73w ago - Following up on his previous confirmation, today Sony PlayStation Vita hacker wololo has made available a video below demonstrating the Half Byte Loader (HBL) running the Picodrive Sega Megadrive emulator with Sonic & Knuckles on PS Vita.
To quote: Update: One important clarification: This video shows HBL running on the latest firmware 1.510. The firmware update that happened today does not patch the exploit, unlike what some sites are saying.
A few days ago Japanese developer Teck4 posted a picture of a “hello world” running on the PS Vita through the PSP emulator. I contacted him immediately with some help from Mamosuke, and I soon got enough information to start working on porting Half Byte Loader to this exploit (note that Teck4 is also working on exploiting this vulnerability further, but I don’t know how far he’s been).
What you see in the video below is the game “Sonic & Knuckles” running in picodrive, a Megadrive emulator for the PSP.
Yes, I’m running an emulator inside a hacked emulator on the Vita, that’s kind of cool. There’s lots to say about this ongoing work, but first let me state that, for once, this HBL port is entirely my work, except for the underlying PSP exploit which is initially from Teck4. I’ve been testing other people’s work for a while, so it was about time I got back to coding myself
Now that my ego is satisfied, let’s move on to the details of the video below. I have good news, bad news, and ugly news. But first check the video below, the first usable hack on the PS vita, 10 days after the console is released
1. THE GOOD
This is technically HBL rising from the deads, running on the PS Vita, and loading the picodrive emulator. Usually I would show you the entire loading process, but you’ll understand that some of the things I do (in particular the exploit used) need to be kept under wraps until the whole thing is made public (if it is ever made public, read more below).
I hope however that given my reputation on the PSP scene this won’t be categorized as a fake, please understand that I can’t show much this time. Picodrive is one of the easiest homebrews to run on HBL for some reason, that’s why I’m using it in my test. People who’ve used HBL a lot in its early days will recognize the sound glitch, this is some 22kHz sound being played at 44kHz, or the other way around, I can never remember.
That’s because the PSP emulator is using PSP’s firmware 6.60, for which HBL’s syscall estimation code seems to be a bit useless. (I am still pending some reply from Teck4 to see if it would make sense to “officially” involve more hackers on this port, and see if we can fix those syscalls problems. For now, as far as I know I’m the only one who made it that far on the Vita, and I feel kind of lonely on this new hacking scene ^^).
Another good piece of news for me is that before HBL could run Homebrews so “smoothly” on the PSP, it took us several months (I can’t remember exactly, 3 month maybe before we got it running “ok-ish” ?), while here it took me 3 days to get it to a usable state. Clearly, we didn’t lie when we said HBL would be portable to new game exploits
So, that’s the good, I’ve proven to myself that it is possible to run HBL and actual homebrews on the Vita. With little effort, HBL could probably be improved to some extent on that exploit, and run a few useful homebrews.
2. The bad
There are slightly bad news too. One is the syscall estimation algorithm being busted, as I explained above. I discussed a bit with JJS, and it is probable that if a function is not imported by the game itself, we might not be able to use it at all. I’ll have a closer look (if I decide to dig further on this) to see if this can be improved, but that could greatly limit the amount of homebrews that can be played on this.
Another issue is that the time currently needed to load/run homebrews for the “end user” is a bit too long to my taste. In its current state, for now I don’t think this is (or will be, even if improved) very useful for the end user. Basically, if I want to run PSP homebrews for now, it’s way easier and cheaper to do so on a PSP, even on an unhacked one, through HBL.
So, the overall uselessness of this makes me wonder if it should be kept secret in order for other hackers to do some research on it, or if it should really be released. I wouldn’t like people to point fingers at me if Sony patches some security flaws after this exploit goes public… I won’t take that decision alone (since I’m not the only one knowing the exploit), obviously, and there’s still time until the US/EU release, but I’m seriously considering the options here.
I have also yet to find a “good” way to install and run homebrews. I thought I had found a convenient way, but it didn’t work as expected. I’ll dig more on that, but it seems the PSP filesystem, as seen through the emulator on the vita, is a bit tricky and sneaky...
There is, however, far worse than the little concerns above. What concerns me to a great extent is that I realized today that Sony can potentially spy everything we do with the content manager. Today I was forced to update my PS Vita to the new firmware. The content manager refuses to run if its PC client is not connected to the internet, and it refuses to run if the console doesn’t have the latest firmware.
This means not only that Sony can force you to update your Vita firmware whenever they feel like it (something they never dared to do on the PSP or the PS3), but also that every time you copy a file from or to your Vita, some information is possibly sent to Sony’s servers. I half joked about me copying my adult movies to the Vita and Sony knowing about it, but it really concerns me that Sony is spying on the files I have on my hard drive just because I bought one of there gadgets.
I’m thinking here that the upcoming hacks for the PS Vita will involve lots of legal fights. It seems to me that unless Sony can prove they are not spying on their users, it is potentially illegal to require the tool to be connected while the content manager is running. Something as big as CarrierIQ could happen to them if their customers are willing to take it to court at some point (that’s an official call to network engineers would would like to analyze what’s going on when the content manager is connected to the Intern...).
Incidentally, this is also means that Sony could be already aware of the hack and the techniques we’ve been using to trigger it, assuming they take a close look at the interactions between users’ PC and the Vita.
Anyways, despite these massive concerns, I’m proud to announce that I got some homebrew to run on the Vita 10 days after its release… as said before by BlackFire, it’s like “posting a sticker on a fortress”. Not very useful, but a message to Sony that we’re around
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Following up on the previous update, today PS Vita homebrew developer wololo has revealed the game used for the PlayStation Vita Half Byte Loader (VHBL) is Motorstorm Arctic Edge (Motorstorm Raging Ice in Japan) and shared a video of it in action below!
As a result, Sony has officially removed the Motorstorm Arctic Edge title from PlayStation Store.
To quote: "Ok, so, since the PSN maintenance is being postponed, there is no reason for me to not give the name of the game used by Teck4 for his exploit:
The Game is Motorstorm Arctic Edge, also known as Motorstorm Raging Ice in Japan. It is available for 19.99 euro on most European Playstation Stores, 15.99 Pounds in the UK, and for 3800 yen on the Japanese store.
Note for North American readers: that game, despite being available on the US Store, is marked as not compatible with the Vita in the US. People who have bought it in the US and tried to transfer it to their vita have failed as far as I know, which is why a few days ago I recommended people in the US to get a European PSN account.
Now what's next?
Well it's simple and stressful at the same time: I'm giving you guys a couple days to buy a copy of that game if you think VHBL is worth it (and assuming you trust that I'm not lying), and then I'll release the VHBL files. There are pros and cons to this "2 steps" release. The cons are that you have to trust me, and there's a possibility Sony actually patches/patched something without me knowing it, the pros are that I don't think Sony will remove the game from their store until they actually have something to patch, so I think this gives you guys a couple days to buy the game.
Or, you can wait until I release the files and other people confirm it works, at which point you run the risk that Sony patches the exploit and/or removes the game from the store before you can even buy it.
Now, let me be clear once again: buy the game if you want to play it, I have no way to guarantee VHBL will work for you, I can just tell that a few days ago this was confirmed to work by a few testers.
Also keep in mind that VHBL gives you no iso, no special access to the Vita hardware, just a limited PSP homebrew experience on your vita. If like me you think it's fun, then you might be interested. Or, if you think that 20 euros is a fair price for one of the best PSP games, then, well, just consider VHBL as a "bonus".
VHBL has been confirmed to work on firmware 1.61. If your console asks you to update to firmware 1.62 or something, I cannot guarantee it will still work. It is also recommended, after you bought the game, to be paranoid and disconnect your console from the network, and to install openCMA. Again, there are lots of unknown things going on with the Vita, it is impossible for me to tell if this will work for everyone.
As far as I know, there are 5 versions of this game out there. I ported VHBL to 4 of them, and I am sure the fifth one is vulnerable too, but I couldn't find any place selling or "distributing" it, so I couldn't port the exploit to it. That being said, it should be "doable" if somebody can get a copy, to port the exploit to that version as well.
Finally, for those who want proof, here's a video:
I want to thank the people who made this release go as smoothly as possible, especially Teck4 and Mamosuke, HBL devs (in particular m0skit0 and JJS, thanks for lurking on the scene for so long, you guys are the real deal!) the mods at /talk who have helped a lot over the past week, the handful of devs/testers who know how to keep a secret (you know who you are), but also the thousands of /talk users who, for some of them, have been knowing the game's name for several days now, and haven't leaked anything.
You guys are truly an awesome community, you can of course now go ahead and let your friends know, or brag about how you've known about the game for a while and hold the secret. It was so far an awesome experiment, let's hope the result will be worth it!"
Too bad my Vita will arrive in 9th March (international delivery) hopefully someone find another exploit by then.