November 17, 2012 // 6:25 pm
- Recently PlayStation Vita hacker SKFU
acquired a PS Vita PDEL-1001 DevKit, and has made available details on the common application EBOOT paths alongside some theories on vulnerabilities via wololo
as outlined below.
To quote: Following up to the news on SKFU (below), some additional information has been discovered with what could be the very first public glimpse at a developer model PlayStation Vita.
If you just currently read Wololo’s article about SKFU and his progress on Vita hacking then you would know there wasn’t a lot of confirmation on things, until now. It appears that SKFU has successfully got his hands on a PlayStation Dev Kit, and that might be how he made progress on his hacking research.
After some extensive research it was discovered (thanks to reader Maccle!) that he does indeed have a dev kit. SKFU posted a thread over at Assembler Games (assemblergames.com/forums/showthread.php?42700-PS-VITA-DevKit) trying to sell his dev kit for unknown reasons, however, giving out some surprising information.
“So, what might it be worth to collectors? A bit background information about PS VITA DevKits: The official SONY price for devkit models which are sent to third party developers is 1.900 Euros. There is no fix price for internal models known. The prices you are going to submit are for an internal model based on newest hardware revision. Surprise me
SKFU went as far as posting clear images of the top and back sides of this “new model”. Developers do get access to hardware better than the normal Vita with usually double the RAM, but it’s possible other upgrades and enhancements exist in those Vitas. In particular, the pictures give us some good insight of what a developer device looks like compared to the normal consumer Vita.
The pictures show noticeable physical changes such as matte buttons, a USB port (2.0 for Faster transfer?) and a HDMI port. This dev Vita is dubbed the “Vita PDEL-1001″ which is supposedly ” the first one in the wild.” Definitely some exciting discoveries here.
However, that’s not the only information that was revealed when one user asked about the every 90 day activation of the dev kit Vita license that has to be done to keep the developer special features working. SKFU responded with the following information on the subject...
“Partly correct. the activation is just required to run unsigned self’s. all other functions are fully active like any pc tool to connect or mess with, debugging functions, file system access etc etc. running unsigned selfs can be achieved other way. aswell there’s several vulnerabilities in devkits up to newest firmwares which might lead to bypass the activation soon
It seems that not only has SKFU gotten into the Vita’s OS with full access but he has also found exploits within the dev kit firmware. This is huge news as it could mean we are closing in on more developments towards a Vita exploit. SKFU has not made any other type of public announcement regarding such so that could mean he is holding on to it for a later date or still working.
It is still unclear at this point if he used a regular developer license (in association with the devkit) to get access to the information he posted last week in his blog (as implied by some of you in our comments section, some tools made available to developers by Sony could allow to read what’s on the Vita Stick without a need for any hack)
This is a huge discovery and definitely one that will be constantly developing, so stay tuned. One other question that needs to be answered is, why would SKFU need to sell this unit, if he’s making progress with it?
's Blog: (wololo.net/2012/11/16/skfu-keeps-digging-into-the-vita-also-he-probably-found-an-exploit-but-nobody-seems-to-realize-it/):
I’ll be the first to admit it, PSP exploits are fun but we all know that VHBL and eCFWs are just the appetizers until true Vita hacks bless us with their glory of hi resolution, dual nubs, and back touch panel... With Yifanlu’s UVL project being rather quiet these days (although he confirmed he’s been making some - albeit slow - progress), news are quite sparse on that front.
But developer SKFU might have something going on, as revealed by a mysterious blog post he made last week.
Some of you might remember SKFU from his work on the PS3, as well as an (aborted? Or secretly succeeded?) attempt at raising funds for a PS Vita devkit for the purpose of investigating the beast. Last week, after a long period of silence, SKFU came back with some details on the installation paths of common applications on the Vita. You’ll be happy to learn that, for example, the “Near” application apparently is stored in vs0:/app/NPXS10000/eboot.bin.
Hold on, who cares where apps are installed on the Vita? Well that’s where it’s interesting: in theory there is no way to know the internal structure of a Vita’s memory stick, it being a proprietary format with (most likely) some nasty encryption and all… what that means is that SKFU found a way to access that information, which to me screams he has an exploit... Has he been sharing info with YifanLu? Not as far as I know.
Could it be that he has access to hardware that allows him to read the Vita memory stick? Or that he finally got access to a devkit, and that (maybe) those are more “flexible” in terms of how much data one can access on the Vita? (although, if you remember correctly, there didn’t seem to be anything about accessing the internals of the memory stick on Debug firmwares that had been spotted at gamescom)
Exciting times ahead, but only time will tell us if this leads to something. Below are examples of the paths found by SKFU.
Finally, from SKFU
's Blog (streetskaterfu.blogspot.com/2012/11/ps-vita-common-apps-eboot-paths_9.html)
Wow a little bit dusty in my blog, needs a new post.
Here we go with the PS VITA's common apps (applications installed by default) eboot.bin paths:
- SceShell vs0:vsh/shell/shell.self
- SceWebBrowser vs0:/app/NPXS10003/eboot.bin
- SceWebCore vs0:/app/NPXS10017/eboot.bin
- SceParty(?) vs0:/app/NPXS10001/eboot.bin
- SceNear vs0:/app/NPXS10000/eboot.bin
- SceFriendsApp vs0:/app/NPXS10006/eboot.bin
- ScePsnMail vs0:/app/NPXS10014/eboot.bin
- SceTrophy vs0:/app/NPXS10008/eboot.bin
- ScePhotoCam vs0:/app/NPXS10004/eboot.bin
- SceAvMediaService vs0:/app/NPXS10036/eboot.bin
- SceMusicBrowser vs0:/app/NPXS10009/eboot.bin
- SceVideoPlayer vs0:/app/NPXS10010/eboot.bin
- SceRemotePlay vs0:/app/NPXS10012/eboot.bin
- SceCMA(?) vs0:/app/NPXS10026/eboot.bin
- SceMapViewer vs0:/app/NPXS10005/eboot.bin
- SceStoreBrowser vs0:/app/NPXS10002/eboot.bin
- SceSettings vs0:/app/NPXS10015/eboot.bin
- SceGameManual vs0:/app/NPXS10027/eboot.bin
Entries marked with a "?" are unknown name. Regards to the ones who read dusty blogs,