PS Vita: first F00D hack
Date: Thursday, February 02, 2017 @ 03:10:39 GMT
[source: wololo.net] The Vita hacking scene started boiling earlier today as the news spread that developer xyz, a member of team molecule, has released what is named the first public F00D hack for the PS Vita.
What is F00D?
F00D is considered to be the "level 0" of the PS Vita security chain. Security checks on FOOD happen before other systems are even accessed. It is believed that exploiting F00D could lead to a permanent hack, that possibly couldnít be patched without a hardware upgrade of the PS Vita.
YifanLu, one of the hackers behind the HENkaku Vita hack, has stated recently that he would focus his reverse engineering efforts on F00D moving forward. This was followed by lots of progress from various hackers in January, including a deeper understanding of the F00D protocol.
What was just released by team Molecule?
Iím seeing lots of speculation on the source code that was released by xyz a few hours ago. As Iím still waiting for a comment by xyz himself, Iíll have to speculate a bit on my own, and will be sure to update this article once the members of Team molecule publicly bash my complete ignorance :)
Looking at the code released by xyz, "all" there seems to be here is an implementation of the state machine used by the F00D protocol, as (partially) described here.
Although it does seem to be a great tool that could be used to try some attacks on F00D, it doesnít appear to me to be the actual ďexploitĒ that people are hoping yet. In particular, thereís nothing mentioning any exploit in this hack, and team molecule havenít released any official statement claiming they already hacked F00D. Furthermore, the henkaku wiki still states that most of the things the team knows about F00D is still based on educated guesses at this point.
Some "blobs" of code can be found in rvk.c and sm.c. Those would typically be where one would expect a payload of some sort in an exploit, but in this case I feel this is not what they are. Bottom line, these could be:
1) Blobs of data acquired one way or another from the Vita, that are required for the F00d protocol implementation to be valid. For example the code is clear that without rvk (the revoke list?), nothing will actually work
2) Or they are actually payloads for an exploit, and this article completely misses the mark, in which case I fully expect Team Molecule to call me out (and Iíll of course fix the article)
Whatís next for the end user?
A full exploit on the F00D processor of the Vita could possibly mean a "permanent" hack (no need to run HENkaku each time you reboot), or potentially a hack that works on current firmwares such as 3.63, and that Sony could not necessarily fix with a firmware update. Thereís lots of speculation here but this is the general expectation.
At the moment however, I see no reason for the end user to be overly excited. Whether my analysis is right or wrong, Xyzís release is useful for the people who already know what to do with it. Today, thatís a handful of hackers worldwide. Soon, this could mean something useful will be out for the end user though. How long this will take depends on how far off my interpretation above is: if there is actually an exploit that just got released, things could happen much faster than I think.
The EurAsia forum topic is here.