Sponsored Links

Sponsored Links

Video: PS Vita Crash CMA Debug Time via Xcode Execution Demo


Sponsored Links
146w ago - Following up on my previous post, below is a video demonstration for those interested dubbed PS Vita Crash CMA Debug Time via Xcode Execution.

I just released a fast small video to show the crash and freeze of the PlayStation Vita system using Xcode Execution. I also explain how to check every information coming from the CMA to PS Vita (debugger).

Below is a pastebin with tutorial and the video that show you something interesting.. As I promise and I do what I said

The tutorial to Debug CMA PS Vita Under MacOS and Xcode: [Register or Login to view links]

CMA Debugging PS Vita Under Xcode Execution Tutorial

You need a Dev account Apple to have Xcode that you can use your MacOSX under a Development Environment

1- Launch Xcode (Spotlight -> Xcode)
2- Create a Empty Project (MacOSX)
3- Enter whatever name on the Product Name (For Example PSV)
4- A new window appear, change command-line builds use Debug than release
5- Click on BreakPoints
6- On the top menu of the Xcode, choose Product and make a new scheme and name your new scheme psv for example, press ok
7- A new windows appear that you can edit your scheme on the left menu you can see RUN click on it and edit the run configutation build configuration -> Debug Executable (you need to choose the CMA.APP) for that, just click on None to Other and here you choose the CMA.APP Debugger, you can choose ever LLDB or GDB (choose by default GDB) Launch = Auto
8- Choose Diagnostics and here active every option Memory Management (malloc, Guard Malloc, Objective-C) Logging (Memory/execptions/Dyld) Debugger (Legacy->Stop on debugger and debugstr) Click OK (don't forget to active breakpoints before click Ok) click OK
9- Plug-in your PS Vita and Click on RUN (if you are connected in Wifi you just connect fast and disconnect)

Xcode/IO Framework, etc it's the best way to exploit the PS Vita under MacOSX and as you would see, the Sony have a strong access to your kernel system that i really don't appreciate and can control everything

The PS Vita use also NFS -> Network File System and Open Remote System File that ping pong between the PS Vita and Sony Server.

Hope that would help some smart dev And here the video that show you a example of what you can do





Some PS Vita user ask me the PS Vita Windows Driver that i made it's available on the older thread PS Vita 1.50 Firmware but I reuploaded the driver that you don't need to search

Download: [Register or Login to view links]

Griever2Kx It's hope to you, if you want to use your PS Vita use it and update don't worry about the update right now, anyway FW 1.06 is a firmware with too much bug that give you some problem it's unstable and some app/game will not run correctly with this Firmware. It's more easy with 1.06 but also more unstable.




Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew releases!

Comments 55 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles.
 
#35 - Nabnab - 147w ago
Nabnab's Avatar
You can use the debug trick method with the libusb psvita windows driver that a release over month ago but you also need to have Windows SDK to have more control of your kernel and system that let you fix the stupid hierarchy control (register) and check the low-level program that control your system/kernel for example -> CMA

After that i can't help you more under windows, i don't like the unstability of this OS that don't let you to do everything.

#34 - Nabnab - 147w ago
Nabnab's Avatar
1- it's the basic of the endpoints, i already explain what is for, i'm not going to repeat again the endpoints, most of the USB Driver/exploit it's to use the endpoints [Register or Login to view links] and [Register or Login to view links] , the spare control don't exist, you are talking about the bulk use a spare un-allocated (after using all allocated point), also if you check correctly you can find the correct size of the data payload on the endpoint description (related to isochronous)

2- I was talking about the debug button trick that can use under a old firmware PS Vita that let you go on a Debug USB/Arm mode, after it's hope to you to exploit the debug also i wonder who doing the blabla in here don't be unrespectful, reminds me a person who talking like you, anyway

3- Yes that is more detail about the source of the SDK PS Vita/CMA but i'm not going to talk about that (it was a detail that a add under my pastebin, it's a clue) the .h you will not find ever on the PS Vita for the rest, connectivity, system, etc.. it's under the PS Vita

4- Actually IOCTL it's the abbreviation of I/O Control, all the info is here but if you can understand better to stop in here and wait (the Python script is not even related, the Python script is one of the way to exploit the PS Vita and make a alternative driver) that help to understand the PS Vita

the IOCTL can be used with the IOKIT framework that is related to the driver/system execution/control, that what the CMA use to transfer/control the PS Vita (back the endpoint mister) that exist also on Windows dev [Register or Login to view links]

5- Like i said stop in here if you don't know how to use the endpoint or try to learn, i'm not going to explain all that, i can help yes but not explaining a story about the endpoint, if you are a software engineer, i wonder why you don't know that, a application that related to the driver execution need to know where to write to load the USB hardware, maybe you don't make application related to the USB Control

i log is only here to tell you where the information goes and what happen, it's also a help and the base where you need to watch, you need to go under development, i already said to use X-Code/IOKit Framework, OpenOCD, etc...
the communication is between 0x81 and 0x02, 0x83 interrupt the tranmission, use getreport that let you check the control pipe and know and check the raw descriptor-report that let you understand more.

the complete explanation is here and everything that you need for that, if you check the easy way (like the debug trick method) forget about it, i never said it would be easy to use my method that's why i'm working on it for a easy way that let the people just click and run

6-Man page of ioctl, nothing more to say ? mmm actually i show the man control of IOCTL and that you need to launch a terminal under MacOS/Linux/BSD (i'm not talking about windows in here
and for windows it's deviceiocontrol) for the rest is more than useful, it show what CMA control when the PS Vita is connected to the USB port, as you can see CMA work under a kernel mode control
of the Mac OS System

The thread of CMA communication

[Register or Login to view code]


If you can understand this, i can't help more, sorry

7- It's useful because the CMA only work under a monitor mode to control the device, if you want to exploit a USB Hardware, that you need to control the kernel of your own system that to execute what you need without have problem with permission, the mach also virtual memory, the control of the PS Vita it's also here that let the PS Vita think the Application is the right one (signature/encryption)

you don't need anymore internet, you can control the transfer and even more but like i said, you need also and more know the ARM Architecture for understand how to write/read under a external signal

8- I told that the debug trick mode, it was usefull only with a old firmware and by using the libusb windows that i release in the beginning of january, stop insulting and say i'm evasive. if you can't understand, i'm sorry but i'm not going to accept that style of conclusion, i give many many info and i still helping, explaining the last pastbin show you the link to understand the Arm architecture, it give you a lot of information about the debug, the jtag, usb external signal etc...

The CMA it's the base not the conclusion IOCTL it's the best part to exploit what you need, that already explaining a lot, please check the Arm pdf and the endpoint/IOCTL recommendation.

#33 - Griever2kx - 147w ago
Griever2kx's Avatar
Yeah! I know that this wasn't been patched at the Moment, but what i read, it's easier on lower Firmwares to get access to it. (Nabnab said, that it can't be patched... we will see)

Fortunately a Friend of mine had an Mac...

#32 - racer0018 - 147w ago
racer0018's Avatar
From what I have read the exploit that was said to be on there still is on it after the update. I update both of mine.

#31 - Griever2kx - 147w ago
Griever2kx's Avatar
No i don't expect an Iso Loader I'm interested in develop better emulators for the Vita in the Future. I'm still learning how to do this, but first i need a Vita.

Here's my other question, my Vita arrived at Home today and has the FW 1.06... here's my question. When i get home from work, should i connect to the US-SEN and download the Netflix App and go to 1.61 or should i stay on 1.06...

Thanks for the Links, i''ll look into it.

 

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links