Video: PS Vita Dual Firmware Boot Proof-of-Concept Demo Arrives
Today Sony PlayStation Vita hacker Katsu released a VPS Vita Dual Firmware Boot Proof-of-Concept demo video with details below.
To quote: It didn’t take long for Yifan Lu’s investigations to become useful for other hardware hackers! Our community member katsu, guided by Yifan’s precise description of the Vita’s NAND pinouts, was able to hack his PS Vita in order to boot from a previous firmware, technically performing something very similar to a downgrade. Check the video below, it’s cool and full of “electronicsporn”, like your favorite cyberpunk movie.
What katsu did was dump his firmware 2.12 (on the NAND), probably using Yifan Lu’s technique. He then copied that Firmware dump to an SD card. In the meantime, he upgraded the PS Vita to firmware 3.01. On the video, you see him inserting his SD card in a reader connected to the Vita. The Vita then reads the content of the SD card (the firmware 2.12 he dumped earlier) instead of its own 3.01 NAND.
What the hell does all of that mean? First of all, that Yifan Lu’s little experiment in the hardware world is proving successful, by providing inspiration and documentation for other talented hardware modders.
Secondly, that downgrading a PS Vita is a possibility under certain conditions: what the experience proves here is that technically your Vita is able to go back to a firmware that was previously installed on it. This might sound obvious, but it means that installing firmware 3.01 did not “change” anything that would make the Vita backward incompatible with its previous firmwares. That’s something that eventually Sony could change, but for now this is promising.
Now don’t get me wrong, this doesn’t mean downgrading a Vita will become mainstream overnight! The hardware modifications required here are pretty big for now, and more importantly, this would only work with a NAND dump of your own Vita, as it is very likely that the NAND encryption key is specific to each console. One wouldn’t be able to downgrade to someone else’s firmware.
What this means though is that today, someone with cheap hardware and the required skills could dump their Vita 3.01 NAND, upgrade to Sony’s next firmware to get all the benefit of the PSN, and boot from firmware 3.01 again whenever they feel like running Total_Noob’s Custom Firmware again.
Here again, I am making this sound a bit better than it really is. Katsu did not prove it was possible to write anything back to the NAND, just that he is booting the firmware from an external reader, which according to him takes 10 minutes. Not something very practical for now.
Nevertheless, this is pretty exciting, and could be the first (second?) step in some cool Vita hardware hacks. Let’s see how this develops!
More PlayStation 3 News...
Dumping Games from PS Vita Cartridges Now Possible by Katsu
Following up on the previous PS Vita Dual Firmware Boot PoC demo, today Sony PlayStation Vita hacker xmax katsu has made available details on dumping games from PS Vita cartridges.
Below are the details, as follows: Dumping games from PS Vita Cartridges is now possible! - The beginning of piracy?
After Yifan Lu’s great hardware reports about the PS Vita, its motherboard and its nand, our user Katsu found a way for dual booting the PS Vita, which can kind of be seen as a downgrade solution.
But that is not everything that he was able to do. Katsu is on fire and also looked at the Vita cartridges... see below for some more electronics joy!
PS Vita Cartridge dumps now Possible - Does this enable piracy?
Katsu seems to be able to dump a PS Vita cartridge - you know, those tiny physical modules that contain PS Vita games, a cartridge, like we know them from the Nintendo DS and 3DS - and is therefore able to retrieve the games in the format how they are at the cartridge itself, instead of as a .PKG, like you get them via PSN, or encrypted for the CMA backup, like you get them via the PS3 or PC backup method.
This does not imply that the files from the cartridge are decrypted, that would be a pretty big security flaw for Sony, but we might be able to do more with these files, than we could do with the files as a .PKG or in the backup format.
Keep in mind that this will require hardware modification, and that there is currently no software solution for this. Do not try it yourself, except if you are experienced in hardware modding!
But do those cartridge dumped files enable piracy at our beloved PS Vita? Well, currently there is no way to install PS Vita games without the help of a PC (backup), a PS3 (backup/PSN) or the PSN, so we can say that this does not enable piracy at a PS Vita, ... yet.
There might be a possibility to use these cartridge dumps for piracy in the future, but before that happens, more knowledge of the PS Vitas file system would be needed, instead of just the current ePSPs file system. There also would need a way to fake these dumps as cartridges, since (digital/) PSN versions of games are account bound and need a valid license file.
Piracy is currently, thank god, not possible on the PS Vita, and we, at least I, hope that this will stay like that for a long time.
From KanadeEngel: PS Vita Memory Card Analyze
The french Dev "tomtomdu80" gave me his Trick to understanding more from the vita side!
So yeah here is the root dir from ux0:/ (and no it's not a new news)
i'll want now begin to decrypt a few things but yeah most of the data are useless
[Register or Login to view code]
Below is a PS Vita Cart Dumping and Backup Loading Guide from niszczycielnpc (via wololo.net/talk/viewtopic.php?p=401577#p401577), as follows:
Ok so in this tutorial i will show you how to install psvita backups. (YOU NEED STILL TO PUT YOUR CARTRIDGE AT LEAST ONE TIME IN YOUR VITA EVERY TIME YOU REBOOT!) Dumping tutorials down below. (I will make this tutorial better when i have time)
1. Things we need:
Psvita 3.52 or below.
Download my files down below.
And of course your dumped game.
2. You need to dump also files that you can't see in files.db
[Register or Login to view code]
3.Now you need to copy your dump to (PSAVEDATA/************/YOURNAMEDUMP/IDOFYOURGAME/)
Also you will need to copy (PARAM.SFO... inculded in my package) to "YOURNAMEDUMP"
4. You need to dump your license and copy it to (PCSXXXXX/sce_sys/package/) then rename it to "work.bin" and replace it with existing one.
5. You can now copy everything via cma to you psvita.
6. Choose one app on your vita that need to be updated.
Click on update button and in notifications PAUSE download.
7. Now with hex editor open D1 and D0 files modifiy everything to those of your game dump.
scr.hu/2w7y/t2mqe >> "WIPEOUT" WILL BE "YOURNAMEDUMP) i recommend to choose game name.
scr.hu/2w7y/5qcsf >>> You will also need to change this, It is game id and cid.
Send it to your email via thunderbird to do it. Drag and drop d0 to thunderbird and rename to (\..\..\..\bgdl\t\00000001\d0.pdb) do same with d1 but rename to (\..\..\..\bgdl\t\00000001\d1.pdb) Now you can send email.
8. On your vita open email app and click on attachment after error close email app.. do the same with 2nd attachment.
9. Reboot psvita and click on notification.. Your game backup will be installing. (BE SURE THAT YOUR CARTRIDGE IS NOT IN PSVITA!)
10. Now we need to write license. Make new email Drag&Drop license to thunderbird and rename to "#0"
In subject you need to write (ux0:license/app/PCS*/6488b73b912a753a492e2714e9b38bc7.rif)
Then just open attachment and close email app reboot psvita and game should work (YOU NEED STILL TO PUT YOUR CADRIDGE AT LEAST ONE TIME IN YOUR VITA EVERY TIME YOU REBOOT!)
And don't UPDATE BACKUPED GAMES! or they will give you error.
My files: installation.rar
Help with dumping files:
HOW TO DUMP ANY FILE BETWEEN 2MB AND 16MB: wololo.net/talk/viewtopic.php?f=65&t=44935
DUMPING FILES WITHOUT LIMITATION: wololo.net/talk/viewtopic.php?f=65&t=45013
How to know what files contains your cartridge: wololo.net/talk/viewtopic.php?f=65&t=45014
Thx for help from mr.gas :D
Finally, from atreyu187 comes How to Delete Updates from Vita Games & Apps to use for Unity Install Tutorial as follows:
Here is a useful trick to install PSM Unity if you have a Vita game/app but it is already updated. This will delete the update so you can use it to install Unity via Mr Gas EML write trick method.
I have Soul Sacrifice Delta which has updates galore but once you download and install with the PS3 via CMA the system automatically downloads and installs all updates before you can play the game.
Note thanks to amirmaher for the basis of this guide. Without him I would not be posting this here.
USB cable (WiFi Connection/LAN cable for PSTV)
QCMA (or OpenCMA)
1. Connect your PS Vita to your Computer using usb cable for Vita or WiFi/LAN Cable for PSTV
2. Copy your PS Vita Game using QCMA or OpenCMA. if you have a lower ps vita fw then connect using VitaUpdateBlocker & OpenCMA/QCMA
3. Create a Backup of your game (copy it in another location)
4. Open your game's folder and you will find a folder named "patch", delete it
5. Delete your game from PS Vita/PSTV
6. Reinstall your game into PS Vita/PSTV via QCMA/OpenCMA
7. Go to games "Live Area" and a new orange icon will appear to allow you to download and initiate the PSM Unity install method from Mr Gas.
8. Once installed simply update the game as normal.
More PlayStation 3 News...
it looks like a NOR chip just like the ps3 uses itself. maybe it is possible to dump it easily with a flasher? just sayin. the chip looks the same to me
nice. there is not much need for piracy if you have ps plus. eventually you will have nearly every game anyways.. lol
I think i'm going to start practicing soldering a lot just in case
That is Fack-ing awesome (and yes it needs this word as it news beyond and i know is mis spell)
it is a 32mbyte nand chip. pretty straightforward it is nand by looking at the chip and the connection points themselves, nor chisp would have not only data points but lots of address points as well.
Katsu PS Vita PKG Install Glitch, Micro eMMC NAND Reader & Dual NAND
Following up on his previous update, today Sony PlayStation Vita hacker xmax katsu (twitter.com/xmaxkatsu) shared news of a Micro PS Vita eMMC NAND Reader, Dual NAND update, a PlayStation Vita PKG install glitch and more below!
To quote: This trick is done with Charles proxy.
- First choose a game from your vita download list and begin downloading.
- Stop it at about 1-2 MB.
- Check the size from Charles proxy.
- When the download is paused at charles proxy, remap the downloading pkg to another local pkg.
- Resume the download.
- The download will restart from beginning with the pkg file you chose.
- It will write over the eboot file which was installed during the first pkg.
Your results may vary please try different psp pkgs and vita pkgs with this method, only pkg files with smaller size than the game you choose in the download list will install. I tried it with tiny hawk original eboot.pbp is 5.7 mb but it works even though i stopped it at 1.9 megabytes and probably there will be errors in next levels trying it with debug eboot files might give interesting results.
PS Vita installs the .pkg files to NAND simultaneously, when the file is being downloaded from the server it makes the extraction of the pkg on the fly.. after the download finishes, extracted contents are copied from NAND to vita memory card.
- upsss!!! ux0:app/PCSB00160 (linked above)
- Micro Psvita eMMC Nand Reader
- Dual NAND: R/W=8/3MB/s R=12min W=25min 2.05>2.06>2.05 rewritable onboard NAND setup using vita usb out
- http://ps.software.eu.playstation.com/pstv/en_GB free minis coming soon 14.11.14
- wow! pkg install glitch Tiny Hawk orj size 5.7mb glitch pkg install eboot.pbp size 1.9mb game work interesting
- PKG install glitch more info
More PlayStation 3 News...