[Q] could one use the vita's restore function to exploit it

[bytesh1ft]

Hi guys im new here, but recently i was thinking about ipod jailbreaking and i believe at one point you could restore a modified ipsw file to an ipod so that it would be jailbroken, the vita also has a backup function as well, would it be possible to modify a vita backup then restore it with a backup that has been modified?

Advertising

[mlc]

Hi guys im new here, but recently i was thinking about ipod jailbreaking and i believe at one point you could restore a modified ipsw file to an ipod so that it would be jailbroken, the vita also has a backup function as well, would it be possible to modify a vita backup then restore it with a backup that has been modified?

I don't believe the Vita has a restore function that allows you to downgrade the firmware, so any "modified restore files" would require knowledge of Vita keys that we don't have. So while it may one day be possible, the Vita will almost surely be hacked in some other (software/firmware or hardware hack) prior to being able to exploit the restore process. (assuming, of course, that there isn't an error in their key generation or whatever that is particularly apparent in backup files and therefore exploited through that method first, but that seems very unlikely)

edit: just to clarify, I would say the restore process is less likely to be hacked first because they have gone to such extreme lengths to limit what can be moved to the vita; errors in backup and restore functionality would have been something they paid a lot of attention to (though this obviously doesn't prevent general human error or negligence, as in any program), so it seems unlikely that this obvious method would have a flaw that is easily found or exploited.

Advertising

[JeoWay]

Probably not. Considering that the function uses game files. I could see a custom app being injected, but that would require to decrypt the backup file, modify it, and then calculate the encryption key. If its not encrypted, the Vita considers it corrupt and rejects it.

[Lyian]

1. calculating the encryption key ist nearly impossible because of the length the key has.2. Sometimes one key isn't enough.
3. Encryption also needs something to compare with, sometimes.

[hgoel0974]

1. calculating the encryption key ist nearly impossible because of the length the key has.2. Sometimes one key isn't enough.
3. Encryption also needs something to compare with, sometimes.

From research on previous consoles it seems likely that the key might be 16 bytes or 8 bytes (which would take 10 years to brute force)

[JeoWay]

1. calculating the encryption key ist nearly impossible because of the length the key has.2. Sometimes one key isn't enough.
3. Encryption also needs something to compare with, sometimes.

From research on previous consoles it seems likely that the key might be 16 bytes or 8 bytes (which would take 10 years to brute force)

Lol, ECDSA or AES signing fail exploit would be nice to find.

[psgarsenal]

Lol, ECDSA or AES signing fail exploit would be nice to find.

You can find here a way 5 times faster than brute force for aes decryption, but it stills a quite time-spending way

[JeoWay]

Lol, ECDSA or AES signing fail exploit would be nice to find.

You can find here a way 5 times faster than brute force for aes decryption, but it stills a quite time-spending way

At one point Sony used the same AES Decryption and Encryption on the Vita that the PSP had

[yifanlu]

Lol, ECDSA or AES signing fail exploit would be nice to find.

You can find here a way 5 times faster than brute force for aes decryption, but it stills a quite time-spending way

At one point Sony used the same AES Decryption and Encryption on the Vita that the PSP had

No they didn't. If they did, we would have decrypted system files by now.

[JeoWay]

Not for system files. Well, not the actual system files. More like decrypting the PUP file and unpacking it etc. Same thing with system file objects.