Sponsored Links

Sponsored Links

Page 1 of 6 123 ... LastLast
Results 1 to 10 of 56



  1. #1
    Senior Member Nabnab's Avatar
    Join Date
    Dec 2011
    Posts
    157
    Sponsored Links

    PS Vita Debug Information Accessed via USB Interface

    Sponsored Links
    Just a gift for PS3News and thanks to everyone.. PS Vita Access: [Register or Login to view links]

    It's also a answer to the Scott security claim, i don't release the method now because it's too early, i already release the debug usb method available on pastebin too that you need to use with LibUSB driver Windows PS Vita and soon mac OS (not related to CMA but a alternative)

    Just saw that CMA Mac OS = Based on my works confirmed by a person who works for Sony Customer Relation

    For now it's all you gonna have. I confirm with this pastebin that i have all the possible access to the PS Vita
    Code:
    Thanks Scott ;)
    
    --------------------------------------------------------------------------------
    PS Vita Access Investigation (not all in here) ;) 
    Discover by Nabnab 
    PS: check the last part ;)
    --------------------------------------------------------------------------------
    
    
    Task Oper Get Vita Info
    Mtp VITA Connection Manager
    Event Args Vita Connection Status Changed
    App Delegate connect Vita
    App Delegate vita Negotiation Completed
    Settings vita Connected
    Connect Vita on OK
    Connect Vita window Will Close
    Connect Vita awake From Nib
    Vita Connection Status Changed Event Job execute
    Application Is PlayStation Vita Connected
    Vita Info Get Protocol Version
    BrowserCore Is Vita Info Available
    BrowserCore Clear Vita Info
    BrowserCore Initialize Vita Info String
    Vita Info Reset
    Configuration Get Vita Game Home Path
    AVC_Vita Movie Profile
    Vita Info Photo thumb
    Vita info music thumb
    vita info video thumb
    vita info game thumb
    vita info attr thumb width
    vita info attr thumb height
    Get Fake Game Pkg Home Path
    Configuration Get Vita Game Account Home Path
    Configuration Get PSP Game Account home path
    FS File Game Package
    Serializer Set Game Metadata
    Serializer Set Attribute Game Type
    PSP Game SFO Param
    PSP Game thumb
    PSP -> PSP_libccc.cpp
    PSP -> PSP_libccc.o
    PSP -> PSP Savedata.cpp
    PSP -> PSP Savedata.o
    PSP -> PSP savedata.h
    PSP Savedata has Metadata
    PSP save data get metadata
    PSP save data has file system info
    PSP save data get date created
    PSP save data get data last modified
    PSP save data get path
    PSP -> SavedataSubFolder.cpp
    PSP -> SavedataSubFolder.o
    PSP -> PSPSavedataSubfile.cpp
    PSP -> PSPSavedataSubfile.o
    PSP Savedata Sub File
    PSP -> PSPSavedataSubfile.h
    PSP -> PSPSaveDataRoot.cpp
    PSP -> PSPSavedataRoot.o
    PSP Savedata Root
    PSP Savedata Root Get Children
    PSP Savedata root get Child count
    PSP Savedata root Create Instance
    PSP Savedata Root get type
    PSP -> PSPSavedataROot.h
    PSP save data root get title 
    PSP Game home path
    vsh meta_gen_types.h :)
    Task Oper Send In stem info for VSH
    vsh -> sortKeyCreator.cpp
    vsh -> MDgenerator.cpp
    vsh -> DBaccessor.cpp
    vsh -> localfile_types.h
    vsh -> file_types.h
    Vita -> NPAccountdebugsetting.cpp
    Vita -> NPAccountdebugsetting.o
    Vita NP account debug setting
    Vita NP account debug setting get instance
    Vita NP account debug setting read setting file
    Vita NP account debug setting get log level
    Vita NP account debug setting get NP Env
    Attached Files Attached Files

  2. #2
    Junior Member hacked2123's Avatar
    Join Date
    Nov 2006
    Posts
    665
    Sponsored Links
    Sponsored Links
    Amazing. Appears we are having better luck with the PSV than the PS3. I am looking to expand the knowledge of the PSV as well if you are interested in contacting me.

  3. #3
    Senior Member Nabnab's Avatar
    Join Date
    Dec 2011
    Posts
    157
    Sponsored Links
    Sponsored Links
    Also about the PS Vita you remember i reveal few weeks ago/over month the method to access to the hidden system information on the PS Vita.. Sony Patched the method on 1.60/1.61

    About the HBL i'm sorry to say that but it's already over (Sony will prevent this by updating soon the system to run only ARM native program and don't use anymore the MIPS Wrapper) 1.65/1.70 come soon

    They didn't block the Debug and not sure they can block it

    About the Transfer Files without CMA that i was showing on a youtube video.

    -On MAC OS, use the Application Share and WebShare (or use a alternative on Windows)
    -DNS Settings/Proxy server on your PS Vita -> Add the IP of your iMac/Macbook/hackintosh/Windows Computer
    and put the files on your webshare that you want to transfer or show on your PS Vita
    -Open the Navigator of the PS Vita and write the IP of your computer, press enter
    and you would see all the files from your computer, you just need to click on it to transfer that on your PS Vita

    (nothing related to the debug access etc...)
    Last edited by Nabnab; 02-24-2012 at 12:55 PM Reason: Automerged Doublepost

  4. #4
    Junior Member mrlowalowa's Avatar
    Join Date
    Oct 2011
    Posts
    31
    Dude.. You are amazing and have too much time

    Great work

  5. #5
    Senior Member cfwprophet's Avatar
    Join Date
    Jul 2008
    Posts
    1,815
    The part about the webshare is already known and was discovered weeks ago from some one else

  6. #6
    Senior Member Nabnab's Avatar
    Join Date
    Dec 2011
    Posts
    157
    What are you talking about ? the part of webshare was discovery by me and explained by me on the video from over month ago
    if you don't have anything to say, please don't post in this thread.

  7. #7
    Senior Member Nabnab's Avatar
    Join Date
    Dec 2011
    Posts
    157
    OK Actually two method give you the possibility to go under Debug USB PS Vita

    The debug USB key button mode only work with a old firmware.
    The debug USB and more access on new firmware is different and work on a specific mechanism that need to exploit ioctl.

    I'm talking about a full access to the system.

    Did you know why they take off the facebook app from the PS Vita ?... because facebook app include a fail algo that let you execute unsigned code hello arm coding

  8. #8
    Junior Member mrlowalowa's Avatar
    Join Date
    Oct 2011
    Posts
    31
    that is something that I would call Epic FAIL!!

    They do not really learn about their failours before, or do they?

  9. #9
    Senior Member Nabnab's Avatar
    Join Date
    Dec 2011
    Posts
    157
    They learn but a USB connectivity working also with windows app, i don't call that a super security (i can say that the 3DS is more secure than the PS Vita) when you know that the USB connectivity talk too much

    Small update about the Full Access

    [Register or Login to view links]

    More infos Full Access PS Vita Information

    On the new firmware, the debug usb mode work differently (the key button doesn't work on it) That you need to use a mechanism that exploit the ioctl to call the debug usb mode and more

    CMA use specific point and include secret key the unique key of your PS Vita are save in a special cache on your Windows for example and as you can see if you check the key of CMA on your windows reg, you can find that the CMA work in read-only mode that you can't modify and only Sony can modified this (this is pretty illegal, it works like a spyware/malware that let Sony control your computer) anyway this can be fixed, check your reg

    For now, i need to keep that secret for while but i give you some clue
    When you connect the PS Vita to your computer (use a USB Log), i already explain that before but i do again, the PS Vita try to connect to the Sony server by the help of CMA Application (globalsign server also) that confirm everythings is ok and updated.

    Open CMA.exe with a hexa editor and copy all the http/https and add them into your hosts file.

    if you want to exploit your PS Vita, again, check into the ioctl !! it's important ever kernel Unix or Win NT use this for the USB rooting

    About Facebook App on the PS Vita recently retired
    One of the reason was maybe because the Facebook App allow us to run unsigned code on the PS Vita (ARM Code what's up)

    This was a badly fail but don't worry, i can say that the PS Vita is already so open (i don't like to use the word hacked) but Open is better to represent how the PS Vita offer more information than what we are thinking

    Also to my friends that made VHBL, better to release that now before the update 1.65/1.70

    Sony already know and would release a cutie update to prevent this thing (remember not anymore MIPS Wrapper and welcome ARM native program)
    Anyway the PS Vita use Third-Party Software that you can find some source on the Web

    About technical USB information (that is important to know) sure that some people saw it

    The USB Port of the PS Vita have 21 Pin
    The USB Cable of the PS Vita have only 9 Pin (12 pin out)
    Attached Files Attached Files

  10. #10
    Senior Member Nabnab's Avatar
    Join Date
    Dec 2011
    Posts
    157
    More infos about IOCTL Access/Control and also CMA Request under Mac OS

    [Register or Login to view links]
    Code:
    PS Vita Access under Mac OS/Linux -> BSD Control SysCall
    
    Use POSIX I/O functions to access to the PS Vita. 
    you also can use the fcntl and ioctl functions to control files and devices.
    
    Launch Terminal Windows with the command man ioctl (under sudo it's better)
    
    You are supposed to have this
    
    IOCTL(2)                    BSD System Calls Manual                   IOCTL(2)
    
    NAME
         ioctl -- control device
    
    SYNOPSIS
         #include <sys/ioctl.h>
    
         int
         ioctl(int fildes, unsigned long request, ...);
    
    DESCRIPTION
         The ioctl() function manipulates the underlying device parameters of spe-
         cial files.  In particular, many operating characteristics of character
         special files (e.g. terminals) may be controlled with ioctl() requests.
         The argument fildes must be an open file descriptor.
    
         An  ioctl request has encoded in it whether the argument is an ``in''
         parameter or ``out'' parameter, and the size of the argument argp in
         bytes.  Macros and defines used in specifying an ioctl request are
         located in the file <sys/ioctl.h>.
    
    -----------------------------------------------------------------------
    
    What CMA/USB Do under Mac OS ? 
    
        + 2574 start  (in CMA) + 54  [0x8686] 
        
    2574 Thread_412081
        +     2574 _ZL16BeginThreadProxyPv  (in CMA) + 77  [0xa0bca]
        +       2574 MsvCommandExecutor::threadProc(void*)  (in CMA) + 17  [0x1bec7]
        +         2574 MsvCommandExecutor::run()  (in CMA) + 92  [0x1c50c]
        +           2574 MsvCommandExecutor::wait()  (in CMA) + 164  [0x1be42]
        +             2574 XpManualEvent::Lock(unsigned long)  (in CMA) + 87  [0xa23a1]
        +               2574 XpComboSyncObject::waitCondition(unsigned long)  (in CMA) + 44 [0x9ac6683e]
        2574 Thread_412082
        +     2574 _ZL16BeginThreadProxyPv  (in CMA) + 77  [0xa0bca]
        +       2574 MsvTaskProcessor::threadProcMain()  (in CMA) + 18  [0x42602]
        +         2574 MsvTaskProcessor::run()  (in CMA) + 64  [0x43226]
        +           2574 MsvTaskProcessor::wait()  (in CMA) + 167  [0x42b15]
        +             2574 XpManualEvent::Lock(unsigned long)  (in CMA) + 87  [0xa23a1]
        +               2574 XpComboSyncObject::waitCondition(unsigned long)  (in CMA) + 44  
    [0x9c98442c]
        2574 Thread_412085
        +     2574 _ZL16BeginThreadProxyPv  (in CMA) + 77  [0xa0bca]
        +       2574 MtpManager::eventProc(void*)  (in CMA) + 118  [0x12bb3]
        +         2574 cellUsbMtpRecvEvent(CellMtpTransport const*, unsigned int, CellMtpEvent*)  (in CMA) + 174  [0x11ba7]
        +           2574 cellUsbdTransferRecvForEvent(unsigned int, unsigned char, void*, int, unsigned int*)  (in CMA) + 111  [0x10384]
    
    [0x9ac64c22]
        2574 Thread_412100
        +     2574 _ZL16BeginThreadProxyPv  (in CMA) + 77  [0xa0bca]
        +       2574 _ZL5entryPv  (in CMA) + 17  [0x47d07]
        +         2574 MsvFolderWatchManager::Run()  (in CMA) + 278  [0x48074]
        +           2574 MsvFolderWatchManager::IsContinue()  (in CMA) + 32  [0x47f2c]
        +             2574 XpManualEvent::Lock(unsigned long)  (in CMA) + 87  [0xa23a1]
        +               2574 XpComboSyncObject::waitCondition(unsigned long)  (in CMA) + 44   [0x9ac6683e]
        2574 Thread_412483
        +     2574 _ZL16BeginThreadProxyPv  (in CMA) + 77  [0xa0bca]
        +       2574 _ZL5entryPv  (in CMA) + 17  [0x47d07]
        +         2574 MsvFolderWatchManager::Run()  (in CMA) + 278  [0x48074]
        +           2574 MsvFolderWatchManager::IsContinue()  (in CMA) + 32  [0x47f2c]
        +             2574 XpManualEvent::Lock(unsigned long)  (in CMA) + 87  [0xa23a1]
        +               2574 XpComboSyncObject::waitCondition(unsigned long)  (in CMA) + 44  [0x9ac6683e]
         +     2574 _ZL16BeginThreadProxyPv  (in CMA) + 77  [0xa0bca]
        +       2574 _ZL5entryPv  (in CMA) + 17  [0x47d07]
        +         2574 MsvFolderWatcher::Run()  (in CMA) + 413  [0x47bf9]
    [0x9b737c7a]
        +                   
        +     2574 _ZL16BeginThreadProxyPv  (in CMA) + 77  [0xa0bca]
        +       2574 _ZL5entryPv  (in CMA) + 17  [0x47d07]
        +         2574 MsvFolderWatcher::Run()  (in CMA) + 413  [0x47bf9]
    0x9b737c7a]
        +                 
        +     2574 _ZL16BeginThreadProxyPv  (in CMA) + 77  [0xa0bca]
        +       2574 _ZL5entryPv  (in CMA) + 17  [0x47d07]
        +         2574 MsvFolderWatcher::Run()  (in CMA) + 413  [0x47bf9]
    [0x9b737c7a]
        +                   
        2574 Thread_412487
        +     2574 _ZL16BeginThreadProxyPv  (in CMA) + 77  [0xa0bca]
        +       2574 _ZL5entryPv  (in CMA) + 17  [0x47d07]
        +         2574 MsvFolderWatcher::Run()  (in CMA) + 413  [0x47bf9]
       
           9       _ZL16BeginThreadProxyPv  (in CMA) + 77  [0xa0bca]
            6       _ZL5entryPv  (in CMA) + 17  [0x47d07]
    Attached Files Attached Files

 

Sponsored Links
Page 1 of 6 123 ... LastLast
Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News