Well, looks like I've got a reason to pick up a Vita now. Day 1 and it's already full of holes. This hack isn't fully exploitable yet, but it's a start.

Source: [ Register or Signin to view external links. ]

Japanese PSP scener Mamosuke announced today on his blog that he was able to confirm a Hello World running on the PS Vita through the embedded PSP emulator. The exploit was made by developer teck4, and most likely relies on one of our good buffer overflow friends. and for those who are wondering is it real?, my current answer is that I havent tried it yet, but knowing Mamosuke fairly well I can tell you its true.

Technically, the idea behind the hack is simple but brilliant: the PS Vita has a PSP emulator, and we have plenty of PSP game exploits lying around can we assume they will work on the emulator? Thats what teck4 tried, and the answer is yes, so he managed to run unsigned code on the PS Vita.

[ Register or Signin to view external links. ]

For those who join this blog for the first time, basically how this works is that a special save data file is crafted for a specific game. When the game is asked to load the save data, through a flaw in the game code we manage to re-route the game into executing code that we wrote ourselves. That code is usually very simple, displaying a simple message (typically hello world, hence the name).

From there, what happened for the PSP was that we integrated these exploits into our homebrew loading tool, Half-byte Loader, which allows people to load more interesting homebrews such as emulators, etc

Thats the theory. Practically, although this is good news, there are a bunch of obstacles which will probably not make the exploit so interesting for most users (at least not yet): First of all, the exploit happens within the PSP emulator on the Vita, and will not directly give access to the Vita hardware or features. So this can theoretically only allow to run PSP homebrews on the vita (which, to me, is already fairly nice), and also, only User-mode ones ( a game exploit does not give access to the PSP kernel mode, so some tools and functionality is missing, which prevents emulators such as Daedalusx64 for example to run at full speed).

The second issue, and we ran into the same type of problem with the PSP, is that Sony will probably stop distributing the flawed game as soon as they know which game it is, and/or patch the game or the emulator. That can probably be tampered by the fact that there are numerous vulnerable games on the PSP, and so a cat and mouse game could start, assuming Sony cares about protecting the PSP emulator against user-mode homebrews

The third issue, and that might be the worst problem, is that copying PSP savedata from your computer to the PS Vita requires to go through a tool named the contents management assistant, which could easily be blocking the crafted savedata. Worse, copying any file to the PSP emulator has to go through this assistant, which means if we are to copy/load homebrews using this trick, they would probably have to follow a very specific format, and be all able to run from within the games savedata folder (most homebrews expect to run from the PSP/GAME folder, and half byte loader itself expects to be living on the root of the PSP, but the contents management tool will only copy files to the game savedata folder). Eventually tools will probably be built to overcome this limitation, but it sounds like Sony could patch that kind of stuff fairly easily in the future (and prevent copying anything thats not recognized as some savedata, for example)

As a conclusion there are lots of obstacles to turning this in a useful system for the end user, so as mamosuke states, this is not even step1 for the Vita hacking. But its still interesting news, running a hello world on Day1 on Sonys new console is still heart-warming and could lead to more interesting discoveries, so congrats to teck4, and a personal message to mamosuke and teck4: if you are looking for help to port HBL to this, please contact me. Im kind of always busy, but of course very interested to see where we can go with this

Im also thinking that somebody with enough free time could use this to run PSP homebrews through HBL on the PS3

Thanks to Abdullah for the tip! Two in a row, thanks a lot man