Great news! Hopefully this will lead to breaking outside the 'sandbox' and getting us native kernel access.
It's an exploit on the Vita, not the PSP.
I'm surprised that we're seeing this much progress so quickly.
This is very promising.
what vita demo do we need for this ?
Hopefully the PSVITA scene won't be full of drama like PS3 Scene. nice to hear some good news on vita.. good thing i give up on the ps3 scene.
Anyone know which demo yet?
Huzzah! The chances of me buying a PSV just went from 0.1% to 50%. Sony will play the usual cat and mouse game, but a lot of what will happen will depend on whether or not the Vita gets proper game support as they claim it will. The PSP scene sort of died out due to a severe lack of games.
i guess things are looking up for a lil HB love. lets see where this goes.
Is not a Vita Demo, the exploit is inside a PSP Game -___-
Sony's sceKermit Driver Surfaces via PSP Emulator on PS Vita
Following up on his previous PS Vita developments, today PlayStation Vita hacker Davee reports that he has discovered Sony's sceKermit driver which is a communication interface for the included PSP emulator.
To quote from his blog (linked above): "Turns out heís not just a green frog! So, Iíve been throwing this word around recently and itís probably about time I explain. Kermit, either a protocol or perhaps a funny name (see KIRK/SPOCK) is a communication interface for the PSP emu. Specifically it allows the PSP to talk to the host.
Now, I can tell there arenít as many developers here, so Iíll try to simplify for the curious minds but this stuff is pretty complicated. Iíll only explain the API in detail as the lower level still need a little bit of clearing up, but here goes.
Ok, Kermit is here so that the emu can communicate to the host to share resources and other vitality. Perhaps the primary reason is that of hardware; the PSP emu is excluded from many hardware devices. So kermit sets in and allows the system to talk to the vita in order to use the hardware. Blabbering aside, this is the hardware that kermit seems to be responsible for:
- Memory stick
- Flash filesystem
- Power Control
- ... more
Interestingly, the kermit communication isnít used for headphone remote or controller inputs.
In order to understand how kermit functions, itís important to explore the usage of the API. Starting with the power house tool:
[Register or Login to view code]
This function is the send command function. It accepts a kermit packet initialised to minimum 64 bytes (no args need to be filled) a command mode which describes the set of commands, cmd: the actual command; the number of args following the 16 byte packet header. It also allows you to pass a boolean value to allow callbacks when waiting for completion and a 64 bit response.
What is important to note is that the packet arguements are 64-bit wide (not 32) and little endian encoded. There is a maximum of 13 arguements that can be passed to the host.
Sometimes, it is needed to send more than the 13 arguements worth of data. This is where kermit provides an API for memory. Shown below:
[Register or Login to view code]
These function provide the fundamentals for data transmission to the host. sceKermitMemory_driver_AAF047AC is the staple command. It accepts a packet BEFORE transmission to host with the amount of args, a pointer to the input/output buffer and an indicator for the mode. This allows kermit to recieve the buffer of data when it processes the command, or have a place to output the data.
sceKermitMemory_driver_80E1240A and sceKermitMemory_driver_90B662D0 are the opposites of each other, providing input and output respectfully. This API is incredibly simple and is used to send multiple buffers to kermit prior and following a command.
These are pretty crap descriptions, but as you can see itís a very command and transfer sort of interface. You tell it you have data you want to give it, you signal it and then it tells you where itís put it.
There is some source code describing in more codey ways. Also there are small reverses of functions used in the kermit. As you can see it works on a sort of circular queue of semaphores in the core. Have a ďpeekĒ.
Thanks to Proxima + some1"
Finally, he also Tweeted the following: There is a bug in the vita. If you turn it upside down it zips the gsensor and runs xml format vita games. Really cool.
More PlayStation 3 News...