed the back touch, got rid of the OLED display earlier, used micro SD cards instead of their own crazy expensive ones and lowered the overall price probably would have done a lot better. The price along with the lack of big exclusives killed it, the back touch and the memory cards I would say were the biggest factors those two things alone made it so expensive for no reason.

👍︎︎ 30 👤︎︎ u/No_Addition_2637 📅︎︎ Feb 14 2022 🗫︎ replies

I still have an old OLED gen 1 PS Vita, and I’m eventually gonna get around to turning it into the ultimate emulation station.

👍︎︎ 3 👤︎︎ u/katiecharm 📅︎︎ Feb 14 2022 🗫︎ replies

So thankful for that. With the 3ds it's the best way to play gba games and snes games. Especially since the vita and 3ds are way more portable then the switch.

Also you can play ps1 games and psp games.

👍︎︎ 7 👤︎︎ u/Nibelungen342 📅︎︎ Feb 14 2022 🗫︎ replies

Great video, I'm always amazed how people break through the security of major devices. Coincidentally I just modded mine a week ago and loving it. I think I'll let my Switch gather dust for a few months.

👍︎︎ 1 👤︎︎ u/clouds31 📅︎︎ Feb 14 2022 🗫︎ replies

I modded my PSP and it was awesome. I was waiting for the Vita to become hackable before getting one, but the Switch came out and made it obsolete - though I'm waiting for Nintendo to drop support before I hack mine.

👍︎︎ 1 👤︎︎ u/samus12345 📅︎︎ Feb 14 2022 🗫︎ replies

The Vita really highlighted to me how inconsequential the very vocal hardware fanatics and Sony fans were back in 2011 on the internet, at that time calling it the end for the Nintendo 3DS as some pretender to a portable console that could play "real" games. It's clear most gamers don't care about specs and it's all about the games, plus not being too expensive, the 3DS being so incredibly inferior technologically yet it still sold infinitely more.

Unfortunately Sony itself didn't want to invest much in the Vita over it's mainline consoles and cursed it with a high price from the OLED screen and proprietary memory cards. It's hard for most system to recover from a bad launch and honestly Sony let it wither and die.

👍︎︎ 1 👤︎︎ u/Cattypatter 📅︎︎ Feb 15 2022 🗫︎ replies

Captions

[Music] the sony playstation vita is an amazing handheld not only its impressive lineup of games but it also boasts some excellent hardware and features which pioneered handheld gaming as we know it today the vita was officially discontinued by sony in 2019 however there is a very strong community still making games for it both commercially on the playstation store which is still running as of the making of this episode but also and more importantly its homebrew community with some really amazing works that keep coming out games ported over from android such as gta san andreas bully and even battlefield bad company too and there are others that are being developed while sony left the vita to die security researchers ensured that it would live on it's really easy to exploit a vita these days and you can run these exploits on any revision of the vita hardware including the playstation tv with any firmware in a matter of minutes but how was the vita security defeated it's easy to assume that it was just an update from the original psp but things weren't that simple in fact the path to exploiting and defeating security on the vita would be quite complex and for years it was thought that maybe it would never be hacked compared to the psp which has a rich history of exploits over its lifespan this time around sony did their homework noting the failure of both the psp and ps3 security systems they would double down on the architecture to ensure the same mistakes were not made to put it simply the sony playstation vita had the most sophisticated security mechanism that was ever developed by sony at the time so what ended up going wrong the playstation vita was originally released in 2012 and it was a significant update from the earlier psp it featured a quad core arm cortex a9 cpu quad core gpu the power vr sgx 543 with 512 megabytes of memory on board and 128 megabytes of vram it would also feature a 5-inch oled display with touch capabilities both front and rear cameras stereo sound a rear touch pad as well as six axis motion sensing and a battery life of three to five hours while in game if we take a look at the vedas motherboard the first clue that sony really beefed up security would be the main soc the cxd 531 5g this single soc embeds the cpu gpu dram vram io and a custom security processor all in one chip because the dram is embedded this means that traditional memory dumping techniques would be off the table compare that to the psp where the first 1.0 version ran unsigned code out of the box and its firmware kernel was all unencrypted it was very quickly determined that the veda would pose more of a significant challenge but of course where there is a will there is a way and the first obvious attack vector would be the psp emulator that runs on the vita as we know the playstation vita is fully backward compatible with the psp but it's entirely running in a sandbox completely isolated the earliest vita exploit was in 2012 and based on the older psp hack that was known as the half byte loader by effectively running the same exploit on the vita with a psp game that's vulnerable to the exploits such as super collapse 3 it allows unsigned code execution inside the psp emulator a good first start perhaps but extremely limited it would also be very easy for sony just to pull any game that was vulnerable to this exploit off the playstation store and effectively shut off the supply what made the veda difficult to exploit in the early days was for the most part that the system was a black box everything important was embedded in the soc all data was encrypted there was no way of dumping the contents of memory and there was no way to exploit the hardware via usb sony did their homework and any exploit found would take some sophistication with the launch of the veda sony would be exploring the mobile space and looking to gain a market share then president and ceo kaz harai wanted to bring vita games to smartphones and other devices and around april of 2012 sony would announce playstation mobile this would offer developers a free sdk which would allow them to create apps and games for the vita and other playstation certified devices such as the xperia line of smartphones developers would only need to pay a 99 per year contract and it would allow them to sell their games on the playstation store a wholly owned platform built on the company's strengths in gaming could provide a key differentiator as sony would expand its mobile operations this initiative ultimately did roll out but was eventually shuttered in 2015. playstation mobile or psm would also run in a walled off sandbox but it ran within the confines of the vita rather than the psp emulator so this would be a good pathway to find an exploit or at the very least attempting to dump the vita's memory security researcher euphon liu would go about exploiting the vita by the way of psm and the framework that it uses known as mono mono is effectively an opensource.net framework that can be ported and run on many different platforms this makes it possible to run.net c-sharp applications on many other devices for example since mono was open source ifan liu would browse the mono source code and look for code that could be exploitable once one was found he would develop a tool that would dump the piers feeders ram a very vital first step but the second would be the breakthrough that was the first blow to the vita's security system the mono c-sharp compiler uses just-in-time compilation to arm native code this means that psm must have some memory that allows for code execution after many attempts of trial and error and pushing payloads into memory ifan liu was able to run native unsigned code on the vita based on these discoveries a tool known as the uv loader or the user land vita loader was developed and this would be the first working native code homebrew all the way back in 2012 but unfortunately because there was no open source homebrew sdk for the playstation vita at the time the uv loader did not get the response that was anticipated and unfortunately because yifan released the source code sony would then look at the source code to secure their system in later updates and make the user mode code much more harder to break now it's worth mentioning while all this was happening behind the scenes ifan and other security researchers who would later be known as team molecule would continue to focus their attention on the veda making discoveries on both the hardware and software side and these discoveries would become very important later on it was 2015 when the vita finally saw a new land exploit known as rejuvenate it was an iteration of the earlier psm and uv loader work that ran native vita homebrew once again but this time it required a playstation mobile development assistant to run sony had announced that in 2015 they were ending the psm service see ifan liu would release the exploit to the public and this was the real first step into the world of homebrew on the vita for many but it had its limitations the exploit required tethering to a pc a windows pc to be specific for psm and a usb connection but again without homebrew support there would be not much interest fortunately this time around the first versions of the ps vita open source sdk would be released resulting in some early emulators and homebrew for the system rejuvenate worked but it wasn't user friendly and had many limitations and many believed that this is where the end of the road would be for the veda but in august of 2016 ifanlu and team molecule would release hinkaku an easy to use homebrew solution that ran on any 3.60 firmware playstation vita including the pstv henkaku was much more user friendly than anything else before it it allows for homebrew packages to be installed in the vida's live area and installs a tool known as molecular shell that offers a file system that opens up an ftp server usb connectivity and allowing for the installation of any homebrew packages or vpk files henkaku would be the first kernel exploit for the veda it took advantage of known vulnerabilities that the team was aware of going all the way back to 2014. after the public release of henkaku sony would quickly patch these in 3.61 and fix the exploit and for a while a 3.60 firmware veda was what you needed to run homebrew around the same time team molecule had announced that their work on the vita was completed and they were stepping away from the scene many believe that this is the end of the story but security research of the flow would pick up from where the team left off first by porting henkaku to 3.65 and then offering h encore that worked on any capable 3.65 to 3.68 playstation vita and once again it was thought that a 3.68 firmware playstation vita would be the final version that was exploitable but the flow had other ideas releasing h encore 2 that is a fully chained kernel exploit for all vedas up to the most current firmware 3.73 during the development of h encore and h encore 2 the flow would also develop many other useful tools and applications such as adrenaline which is the psp emulator that uses a custom 6.61 psp firmware for playing old psp games and homebrew with zero fuss or midoru that allows you to downgrade a vita's firmware back to 3.60 or 3.65 and install enso a custom firmware for the veda that leaves it permanently hacked hinkaku and h encore are homebrew enablers which means that a tool needs to be run on each reboot of the playstation vita to run unsigned code with the launch of henkaku in 2016 and all the work that was done by the flow to bring homer enablers to any ps vita firmware it was the spark that needed to attract many homebrew developers to the vita and bring their emulators applications and home reports across there were many amazing ones and we've covered these on the channel before they say that the vita means life and the community has single-handedly kept the evita alive thanks to the many years of hard work from security researchers who love the hardware it's thanks to them that the vita and its games can be preserved forever as for me i still love the vita in 2022 it's an incredible handheld and i think there's still lots of life left in the hardware for many years to come but that will do it for today's episode let me know what you thought about it in the comments below and as always if you liked this episode don't forget to leave me a thumbs up and i'll catch you guys in the next video bye for now [Music] you

Info

Channel: Modern Vintage Gamer

Views: 239,837

Rating: undefined out of 5

Keywords: modern vintage gamer, mvg, sony, vita, ps vita, homebrew, henkaku, henkaku ps vita, thefl0w, playstation, mistakes were made, ps vita security, psm, playstation mobile, psp, playstation portable, hacking, modding, security, exploits, h-encore, yifanlu, team molecule, emulation, emulator, unsigned code, kernel exploit, userland exploit, half byte loader

Id: 7V5jKUO6qJg

Channel Id: undefined

Length: 12min 3sec (723 seconds)

Published: Mon Feb 14 2022