Sponsored Links

Sponsored Links

Video: PS Vita Content Manager and Security Concerns of Wololo


Sponsored Links
144w ago - Following up on the PS Vita HBL Demo, today PlayStation Vita hacker wololo has shared details on the PS Vita Content Manager and the related security concerns as outlined below.

To quote: A few days ago I posted my concerns about the “Content Manager” tool, a tool that is compulsory to install and use if you want to copy files from and to your vita. Some people said I was paranoid (see my answer to that at the end of the article), and others shared my concerns and started digging. Interestingly enough, that article gathered almost as much attention as my much more spectacular (in my opinion) video of a Megadrive emulator running on the vita.

Some sites took my words out of context and said that I had proof Sony is spying on us when we copy files. This is not true, I don’t have any proof, just lots of concerns. Because of that I decided to call Sony’s customer service in order to get more information. Read along.

First of all, a piece of relatively good news: some users on French site psvitagen mentioned that it is possible to copy Movies and Music without being connected to the internet, through the dedicated “Music” and “Movie” sections of the vita.

I confirmed this is true, so movies, music and pictures can still be copied to the vita even without an internet connection. The internet connection is however, as far as I can tell, required to copy anything else, which, given the limited possibilities of the vita, basically means PSP/Vita games and/or savedata.

In theory and from what I saw so far, the internet connection is probably used for two things: check for new versions of the firmware (an update was enforced on me if I wanted to keep using the content manager 2 days ago), and possibly do some DRM verifications. That’s the theory, and is somewhat confirmed by some early investigations of the binary by dev Hykem.

So, when you copy it to your vita, Sony checks that your Vita game or your Sony-purchased movie is actually “ok” to play on your vita, to make sure you didn’t steal it or copied it from a friend’s computer. Fair enough (although I would question why this check needs to be done there, rather than directly on the vita). But what happens for content that does not require any Sony drm check is my concern.

Even though it’s possible to copy them without an internet connection, does Sony gather any information on my music, my pictures, or my movies (and how about my games savedata, which do require the internet connection while being transferred) ? Do they collect filenames, id3 tag, or exif information? Probably not, but more transparency on the subject would definitely be welcome. This is not about hacking here, this is about sending private information to a company that has proven regularly that they [Register or Login to view links] with our data.

So, full of concerns, I decided to call Sony’s customer service today (actually my wife did it for me...). The person we talked to, as expected, wasn’t a technical person and therefore had close to no information on this. She was aware that an internet connection is required, and mentioned to us that this is written on the manual.

We explained that we knew that, and that we have an Internet connection (it usually takes time when calling a customer service to explain that you don’t have a technical problem using the software, but an ethical one) , but we’d like to disconnect it when it is not necessary, because we don’t see the point in being connected to Sony’s server when we transfer files between two pieces of hardware we own (at which point my wife added: “especially given what happened to your company recently, we’re a bit concerned about our private information“. Hehe, that’s why I love her ).

Understanding our concern the person at the customer service contacted somebody more technical to get more information on the subject. She then came back to us and told us this was in place to make sure that the computer running the content manager is correctly “associated” to the Vita. She didn’t have any technical details to share about the firmware upgrade or the DRM verifications, but she guaranteed us that no personal data was being transferred. She also gave us her name (which I won’t share here) in case we have more questions on the subject (but don’t ask me to call them more, first it’s not a free call, and second I already felt super bad to have my wife spend 30 boring minutes on the phone for me because of my new toy)

(one thing I’d like to say is that every time I contacted Sony’s customer service, their answers were fairly fast and accurate. They usually give me bad news, but they’re doing their best to help. The only time they were completely wrong was when my PSP 1000 stopped accepting connecting to Media Go. They told me it was because the PSP was a Japanese PSP, and I was trying to connect to the European store. I knew this wasn’t true since I had no problem doing the exact same thing with two other PSPs. The real cause was probably that Sony had banned my console for some reason. Anwyays overall thumbs up for the efficiency of the customer service)

So, that’s the official answer, but I’m sure some of us will pass the PC parts of the Content Manager through their microscopes to confirm if this is true. But at least now I have some official information from Sony, which is, in a way, positive. Nevertheless, it does not statisfy my curiosity on some of the files found by Hykem, (such as Mp3Promoter.suprx, png_promoter.suprx, etc… so I’m sure many people will want to learn more about this thing.

Oh, Before I go...

Note: don’t read the section below if you don’t like me when I rant, I know some of you don’t like me when I do that (Spare me the “why do you buy Sony products in the first place?” types of comments if possible, as that’s not the point)

A personal note about why I’m doing all of this, and a message to haters. There’s something interesting about fanboys, no matter how much you show them the truth and give them verifiable proof about it, they’ll always find excuses to justify the illegal behavior of their favorite company. A few days ago I started investigating the insides of the PS Vita. I got HBL to run on it, and was able to run PSP homebrews on the vita. Fanboys told me I would kill the vita because of piracy.

I also raised privacy concerns about the vita “content manager”, a tool that is compulsory to use if you want to transfer some files from and to your vita, and requires you to be constantly connected to the internet while doing so. Again, Sony fanboys told me Sony would never spy on their users, or went [Register or Login to view links] on me, telling me that Sony probably has good reasons to spy on me in the first place.

Well guess what, champions: my work on the PSP was never used in any way to pirate Sony’s content, because it is not technically doable to do such a thing with HBL. And telling me that Sony would never do something illegal to their users is completely forgetting that they intentionally did so a few years ago with their infamous [Register or Login to view links].

There’s no historical record of me being a bad guy, I was never sued or sent to jail in my life, while Sony has proven several times to engage in illegal or barely legal activities (see the rootkit case, or the Sony VS Universal studios case), but yet in Sony fanboys’ heads, I am the one with a suspicious behavior. Next time you comment on my work, just get your facts straight, not all hackers are promoting piracy, and my work (HBL) cannot be used to pirate games.

I won’t pretend I’m a fighter of freedom or anything, I do this mostly for fun, but I take extra care to do things that are legal, or at least not ethically questionable. The same cannot be said for Sony, so it is perfectly legit to have doubts about the tools they make me install on my machine, even if in the end the suspicions were wrong.

Sony lost their “presumption of innocence” rights years ago, I’d rather assume they’re guilty first, than feel sorry for myself later when the contents of my hard drives get leaked from Sony’s servers by some black hat hacker.









Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 189 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

ModderFokker's Avatar
#154 - ModderFokker - 135w ago
I shall wait and be ready master... for you to reveal our glorious future.

PS3 News's Avatar
#153 - PS3 News - 135w ago
Following up on his previous update, today PS Vita homebrew developer wololo has announced that the PS Vita Half Byte Loader (VHBL) will arrive shortly after March 1, 2012 with details below.

To quote: "This has been a tough week for lots of you, coming to my blog everyday to see that no new information was available about the release of VHBL. Trust me, it's been a much tougher week for me, making sure things go according to my humble plan, coping with a few more issues than expected, and overall, taking all the insults about "being a faker" or "trying to boost my ego" without being able to say anything else than "please trust me".

Ok, let's reveal a few essential things here, starting with the bad news: The game used by Teck4′s exploit is not available on the US vita store. Blame Sony and their "275 out of 900 PSP games available for your vita" scheme for this, not us. Part of the waiting time was to see if Sony would add this game to the US store at some point. It is obviously compatible since it is available in other continents, so my guess is that this is a marketing or a legal decision.

Long story short, people in the US who want to enjoy HBL on their vita, for now, will have to create a European (or HK, or JP,...) PSN account, buy a PSN card for that specific store (google for online shops that can sell you those and email you the code within a few minutes), and buy the game from there. A 20 euros card will cover for the price of the game as far as I know (Update: a 20 pounds card will be enough on the UK store).

This also means you'll have to "link" your vita to a European store every time you want to use HBL. Yes, it's super impractical, yes, it makes HBL even less likely to be interesting for you if you're in the US, but no, that clearly was not part of the plan. The game is, after all, available on the US PSN Store, just not for the vita.

I do not plan to wait even more until Sony adds the game to the US Vita store, since that could pretty well never happen, and is wasting everybody's time (people waiting for HBL in Asia have been waiting for this release for almost 3 months now, keep that in mind if you are one of the few who complained that you had to wait for a week). We waited a week for good measure, and saw that Sony is not adding PSP titles on a daily basis.

Waiting in hope for the game to be added to the US store is not the only reason that I "waited" for the release, but that's one of the reasons. Another reason is that there is a maintenance of the PSN, inconveniently scheduled on march 1st, that is, basically 2 days after I initially planned to publicly reveal the name of the game.

After discussing with a bunch of people, I've decided to wait until after the PSN maintenance to reveal the name of the game. Best case scenario, the game magically appears on the store and everybody's happy (I wouldn't dream about that), worst case scenario, the PSN update patches some of the vulnerabilities used for VHBL, and we're screwed. So we'll see...

I'm using the opportunity to remind everybody that HBL is only a PSP homebrew loader. The exploit and HBL do not give you any access to PSP isos, or vita isos, or the vita system, or anything like that. Even compatibility with PSP homebrews is limited, so basically you're better off getting a hacked PSP if playing homebrews is really what you want, and you're better off going elsewhere if piracy or pure vita hacking is what you're looking for. Basically, this hack is for those of us who want to be part of the "first step", however insignificant that step might be. Other people should not buy the game and then blame me for spending their money foolishly, the choice is entirely yours.

I'm just trying to cover my #ss here: don't go and buy a PSN PSP game for your vita if you're deeply expecting something useful out of this. You should buy the game first to play it, second, as a bonus, to get HBL to (maybe) work with it. Again, HBL has been confirmed to work by a few people already, but I cannot predict if Sony will do a magical trick to patch the game under our feet.

Unless something goes wrong, the name of the game will be publicly announced here on March 2nd, after the March 1st PSN maintenance (give me up to 24 hours, I'm not necessarily in the same timezone as you and I also have a real life). The files for VHBL itself will be available shortly after that."

More PlayStation 3 News...

PS3 News's Avatar
#152 - PS3 News - 139w ago
Below is another update on how the PS Vita HBL release will happen from wololo via: wololo.net/wagic/2012/02/03/vita-hbl-how-the-release-will-happen/

To quote: As the release of the PS Vita in the US and the EU gets closer, I’m getting an increasing amount of requests from people about HBL on the vita. I did post a FAQ a few weeks ago, but people still seem to have questions. When will it be released? Will it allow to run PSP isos? Will it work with a demo like for the patapon 2 exploit? Does it support this or that homebrew? etc…

Let me try to answer some of these questions, with more up-to-date answers.

First of all, the easy ones: VHBL (that’s the super new cool name of HBL on the Vita, I’ll let you guess what the V means, I know, I’m super original) will not support loading PSP isos. Basically VHBL will have the same limitations and features as HBL on the PSP, and, last time I checked, running psp isos was not possible through HBL.

The same HBL limitations apply to compatible homebrews. In a general way, user mode homebrews should work for the most part, while homebrews that require kernel access will not work. For now (but that could change), homebrews requiring network access might not work (or at least, the network part of them will not work).

Like in the patapon exploit era, it is possible, depending on the success of VHBL, that we progressively increase compatibility if we (as a community) keep improving the HBL code in the weeks following the release. Oh, and I am talking about PSP homebrews, running in HBL within the PSP emulator. So, for now, don’t dream about a full speed N64 or psp2 emulator. What we’ll get are the PSP homebrews that you already know.

Second, the vulnerability we rely on to run VHBL is a vulnerability in a PSP full Game, not a Demo. This means you will have to buy that game on the PSN in order to run VHBL (just like in the good old days of GTA:LCS for the first eLoader on the PSP). This also means that as soon as we reveal the name of that game, Sony can probably remove it from the PSN and/or patch it.

This leads to the most asked question: when and how will this be released? Well, I have a basic idea on how the release will happen. Nothing spectacular but it should hopefully be enough to guarantee that people who are really motivated in getting their hands on HBL on their Vita will get it. I’m hoping that constantly reminding people that this doesn’t allow the to run any pirated content will attract the right people to this exploit, and not the 95% of pirates that define any console hacking scene these days

In the past weeks I’ve been polishing the release process, and I can’t predict the future, but hopefully it will go well.

Nevertheless, getting access to this exploit for you guys will be a matter of being at the right place, at the right time.

For now I’m thinking Sony’s reaction wil be to remove the game from the PSN within 24h of the public announcement. Worst case scenario, Sony is already aware of the vulnerability and have already patched the game. This is unfortunately not something I can test without getting any more guinea pigs... these guinea pigs will basically be you when the release happens, I can’t really do any better than that.

Obviously, the release will not happen like your typical hack release (a dramatic article on every news site of the planet copying the hacker’s initial blog post). It will be, I expect, a bit more subtle than that.

Anyways, I added a page (wololo.net/wagic/vhbl/) on this blog where the VHBL downloads will be available, so if you’re waiting for HBL on your Vita, just check that page (and our /talk forums - wololo.net/talk/) regularly for updates.

Prince Valiant's Avatar
#151 - Prince Valiant - 140w ago
I'm getting one as early as I can to get a low firmware model, provided it isn't too high.

Neo Cyrus's Avatar
#150 - Neo Cyrus - 141w ago
Quote Originally Posted by ModderFokker View Post
I hope a couple of exploits are kept secret until we actually can buy the damn thing.

(Not talking about import ....)

Meh, it's going to be a game of cat and mouse as usual. They're going to constantly tighten their draconian grip around the throats of their customers while more exploits to free the hardware keep getting released, an endless cycle like always.

As I said before I'm not even considering buying one until it's cracked wide open and until there are Micro SD to whatever-it's-proprietary-nonsense-is-called adapters. There will be for sure, just as there were 2 Micro SD to Pro Duo adapters.

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News