Hackinformer Your device needs to transform, we are here to inform
“Update this now works on firmware 3.18 and it also works for PlayStation TV firmware 3.20 “
Yesterday, DaveeFTW released some interesting info on the Psvita Webkit exploit. At the moment it is only good for firmware 2.60, but as dave said “it should be simple to adapt to new firmware”. So now that this info has been released, other developer’s can start playing around with ROP script’s. Use this to test your vita: http://lolhax.org/vita.htm
” Webkit Exploit
This is a PoC of webkit exploit running on psvita. The PoC will work on firmware 2.60 only, but should be simple to adapt to new firmwares.
The modified PoC removes the JIT working of the exploit and replaces it with the ability to launch ROP based scripts. This will allow interested developers to play around with ROP and learn about the securities of modern day systems.”
Use this to test your vita: http://lolhax.org/vita.htm
Web: http://lolhax.org Twitter: https://twitter.com/DaveeFTW
Here are the gadgets used:
ROM:81DE45CA LDR R2, [R0,#0x48]
ROM:81DE45CC MOV R7, 0x8224F950
ROM:81DE45D4 MOVS R0, R6
ROM:81DE45D6 MOVS R1, R4
ROM:81DE45D8 BLX R2
ROM:81A8A3C0 LDR R1, [R1]
ROM:81A8A3C2 CBZ R1, loc_81A8A3CC
ROM:81A8A3C4 LDR R2, [R1]
ROM:81A8A3C6 LDR R2, [R2,#8]
ROM:81A8A3C8 BLX R2
ROM:81AE84D4 LDR R0, [R1]
ROM:81AE84D6 MOVS R2, #0
ROM:81AE84D8 LDR.W R3, [R0,#0xA4]
ROM:81AE84DC ADD R0, SP, #0x20+var_20
ROM:81AE84DE BLX R3
ROM:81EABC02 MOVS.W R2, #0x400
ROM:81EABC06 BLX memcpy
ROM:81EABC0A POP {R4-R6,PC}
Source: bitbucket.org
3.18 simply resets the page. From what I heard this is a good thing. Hopefully good things are coming for the PSVita scene.
This is awesome!!!!!!! I can’t wait til you geniuses port it to 3.18!!!!!
It’s already been ported!!! Confirmed working for 3.18!!! Let the good times roll.
hello. how can i hack my vita and put games? mine’s on 3.30 thank you.
Return oriented programming.
yo tengo el 3.35 se pude hacer que riesgos tiene hal hacer el hack ??