You might have seen YifanLu’s hardware fundraiser on our forums. Yesterday, the famous Vita hacker who gave us native vita homebrew just asked for the community’s help.
His goal: understand the Vita’s security processor in depth.
Although YifanLu couldn’t give too many details on what he’ll use the money for, he explained he needed $1400 to secure a deal with some legit entity that could provide us additional information about the Vita CPU.
Without sharing too many details, I need to emphasize that Yifanlu has insisted on the fact that this approach could lead to nowhere, for many reasons. The seller could decide to not proceed with the deal, or the information we gather could end up being useless for decrypting anything related to the Vita. from what I gathered, there are more reasons this could fail than succeed.
Yeah, those of you who pay attention to detail will know this isn’t a Vita CPU ;)
From YifanLu’s post:
This deal is 100% legal. It is not in the black or gray market. We are not paying a bribe or blackmail or anything shady. The money is not going to Sony (we’re not buying a devkit or registering to be a developer). We are not buying potentially stolen parts from Foxconn factories. Everything is completely clean, or I wouldn’t even be considering it.
The intentional vagueness comes from the fact that this approach of information gathering (as far as I know) has never been attempted before. If Sony finds out, they might find a way to stop the deal. If the other party sees this as something controversial, they will likely back out to avoid any trouble/press.
EVEN if I get all the money, they might still back out of the deal. In that case, I will refund everyone in full.
EVEN if the deal goes through, the information we gather from it may be useless. In that case, we would lose the bet, and the money is gone.
If the information does turn out to be helpful; because of the sensitive nature of it, we will share it with a small group of vita hackers for the time being. However, I promise that no later than a year from now, any information we get not subject to NDA will be released.
What’s interesting here is how fast YifanLu was able to gather the $1400 from our community. Within less than 24h, the goal was reached. Apparently some big donator has been lurking on the Vita scene It also shows that YifanLu has given enough to the scene that we know we can trust him with this kind of thing.
Although there is absolutely no guarantee at this point that this could lead to anything useful, this is overall good news for the scene, let’s see what happens next!
Developer WulfyStylez at GBATEMP released “TWLTool” which can be used for downgrading system titles on Nintendo DSi/DSi XL, save injection to NAND and probably much more. It requires hard-modding and a way to get your NAND CID (possible through a savegame hack and probably other methods).
Nintendo DSi is the successor to Nintendo DS/DS Lite. It has a better screen, camera, increased RAM, faster CPU, e-shop and many more features. Unfortunately too few games made use of the additional features of DSi. Probably because of that, too few hacks were made for the DSi mode exclusively and most of them are blocked at latest 1.4.5 firmware. You probably heard about Sudokuhax (a DSi mode exploit) which is no longer available.
Due to the recent developments on 3DS hacking scene, luckily we now know more about DSi NAND structure. TWLTool makes it possible to downgrade system titles and savegame dumping/injection. This means you can inject saves directly to your NAND and make Sudokuhax or any patched DSi exploits work again.
Being restricted to hard-mod and a savegame for a special game will seriously decrease the number of users who will take advantage of this hack but i am pretty sure it will let developers search the system more and who knows we might take advantage of this without a hard-mod one day. Being a proud owner of a 1.4.5 DSi XL, i am very excited about TWLTool and what it will bring in the future. Also any development on DSi will positively affect 3DS too as it has all the capabilities of a DSi inside of it.
Xmax Katsu is currently teasing something that he calls a ‘Hybrid Firmware’ (HFW).
The term hybrid Firmware must not be confused with a proper Custom Firmware, but what is an HFW?
If we go back to the PSP, then we will see that hybrid firmwares used to be around a few years ago. The older 3.xx OE CFWs have been hybrid (custom) firmwares, since they were based on firmware 1.50, but had an additional 3.xx custom firmware kernel.
As of firmware 3.70, the first ‘universal’ PSP firmware that supported not only the old PSP 1000, but also the (then) newer PSP 2000, this got swapped and the 3.70 had been the base firmware, while an additional, optional 1.5 kernel add-on was available for PSP 1000 users. All future (4.xx, 5.xx, 6.xx) CFWs are following this latter concept (at least so far).
Back to the Playstation Vita. While the PSP had full kernel access, this is not available on the PS Vita. A hybrid Firmware is (apparently) nonetheless possible, and can kinda be described as having different parts of different official firmwares on the PS Vita.
For example the device identifies as (an attack helicopter… Nah, just kidding) firmware 3.51/3.52, but has a base firmware of 3.18, and core parts of firmware 3.36.
This would enable one to visit the Playstation Store, play games that ‘require’ a higher firmware (unless those requirement claims are legit – then it won’t work until you run the proper requirement firmware), but also be able to use exploits & software that was created for lower firmwares (e.g. the 3.18 or 3.36 one).
Such a HFW would be the perfect kind of official firmware, even though it still doesn’t have kernel access. It would retain the so far achieved hacking methods, while also allowing someone to enjoy the ‘new and exciting features‘ that a newer Firmware would offer.
Regardless of OFW or HFW, you still won’t be able what a proper CFW would offer you: Kernel access.
An HFW would just allow you to kinda >em>”merge” two different OFWs into one, which then lets you use the currently available hacking stuff for older firmware, while the device itself & the Sony servers think it is running the higher version.
Before you guys are asking for a download link & tutorial, keep in mind that this still involved a hardware modification, which is something 95% of the people are not willing to do (themselves).
An easy one-click software solution is not yet available, and will most likely not be available for a few years.
While they sound promising, you should keep in mind that their Tricks are neither a “Jailbreak”, nor a real hack, per se. What I am exactly talking about can be read below…
Prelude:
Without going to argue why or why not it should or should not be called a “Jailbreak“, I am just going to focus on the part why the so called “Playstation 4 Jailbreak/Hack” is nothing more than a cheap trick, at best.
Being able to dump & restore the NOR is of course a hard thing. I am in now way discrediting anyone who worked on being able to read the NOR of the PS4!
A hardware hack is a real tough job, which requires precision & dedication.
The thing that is not only grinding my gears, but also other people’s, is that a simple trick is being sold to youas a fully fletched “PS4 Jailbreak” or even “Hack“, while it is neither.
If you have a (rather modern) Playstation device (PSP, PSPgo, PS Vita, PS VitaTV, PS3 or PS4), you will have noticed that you have to activate your device, before you are able to run any DRM-content (basically bought / account bound content). You are usually limited to 3 stationary (PS3/PS4) and 3 handheld (PSP, PSPgo, PS Vita, PS VitaTV) devices à PSN account.
This means, before you are able to use a 4th device with your account, you would usually have to disable one of your 3 devices prior to activating a fourth one.
In theory and even in reality this enables you to share one PSN account with 2 other people, which should reduce the cost of games by 3 (basically times 1/3rd).
But this being limited to only 2 other people, next to yourself – of course, is not really a profitable way of selling pirated games.
I am going to show in an example how easy it is to trick the Sony activation servers, as long as you are able to read & restore the Nand of your Playstation device.
Simply said: If you are able to create a nand dump, and restore it at a later date, you will be able to activate as many Playstation device to one account as you want.
If you want a longer explanation, then watch or read on:
How to link (virtually) infinite PS device to one PSN account:
Since the most open, rather modern, Playstation device is the Playstation Portable, I am going to use said PSP for my example.
Like I have said above, you are limited to having 3 portable devices à PSN account. If we are going to act like the PS Vita would not exist, this would mean that you can link up to 3 different PSPs to one PSN account, before being forced to disable one of the already enabled devices.
If you are able to dump the Nand of the device, but also able to restore said Nand at a later date, you will be able to circumvent said activation limit of 3 devices.
It does not matter if you dump & restore the Nand via external devices (Hardware mod/flashers), or via a simple software dumper & flasher, e.g. via a Custom Firmware.
For my example my PSP 3000 is going to run the most recent official PSP firmware, system software 6.61, since it is required to visit the PSN store.
I am only going to ‘abuse’ the usage of a Custom Firmware, 6.61 LME-2.3 in this case, for dumping and restoing the Nand dump. Everything else will be showcased on the OFW itself.
Requirements:
Being capable of accessing & using the PSN services
Being capable of dumping and restoring the devices Nand (via Hardware mods or via software dumper tools)
Being capable of abusing Sony’s activation server
So a PSP running system software 6.61, access to the 6.61 LME CFW & having a Nand dumper homebrew is virtually everything you need.
The so called “Hack”:
At first you do the same as a normal PSN user would do. Set up your PSP on firmware 6.61, connect to the Wifi and login into your PSN account.
Then go ahead and download some games. After you are done, be sure to check if they successfully boot (they should).
If they don’t, go into your Account management and manually activate your device for the usage of PSN titles (PSP & PS1 games in this case).
After we have confirmed that everything is working as intended, we are going to boot into the CFW and use the Nand dumper homebrew to create a Nand dump.
The next step would be connecting to the PSN servers once again (login into your PSN account), from which we are going to disable our device.
It should be available in the account management options, from which we are going to manually disable our device from using PSN content.
After disabling our device, the software, that was working a few minutes ago, should now report that it cannot be used, unless we (re-)activate our device.
We are not going to reactivate our device by connecting to the PSN servers, since this would fill one of our three slots for the portable devices.
Instead we are going to abuse being able to restore the just created Nand dump, which conveniently stores if the device is activates or not.
So we are going to boot back into the CFW, which enables us the restore the Nand dump.
After the Nand has been successfully restored, we will, once again, be able to boot the linked PSN accounts content, despite officially not being activated anymore.
In the end it is important to mention that connecting to the Internet, well… or at least to the Sony servers, will either re-activate your device by its own, or simply tell your device that it has been disabled, and therefore stops the software from working again (the more likely thing to happen).
Conclusion:
So in the end we are abusing the fact that Sony is storing the devices activation status on the device itself, rather than being forced to verify our device on every boot with the Sony servers (something similar to this is necessary with the PSM Dev app on the PS Vita), to ensure that we are not trying to trick them.
Before the Playstation 4, WiiU and Xbox One – which is still a *** name, by the way – had been officially released, there was the talk of them having an always online ‘feature’, which pretty much required you on every boot to connect to the companies servers, and verify that your device, account and co. are used like intended.
Due to most people not being a fan of this feature, they did not implement it (or removed it at an early date, depending on the console), which in the end is now the culprit for allowing the thing I just described. In hindsight, they better should have implemented this inconvenient feature into their consoles, to ensure that piracy is not going to happen, or at least very very limited (3 devices à account, in Sony’s case).
Back to the so called “revolutionary brazilian Playstation 4 ‘Jailbreak'”.
While it is not 100% confirmed what way of injecting the pirated games they are using, it is very likely that they are using a method similar to the one I just described:
Abusing being able to dump a Nand, restore a Nand and tricking the activation servers (which can be blocked in your router, thus technically enabling you to fully use the PSN account on the 4th, 5th, … Zth activated device).
Those were my 2 eurocents, heh, about this topic. Feel free to discuss in the comments section if you would agree with me, or if you think that I am being too close minded about this topic
Some people just seem to never be able to stop. Smealum just released Ninjhax 2.0: a hack that lets you run unsigned software (homebrew) on your 3DS, and it is compatible with the latest and greatest firmware, firmware 9.9.
Smealum released a video showcasing ninjhax 2.0 in action (see below).
Just like for the original Ninjhax hack, the game triggers an exploit in game Cubic Ninja. A legit cartridge of the game is required to run the exploit. Cubic Ninja is available on Amazon, alas not at reasonable prices (the same game cost about $5 last year. It’s a terrible game, in case you ask). As of now, it can be purchased for about $40 used, the question being how much you value homebrews, region free games, and, potentially, pirated games down the road.
On the video, smealum showcases a 3DS on the latest firmware, running a series of homebrews/emulators BlargNES, GameYob (a GBA emulator), the popular 3D Portal-like homebrew Game, and confirms that region-free loading works by loading a copy of Super smash Bros from a different Region.
To run Ninjhax 2.0, you will need the following:
A 3DS, 3DS XL or 2DS console with a firmware version between 9.0.0-X and 9.9.0-X. X can be any digit.
An SD card compatible with your 3DS (the one it comes with will of course do).
PSM+ allows you to access PSM and PSM Unity (coming soon) without a license from Sony. This means you can develop and test with the PSM SDK and PSM for Unity without a publisher license–even after Sony shuts down developer access. Additionally, it allows for hacks such as Rejuvenate to work on any device with PSM DevAssistant installed for unrestricted native homebrew.
You must be running firmware 3.51 or lower and have PSM DevAssistant installed on your PS Vita.
PSM+ is compatible with the PSM Unity Assistant app, but the rejuvenate hack has not been ported to this yet. You should be able to try PSM+ if you have the PSM App for unity, though, in order to confirm you can run PSM apps with it.
How to use PSM+
PSM+ works in two steps.
In the first step, you receive a special license by email that needs to be installed on your Vita , + matching files for your computer.
The second step is something you need to do on a daily basis: you need to update your license to prevent it from expiring. This is also done through an email sent by our servers.
The last time we spoke of RetroArch was quite a while ago, where it was confirmed working on the PS-Vita’s TN-V around last year December. Libretro’s now getting back to releasing yet another great update from the multi-system emulator, RetroArch 1.2. Although the 3DS version is still under development, we can expect this update for the PSP in the coming weeks. This new update brings a lot of new goodies such as:
– Brand new ‘eye candy’ menus
RetroArch now lets you select between three menu display modes:
* RGUI – a very classic, low-resolution menu
* GLUI – a more advanced GL-based menu that lends itself well to touch-based devices
* XMB (a horizontal crossbar menu that is the most eyecandy-rich of all three right now. Similar to the PS3’s and PSP’s menu.
– Scanning files/directories and adding them to the system collections
With this you no longer have to browse your file system all the time looking for a ROM to play. If RetroArch finds a match with a known game on a given system/emulator, it will then add this game to a collection based on the system/emulator of that game.
– Downloading cores online
You can now download cores from RetroArch’s buildbot within the program. Go to Online Updater -> Core Updater and select any of the cores you’d like to have updated/installed.
– Built-in input mapping
To access this option Go to Settings -> Input Settings and select ‘Bind All’ to bind each and every button one at a time, or bind the actions individual.
– Ability to remap controls
Similar to what we saw on a recent PS4 update. To access this option, go to the ‘Quick Menu’ and select ‘Core Input Remapping Options’. From there you can change the controls for each core, which are then saved into a config file.
– Multi-language support
This is self explanatory.
– Box Arts!
And a bunch of other cool stuff with more details. You can check them all out here!
I’ll conclude by quoting what Libretro had to say about their PSP/3DS updates:
Some other notes (3DS / PSP version)
We could maybe push out a PSP version of RetroArch 1.2 in the upcoming weeks. I’m hoping to get back with the main contributor (aliaspider) who worked on these ports so that we can be assured that we can at least push out the PSP version in a more or less stable and decent state.
Regarding RetroArch 3DS: it’s still very much a work-in-progress and I don’t think either me or aliaspider would feel comfortable to ship anything right now in terms of official release at this stage, and we need a lot of work done on the cores before we can render some of them playable on the slow 3DS (it’s even slower than the PSP it seems).
If all goes well, maybe we can expect a Vita port sometime?
It also shows that YifanLu has given enough to the scene that we know we can trust him with this kind of thing.
