Advertising (This ad goes away for registered users. You can Login or Register)

[Q] could one use the vita's restore function to exploit it

Open discussions on programming specifically for the PS Vita.
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
bytesh1ft
Posts: 4
Joined: Tue Jun 11, 2013 4:41 pm

[Q] could one use the vita's restore function to exploit it

Post by bytesh1ft » Tue Jun 11, 2013 5:04 pm

Hi guys im new here, but recently i was thinking about ipod jailbreaking and i believe at one point you could restore a modified ipsw file to an ipod so that it would be jailbroken, the vita also has a backup function as well, would it be possible to modify a vita backup then restore it with a backup that has been modified?
Advertising
leap motion developer
java developer (jme3)
now a happy big bro because of my newborn sister

mlc
Posts: 389
Joined: Tue Apr 17, 2012 9:28 pm
Location: america =(

Re: [Q] could one use the vita's restore function to exploit

Post by mlc » Tue Jun 11, 2013 6:14 pm

bytesh1ft wrote:Hi guys im new here, but recently i was thinking about ipod jailbreaking and i believe at one point you could restore a modified ipsw file to an ipod so that it would be jailbroken, the vita also has a backup function as well, would it be possible to modify a vita backup then restore it with a backup that has been modified?
I don't believe the Vita has a restore function that allows you to downgrade the firmware, so any "modified restore files" would require knowledge of Vita keys that we don't have. So while it may one day be possible, the Vita will almost surely be hacked in some other (software/firmware or hardware hack) prior to being able to exploit the restore process. (assuming, of course, that there isn't an error in their key generation or whatever that is particularly apparent in backup files and therefore exploited through that method first, but that seems very unlikely)

edit: just to clarify, I would say the restore process is less likely to be hacked first because they have gone to such extreme lengths to limit what can be moved to the vita; errors in backup and restore functionality would have been something they paid a lot of attention to (though this obviously doesn't prevent general human error or negligence, as in any program), so it seems unlikely that this obvious method would have a flaw that is easily found or exploited.
Advertising

User avatar
JeoWay
Posts: 1052
Joined: Fri Jan 11, 2013 2:59 am
Location: vs0:/app/JEOWAY/mybedroom.bin
Contact:

Re: [Q] could one use the vita's restore function to exploit

Post by JeoWay » Wed Jun 12, 2013 2:40 am

Probably not. Considering that the function uses game files. I could see a custom app being injected, but that would require to decrypt the backup file, modify it, and then calculate the encryption key. If its not encrypted, the Vita considers it corrupt and rejects it.
Intel Core i7 4770K @4.7Ghz
MSI Z87-GD65 Motherboard
32GB Corsair Vengeance PRO RAM
Radeon 7950 OC DD (XFX)
Corsair H100i Water Cooling
Corsair HX1050 PSU
Corsair 900D
1TB WD Blue - 128GB 840 PRO SSD
BenQ XL2420TE Gaming Monitor

User avatar
Lyian
Posts: 4
Joined: Mon Jun 17, 2013 10:34 pm
Contact:

Re: [Q] could one use the vita's restore function to exploit

Post by Lyian » Mon Jun 17, 2013 10:49 pm

1. calculating the encryption key ist nearly impossible because of the length the key has.2. Sometimes one key isn't enough.
3. Encryption also needs something to compare with, sometimes.
呢 题 防 呒 夫 伐 依 玛 打 看 夫 战 根 题 防 呒 玛 径 朗 法 到 法 弗 战 伐 题 防 呒 拉 法 朗 娘 伐 依 题 防 呒 法 径 斯 题 防 呒 到 依 打 来 依 法 争 争 伐 依 题 防 令 题 防 呒 弗 看 岛 题 防 呒 法 题 防 呒 世 看 朗 娘 玛 径 来 题 防 呒 来 题 造 箇 题 呢 造 题 命 防 斯 题 防 呒 止 浪 也 呢 依 岛 玛 夫 岛 题 防 呒 题 止 呢 浪 吴 - CHINZO-72C Encryption :D

User avatar
hgoel0974
Retired Mod
Posts: 2155
Joined: Mon Jul 23, 2012 11:42 pm
Location: New York

Re: [Q] could one use the vita's restore function to exploit

Post by hgoel0974 » Mon Jun 17, 2013 11:31 pm

Lyian wrote:1. calculating the encryption key ist nearly impossible because of the length the key has.2. Sometimes one key isn't enough.
3. Encryption also needs something to compare with, sometimes.
From research on previous consoles it seems likely that the key might be 16 bytes or 8 bytes (which would take 10 years to brute force)
"If the truth is a cruel mistress, then a lie must be a nice girl"

User avatar
JeoWay
Posts: 1052
Joined: Fri Jan 11, 2013 2:59 am
Location: vs0:/app/JEOWAY/mybedroom.bin
Contact:

Re: [Q] could one use the vita's restore function to exploit

Post by JeoWay » Tue Jun 18, 2013 1:37 am

hgoel0974 wrote:
Lyian wrote:1. calculating the encryption key ist nearly impossible because of the length the key has.2. Sometimes one key isn't enough.
3. Encryption also needs something to compare with, sometimes.
From research on previous consoles it seems likely that the key might be 16 bytes or 8 bytes (which would take 10 years to brute force)
Lol, ECDSA or AES signing fail exploit would be nice to find.
Intel Core i7 4770K @4.7Ghz
MSI Z87-GD65 Motherboard
32GB Corsair Vengeance PRO RAM
Radeon 7950 OC DD (XFX)
Corsair H100i Water Cooling
Corsair HX1050 PSU
Corsair 900D
1TB WD Blue - 128GB 840 PRO SSD
BenQ XL2420TE Gaming Monitor

User avatar
psgarsenal
Posts: 84
Joined: Sun Feb 03, 2013 10:37 am
Location: /home/psgarsenal
Contact:

Re: [Q] could one use the vita's restore function to exploit

Post by psgarsenal » Tue Jun 18, 2013 3:09 pm

JeoWay wrote: Lol, ECDSA or AES signing fail exploit would be nice to find.
You can find here a way 5 times faster than brute force for aes decryption, but it stills a quite time-spending way

User avatar
JeoWay
Posts: 1052
Joined: Fri Jan 11, 2013 2:59 am
Location: vs0:/app/JEOWAY/mybedroom.bin
Contact:

Re: [Q] could one use the vita's restore function to exploit

Post by JeoWay » Tue Jun 18, 2013 5:11 pm

psgarsenal wrote:
JeoWay wrote: Lol, ECDSA or AES signing fail exploit would be nice to find.
You can find here a way 5 times faster than brute force for aes decryption, but it stills a quite time-spending way
At one point Sony used the same AES Decryption and Encryption on the Vita that the PSP had :lol:
Intel Core i7 4770K @4.7Ghz
MSI Z87-GD65 Motherboard
32GB Corsair Vengeance PRO RAM
Radeon 7950 OC DD (XFX)
Corsair H100i Water Cooling
Corsair HX1050 PSU
Corsair 900D
1TB WD Blue - 128GB 840 PRO SSD
BenQ XL2420TE Gaming Monitor

yifanlu
Guru
Posts: 760
Joined: Sun Mar 11, 2012 6:42 am
Contact:

Re: [Q] could one use the vita's restore function to exploit

Post by yifanlu » Tue Jun 25, 2013 6:38 am

JeoWay wrote:
psgarsenal wrote:
JeoWay wrote: Lol, ECDSA or AES signing fail exploit would be nice to find.
You can find here a way 5 times faster than brute force for aes decryption, but it stills a quite time-spending way
At one point Sony used the same AES Decryption and Encryption on the Vita that the PSP had :lol:
No they didn't. If they did, we would have decrypted system files by now.

User avatar
JeoWay
Posts: 1052
Joined: Fri Jan 11, 2013 2:59 am
Location: vs0:/app/JEOWAY/mybedroom.bin
Contact:

Re: [Q] could one use the vita's restore function to exploit

Post by JeoWay » Tue Jun 25, 2013 6:41 am

Not for system files. Well, not the actual system files. More like decrypting the PUP file and unpacking it etc. Same thing with system file objects.
Intel Core i7 4770K @4.7Ghz
MSI Z87-GD65 Motherboard
32GB Corsair Vengeance PRO RAM
Radeon 7950 OC DD (XFX)
Corsair H100i Water Cooling
Corsair HX1050 PSU
Corsair 900D
1TB WD Blue - 128GB 840 PRO SSD
BenQ XL2420TE Gaming Monitor

Locked

Return to “Programming and Security”