Clik here to view.
How to Disassemble Vita Game Cartridges
A hacker named katsu recently released a method for dumping Vita games. As a developer, I am completely against piracy, but as a reverse engineer I can’t shy away from taking apart perfectly working...
View ArticleClik here to view.
PS Vita 3.30 Filesystem Listing
To start off, two main facts: 1) this is NOT a hack or anything and 2) this post is completely useless for most people. We have had this information for a long time now and it wasn’t too hard to obtain...
View ArticleClik here to view.
Reversing Gateway Ultra First Stage (Part 1)
And now for something completely different… As a break from Vita hacking, I’ve decided to play around with the Nintendo 3DS exploit released by Gateway yesterday. The 3DS is a much easier console to...
View ArticleClik here to view.
Reversing Gateway Ultra First Stage (Part 2)
When we last left off, we looked at the ROP code that loaded a larger second-part of the payload. Now we will walk through what was loaded and how userland native code execution was achieved. I am...
View ArticleClik here to view.
Reversing Gateway Ultra Stage 2: Owning ARM11 Kernel
It’s been a couple of days since my initial analysis of Gateway Ultra, released last week to enable piracy on 3DS. I spent most of this time catching up on the internals of the 3DS. I can’t thank the...
View ArticleClik here to view.
Reversing Gateway Ultra Stage 3: Owning ARM9 Kernel
First, some background: the 3DS has two main processors. Last time, I went over how Gateway Ultra exploited the ARM11 processor. However, most of the interesting (from a security perspective)...
View ArticleClik here to view.
Nintendo 3DS System Updater
Since there isn’t much public documentation on how 3DS updater and the NIM module works, I thought I should write something up. SSL The 3DS talks with the Nintendo update servers (as well as eShop)...
View ArticleClik here to view.
Opening Up CARDBOARD: Crafting an American New 3DS (non-XL)
Last time, I analyzed now update checks worked on the 3DS. That was a straightforward process. CARDBOARD (known colloquially as “System Transfer”) is a bundle of complexity with no less than three...
View ArticleClik here to view.
You Should Register for PSM
PlayStation Mobile (PSM) for those unaware is Sony’s platform for indie game developers. They have decided to start shutting down the service after May 31, 2015. Before then, I think it would be wise...
View ArticleClik here to view.
Calling all coders: We need you to help create an open Vita SDK!
One of largest barrier to native PS Vita homebrew is the lack of an open toolchain and SDK. Essentially, we need something like pspsdk for the Vita. The reason why we don’t have it is because there are...
View ArticleClik here to view.
Secure your eMMC devices!
Most of our embedded devices use eMMC, but security into eMMC (as far as I know) has not been extensively studied or taken account of in threat models. In the small sample of devices I’ve looked at,...
View ArticleClik here to view.
Rejuvenate: Native homebrew for PSVita
(Sadly, they did not give me a spot at the Sony E3 conference, so I have to make do with this blog post.) I am excited to announce Rejuvenate, a native homebrew platform for PS Vita. The tools that...
View ArticleClik here to view.
How To Register and Download for PSM (Shutdown Bypass)
Update: It seems that Sony has closed this loophole. However, if you own a PS3, there is another way. Did you miss the call to register for PSM? People found out today that if you did not register for...
View ArticleClik here to view.
Rejuvenate Public Beta Release
Rejuvenate, announced last week allows users to install unofficial applications and games (homebrew) onto their PS Vita device. Please read that announcement post for more information. Today, the...
View ArticleClik here to view.
Hacking the PS Vita
The following was taken from a series of unpublished posts I wrote back in September 2012 (almost three years ago). The posts not only detail the exploit I found but also the thought process that led...
View ArticleClik here to view.
On the future of Rejuvenate
Since, the announcement ten days ago, Rejuvenate received tons of positive reception and thousands of downloads. Progress on both SDK projects is moving at fast speeds. There are already Vita homebrew...
View ArticleClik here to view.
Rejuvenate for Unity (and VitaTV support)
Thanks to work done almost entirely by Netrix (and also thanks to SMOKE for testing and modifications to the setup script), Rejuvenate is now supported on both PSM Unity and PSM Unity for VitaTV. As...
View ArticleClik here to view.
CGEN for IDA Pro
It all started when I wanted to analyze some MeP code. Usually, I do all my disassembly in IDA Pro, but this is one of the few processors that isn’t supported by IDA. Luckily, there is objdump for this...
View ArticleClik here to view.
3DS Code Injection through “Loader”
I’ve seen many CFWs (custom firmware; actually they’re just modified firmwares) for the 3DS but there seems to be a lack of organization and design in most of them. I believe that without a proper...
View ArticleClik here to view.
Cosmo3DS: The CFW nobody wanted
In the last article, I talked about my plan for creating 3DS mods. Now, I will put that plan to the test with a CFW (modified firmware) that nobody wants except me. The idea for this CFW is that I want...
View Article