Video: PS Vita Dual Firmware Boot Proof-of-Concept Demo Arrives
Today Sony PlayStation Vita hacker Katsu released a VPS Vita Dual Firmware Boot Proof-of-Concept demo video with details below.
To quote: It didn’t take long for Yifan Lu’s investigations to become useful for other hardware hackers! Our community member katsu, guided by Yifan’s precise description of the Vita’s NAND pinouts, was able to hack his PS Vita in order to boot from a previous firmware, technically performing something very similar to a downgrade. Check the video below, it’s cool and full of “electronicsporn”, like your favorite cyberpunk movie.
What katsu did was dump his firmware 2.12 (on the NAND), probably using Yifan Lu’s technique. He then copied that Firmware dump to an SD card. In the meantime, he upgraded the PS Vita to firmware 3.01. On the video, you see him inserting his SD card in a reader connected to the Vita. The Vita then reads the content of the SD card (the firmware 2.12 he dumped earlier) instead of its own 3.01 NAND.
What the hell does all of that mean? First of all, that Yifan Lu’s little experiment in the hardware world is proving successful, by providing inspiration and documentation for other talented hardware modders.
Secondly, that downgrading a PS Vita is a possibility under certain conditions: what the experience proves here is that technically your Vita is able to go back to a firmware that was previously installed on it. This might sound obvious, but it means that installing firmware 3.01 did not “change” anything that would make the Vita backward incompatible with its previous firmwares. That’s something that eventually Sony could change, but for now this is promising.
Now don’t get me wrong, this doesn’t mean downgrading a Vita will become mainstream overnight! The hardware modifications required here are pretty big for now, and more importantly, this would only work with a NAND dump of your own Vita, as it is very likely that the NAND encryption key is specific to each console. One wouldn’t be able to downgrade to someone else’s firmware.
What this means though is that today, someone with cheap hardware and the required skills could dump their Vita 3.01 NAND, upgrade to Sony’s next firmware to get all the benefit of the PSN, and boot from firmware 3.01 again whenever they feel like running Total_Noob’s Custom Firmware again.
Here again, I am making this sound a bit better than it really is. Katsu did not prove it was possible to write anything back to the NAND, just that he is booting the firmware from an external reader, which according to him takes 10 minutes. Not something very practical for now.
Nevertheless, this is pretty exciting, and could be the first (second?) step in some cool Vita hardware hacks. Let’s see how this develops!
Dumping Games from PS Vita Cartridges Now Possible by Katsu
Following up on the previous PS Vita Dual Firmware Boot PoC demo, today Sony PlayStation Vita hacker xmax katsu has made available details on dumping games from PS Vita cartridges.
Below are the details, as follows: Dumping games from PS Vita Cartridges is now possible! - The beginning of piracy?
After Yifan Lu’s great hardware reports about the PS Vita, its motherboard and its nand, our user Katsu found a way for dual booting the PS Vita, which can kind of be seen as a downgrade solution.
But that is not everything that he was able to do. Katsu is on fire and also looked at the Vita cartridges... see below for some more electronics joy!
PS Vita Cartridge dumps now Possible - Does this enable piracy?
Katsu seems to be able to dump a PS Vita cartridge - you know, those tiny physical modules that contain PS Vita games, a cartridge, like we know them from the Nintendo DS and 3DS - and is therefore able to retrieve the games in the format how they are at the cartridge itself, instead of as a .PKG, like you get them via PSN, or encrypted for the CMA backup, like you get them via the PS3 or PC backup method.
This does not imply that the files from the cartridge are decrypted, that would be a pretty big security flaw for Sony, but we might be able to do more with these files, than we could do with the files as a .PKG or in the backup format.
Keep in mind that this will require hardware modification, and that there is currently no software solution for this. Do not try it yourself, except if you are experienced in hardware modding!
But do those cartridge dumped files enable piracy at our beloved PS Vita? Well, currently there is no way to install PS Vita games without the help of a PC (backup), a PS3 (backup/PSN) or the PSN, so we can say that this does not enable piracy at a PS Vita, ... yet.
There might be a possibility to use these cartridge dumps for piracy in the future, but before that happens, more knowledge of the PS Vitas file system would be needed, instead of just the current ePSPs file system. There also would need a way to fake these dumps as cartridges, since (digital/) PSN versions of games are account bound and need a valid license file.
Piracy is currently, thank god, not possible on the PS Vita, and we, at least I, hope that this will stay like that for a long time.
Finally, from KanadeEngel: PS Vita Memory Card Analyze
The french Dev "tomtomdu80" gave me his Trick to understanding more from the vita side!
So yeah here is the root dir from ux0:/ (and no it's not a new news)
i'll want now begin to decrypt a few things but yeah most of the data are useless
Following up on his previous update, today Sony PlayStation Vita hacker xmax katsu (twitter.com/xmaxkatsu) shared news of a Micro PS Vita eMMC NAND Reader, Dual NAND update, a PlayStation Vita PKG install glitch and more below!
First choose a game from your vita download list and begin downloading.
Stop it at about 1-2 MB.
Check the size from Charles proxy.
When the download is paused at charles proxy, remap the downloading pkg to another local pkg.
Resume the download.
The download will restart from beginning with the pkg file you chose.
It will write over the eboot file which was installed during the first pkg.
Your results may vary please try different psp pkgs and vita pkgs with this method, only pkg files with smaller size than the game you choose in the download list will install. I tried it with tiny hawk original eboot.pbp is 5.7 mb but it works even though i stopped it at 1.9 megabytes and probably there will be errors in next levels trying it with debug eboot files might give interesting results.
PS Vita installs the .pkg files to NAND simultaneously, when the file is being downloaded from the server it makes the extraction of the pkg on the fly.. after the download finishes, extracted contents are copied from NAND to vita memory card.
upsss!!! ux0:app/PCSB00160 (linked above)
Micro Psvita eMMC Nand Reader
Dual NAND: R/W=8/3MB/s R=12min W=25min 2.05>2.06>2.05 rewritable onboard NAND setup using vita usb out