PlayStation Vita Memory Cards Dumped by Mr.gas and Tomtomdu80
Today Wololo reports that PS Vita hackers mr.gas and tomtomdu80 have dumped Sony's PlayStation Vita Memory Cards with details below.
To quote: Progress on the native side of the Vita hacks is rare, so news like the one we are seeing today is always welcome:
Talk member mr.gas announced today that him and tomtomdu80 (whom you might remember for his VHBL port on Apache Overkill last year) were able to dump the contents of a PS Vita memory card. Although they are not sharing this content publicly for obvious reasons, they have given reasonable proof that their work is totally legit.
This is the first time we see such a dump being announced publicly, since developer katsu released technical documentation on how to copy Vita game cartridges' content more than 6 months ago. Keep in mind that his announce was for game cartridges, while we are talking of a memory card here.
Sony uses proprietary memory cards on the PS Vita, which makes them virtually impossible to read without any additional hardware.
Additionally, it is believed the content on the card is encrypted, but mr.gas precised that a large majority of the content on the card is actually not.
Famous vita hacker Yifan Lu was quick to mention that the unencrypted content is more or less useless in the context of a vita hack, while the encrypted content is still, well, encrypted, and therefore useless “as is”. His comments in the thread seem to imply he has been able to read vita memory sticks content himself for a while now.
Nevertheless, the number of people able to read Vita memory cards today can probably be counted on one hand, so this is still exciting news.
As shown on mr.gas’s screenshot, the PS Vita memory card contains several folders, for which the content can in general easily be guessed:
Although it is ok to doubt this will help hacking the vita, this could still become useful in several ways:
It could for example be possible to copy/move content to the card without having to go through CMA, which could help transferring psp exploits and homebrews more easily than today. It might be possible to reassign the card to another account without formatting it.
It could be possible to handle backups, and in general, everything that CMA does, directly with a third party card reader connected directly to the PC. It might be possible, in general, to tweak a few things here and there for fun and profit, simple mods for the console (icons, etc...)
1/1/1970 is the Unix Epoch. Time on a Unix system is calculated as the number of seconds that have elapsed since midnight on 1/1/1970. This is actually a very effective way to deal with timezones and daylight savings time.
Last edited by Kraken; 07-27-2014 at 12:54 PMReason: Automerged Doublepost
Also below are some videos from SMOKE587 and from Reprep (via wololo.net/2015/04/08/%E2%98%85package-installer-through-webkit/):
Package Installer through WebKit
Do you remember the last time you heard about the WebKit exploit of Vita? Was it the Pong? It seems our good friend SMOKE is baking something.
It has been sometime since the WebKit on Vita has been exploited. This WebKit exploit works up to 3.20 firmware. Even though the progress continues, we rarely hear about it. If you are following SMOKE on twitter, you must have noticed he is into Vita hacking lately.
He posted a video where he manages to open Package Installer through WebKit. I can already hear you saying we can run Package Installer through the e-mail application. That is true, but the e-mail application was introduced in Vita Firmware 2.00, and this is confirmed to work on 1.80. Without further ado, i present you the video:
You can contact SMOKE through his twitter account, he says he can share the script if you have a 1.80 Vita.
For more info about the WebKit exploit, visit the thread on /talk or go to the github page (github.com/Hykem/vitasploit) of Vitasploit.
Update: Even though the article isn’t wrong, I should make a clarification. The links I gave is for the “Vitasploit” (github.com/Hykem/vitasploit), it works for firmwares “2.02, 2.12, 3.00, 3.01, 3.15 and 3.18″ firmwares. SMOKE uses ROPTool (bitbucket.org/DaveeFTW/roptool/downloads) which supports “1.50, 1 .691 and 1.80/1.81″ firmwares. Thanks to Davee and SMOKE for the clarification.