Advertising (This ad goes away for registered users. You can Login or Register)

Finding the memory layout of the vita?

Open discussions on programming specifically for the PS Vita.
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
sirauron14
Posts: 191
Joined: Tue Apr 24, 2012 12:23 am

Re: Finding the memory layout of the vita?

Post by sirauron14 » Fri Jul 20, 2012 5:10 am

why not use the SDK to hack the vita and make a program that way? I'm sure there's something in the SDK that would give us an edge since its a beta.
Advertising

User avatar
fate6
Big Beholder
Posts: 7599
Joined: Fri Mar 09, 2012 1:18 am
Location: [fate6@Canterlot ~]$

Re: Finding the memory layout of the vita?

Post by fate6 » Fri Jul 20, 2012 5:23 am

we would need the real SDK not that useless PSM
Advertising
Image
anon wrote:If you can't trust a 600 year old vampire in a prepubescent girl's body, who can you trust?

User avatar
m0skit0
Guru
Posts: 3817
Joined: Mon Sep 27, 2010 6:01 pm

Re: Finding the memory layout of the vita?

Post by m0skit0 » Fri Jul 20, 2012 12:19 pm

@sirauron14: please inform yourself what C# and .Net are and how they work before making such statements.
I wanna lots of mov al,0xb
Image
"just not into this RA stuffz"

hoinzy
Posts: 16
Joined: Mon Jul 09, 2012 1:49 pm

Re: Finding the memory layout of the vita?

Post by hoinzy » Sat Jul 21, 2012 1:35 pm

Maybe I don't get the point of memory layout here, but isn't it possible to get code execution or a partial memorydump (the method used on the iPhone was to print catched information on screen).
in the context of an Application (PSM Studio). Fuzzing Monodevelop could reveal some security issues, and i think the memory layout of the IL interpreter should be similar on one Architecture.
This would at least help understanding the (ELF?) structure of PSV Programms and relative Jumpadresses.
I got my PSM App crashing by using http://www.exploit-db.com/exploits/15974/ . So there might be hope that they did not correctly fix this. I'm doing some debugging and fuzzing whenever there is time to do so :)

Thanks

Davee
Guru
Posts: 278
Joined: Mon Jan 10, 2011 1:24 am

Re: Finding the memory layout of the vita?

Post by Davee » Sat Jul 21, 2012 3:36 pm

very interesting approach, good luck ;) I have heard rumours that the mono vm is indeed significantly dated.
Follow me on twitter: @DaveeFTW

hoinzy
Posts: 16
Joined: Mon Jul 09, 2012 1:49 pm

Re: Finding the memory layout of the vita?

Post by hoinzy » Sat Jul 21, 2012 4:22 pm

Yeah actually it's 2.8.8.4 of the monodevelop. But there seem to be to many issues. Building that thing for ARM seems to be very slow (at least on my iPhone it does not compile). Emulating ARM with NetBSD on QEMU seems like the only way to go.
I dont know, are there major differences on architectures when searching for security issues. Else it might be just as good to audit the mac version. You might ask why not search in the source-code...well thats not one of my strengths :)
So well, bitblaze + peach would be my approach. But yeah, I'm actually not deep enough into some stuff.

Btw Davee: Great respekt on your kernel exploit, actually quite interesting your work on the Kermit Interface. If i had a PSP i would search one myself :). How was your Reverse actually done? Did you use IDA, and when, how did you manage to get the references to the other files working? Actually you could try my approach with the PSP Emulator :) I'm especially thinking of a psp program to forwards fuzzing input from a pc to the Kermit interface. But sadly, in this case we have no further details what happens when it crashes.

User avatar
celcodioc
Posts: 131
Joined: Sat Jun 09, 2012 8:50 am
Location: Sweden

Re: Finding the memory layout of the vita?

Post by celcodioc » Sat Jul 21, 2012 4:35 pm

That "exploit" simply throws an ArgumentException for me.

hoinzy
Posts: 16
Joined: Mon Jul 09, 2012 1:49 pm

Re: Finding the memory layout of the vita?

Post by hoinzy » Sat Jul 21, 2012 5:04 pm

My fault, it's of course not an exploit. Thanks to your reply, i was not able to get the mono debug output in the past because of vm.
Yeah so it seems to be fixed, as we might expect after two years. But there might (must!) be more of this stuff :)

yifanlu
Guru
Posts: 760
Joined: Sun Mar 11, 2012 6:42 am
Contact:

Re: Finding the memory layout of the vita?

Post by yifanlu » Mon Jul 23, 2012 4:48 pm

I played around with the debugger (sending commands over usb serial and whatnot) while it was still in closed beta with no luck. Maybe someone should take another look at it? The debug commands are well documentated.

hoinzy
Posts: 16
Joined: Mon Jul 09, 2012 1:49 pm

Re: Finding the memory layout of the vita?

Post by hoinzy » Mon Jul 23, 2012 9:30 pm

Thats another approach i should consider. I forgot to mention that, thanks to LGPL, you can get a copy of the Mono modifications made for the Vita. Just send them an Email (found on the License site). Got my Copy yesterday, there seem to be some interesting stuff in the io.c implementation for the Vita. Crypto context, a "bridge" header file and all that stuff. Definatly worth a look. And of course you can take a look at the debug interface :)

[EDIT:] For those who want to join my Path. The registration ist at:

http://www.scei.co.jp/psvita-license/mono.html
In compliance with the LGPL, the source code of the open source software is made available to you. For request, please send e-mail to: pss_opensource_info@scei.co.jp with “Mono LGPL Request” in the subject line. In the body of the e-mail include your name and e-mail address. The personal information provided will be used only to answer your request.
Btw a synonym worked for me. The Response came after 5 days so be patient.

Locked

Return to “Programming and Security”