PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

March 3, 2012 // 2:53 am - Following up on my previous post, below is a video demonstration for those interested dubbed PS Vita Crash CMA Debug Time via Xcode Execution.

I just released a fast small video to show the crash and freeze of the PlayStation Vita system using Xcode Execution. I also explain how to check every information coming from the CMA to PS Vita (debugger).

Below is a pastebin with tutorial and the video that show you something interesting.. As I promise and I do what I said

The tutorial to Debug CMA PS Vita Under MacOS and Xcode:

CMA Debugging PS Vita Under Xcode Execution Tutorial

You need a Dev account Apple to have Xcode that you can use your MacOSX under a Development Environment

1- Launch Xcode (Spotlight -> Xcode)
2- Create a Empty Project (MacOSX)
3- Enter whatever name on the Product Name (For Example PSV)
4- A new window appear, change command-line builds use Debug than release
5- Click on BreakPoints
6- On the top menu of the Xcode, choose Product and make a new scheme and name your new scheme psv for example, press ok
7- A new windows appear that you can edit your scheme on the left menu you can see RUN click on it and edit the run configutation build configuration -> Debug Executable (you need to choose the CMA.APP) for that, just click on None to Other and here you choose the CMA.APP Debugger, you can choose ever LLDB or GDB (choose by default GDB) Launch = Auto
8- Choose Diagnostics and here active every option Memory Management (malloc, Guard Malloc, Objective-C) Logging (Memory/execptions/Dyld) Debugger (Legacy->Stop on debugger and debugstr) Click OK (don't forget to active breakpoints before click Ok) click OK
9- Plug-in your PS Vita and Click on RUN (if you are connected in Wifi you just connect fast and disconnect)

Xcode/IO Framework, etc it's the best way to exploit the PS Vita under MacOSX and as you would see, the Sony have a strong access to your kernel system that i really don't appreciate and can control everything

The PS Vita use also NFS -> Network File System and Open Remote System File that ping pong between the PS Vita and Sony Server.

Hope that would help some smart dev And here the video that show you a example of what you can do

Some PS Vita user ask me the PS Vita Windows Driver that i made it's available on the older thread PS Vita 1.50 Firmware but I reuploaded the driver that you don't need to search

Download: PS Vita Driver (Nabnab)

Griever2Kx It's hope to you, if you want to use your PS Vita use it and update don't worry about the update right now, anyway FW 1.06 is a firmware with too much bug that give you some problem it's unstable and some app/game will not run correctly with this Firmware. It's more easy with 1.06 but also more unstable.

Video: PS Vita Crash CMA Debug Time via Xcode Execution Demo

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew.

#15 - playhard - February 27, 2012 // 9:23 pm
playhard's Avatar
that's cool tho..

#14 - Nabnab - February 27, 2012 // 9:22 pm
Nabnab's Avatar
Not possible, you need to log with your account to install App on the PS Vita

#13 - mrlowalowa - February 27, 2012 // 8:58 pm
mrlowalowa's Avatar
But maybe you could install the fb app over the PS3? Because I have downloaded it just for fun before they have token it offline.

So maybe you could put this app on your jailbroken PS3 and install it from this PS3 at your PS Vita?

#12 - Nabnab - February 27, 2012 // 8:45 pm
Nabnab's Avatar
Take your time Griever2kx we are not in a hurry it's hope to you if you want to update or not but for sure that Sony can't fix a USB port

About the Facebook-App that every person ask -> you can't use the Facebook APP from another PS Vita that is properly signed with your unique PS Vita key (based on the Serial of the PS Vita and the Serial of your related account -> that follow
the 16-bytes path of your documents made with CMA Unique ID)

That it's about why you can't execute under another PS Vita. Concerning the fail algo that is include on the app/appmeta that let you to write ARM native code on it without having any problem, broke the sign or corrupted file under the PS Vita

The psvimg that include all the important stuff (elf, pkg info, etc) and psvmd that inform about the psvimg

About the sign, it's never the same and only Sony patch/sign on fly the SEN APP, it's a generate key with your unique ID and properly App, that's why also you can't use this generate key
to resign another App (this generate key work only with the App that is related)

I remember that Sony use a difficult encryption on the PS2 Game available on SEN -> PS3 (VME-> Virtual Matrix Encryption, that is only available for commercial purpose) i didn't hear anything about somebody who crack this encryption.

I know they use a completely new encryption/sign for the PS Vita but not VME

Anyway i can't do that myself but i do other stuff

#11 - D3mone - February 27, 2012 // 7:55 pm
D3mone's Avatar
Hi Nabnab,

I don't get the point, all your pastebin are empty, I mean there is clearly no information inside. You only tell us that the Vita can communicate by USB and we can sniff what CMA send or read. Thank you for that but this is not a news.

It's like your last post showing the number of threads CMA created and the function call stack for each one of those. If you've discovered something, I understand that you can tease the scene, but your "teasing" show nothing: like your video called "PS Vita Hello World And USB Debug mode", I'm sorry but in this video I saw only a "PS Vita" and a "USB cable" but no "debug mode" and no "Hello World"...

I truly hope that I'm wrong. I hope that you find a first step of an exploit. Why I would love to see that ? Because I don't understand Sony's choice to not support seamless third applications (today it's so easy to create an application for Android/IOS, why not try to do the same for a portable gaming console ?

They created a 3G version of the console, it's time to use that 3G not only for FB or tweeter but for a whole set of third party apps or I don't get the point of having 3G). I would love to develop a game or app for the PS Vita, but I don't have enough money to buy a dev' kit or even a way to distribute the game/app. I'm very disappointed about that part of the PS Vita but I love all other parts =0)

By the way, I do hope that you have really find a first step of an exploit and that the truth is only that you are just not good at teasing =0). If you need a technical help, I would be glad to help you. I'm sure I can bring you more than you can image and more over I have plenty of time for now.

#10 - Griever2kx - February 27, 2012 // 8:34 am
Griever2kx's Avatar
Thanks for your efforts Nabnab, but unfortunately i get my Vita tomorrow. I'm not going to Update the FW but i have some questions.

Is there a workaround with the Facebook-App ? Because i think many of us haven't got the Facebook-App already... and do i need an PSN-Account ? (maybe for Future Solutions..) to install the App on another way (just thoughts...)

I remember that SKFU could sign Vita-Packages... there should be an way to Install the Facebook-App... but they already signed for the Vita with the PSN-Account who downloaded the App. Could someone code an Install-Pkg.....?


Ted Mosby

#9 - Nabnab - February 26, 2012 // 12:39 am
Nabnab's Avatar
More infos about IOCTL Access/Control and also CMA Request under Mac OS

[Register or Login to view code]

#8 - Nabnab - February 25, 2012 // 12:05 am
Nabnab's Avatar
They learn but a USB connectivity working also with windows app, i don't call that a super security (i can say that the 3DS is more secure than the PS Vita) when you know that the USB connectivity talk too much

Small update about the Full Access

More infos Full Access PS Vita Information

On the new firmware, the debug usb mode work differently (the key button doesn't work on it) That you need to use a mechanism that exploit the ioctl to call the debug usb mode and more

CMA use specific point and include secret key the unique key of your PS Vita are save in a special cache on your Windows for example and as you can see if you check the key of CMA on your windows reg, you can find that the CMA work in read-only mode that you can't modify and only Sony can modified this (this is pretty illegal, it works like a spyware/malware that let Sony control your computer) anyway this can be fixed, check your reg

For now, i need to keep that secret for while but i give you some clue
When you connect the PS Vita to your computer (use a USB Log), i already explain that before but i do again, the PS Vita try to connect to the Sony server by the help of CMA Application (globalsign server also) that confirm everythings is ok and updated.

Open CMA.exe with a hexa editor and copy all the http/https and add them into your hosts file.

if you want to exploit your PS Vita, again, check into the ioctl !! it's important ever kernel Unix or Win NT use this for the USB rooting

About Facebook App on the PS Vita recently retired
One of the reason was maybe because the Facebook App allow us to run unsigned code on the PS Vita (ARM Code what's up)

This was a badly fail but don't worry, i can say that the PS Vita is already so open (i don't like to use the word hacked) but Open is better to represent how the PS Vita offer more information than what we are thinking

Also to my friends that made VHBL, better to release that now before the update 1.65/1.70

Sony already know and would release a cutie update to prevent this thing (remember not anymore MIPS Wrapper and welcome ARM native program)

Anyway the PS Vita use Third-Party Software that you can find some source on the Web

About technical USB information (that is important to know) sure that some people saw it

The USB Port of the PS Vita have 21 Pin
The USB Cable of the PS Vita have only 9 Pin (12 pin out)

#7 - mrlowalowa - February 24, 2012 // 11:54 pm
mrlowalowa's Avatar
that is something that I would call Epic FAIL!!

They do not really learn about their failours before, or do they?

#6 - Nabnab - February 24, 2012 // 10:29 pm
Nabnab's Avatar
OK Actually two method give you the possibility to go under Debug USB PS Vita

The debug USB key button mode only work with a old firmware.
The debug USB and more access on new firmware is different and work on a specific mechanism that need to exploit ioctl.

I'm talking about a full access to the system.

Did you know why they take off the facebook app from the PS Vita ?... because facebook app include a fail algo that let you execute unsigned code hello arm coding