wololo.net/talk

why not use the SDK to hack the vita and make a program that way? I'm sure there's something in the SDK that would give us an edge since its a beta.

we would need the real SDK not that useless PSM

@sirauron14: please inform yourself what C# and .Net are and how they work before making such statements.

Maybe I don't get the point of memory layout here, but isn't it possible to get code execution or a partial memorydump (the method used on the iPhone was to print catched information on screen).
in the context of an Application (PSM Studio). Fuzzing Monodevelop could reveal some security issues, and i think the memory layout of the IL interpreter should be similar on one Architecture.
This would at least help understanding the (ELF?) structure of PSV Programms and relative Jumpadresses.
I got my PSM App crashing by using http://www.exploit-db.com/exploits/15974/ . So there might be hope that they did not correctly fix this. I'm doing some debugging and fuzzing whenever there is time to do so

Thanks

very interesting approach, good luck I have heard rumours that the mono vm is indeed significantly dated.

Yeah actually it's 2.8.8.4 of the monodevelop. But there seem to be to many issues. Building that thing for ARM seems to be very slow (at least on my iPhone it does not compile). Emulating ARM with NetBSD on QEMU seems like the only way to go.
I dont know, are there major differences on architectures when searching for security issues. Else it might be just as good to audit the mac version. You might ask why not search in the source-code...well thats not one of my strengths
So well, bitblaze + peach would be my approach. But yeah, I'm actually not deep enough into some stuff.

Btw Davee: Great respekt on your kernel exploit, actually quite interesting your work on the Kermit Interface. If i had a PSP i would search one myself . How was your Reverse actually done? Did you use IDA, and when, how did you manage to get the references to the other files working? Actually you could try my approach with the PSP Emulator I'm especially thinking of a psp program to forwards fuzzing input from a pc to the Kermit interface. But sadly, in this case we have no further details what happens when it crashes.

That "exploit" simply throws an ArgumentException for me.

My fault, it's of course not an exploit. Thanks to your reply, i was not able to get the mono debug output in the past because of vm.
Yeah so it seems to be fixed, as we might expect after two years. But there might (must!) be more of this stuff

I played around with the debugger (sending commands over usb serial and whatnot) while it was still in closed beta with no luck. Maybe someone should take another look at it? The debug commands are well documentated.

Thats another approach i should consider. I forgot to mention that, thanks to LGPL, you can get a copy of the Mono modifications made for the Vita. Just send them an Email (found on the License site). Got my Copy yesterday, there seem to be some interesting stuff in the io.c implementation for the Vita. Crypto context, a "bridge" header file and all that stuff. Definatly worth a look. And of course you can take a look at the debug interface

[EDIT:] For those who want to join my Path. The registration ist at:

http://www.scei.co.jp/psvita-license/mono.html

In compliance with the LGPL, the source code of the open source software is made available to you. For request, please send e-mail to: pss_opensource_info@scei.co.jp with “Mono LGPL Request” in the subject line. In the body of the e-mail include your name and e-mail address. The personal information provided will be used only to answer your request.

Btw a synonym worked for me. The Response came after 5 days so be patient.