93w ago - Following up on my previous post, below is a video demonstration for those interested dubbed PS Vita Crash CMA Debug Time via Xcode Execution.
I just released a fast small video to show the crash and freeze of the PlayStation Vita system using Xcode Execution. I also explain how to check every information coming from the CMA to PS Vita (debugger).
Below is a pastebin with tutorial and the video that show you something interesting.. As I promise and I do what I said
The tutorial to Debug CMA PS Vita Under MacOS and Xcode: http://pastebin.com/40FrAJXg
CMA Debugging PS Vita Under Xcode Execution Tutorial
You need a Dev account Apple to have Xcode that you can use your MacOSX under a Development Environment
1- Launch Xcode (Spotlight -> Xcode)
2- Create a Empty Project (MacOSX)
3- Enter whatever name on the Product Name (For Example PSV)
4- A new window appear, change command-line builds use Debug than release
5- Click on BreakPoints
6- On the top menu of the Xcode, choose Product and make a new scheme and name your new scheme psv for example, press ok
7- A new windows appear that you can edit your scheme on the left menu you can see RUN click on it and edit the run configutation build configuration -> Debug Executable (you need to choose the CMA.APP) for that, just click on None to Other and here you choose the CMA.APP Debugger, you can choose ever LLDB or GDB (choose by default GDB) Launch = Auto
8- Choose Diagnostics and here active every option Memory Management (malloc, Guard Malloc, Objective-C) Logging (Memory/execptions/Dyld) Debugger (Legacy->Stop on debugger and debugstr) Click OK (don't forget to active breakpoints before click Ok) click OK
9- Plug-in your PS Vita and Click on RUN (if you are connected in Wifi you just connect fast and disconnect)
Xcode/IO Framework, etc it's the best way to exploit the PS Vita under MacOSX and as you would see, the Sony have a strong access to your kernel system that i really don't appreciate and can control everything
The PS Vita use also NFS -> Network File System and Open Remote System File that ping pong between the PS Vita and Sony Server.
Hope that would help some smart dev And here the video that show you a example of what you can do
Some PS Vita user ask me the PS Vita Windows Driver that i made it's available on the older thread PS Vita 1.50 Firmware but I reuploaded the driver that you don't need to search
Griever2Kx It's hope to you, if you want to use your PS Vita use it and update don't worry about the update right now, anyway FW 1.06 is a firmware with too much bug that give you some problem it's unstable and some app/game will not run correctly with this Firmware. It's more easy with 1.06 but also more unstable.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
About the 3DS i can't answer that i don't work on it, i heard about the E-Shop App and also spydump log though the wifi (air packet)
About Netflix app, it's a question of time, still available on the US Sen and it's better to take every revision of this App now before any update but i would be usefull only for who know how to exploit them
i know that i can write inside the app without any problem but i'm not good for that and it's not what i want to use, pretty useless for me to use this way.
We can go into Debug-mode (don't need anymore the debug key tricks) and have a full access to the CPU, the PS Vita fully open is a question of time (for the rest, it would depend of some dev, that want to exploit this one) you are not wrong but don't wait a isoloader or something like that related, what i'm doing to use a bootstrap that let you to load something else
Read this http://www.khmere.com/freebsd_book/html/ch02.html
Also i forget to recommend this for the dev who want to exploit the PS Vita/ARM
About the 3DS there are new thoughts around of hacking the E-Shop app..but first we need a dump of the internal memory...and so on. It's like we stuck on something because the 3DS won't boot if the 3DS recognized that something changed...
And you don't answer my last question about the netflix app... should i download the app from the US SEN, and do we really need them.
What i read, we don't need the facebook-app, because we can get into the Debug-Mode and have fully access to the CPU... with a little bit of reverse engineering we've got everything we need and the Vita should be fully ''open''...and even Sony can't patch it then, because from this point we should have full control over the Vita and find workarounds for Sonys FW-Updates...
correct me if i'm wrong, because i haven't got a Vita yet. I hope my Vita arrives tomorrow.
Impossible to reach you in private so let's talk here.
I'm going to summarize what I understand and what I don't understand of each of your pastebin
1 - http://pastebin.com/xM5TiXHY, it's only the description of the Vita's USB interface. We learn that there is only one configuration and 3 endpoints for it. The first 81 is a bulk input, the 02 a bulk output and the 83 a interrupt in. And like every usb we maybe have a spare control endpoint which is never listed in this kind of output.
2 - http://pastebin.com/W3Z2j2uQ, here you talk about the old button trick to enable the debug mode and blabla. No more information...
3 - http://pastebin.com/hk6nigZz, here we have a list of things... Don't know exactly what it is... but it's funny that you talk about things like "SavedataSubFolder.cpp", "SavedataSubFolder.o".
I can understand that you found .h inside the Vita filesystem but .o and .cpp ?! I don't get the point, how would you find source code directly inside the Vita filesystem ?
Can you explain exactly what is this list ? From where are coming those source files ?
4 - http://pastebin.com/M2Y40JRG, You talk about IOCTL to call the debug usb mode. IOCTL can be used to performe file and I/O control and everything is based on file descriptor (I guess the USB file descriptor). So you are saying that we will need IOCTL to communicate with the USB (but the small python code you released use PYUSB and not IOCTL)... Why not giving us the complete explanation about what to do to enter in debug mode ?
5 - http://pastebin.com/k3TD4Dph, You said that you are exploiting USB transmission/CMA program. I have a complete log of the USB communication between my computer and my Vita. But there isn't usefull information (maybe I need to check it more deeply?). I see the talk between the PC and the vita on endpoint 82 and 02, but nothing interesting. They only use bulk transmissions and don't know what to learn from that...
6 - http://pastebin.com/HPWN3wSK, this is the man page of ioctl. Nothing more to say.
7 - http://pastebin.com/Wrz5Gn7S, it's an execution task (from CMA under Mac Os -that why there are some functions starting by "mach_" -). I don't understand how this can be useful ? I understand that CMA calls can be ended by IOCTL call by the Mac OS, but I still don't understand how this can be usefull ? Could you explain me that ?
8 - http://pastebin.com/hU1M9eWH, you explain what is the debug and monitor mode. Ok. You say that we need CMA and IOCTL to enter un debug mode. But still nothing clearly explaned about of to trigger the USB mode. Please stop to be evasive and give us more info. It will help everyone.
Don't pay any attention to the fame or teasing, i still think that from the beginning have a misunderstood about what i said and what i did, what is the big deal, to lie ? to be famous ? etc ? i mean what is so important doing this ? doesn't make any sense and it will lead nothing than losing time.
I always said that i try to do my best for help and i'm not calling me a hacker but enough out of thread
I didn't try anything on the 3DS and i can't give any help to this (i know where is my limit, still need to learn), the only stuff i found on it, it's launching 3DS game that is not the same region with a swapping method but is not big deal and nothing to do with hacking or exploit 3DS , i'm not sure i could help on it.
the PS Vita is not the same, the PS Vita you can exploit with the connection with have, the 3DS is not that easy (well have the SD Card port) but it's not enough (you would probably need more material), i still think that we would be more stuck on the 3DS than the PS Vita (nothing related but i still prefer the PICA of the 3DS that have more potential to offer than the
SGX543 of the PS Vita, have too much power on a GPU don't mean you can't do all)
I would like to help for the 3DS maybe in the future, if i learn more about the 3DS.
Let me think about it D3mone, have already few person who contact me recently to help me but like i said to them, for now i feel uncomfortable after trying to work with somebody that didn't deserve any attention, i was working more alone than with the person.
I don't want this repeat again but anyway i would update my pastebin when is necessary that to help other dev (people like you) (somebody ask me why you don't make a blog) i don't want, pastebin and PS3news it's enough to communicate
I would let you know if i change my mind, just take time to read all my pastebin
Also if you want to make a app that to exploit the PS Vita (if you are on MacOS) i recommend using Xcode -> I/O Kit framework
About Windows is different, it's more easy to work under MacOS and write a driver that load stuff like that than on Windows, even i release a libusb driver windows for PS Vita, i still prefer working on MacOS that use a hybrid kernel -> BSD/XNU (the CMA MacOS have clearly more access comparetely to the Win version)