August 1, 2014 // 4:08 pm
- Following up on their previous
update, today PlayStation Vita developer tomtomdu80
shared details on installing a PS Vita Beta Package (PKG) File on a Retail 3.15 POC below.
To quote: Here is just a POC of beta pkg installation (these native pkg encrypted with PSP AES keys), we can actually install them on 3.15 !
Here is the proof (uncharted_portable.pkg is a beta pkg which can be found in the leaked SDK
If any dev from PS3 scene or good with PKG file format wants to join the party, we'd love to work on PKG generation
Feel free to contact us ! Twitter: frtomtomdu80
Also below are some videos from SMOKE587
and from Reprep
Package Installer through WebKit
Do you remember the last time you heard about the WebKit exploit of Vita? Was it the Pong? It seems our good friend SMOKE is baking something.
It has been sometime since the WebKit on Vita has been exploited. This WebKit exploit works up to 3.20 firmware. Even though the progress continues, we rarely hear about it. If you are following SMOKE on twitter, you must have noticed he is into Vita hacking lately.
He posted a video where he manages to open Package Installer through WebKit. I can already hear you saying we can run Package Installer through the e-mail application. That is true, but the e-mail application was introduced in Vita Firmware 2.00, and this is confirmed to work on 1.80. Without further ado, i present you the video:
You can contact SMOKE through his twitter account, he says he can share the script if you have a 1.80 Vita.
For more info about the WebKit exploit, visit the thread on /talk or go to the github page (github.com/Hykem/vitasploit) of Vitasploit.
Update: Even though the article isn’t wrong, I should make a clarification. The links I gave is for the “Vitasploit” (github.com/Hykem/vitasploit), it works for firmwares “2.02, 2.12, 3.00, 3.01, 3.15 and 3.18″ firmwares. SMOKE uses ROPTool (bitbucket.org/DaveeFTW/roptool/downloads) which supports “1.50, 1 .691 and 1.80/1.81″ firmwares. Thanks to Davee and SMOKE for the clarification.
Both use the WebKit vulnerability.