Page 1 of 3

[Q] could one use the vita's restore function to exploit it

Posted: Tue Jun 11, 2013 5:04 pm
by bytesh1ft
Hi guys im new here, but recently i was thinking about ipod jailbreaking and i believe at one point you could restore a modified ipsw file to an ipod so that it would be jailbroken, the vita also has a backup function as well, would it be possible to modify a vita backup then restore it with a backup that has been modified?

Re: [Q] could one use the vita's restore function to exploit

Posted: Tue Jun 11, 2013 6:14 pm
by mlc
bytesh1ft wrote:Hi guys im new here, but recently i was thinking about ipod jailbreaking and i believe at one point you could restore a modified ipsw file to an ipod so that it would be jailbroken, the vita also has a backup function as well, would it be possible to modify a vita backup then restore it with a backup that has been modified?
I don't believe the Vita has a restore function that allows you to downgrade the firmware, so any "modified restore files" would require knowledge of Vita keys that we don't have. So while it may one day be possible, the Vita will almost surely be hacked in some other (software/firmware or hardware hack) prior to being able to exploit the restore process. (assuming, of course, that there isn't an error in their key generation or whatever that is particularly apparent in backup files and therefore exploited through that method first, but that seems very unlikely)

edit: just to clarify, I would say the restore process is less likely to be hacked first because they have gone to such extreme lengths to limit what can be moved to the vita; errors in backup and restore functionality would have been something they paid a lot of attention to (though this obviously doesn't prevent general human error or negligence, as in any program), so it seems unlikely that this obvious method would have a flaw that is easily found or exploited.

Re: [Q] could one use the vita's restore function to exploit

Posted: Wed Jun 12, 2013 2:40 am
by JeoWay
Probably not. Considering that the function uses game files. I could see a custom app being injected, but that would require to decrypt the backup file, modify it, and then calculate the encryption key. If its not encrypted, the Vita considers it corrupt and rejects it.

Re: [Q] could one use the vita's restore function to exploit

Posted: Mon Jun 17, 2013 10:49 pm
by Lyian
1. calculating the encryption key ist nearly impossible because of the length the key has.2. Sometimes one key isn't enough.
3. Encryption also needs something to compare with, sometimes.

Re: [Q] could one use the vita's restore function to exploit

Posted: Mon Jun 17, 2013 11:31 pm
by hgoel0974
Lyian wrote:1. calculating the encryption key ist nearly impossible because of the length the key has.2. Sometimes one key isn't enough.
3. Encryption also needs something to compare with, sometimes.
From research on previous consoles it seems likely that the key might be 16 bytes or 8 bytes (which would take 10 years to brute force)

Re: [Q] could one use the vita's restore function to exploit

Posted: Tue Jun 18, 2013 1:37 am
by JeoWay
hgoel0974 wrote:
Lyian wrote:1. calculating the encryption key ist nearly impossible because of the length the key has.2. Sometimes one key isn't enough.
3. Encryption also needs something to compare with, sometimes.
From research on previous consoles it seems likely that the key might be 16 bytes or 8 bytes (which would take 10 years to brute force)
Lol, ECDSA or AES signing fail exploit would be nice to find.

Re: [Q] could one use the vita's restore function to exploit

Posted: Tue Jun 18, 2013 3:09 pm
by psgarsenal
JeoWay wrote: Lol, ECDSA or AES signing fail exploit would be nice to find.
You can find here a way 5 times faster than brute force for aes decryption, but it stills a quite time-spending way

Re: [Q] could one use the vita's restore function to exploit

Posted: Tue Jun 18, 2013 5:11 pm
by JeoWay
psgarsenal wrote:
JeoWay wrote: Lol, ECDSA or AES signing fail exploit would be nice to find.
You can find here a way 5 times faster than brute force for aes decryption, but it stills a quite time-spending way
At one point Sony used the same AES Decryption and Encryption on the Vita that the PSP had :lol:

Re: [Q] could one use the vita's restore function to exploit

Posted: Tue Jun 25, 2013 6:38 am
by yifanlu
JeoWay wrote:
psgarsenal wrote:
JeoWay wrote: Lol, ECDSA or AES signing fail exploit would be nice to find.
You can find here a way 5 times faster than brute force for aes decryption, but it stills a quite time-spending way
At one point Sony used the same AES Decryption and Encryption on the Vita that the PSP had :lol:
No they didn't. If they did, we would have decrypted system files by now.

Re: [Q] could one use the vita's restore function to exploit

Posted: Tue Jun 25, 2013 6:41 am
by JeoWay
Not for system files. Well, not the actual system files. More like decrypting the PUP file and unpacking it etc. Same thing with system file objects.