Video: PS Vita PSP Kernel Exploit (ISO Loader) Demo, Files Leaked
Previously we reported on running PSP ISOs (using a PSP ISO Loader) on the PlayStation Vita console, and today a new video has surfaced from Sam Jordam of the PS Vita PSP (PSP Mini Urbanix) Kernel Exploit (ISO Loader) demo alongside the leaked files below.
Download: psvcfw_test.zip / psvcfw_test.zip (Mirror) / psvcfw_test.zip (Mirror #2) / psvcfw_test.zip (Mirror #3) / Documents / PS Minis (Free) - Jewel K. Easter Island & Urbanix
To quote from Sam Jordam via YouTube: Read Description- If you need help contact these users on Skype:
Proof of Ninja Release: i49.tinypic.com/fawz95.png
Proof of where i got the files (RAR containing Text of skype conversations): mediafire.com/?bw26un6ttwd7sxs
Sorry guys, I'm afraid I can't release the 1.80 files myself because my parter TheZ (Skype: mzet94) says the public doesnt deserve it because they would abuse it. He said if you wanted the files, you have to beg for it on his site zload.net or create a profile on Wololo and send him a PM begging yourass for him.
What this exploit can do (Working on 1.67-1.80):
- Play ISOs/CSOs
- Play Full Speed PSX Games
- Play Full Speed PSP homebrew!
Download Urbanix via PS3 and transfer to your Vita. Then copy the exploited save to your device and load the save. Here is my video of a PSP Kernel exploit running on the Vita. This video is not fake and its legit. You dont see vhbl running because this doesnt have ymenu and it automatically boots into ProShell (Program used to run the ISOs and PSX games)
Another video from Sam Jordam is also below: Confession: The Z gave me the PSP Kernel exploit on PS Vita
This is how i got the files. Basically The Z gave them to me and now he wont let me release them. Yes i could, but hey its not my project and neither is it his. The end of the video is just screens i took of the longass legit conversation our little hacking group had.
Who to contact:
The Z - wololo.net/talk/memberlist.php?mode=viewprofile&u=1903
Artmaze7 - wololo.net/talk/memberlist.php?mode=viewprofile&u=7333
The people on Wololo.net like to cover up things. No wonder this scene hasnt gone anywhere.
Pictures used at the end of the video:
- i45.tinypic.com/2qvf2qh.png -The Z selfishly keeping files for a wrong reason, then releases it anyways
- i45.tinypic.com/346owoj.png - The Z admitting he has coldbird's FTP
- i50.tinypic.com/10zwewz.png - The Z supplying me files for the first time
- i45.tinypic.com/2urlgfn.jpg - The Z/ Russian source offering me files
- i46.tinypic.com/efhso8.jpg - The Z and Artmaze7 threatening me about my data
- i47.tinypic.com/91ds2q.jpg - The Z discusses coldbird and Team Pro (It sucks you can delete your skype messages because boy, if only you could of saw what he said about them)
Take That! - Phoenix Wright: Ace Attorney
From The Z (via twitter.com/The_Zett/status/252709649873248256): Some fresh news of a vita kernel exploit. Where exactly the exploit lies and why it is just working with the vita. pastebin.com/TNWsEfHw
[Register or Login to view code]
From Cheesethief: I got the game via PS3. Ran Charles and redirected the update to look at the local psp2-updatelist.xml file. Transferred the game, but I failed to notice this save is EU and NOT U.S.
No matter what kind of tinkering I did, it got me nowhere. The save file included in the download won't work with 1.80+ as CMA requires the filenames and extensions to be uppercase and limited to 8 letters/numbers (FAT Compliant). Since I have the MHFU exploit, I zip'd the save file and transferred it to my vita inside of a PSP save. extracted in VHBL and edited/moved using PSPlorer homebrew to no avail.
If someone can convert the EU, NPEZ00176, to the US version, NPUZ00077, I would be really grateful and eager to test it out. I am not sure about the other files in the download, though I can transfer them easily with the MHFU VHBL exploit.
I have all of the files transferred, they do not have to be FAT compliant after they are on the system. I zip'd the save file and named it INSTALL.ZIP. Put that inside of a PSP save file and extracted via VHBL. Moved it to the save file directory with PSPlorer. Used PSPlorer's hex editor to edit the PARAM.SFO so that it says NPUZ00077 instead of the EU version. Tried to run it and it said unable to load save file.
It's not unsafe really as the PSP Emu is sandboxed and the flash 0 of the PSP Emu is read only. On there is a homebrew app for the PSP called savegame deemer and it can convert save file regions. I do not have a PSP, so can't use it. This is for the PSP Emu. This is not a hack for the Vita itself, this is basically equivalent to getting CFW on the PSP Emu. You would be able to do most things that a CFW PSP can, minus a few things that are excluded from the emulator.
You have to have a PS3. Even then it requires the Charles proxy to redirect the PS3's request for information on the current Vita update. The proxy does not work with the Vita itself as Sony patched that, but it does work on a 4.25 PS3.
All of the files are "VBOOT" PSN Decrypt as well. I will try to transfer the FTP and PSNDecrypt files to my mhfu VHBL and see if they run at all.... Otherwise I have no clue how to encrypt/decrypt whatsoever.
Urbanix is likely the game being displayed in the 1.81 VHBL video by Wololo. People have got it working on EU accounts, but only to a Hello World screen. Everyone, keep in mind that the games are NEVER patched by Sony. What is patched is the firmware. The firmware takes note of what saves trigger the crash and if a crash happens, to error.
The files are encrypted with per-console data. If the pbp is placed onto a vita its not supposed to be on, it just disappears. I transferred the files via CMA, the v/eboot disappears from the folder. When I transfer via the new FTP server app, it transfers, but immediately disappears from the vita after transfer.
Kind of difficult experimenting too much with the MHFU VHBL as there is a memory leak that causes the exploit to crash after more than 30 minutes of activity.
I got some new information:
- The files in the download have to be converted to US to work using a tool included in the zip.
- In order for the saves to work, you would need to encrypt the save with your PS Vitas information (Mac Address, PSN ID you used to purchase Urbanix, Serial No, and The urbanix game file itself/ the license).
- The reason is its a kernel exploit and unlike the normal vhbl, theres a lot of security features.
To quote from Sony PlayStation Vita hacker wololo via his blog:
There’s lots of things to be said about what just happened over the past couple days, and sadly I don’t have much time right now, but answers will be given asap to all of you. What matters for now is that a PSP Kernel exploit, as well as a CFW relying on it, fully working on the PS Vita, was leaked 2 days ago by a “Sam Jordam” guy on Youtube. One of the main persons behind this work (which wasn’t supposed to be released now), famous PSP developer Coldbird, decided to leave the scene today, after this leak happened.
I will give as much details as I can in the days to come, but for now let me just say that the files that were leaked have been confirmed by Coldbird to contain a Kernel exploit, but these files are encrypted, and potentially useless for anybody who does not have strong reverse engineering skills. Coldbird has confirmed to me (and in his blog) he has no plan anymore to release this CFW, so what we have here is a Kernel exploit that will most likely be wasted since I expect Sony to patch the vulnerability in a firmware update.
In addition to the Kernel exploit leak, the name of a game with a usermode exploit (as well as the user mode exploit) was also leaked. That game is the PSP Mini Urbanix, which, if you can read between the lines, readers of this blog already knew was vulnerable. If you are on 1.81, I recommend you get this game before it gets removed from the PSN, fully knowing that as of now, I personally don’t have anything running on this exploit (in particular no VHBL release is ready for this yet).
People who are running on 1.80 with the Monster Hunter exploits might want to stay on 1.80. If anything useful ever comes out of the kernel exploit, I am sure it will run fine on Monster Hunter as well.
At this point I think a bit more info is required about the leaker and how all of this was leaked. A private group of beta testers existed for this exploit, and in a sad chain of events, this person (who goes by the names of Sam Jordam, Batman:beyond, or ipadboy, among other of his identities) got his hands on these files through some basic social engineering, and decided to publish them.
It needs to be emphasized that all people involved were aware of the legal risk of publicly releasing such a tool, but this person seems to not be afraid of that (good for him, I guess, he probably thinks he can succeed where geohot and graf_chokolo failed). The hackers even went as far as encrypting the files to limit the damage in case those files were stolen, which is why, in their current state, the files are useless.
I also need to insist on the fact that, in unrelated events, this person had threatened the security of my site several times in the past, involving threats of hacking this site, attempts at stealing information, illegal port and vulnerability scanning, as well as threats to some members of our community and some of our moderators.
This person also insists on his video that hackers were trying to hide this hack from the scene in order to enjoy the hack for themselves, which is not true. Simply, most hackers working on that type of thing are realistic about the legal risks of enabling piracy on Sony’s latest device, which doesn’t seem to have crossed that individual’s mind. In other words, a truly great person, who doesn’t seem to worry he is doing illegal stuff.
Some of you might question the decision from Coldbird to leave the scene and not release his work after this. Please understand that it was not an easy decision for him, but there is way too much risk in releasing a Kernel exploit on the PS Vita right now, from a legal point of view. Sam Jordam took the risk of being the first person to release a tool that could easily enable PSP piracy on the PS Vita, while reasonable hackers were all clever enough to avoid these dangerous waters until know, and keep their work for themselves.
Will this lead to Sony taking legal action against this guy? I can’t tell for sure, but other hackers didn’t want to be the ones testing the waters for that. Their files were stolen, so legally everything is on this guy’s shoulders, and I understand that nobody else would want to share the legal burden with a leaker, so there is a huge risk nobody will ever even try to touch these files.
There is also the feeling in the community right now that this person should not be helped. He decided to leak some files? Good for him, now let’s let him reverse engineer the files, and figure out a way to get it to work for everybody else. And if some of you disagree with this and think he could use some help, for the good of the community, then knock yourself out, the files are out in the open, I won’t judge (I’m sure most users would be happy with a PSP Kernel exploit on the vita right now).
As far as I’m concerned, I will try to get at least VHBL to run on the Game exploit, in order for this to not go to waste, and some people have already offered some help on that (they will be named in time).
Keep in mind that all that’s happening today is the result of the actions of one single person, and that is the only person to blame.
TL,DR: Some files containing a User mode exploit in Urbanix, as well as a Kernel exploit (that still has to be reverse engineered) were leaked by a youtube user named Sam Jordam. This guy was a known ahole for some time already, and has proven to be up to his reputation. The files he stole then leaked are encrypted and not usable for anybody in their current state. One of the only persons who could have helped with this, famous hacker Coldbird, decided to leave the scene after this. There is so far one can go for the love of homebrews.
Bye Coldbird, and thanks for everything !
Tutorial: How to Copy ISO / CSO / Homebrew on Urbanix (via wololo.net/2012/10/05/tutorial-how-to-copy-isocsohomebrew-on-urbanix/)
A lot of you seem to be having problems so here is a fool proof, easy to use and understand tutorial on how to copy any ISOs, CSOs and Homebrew over with the Urbanix Exploit.
I’ve noticed a lot of people complaining about not being able to copy files and its simple mistakes so double check everything. Just follow this tutorial closely and you will be good to go! Its best if you use Open CMA and if you have problems comment; ill try to help everyone as much as possible.
Copying & Installing Homebrew Tutorial
1. Assuming you have the exploit already on the Vita and know how to copy this over it’ll be easy. When you need to add more homebrew using this method you have to copy over the save data every time. The FTP ISO/CSO method explained below works too for homebrew.
2. Go to where your Urbanix exploit is from CMA, its location should be something like C:\My Documents\PSvita\PSAVEDATA\d6def6b623fe3e46\NPUZ00 077\
3. Make a folder called PSP and then another folder inside of that called GAME
4. Inside of GAME is where you put the homebrew.
So for example I wanted to copy Half Life 1
- I made a folder inside GAME called HALFLIFE (Remember all caps, 8 characters)
- Then inside of HALFLIFE is all of the files (EBOOT.PBP, DATA.BIN. PARAM.SFO ect)
5. Next go back out to the main folder where the exploit is and the PSP folder is; Use Winrar or something similar to zip it, I used Winrar:
- Right click PSP and add to archive
- Change the compression to store
- Change the compression type to zip
- Rename the files to whatever you want with .ZIP in capitals at the end instead of .zip BEFORE you hit OK
6. Transfer the save of Urbanix over and run the exploit: You should then see your home-brew, scroll over it and hit X and then install. You are all done!
Copying ISO/CSO Method One (Easy way)
1. Install the FTP Homebrew app and launch it. I’m using Kingdom Hearts in this example…
2. Take your ISO/CSO and make sure it is named with 8 characters (Try not to use numbers to avoid issues) and that its all caps.
> KINGHRTS.ISO -GOOD
> KingdomHearts2.iso -BAD
3. On your vita you will be shown the address for the FTP server. Type that into your browser (example: ftp://220.127.116.116) Its best to use Firefox with the FireFTP (addons.mozilla.org/en-US/firefox/addon/fireftp/) addon.
4. Find your ISO/CSO on your computer and drag it over into the ISO folder (Make sure you have a folder named ISO at the root if not make one.)
5. After its finished copying over, exit out of FTP Vita and your ISO or CSO will be there, just hit X to launch it (Note*: Most games will work, some wont)
Copying ISO/CSO Method two (Harder way)
The reason this is harder is that sometimes the ISO/CSO will not show up or wont copy and using PSPFILER every time is a hassle. FTP is the best way to do it.
1. Move the ISO/CSO into the save data folder (Exploit) and move it onto the vita like normal (Use the same rules of naming the ISO/CSO 8 characters, all caps)
2. Using PSPFILER or something similar and move through the file manager and find the ISO/CSO
3. On the root make a folder called ISO if you havent already and move your ISO/CSO inside
4. Your structure should be something like ms0:/ISO/
5. Back out to Tmenu, find the game and launch it and Enjoy!
Finally, from Sony PS Vita hacker Coldbird on the leak (via coldbird.uk.to/?e=9): The truth about the Vita PSP Kernel Exploit
Showing Sam Jordam's true side... The internet has been going wild the last few days over a leak of a Vita PSPEMU Kernel Exploit... I will tell the true story about it... and use the chance to make a important announcement.
A person named Sam Jordam, aka. Batman:Beyond aka. Ipadboy has been making news the last few days...
"A kernel exploit for Vita got leaked!" - "artmaze / The Z did it...!" - "I'm a limpdick who can't please a girl!" - you could read stuff like that coming from Sam Jordam the last few days. The thing is... all he did so far was lie and scheme to frame other people for it!
He's a evil mastermind of manipulation and I will tell you guys what has been going on for real, well knowing that if this story came from someone else other than me, a well trusted source of information and code in the scene, no one would believe it either way.
This all started 4 months ago, when I discovered the Urbanix user mode exploit and a fitting kernel mode exploit to go along with it... VHBL has always been interesting to me and I wanted to take it a step further, wondering whether a full CFW was possible on Vita.
What shall I say... 3 months later, it was done. A fully working CFW for Vita... but the time wasn't right for a release... so many things were still out of place...
PSX emulation worked, but we didn't have sound, Sony's new console was still having problems getting it's safe spot on the market and - while a whole lot of people think we are pirates, we are the total opposites.
Yes, the CFW could play ISO files, but no - we never supported piracy... and we knew that PSN sales of PSP games would dwindle if this became public.
With Vita still having a more than suboptimal amount of good games to go with it, the PSP PSN sales were what kept the console going... and we didn't wish to harm this very fragile ecosystem.
We knew the time for it to shine wasn't there yet... and we made sure this would stay this way for a while...
We placed a whole bunch of security locks onto the files, so that even if a leak occurred from our beta testers, like the one you guys saw a few days ago, no one would be able to use it and Sony's new system would remain secure and tight, unharmed by piracy - which sadly - whether we like it or not... is a negative side effect of the work we do to enable homebrew.
So yes... the leak is real, yes it contains both a user exploit and a kernel exploit... and in fact, a tightly locked - publically unusable - CFW too.
So... what exactly happened here?
One of our beta testers, who's name I won't mention here to protect him from the flames of rage upon the request of several big names in the scene, decided it was a good idea to leak the files to rivaling developers for unlocking of our CFW encryption preventing it to run on unpermitted Vita units.
This wouldn't have been too bad... if the rivaling developer, who's name I won't mention either, would have just shut up and kept it to himself... he failed in breaking our security anyway, so no harm done there.
So the files kept getting handed on... until they reached a person named The Z, who carelessly handed it to someone by the name of Sam Jordam (real name btw, if you wish to contact him IRL).
Sam in turn leaked the files in public, pretending that he did it for the good of all people, which is a obvious lie and thankfully, most of the scene realized this, not supporting his ideals.
I congratulate the scene for showing so much courage and stability in staying - at least mostly - united here and able to detect who the bad person is. This is a rather rare sight in the scene.
The reason he did it was quite simple... he is a person who can't feel guilt, a selfish person which only does what benefits him, ignoring the fact that the rest of the world suffers for his deeds.
The thing is... this person, Sam Jordam, has been threatening Wololo and his entire community from behind the curtains, planning to attack the wololo.net server and taking it down for good.
Back then, he tried to frame a innocent person from the wololo.net/talk forums, saying this person was his "employer" - hiring a hacker to take down wololo.net.
The wololo.net Team and I did research however... we aren't the average user and know ways to detect whether someone's lying or not. We have found his "employer" was nothing but a average user of the forums, while he was the master mind behind it.
As we used shady ways to get the data on this however, without real proof - or at least - publically accessible proof, we couldn't legally do anything against him, and kept watching the situation.
His treason reached its climax however, when he tried to frame his most trusted friend, artmaze, for the leak of confidential work in progress files, hoping that we would buy it but we didn't.
We did our research here too... and made sure to double check the facts which easily proved that he was the culprit behind all of this.
So what do we have here, summed up in a single sentence?
Sam has been doing evil things in the past, threatening the whole wololo.net community, which basically forms the center of the PSP / Vita scene, and yet - on his leak videos on YouTube he claims to do the leaking for the "good of the scene"?
This is ridiculous, a person threatening and attacking the whole scene trying to disguise himself as a hero of the people?
But the story doesn't end here either, he has been doing other - less critical crimes - and tried to frame the wololo.net moderators for it, fate6, a trusted person of the wololo.net administration team knows what I'm talking about here, as he has been one of his victims too.
He has been trying to trick us into doing as he pleases with everything foul-play has to offer, going as far as leaking our files hoping that the loss of a user plus kernel exploit would be enough to make us release public, unlocked CFW files for Vita, which would have been the final step for converting him from the traitor into a hero, bringing people CFW for Vita, and ruining a system before its prime time came by enabling piracy, even if just for PSP titles.
The CFW is real everyone... we have made the impossible possible, but due to what Sam did, it will never come to happen for any of you as he gave away the only bullet we had in our barrel, the only chance to make it come true.
This leak isn't a blessing, it's a curse... and one that the whole scene will have to pay a high price for.
4 months of work I've did for you all has been rendered useless in a single day, by a hypocrite who feels no guilt and no love for the scene, a person which in fact, just a week before the leak, still threatened Wololo with taking his website down for good.
I won't make a move anymore, I won't code for this scene anymore and I will make sure I take the CFW I've crafted into my grave with me.
If you wish to thank Sam Jordam for this, please by all means go ahead. He wasn't exactly too smart in hiding his real life data anyway, just check his blog, etc.
It's not like I encourage doing a house visit or something... *hint hint*
What is worst is... this person thinks he is above all things in the world.
Concerning the leak he did, I was so nice to contact him and tell him to take it offline, for his own good... well knowing that I had private data on him, data that linked him to the threat to Wololo and the scene and way more beyond that.
But this is what he had to say in response to my fair warning...
Coldbird: Mr Jordam, recently it seems you pretty much enjoy this leaking game of yours. However this is a dangerous game. For your own good I suggest you quit and delete all related files on your mediafire account. You have received your one and only warning. If you insist on walking this wrong path, something we both don't want to see will happen. And I am sincerely hoping you choose the path wisely.
Sam: By releasing these files, not only does Sony have the files to stop this exploit, but also the public is aware of what they need to do.
I win regardless of whether you release this yourself, or someone else patches the files I leaked to remove your protection, and there is nothing you can do to stop me. Unless, you have something to trade me.
Nothing to regret. Not my files, not my problem.
Now does this sound like a hero of the people? Someone that has the good of people in mind?
I doubt it, but this made me realize why I left the scene the first time... and why I will - finally - after years of struggling to make this scene a better place to be, fully retire, taking with me all my unreleased work.
This isn't worth it anymore and to be honest, I don't want to harm Sony's new handheld either - I've done good work, but the world wasn't ready for it yet as this leak and betrayal of trust once again showed clearly.
I wish everyone in the scene, especially my team, who's command I will be handing down to Virtuous Flame, one of my most loyal team mates, actually, one of my best friends, the best of luck.
I also send greetings to Wololo, who has been a big asset in making this leak, at least somewhat worthwhile - by launching a instant Urbanix exploit ninja release upon me asking for it.
So hopefully, from the ashes of this empire I've built, at least one final revision of VHBL can be crafted for the people.
I admire everyone that has the strength to keep going even though this scene sucks so much.
Now Sam, I really wonder - was this the way you intended things to turn out?
You are left with nothing now, the truth is out there... and everyone knows what a big scumbag you are.
You got no CFW, you ruined your only chance of ever having one, and every team will be avoiding you like the pest in the future... which considering how ugly you were from the pictures I've seen of you - might actually suggest you do have the pest.
With this, Coldbird is out - this time around forever.
I wish that Sony manages to keep this system locked down for as long as possible, just so that the people can really feel what Sam ruined for them - and of course... so that it can shine, free of piracy - and sadly... also homebrew.
More PlayStation 3 News...
Anyone get this working? For me it locks up when I try to load the savegame then give an error C1-2858-3
Sad. Only takes one to ruin it for all. Another repeat of self interest over the good of an open system for all to use to the fullest. This group seemed on course to produce some great things. Glad I returned my Vita knowing it would probably always be a locked down system.
The files above and the video dont match. The files are French, the video is English.
Is there another version of the leaked files anywhere? For some reason it wont load the French files for me.
If they are the same file it doesn't work as its in French. When I say its in French this is what I mean.
Look at the screenshot above where it shows the loading if the savegame. See where it says "Game Settings" This savegame says "Des options de jeu" if I copy back the original savefile it goes back to "Game Settings"
Why does something like this always happen
This is why we can't have nice things -_-
I got the same version but it changes it to French when I try to run it and it just locks up then errors.
This would be awesome if it worked. I've been waiting since the day I got the Vita to play Manhunt 2 on it.