PlayStation Vita Memory Cards Dumped by Mr.gas and Tomtomdu80
Today Wololo reports that PS Vita hackers mr.gas and tomtomdu80 have dumped Sony's PlayStation Vita Memory Cards followed by releasing a PS Vita EML File Generator and VitaMailWriter with details below.
To quote: Progress on the native side of the Vita hacks is rare, so news like the one we are seeing today is always welcome:
Talk member mr.gas announced today that him and tomtomdu80 (whom you might remember for his VHBL port on Apache Overkill last year) were able to dump the contents of a PS Vita memory card. Although they are not sharing this content publicly for obvious reasons, they have given reasonable proof that their work is totally legit.
This is the first time we see such a dump being announced publicly, since developer katsu released technical documentation on how to copy Vita game cartridges' content more than 6 months ago. Keep in mind that his announce was for game cartridges, while we are talking of a memory card here.
Sony uses proprietary memory cards on the PS Vita, which makes them virtually impossible to read without any additional hardware.
Additionally, it is believed the content on the card is encrypted, but mr.gas precised that a large majority of the content on the card is actually not.
Famous vita hacker Yifan Lu was quick to mention that the unencrypted content is more or less useless in the context of a vita hack, while the encrypted content is still, well, encrypted, and therefore useless “as is”. His comments in the thread seem to imply he has been able to read vita memory sticks content himself for a while now.
Nevertheless, the number of people able to read Vita memory cards today can probably be counted on one hand, so this is still exciting news.
As shown on mr.gas’s screenshot, the PS Vita memory card contains several folders, for which the content can in general easily be guessed:
Although it is ok to doubt this will help hacking the vita, this could still become useful in several ways:
It could for example be possible to copy/move content to the card without having to go through CMA, which could help transferring psp exploits and homebrews more easily than today. It might be possible to reassign the card to another account without formatting it.
It could be possible to handle backups, and in general, everything that CMA does, directly with a third party card reader connected directly to the PC. It might be possible, in general, to tweak a few things here and there for fun and profit, simple mods for the console (icons, etc...)
PS Vita EML File Generator:
TomTomDu80 has updated the Tool after the release of this method and added support for mutiple files at one *.eml file.
Rough translation (via customprotocol.com/underground/vita-ecrire-su-memoire-vita-simplicite-write-easily-anywhere-on-vita-memory-card/)
Download: EML-File-Generator.zip / EML-File-Generator.zip / EML File Generator 0.2 MailWriter.exe / EML File Generator 0.2 Source code (zip) / EML File Generator 0.2 Source code (tar.gz) / EML File Generator 0.3 MailWriter.exe / EML File Generator 0.3 Source code (zip) / EML File Generator 0.3 Source code (tar.gz) / EML File Generator 0.4 MailWriter.exe / EML File Generator 0.4 Source code (zip) / EML File Generator 0.4 Source code (tar.gz) / VitaMailWriter GIT
Download and extract the above archive in a specific area of your computer (on the desktop, for example). Then find the software "MailWriter \ MailWriter \ bin \ Release \ MailWriter.exe" and run it. A window should open.
Only 2 small fields are to be completed:
- File: the file that will replace the target file on the memory card
- Path: the path to the target file. Note: the path to the "emotional PSP" is in "ux0: pspemu /" (= "ms0")
- Generate: click the button to generate the desired EML file
It'll just open it through Thunderbird or Outlook and sent to the email address attached to the application "E-mail" the console and then open it.
Find your message including your famous attached file and open it. An error should appear on the screen: do not press OK especially not at the risk of deleting the file from your memory card!
Quit simply and brutally application without asking your rest.
Congratulations: the file from your memory card has been changed correctly!
This is just a little update to support multiple files in a single email.
This release provides optimizations and ability to remove a file from the file list in the tool. Thanks to MysteryDash.
Added a Drag & Drop Handler to the VitaMailWriter
More PlayStation Vita News...
1/1/1970 is the Unix Epoch. Time on a Unix system is calculated as the number of seconds that have elapsed since midnight on 1/1/1970. This is actually a very effective way to deal with timezones and daylight savings time.
PS Vita Beta Package (PKG) File Installation on Retail 3.15 POC Details
Following up on their previous update, today PlayStation Vita developer tomtomdu80 shared details on installing a PS Vita Beta Package (PKG) File on a Retail 3.15 POC below.
To quote: Here is just a POC of beta pkg installation (these native pkg encrypted with PSP AES keys), we can actually install them on 3.15 !
Here is the proof (uncharted_portable.pkg is a beta pkg which can be found in the leaked SDK):
If any dev from PS3 scene or good with PKG file format wants to join the party, we'd love to work on PKG generation
Feel free to contact us ! Twitter: frtomtomdu80 and GodmanGen
Also below are some videos from SMOKE587 and from Reprep (via wololo.net/2015/04/08/%E2%98%85package-installer-through-webkit/):
Package Installer through WebKit
Do you remember the last time you heard about the WebKit exploit of Vita? Was it the Pong? It seems our good friend SMOKE is baking something.
It has been sometime since the WebKit on Vita has been exploited. This WebKit exploit works up to 3.20 firmware. Even though the progress continues, we rarely hear about it. If you are following SMOKE on twitter, you must have noticed he is into Vita hacking lately.
He posted a video where he manages to open Package Installer through WebKit. I can already hear you saying we can run Package Installer through the e-mail application. That is true, but the e-mail application was introduced in Vita Firmware 2.00, and this is confirmed to work on 1.80. Without further ado, i present you the video:
You can contact SMOKE through his twitter account, he says he can share the script if you have a 1.80 Vita.
For more info about the WebKit exploit, visit the thread on /talk or go to the github page (github.com/Hykem/vitasploit) of Vitasploit.
Update: Even though the article isn’t wrong, I should make a clarification. The links I gave is for the “Vitasploit” (github.com/Hykem/vitasploit), it works for firmwares “2.02, 2.12, 3.00, 3.01, 3.15 and 3.18″ firmwares. SMOKE uses ROPTool (bitbucket.org/DaveeFTW/roptool/downloads) which supports “1.50, 1 .691 and 1.80/1.81″ firmwares. Thanks to Davee and SMOKE for the clarification.
Both use the WebKit vulnerability.
More PlayStation Vita News...
This is great to hear but haven't they been able to do this for ages already? I was waiting for a public release on how but I guess we'll have to keep waiting.
I just want to install Crackle its its not available in the local store on any $ony console. Its available on every other device here but PS3/4/Vita