SKFU keeps digging into the Vita (also he probably found an exploit but nobody seems to realize it)

November 15, 2012

I’ll be the first to admit it, PSP exploits are fun but we all know that VHBL and eCFWs are just the appetizers until true Vita hacks bless us with their glory of hi resolution, dual nubs, and back touch panel… With Yifanlu’s UVL project being rather quiet these days (although he confirmed he’s been making some – albeit slow – progress), news are quite sparse on that front.

But developer SKFU might have something going on, as revealed by a mysterious blog post he made last week.

Some of you might remember SKFU from his work on the PS3, as well as an (aborted? Or secretly succeeded?) attempt at raising funds for a PS Vita devkit for the purpose of investigating the beast. Last week, after a long period of silence, SKFU came back with some details on the installation paths of common applications on the Vita. You’ll be happy to learn that, for example, the “Near” application apparently is stored in vs0:/app/NPXS10000/eboot.bin.

Hold on, who cares where apps are installed on the Vita? Well that’s where it’s interesting: in theory there is no way to know the internal structure of a Vita’s memory stick, it being a proprietary format with (most likely) some nasty encryption and all… what that means is that SKFU found a way to access that information, which to me screams he has an exploit… Has he been sharing info with YifanLu? Not as far as I know. Could it be that he has access to hardware that allows him to read the Vita memory stick? Or that he finally got access to a devkit, and that (maybe) those are more “flexible” in terms of how much data one can access on the Vita? (although, if you remember correctly, there didn’t seem to be anything about accessing the internals of the memory stick on Debug firmwares that had been spotted at gamescom)

Exciting times ahead, but only time will tell us if this leads to something. Below are examples of the paths found by SKFU

  • SceShell       vs0:vsh/shell/shell.self
  • SceWebBrowser vs0:/app/NPXS10003/eboot.bin
  • SceWebCore     vs0:/app/NPXS10017/eboot.bin
  • SceParty(?)   vs0:/app/NPXS10001/eboot.bin
  • SceNear       vs0:/app/NPXS10000/eboot.bin
  • SceFriendsApp vs0:/app/NPXS10006/eboot.bin
  • ScePsnMail     vs0:/app/NPXS10014/eboot.bin
  • SceTrophy     vs0:/app/NPXS10008/eboot.bin

Well, if anything… ms0 was for memory stick, so if the new path is vs0, I assume we can officially call those Vita Sticks now.

The full list of paths and source on SKFU’s blog

Tweet this!Tweet this!

Previous post:

Next post: