Skip to main content

PSP exploits and the Vita: how hacking PSP Minis became relevant


Software usermode exploits on the PSP have always been either about exploits in a game (generally a buffer overflow), or exploits in one of the embedded libraries such as libtiff. Exploits in games had the inconvenience that it often meant buying an expensive game that you might not end up really playing, but sometimes it was well worth it. The overall idea was to make sure to buy a copy of the game that didn’t have a patch for the security hole (in hindsight, the games were actually not patched, their metadata was just slightly modified to require a higher version of the Firmware, and the firmware is where the patch was). As long as you didn’t update your firmware and were able to buy one of the “golden” UMDs somewhere, you would be able to enjoy a HEN, a downgrade, or a CFW.

 That system had its drawbacks, mostly the insane price of the UMDs for some of those games (unpatched copies of GTA Liberty City Stories reached up to 20,000Y – that’s $250 – in Japan), but other than that it was a pretty good way to get exploits.

 Then came the PSP Go, with its concept of “all digital” purchases. UMDs were gone, and if an exploit was found in a game, it would have been easy for Sony to remove the game from the PSN, patch the firmware, and put the game back on the store afterwards (as we’ve seen, this is what they do nowadays with VHBL or CEF for the Vita, which is why we came up with the concept of Ninja releases).

 The PSP Go suddenly made Game exploits much less attractive. What would be the point of releasing an exploit that all new PSP Go owners would not be able to use? This is something I myself mentioned several times on this blog back in the days.

 There was still, however, one loophole in this system, which was the PSP Demos. It had seemed a good idea a while ago that PSP Demos should be distributed not by Sony only, but by other websites promoting the PSP. Therefore, Demos were signed in a way that allowed anybody to redistribute them, without having to go through the PSN. This is why the first hack publicly available for the PSP go was an exploit in the Demo of Patapon2, which was later followed by similar exploits such as the Japanese demo of Minna no sukkiri. These demos had the double benefit of being free and not requiring a PSN connection, which meant no forced update for PSP Go owners, so everyone was happy.

 Of course, there’s not an infinite amount of Demos with such vulnerabilities, but that became quickly irrelevant as better hacks ended up being found for the PSP, in particular the possibility to sign content for it, which removed the need for usermode exploits.

 Usermode exploits in PSP games are easy to find and implement nowadays (see the guide here), and experience shows us that lots of psp games are vulnerable to simple buffer overflow attacks. But the PSP Go digital model, and, more importantly, the Vita today (where all PSP purchases are – obviously – digital, and the few psp demos there all need to be downloaded through the PSN) made that type of attack quite irrelevant. In the end, buying expensive PSP games, just for a hack that will end up being patched in next firmware, might seem quite pointless to some of us.


It’s in this new context that looking for exploits in PSP minis appears to me as a new valid option today. While it wasn’t relevant to look for vulnerabilities in a digital-only game back when all psps had UMD support, the change of situation now is that digital psp games are the only choice, and in that case we might as well look for the cheap ones. In addition, since Minis weren’t interesting to hackers back in “the days” for the reason mentioned above that they were digital-only, this increases the probability of finding vulnerabilities in them today, as they still are a “fresh” source for investigation.

 Of course, the situation is not ideal, we would all prefer free hacks, and we would all prefer a “real” vita exploit. But for now, hacking psp minis in order to run VHBL or CEF sounds like the most viable approach, compared to looking for exploits in “regular” psp games, which are more expensive to the end user. This situation is of course not a secret, and you’ve seen a tendency for the past VHBL/CEF releases to target more and more “Minis” (Urbanix, Mad Blocker alpha, …), as I think hackers all reached the same conclusion as me.

The principle with PSP hacks on the Vita nowadays is not to find the “Golden” game like it used to be the case for GTA, Gripshift or Lumines a few years ago. The idea seems more to flood the scene with regular releases involving cheap games with vulnerabilities to guarantee Sony won’t keep up. Of course, some of us won’t see the point to keep playing that game of cat and mouse, but think of how many minis you can buy for the price you would have paid for a unpatched copy of GTA…
Source: Wololo's blog

Comments

Post a Comment

Popular posts from this blog

PRIVACY POLICY

Privacy Policy Last updated: February 20, 2024 This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Free Privacy Policy Generator . Interpretation and Definitions Interpretation The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural. Definitions For the purposes of this Privacy Policy: Account means a unique account created for You to access our Service or parts of our Service. Affiliate means an entity that controls, is con...
Post a Comment
Read more

Child-friendly Galaxy Tab 3 Kids listed in Korean brochure

We're no experts in Korean back-to-school literature, but it looks as if one retailer has tipped Samsung's plans a little early. If the documents above are legitimate, then the company will launch a kiddie-focused Galaxy Tab in short order. The Galaxy Tab 3 Kids is said to be an 8.5-inch slate with a 1.2GHz dual-core CPU, a 1,024 x 600 WSVGA display, 8GB storage, 1GB RAM and Jelly Bean. The company has also seen fit to include 802.11 a/b/g/n WiFi, Bluetooth 3.0, a microSD card slot (no word on capacity) and a 4,000mAh battery. One thing that lends weight to the listing is that the device's model number is SM-T2105, which evleaks tersely described as a "Galaxy Tab for children" a month ago. There's more pictures over at the source, but not a single spec saying that this new device is resistant to jam-smeared fingers. Source: ENGADGET
Post a Comment
Read more

Apple Rejected This Game To Keep You From Killing Your iPhone

Rejected by Apple for “encouraging behavior that could result in damage to the user’s device”, Carrot Pop's Send Me To Heaven arrives on Google Play, because no one cares if your Android device shatters on the pavement. "Throw your phone as high as you can" reads the primary instruction on S.M.T.H., a free game that measures the altitude of your device as it soars (hopefully) gracefully through the air. Catching it isn't a requirement, of course, but if you want your phone to remain intact long enough to compare your height on the leaderboards, it's highly recommended. It's up to the player to balance their competitive nature with the safety of their expensive gadgets, at least that's the idea. The concept has me brainstorming soft, portable landing materials to increase my chances of coming out unscathed during attempts at surpassing the 5.69 meter high score. I might just purchase phone insurance and an air cannon. Source: KOTAKU
Post a Comment
Read more