Advertising (This ad goes away for registered users. You can Login or Register)

Finding the memory layout of the vita?

Open discussions on programming specifically for the PS Vita.
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Notn4
Posts: 7
Joined: Mon Apr 09, 2012 12:44 pm

Re: Finding the memory layout of the vita?

Post by Notn4 »

I just read through the thread so im rather new to vita hardware but one thing I noticed was that the vita uses a Cortex A9 cpu... has someone looked into other devices that run the same processor? I know that the one in vita only exists in the vita but there are many cpus used by mobile phones that seem rather similar, some of them even open source...

For example the Galaxy Nexus runs an Cortex A9 with a GPU made by the same company that made the vita GPU, the Nexus is OpenSource..

don't know if this is to any use at all, just noticed that the cortex a9 is used in many opensource devices.

also is anyone here into mobile development ? I find the hardware on the vita to be quite similar to the mobile phones of today, maybe some of the hardware hacks on some high-end phones could be implemented to the vita? such as the unbrickable mod that can be used for all Cortex A8 phones.

sorry if none of this was helpfull
Advertising
m0skit0
Guru
Posts: 3817
Joined: Mon Sep 27, 2010 6:01 pm

Re: Finding the memory layout of the vita?

Post by m0skit0 »

The problem is not about the CPU. PSP also used a known CPU model (slightly modified by Sony). The problem is about how everything else is put together with the CPU.
Advertising
I wanna lots of mov al,0xb
Image
"just not into this RA stuffz"
jrbo
Posts: 156
Joined: Wed Apr 04, 2012 7:56 pm

Re: Finding the memory layout of the vita?

Post by jrbo »

Has anyone looked at the battery, mabey if a hardware hacker can look at that and try to come up with a Pandora type service mode.
Although now that I think about it Sony probably took extra precautionswhen developing it :(
Notn4
Posts: 7
Joined: Mon Apr 09, 2012 12:44 pm

Re: Finding the memory layout of the vita?

Post by Notn4 »

i was thinking more in the way of communicating with the cpu with aldready know debug/download modes to find out more about the hardware, for example the samsung captivate with a cortex a8 cpu has Rx and Tx pads close to the CPU that allow UART to be hooked up to the device, also on some Cortex CPUs you can get them into a developement mode by removing an xOM resistor and soldering a wire on the active pad of that resistor to another xOM resistor, this (i think) allows to read info directly from the ROM on the CPU, it also allow to flash custom bootloaders for different OSs...

but I think this going a bit off topic as this is currently only supported on the samsung and Texas Instruments manufactured CPUs
m0skit0
Guru
Posts: 3817
Joined: Mon Sep 27, 2010 6:01 pm

Re: Finding the memory layout of the vita?

Post by m0skit0 »

Notn4 wrote:i was thinking more in the way of communicating with the cpu with aldready know debug/download modes to find out more about the hardware
PSV's CPU is embedded on a single chip with RAM and probably other critical components as well, to prevent such dumps. I would highly doubt any JTAG/UART debug pins will work (it did not work on the PSP's CPU dice despite several attempts).
I wanna lots of mov al,0xb
Image
"just not into this RA stuffz"
honorface
Posts: 14
Joined: Thu Mar 01, 2012 8:57 pm

Re: Finding the memory layout of the vita?

Post by honorface »

Ram com is not encrypted per say. There are security checkpoints though, meaning not just anything can communicate. I still cannot tell if it is a onetime check or continually. I highly doubt it would be continually seeing as that is basically encryption. What I really need is a third party "DEVICE" that needs to communicate to the vitas inards. So yes access to the ram is checked by the cpu.
I would highly doubt any JTAG/UART debug pins will work
Correct sadly :(

What I can tell you guys is that the vita IS VERY PRONE TO BRICKING. Due to a burning hatred of game developers I assume that this was done purposefully to protect the device. It could also easily be done by my eager hands. I have two vitas that are stuck booting forever. I somehow removed somesort of authorization. Be careful you guys! I am almost out of tax return money sooooooo I may call it quits if I get spooked/start developing a serious relationship with my current Vita hahahah. Have fun though! Without us Sony will never see humility, NEVER stop innovating :)
43tklj3n_43kj
Posts: 13
Joined: Sun Sep 25, 2011 12:23 am

Re: Finding the memory layout of the vita?

Post by 43tklj3n_43kj »

They do it through kernel exploits. Exploiting a low-privileged processes just yields virtual allocation and some HV and API calls.

Vita is the same arch as Apple products, it uses ARM lpar and tz bits. PS3 is more complex cause good stuff is in SPE LS loaded by a ROM chain of other hardware isolated loaders; it's why you can't root it without breaking bootldr anymore.

EDIT: good luck using the mentioned "chips" on POP or buses with no external clock.. which is everything now.
Acid_Snake
Retired Mod
Posts: 3100
Joined: Tue May 01, 2012 11:32 am
Location: Behind you!

Re: Finding the memory layout of the vita?

Post by Acid_Snake »

How about finding a way to use the memory card? I understand it's encrypted, but I believe is a safer attempt.
DeadlyData
Posts: 14
Joined: Thu Jul 19, 2012 8:44 pm

Re: Finding the memory layout of the vita?

Post by DeadlyData »

My assumption to this about most other consoles was the hackers had the ability to start with an SDK/Devkit first...
Generally the SDK supplies enough information for the programmers about the system's CPU and memory layout that a hacker with the intentions of gaining access to the system would be able to get somewhere with it.

But currently as I see it no SDK has been publicly leaked for the VITA and I've really never looked into them for any of the $ony consoles either,

I guess on the PS3 due to otherOS being present in the begging things may have been a bit easier because they could just poke around and bruteforce ranges of memory for results, no concern about the exploit being patched if you haven't published it so you've got unlimited amounts of time to discover the internals of the system.

All in all though I don't have the experience in doing this myself,
If I were to go about doing it I would take the approach of buying a devkit considering I have contacts to people in the industry and I could provide the funds it wouldn't be hard to accomplish and a lot of security researchers have this, why it hasn't been exploited is just a matter of who has the time aside from their own hobbies interests and work.

Most people don't want to put the time into the exploitation of something that could be seen as legally questionable ( With what happened to geohot and the PS3 ) and there's nothing more to gain then either 1 running unsigned code on your own console or 2 fame and most people don't care about this stuff when it comes to this scene.

They do it for the fun of it, and for their own benefit they don't release it because the fear of $ony mostly.
pikachu82
Posts: 12
Joined: Mon Jul 09, 2012 3:23 pm

Re: Finding the memory layout of the vita?

Post by pikachu82 »

@DeadlyData - your suggested approach is being attempted by SKFU (see http://wololo.net/2012/06/09/vita-skfu- ... -a-devkit/).
Locked

Return to “Programming and Security”