Video: PS Vita Content Manager and Security Concerns of Wololo


121w ago - Following up on the PS Vita HBL Demo, today PlayStation Vita hacker wololo has shared details on the PS Vita Content Manager and the related security concerns as outlined below.

To quote: A few days ago I posted my concerns about the “Content Manager” tool, a tool that is compulsory to install and use if you want to copy files from and to your vita. Some people said I was paranoid (see my answer to that at the end of the article), and others shared my concerns and started digging. Interestingly enough, that article gathered almost as much attention as my much more spectacular (in my opinion) video of a Megadrive emulator running on the vita.

Some sites took my words out of context and said that I had proof Sony is spying on us when we copy files. This is not true, I don’t have any proof, just lots of concerns. Because of that I decided to call Sony’s customer service in order to get more information. Read along.

First of all, a piece of relatively good news: some users on French site psvitagen mentioned that it is possible to copy Movies and Music without being connected to the internet, through the dedicated “Music” and “Movie” sections of the vita.

I confirmed this is true, so movies, music and pictures can still be copied to the vita even without an internet connection. The internet connection is however, as far as I can tell, required to copy anything else, which, given the limited possibilities of the vita, basically means PSP/Vita games and/or savedata.

In theory and from what I saw so far, the internet connection is probably used for two things: check for new versions of the firmware (an update was enforced on me if I wanted to keep using the content manager 2 days ago), and possibly do some DRM verifications. That’s the theory, and is somewhat confirmed by some early investigations of the binary by dev Hykem.

So, when you copy it to your vita, Sony checks that your Vita game or your Sony-purchased movie is actually “ok” to play on your vita, to make sure you didn’t steal it or copied it from a friend’s computer. Fair enough (although I would question why this check needs to be done there, rather than directly on the vita). But what happens for content that does not require any Sony drm check is my concern.

Even though it’s possible to copy them without an internet connection, does Sony gather any information on my music, my pictures, or my movies (and how about my games savedata, which do require the internet connection while being transferred) ? Do they collect filenames, id3 tag, or exif information? Probably not, but more transparency on the subject would definitely be welcome. This is not about hacking here, this is about sending private information to a company that has proven regularly that they cannot be trusted with our data.

So, full of concerns, I decided to call Sony’s customer service today (actually my wife did it for me...). The person we talked to, as expected, wasn’t a technical person and therefore had close to no information on this. She was aware that an internet connection is required, and mentioned to us that this is written on the manual.

We explained that we knew that, and that we have an Internet connection (it usually takes time when calling a customer service to explain that you don’t have a technical problem using the software, but an ethical one) , but we’d like to disconnect it when it is not necessary, because we don’t see the point in being connected to Sony’s server when we transfer files between two pieces of hardware we own (at which point my wife added: “especially given what happened to your company recently, we’re a bit concerned about our private information“. Hehe, that’s why I love her ).

Understanding our concern the person at the customer service contacted somebody more technical to get more information on the subject. She then came back to us and told us this was in place to make sure that the computer running the content manager is correctly “associated” to the Vita. She didn’t have any technical details to share about the firmware upgrade or the DRM verifications, but she guaranteed us that no personal data was being transferred. She also gave us her name (which I won’t share here) in case we have more questions on the subject (but don’t ask me to call them more, first it’s not a free call, and second I already felt super bad to have my wife spend 30 boring minutes on the phone for me because of my new toy)

(one thing I’d like to say is that every time I contacted Sony’s customer service, their answers were fairly fast and accurate. They usually give me bad news, but they’re doing their best to help. The only time they were completely wrong was when my PSP 1000 stopped accepting connecting to Media Go. They told me it was because the PSP was a Japanese PSP, and I was trying to connect to the European store. I knew this wasn’t true since I had no problem doing the exact same thing with two other PSPs. The real cause was probably that Sony had banned my console for some reason. Anwyays overall thumbs up for the efficiency of the customer service)

So, that’s the official answer, but I’m sure some of us will pass the PC parts of the Content Manager through their microscopes to confirm if this is true. But at least now I have some official information from Sony, which is, in a way, positive. Nevertheless, it does not statisfy my curiosity on some of the files found by Hykem, (such as Mp3Promoter.suprx, png_promoter.suprx, etc… so I’m sure many people will want to learn more about this thing.

Oh, Before I go...

Note: don’t read the section below if you don’t like me when I rant, I know some of you don’t like me when I do that (Spare me the “why do you buy Sony products in the first place?” types of comments if possible, as that’s not the point)

A personal note about why I’m doing all of this, and a message to haters. There’s something interesting about fanboys, no matter how much you show them the truth and give them verifiable proof about it, they’ll always find excuses to justify the illegal behavior of their favorite company. A few days ago I started investigating the insides of the PS Vita. I got HBL to run on it, and was able to run PSP homebrews on the vita. Fanboys told me I would kill the vita because of piracy.

I also raised privacy concerns about the vita “content manager”, a tool that is compulsory to use if you want to transfer some files from and to your vita, and requires you to be constantly connected to the internet while doing so. Again, Sony fanboys told me Sony would never spy on their users, or went Eric Shmidt on me, telling me that Sony probably has good reasons to spy on me in the first place.

Well guess what, champions: my work on the PSP was never used in any way to pirate Sony’s content, because it is not technically doable to do such a thing with HBL. And telling me that Sony would never do something illegal to their users is completely forgetting that they intentionally did so a few years ago with their infamous rootkit.

There’s no historical record of me being a bad guy, I was never sued or sent to jail in my life, while Sony has proven several times to engage in illegal or barely legal activities (see the rootkit case, or the Sony VS Universal studios case), but yet in Sony fanboys’ heads, I am the one with a suspicious behavior. Next time you comment on my work, just get your facts straight, not all hackers are promoting piracy, and my work (HBL) cannot be used to pirate games.

I won’t pretend I’m a fighter of freedom or anything, I do this mostly for fun, but I take extra care to do things that are legal, or at least not ethically questionable. The same cannot be said for Sony, so it is perfectly legit to have doubts about the tools they make me install on my machine, even if in the end the suspicions were wrong.

Sony lost their “presumption of innocence” rights years ago, I’d rather assume they’re guilty first, than feel sorry for myself later when the contents of my hard drives get leaked from Sony’s servers by some black hat hacker.









Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 188 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

PS3 News's Avatar
#178 - PS3 News - 112w ago
I have promoted this to the main page now and +Rep for the update technodon!

technodon's Avatar
#177 - technodon - 112w ago
As previously reported, PlayStation Vita developer wololo has now released the PS Vita Half Byte Loader (VHBL) and updated the source code for the Motorstorm Arctic Edge buffer overflow exploit according to plan!

Download: PS Vita VHBL for Motorstorm Arctic Edge (EU) / PS Vita VHBL for Motorstorm Arctic Edge (JP) / PS Vita VHBL for Motorstorm Arctic Edge (KR) / PS Vita VHBL for Motorstorm Arctic Edge (US) / VHBL Motorstorm r141 wololo / PS Vita VHBL SVN

To quote: If you are lucky enough to be one of the few owners of Motorstorm Arctic Edge, VHBL is now available for download.

Please report Success/Failure here or on our forums (wololo.net/talk). As you will see, installing homebrews is a bit of a pain, so if you’re a good hearted guy who understands my explanations in the readme, please feel free to share homebrews packaged “correctly” for VHBL.

Note: you can have several homebrews in one “install” file. For example if you zip all your PSP/GAME folder, all the homebrews in there can be installed at once by VHBL.

Credits

HBL port to the KR/US/EU/JP versions of the exploit by Wololo. Thanks go to:

  • Teck4 for the Motorstorm exploit
  • All the devs who made HBL what it is today, in particular m0skit0 and JJS
  • Mamosuke, j416, Some1, and all the other devs who kept the secret, that’s much appreciated guys
  • Monsieur2T2R for the cool VHBL icons/wallpapers

For now, I’m off to bed, but I'll be sure to post more in the days to come, with updates, tutos, technical explanations, etc...

Vita Half-Byte Loader

Vita Half-Byte Loader is a project to port the PSP homebrew loader HBL to the Playstation Vita, through the PSP emulator on the Playstation Vita.
For the latest news about Vita Half Byte Loader, check the VHBL Category on this blog.

Half-Byte Loader (HBL) is an open source Homebrew Loader for the Sony PSP and the PS Vita. It allows to play fan-made games on any PSP up to firmware 6.60, and on the Vita up to firmware 1.61. HBL allows to run emulators for the Game Boy, Nintendo 64, Sega Megadrive, NES, Super NES... and many other applications.

Disclaimer

  • VHBL does not technically allow you to play any pirated PSP or Vita games.
  • Although VHBL is free and open source, the current version relies on a vulnerability in a specific PSP game (Motorstorm Arctic Edge) that you need to buy from the PSN. VHBL comes with no guarantee, especially I cannot guarantee it will work on your Vita, so remember that you pay for a PSP game, and not for anything else. I do not do refunds for the money you gave to Sony
  • It is super easy for Sony to patch the vulnerabilities used by this tool, given the amount of control they have on the PS Vita. VHBL runs fine on firmware 1.61, but for all I know it is possible for Sony to patch the game’s vulnerability without a firmware update. So, once again, before buying the game and downloading VHBL, you need to understand that you pay for the game, and VHBL is a bonus that might or might not work

How to Install and Run HBL

  • It is *strongly* recommended that you turn of all wireless connections on your PS Vita, and that you use OpenCMA (wololo.net/downloads/index.php/download/1252) on your PC instead of the regular CMA. This is recommended because otherwise your console has a way to force you to upgrade the firmware even before you get a chance to use the exploit.
  • Extract this HBL archive in your CMA PSP Savedata folder. It is a folder on your PC named PSSAVEDATA/[lots of random characters here]. If you don’t know where it is, check your settings in CMA
  • Connect your PS Vita to the PC through the CMA, it should give you the possibility to copy the savedata from your PC to the Vita. If not, you probably extracted it in the wrong folder. (Note: You will also want to install some homebrews with a similar technique, read the section below)
  • To run HBL, start the Motorstorm game, select “Load” in the savegame menu, open the HBL savegame, then go to “Wreckreation > Time Attack” and select “No”. At this point, HBL should start. See the video below for details:








Motorstorm Arctic Edge VHBL r141 Changelog:

  • Games using the Quake Engine such as KurokPSP (and probably Quake itself) now work!
  • Geometry Wars Portable, which was also not working for some reason, is now working fine.

How to Install and Run Homebrews

Installing homebrews on the PSP was an easy task. On the Vita, until better solutions are provided, it’s quite a pain in the ass.
The CMA will only let you copy savedata, and will not recursively browse folders.

To address this, HBL comes with a tool that can extract archives with a specific structure.

Packaging the homebrew for installation on the Vita:

1) download PSP homebrews from your favorite Web site (wololo.net/downloads)
2) extract the homebrew somewhere on your hard drive, and with your favorite utility, zip it again with the *store* setting (no compression), in a file that you will name “install.zip”
3) take any PSP savedata (but not the one used for HBL!), and add the “install.zip” to that folder, in your PC CMA folder. so your PSP Savedata will look something like this:

in folder PSSAVEDATA/1a2b3c4def5678/UCUS12345000/ (or something like this) you will have the following files:

  • ICON0.png
  • PIC1.png
  • DATA.bin
  • PARAMS.SFO
  • install.zip

Here you can download an example of packaged homebrew: Doom (http://www.mediafire.com/?yl8518xxh8v9xvp)

Installing:

1) run OpenCMA on your PC, and CMA on your Vita
2) copy the previously packaged SAVEDATA (see above) with your homebrew in “install.zip” on your Vita
3) run HBL (how to run HBL is explained in the previous section)
4) navigate with the HBL menu to the SAVEDATA folder, then go to the folder you just downloaded (in my example, UCUS12345000), and clikc cross or circle on it
5) At this point, the HBL menu should ask you if you want to install the homebrew. select yes, and wait until HBL is done extracting your homebrew
6) The homebrew is now installed, and you can run it by going to the GAME folder, if everything went well, a new subfolder with your homebrew has been created here, and you can run the homebrew

More

OpenCMA is strongly recommended to install if you want to use VHBL. Open CMA is a tool by Virtuous Flame that allows you to copy files from and to your vita without being connected to the internet. This is useful, especially if you don’t want Sony to forcefully update your firmware.

Looking for homebrews that run on VHBL? Check this list (wololo.net/wagic/2010/07/18/15-essential-homebrews-that-run-on-half-byte-loader/) of 15 essential homebrews that run fine with VHBL.

Quick Installing/Using VHBL FAQ

As you might have noticed, using HBL on the PSP wasn’t easy, but on the vita it’s even worse. That’s partially because of the many limitations enforced by Sony’s CMA, but also because I was too lazy to make too many improvements to HBL and the wMenu (mostly because I didn’t want to spend too much time on a tool that people might ditch at the next Firmware update)

Anyways, here are quick answers to the most frequently asked questions I got over the past 3 days

Do I really need to have Motorstorm Arctic Edge in order to run VHBL?

For now, yes. Later versions of VHBL (if any) might rely on other games, but for now, MAE is required.

I don’t have Motorstorm Arctic Edge, and I can’t find it on the Store, where do I buy it?

You can’t. Sony removed the Game from their store on March 2nd.

Is there a way to install Motorstorm Arctic Edge even if I didn’t buy it in time? By sharing my account with somebody, or downloading it from somebody’s server?

No. Each copy of the game is tied to the account that bought it, and Sony made it so that the game cannot be re-downloaded for now, even for those who bought it.

I tried to copy the exploit savedata, but The Vita tells me the data is corrupt, and refuses to copy it?

This seems to be happening mostly with the JP version of the VHBL exploit. Some sites have reported that if you mark all files in the savedata to not be read only, this will work. I’ll see if I can fix that in a future release.

I put a homebrew in “install.zip” as you explained, but the HBL menu isn’t able to install it. I’m pretty sure I did things right the “install.zip” file has to be a zip with “no compression” (also known as “store”. This option is available in most compression tools. I recommend 7zip.

I installed an emulator (or a Book reader). Now I want to install roms (ebooks) for it, do I have to reinstall the entire emulator?

In theory no, if you put the full path in your install.zip archive. For example, if you have a rom named “wololo.bin”, and want to put it in PSP/GAME/Snes9xTyl, just create all those folders, put the rom in it, and create an install.zip that will contain your rom (install.zip/PSP/GAME/Snes9xTyl/wololo.bin).

Practically, that can be difficult to remember, in which case the best is indeed to re-install the full homebrew with the roms in it. The benefit of this technique is that the HBL menu will detect the EBOOT file in your archive, and automatically understand where you want to install your stuff.

Note: you can have many homebrews in one install.zip, as long as they are in different subfolders. I personally simply zipped my entire PSP/GAME subfolder from my PSP Go, and installed the result on my vita)

How do I delete homebrews?

The easiest way is to go in the CMA on your Vita, and delete from there. Unfortunately it makes it difficult to know what you’re deleting. An alternate way is to install PSPFiler and use it to delete. I’m hoping to see some volunteer devs out there to provide alternatives if possible

More PlayStation 3 News...

latexghost's Avatar
#176 - latexghost - 112w ago
try uploading again maybe different server?

technodon's Avatar
#175 - technodon - 112w ago
oh well, there must have been a problem with the upload. i don't think that there is a way to transfer the game anyway. it says must sign in and redownload the content. the only other method i can think of is if sony puts a patched version of the game back on the store we could maybe link to this version with the vulnerability using charles and install it that way..

TrustDevil's Avatar
#174 - TrustDevil - 112w ago
Yea.. Same problem here













Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News