Thursday, December 29, 2011

PS VITA Encryption Flaw

Since I finally have access to a retail PS VITA, today I started with some basic tests.

After a complete freeze of the system within the first 5 minutes after unboxing (*always happens to new consoles 4 me rofl*), I went on and noticed that there is a problem with the VITA's encryption functions and was able to decrypt some test files directly via the system.

I will post updates as soon as I have news :)


Sunday, December 18, 2011

[UPDATE] PS VITA Firmware xTractor 2.01


Linux version compiled and attached below.

I just updated the PS VITA FW xTractor, changelog is attached below.

The 2.00 version had a problem setting the filenames correctly as the 1.0+ updates have different files than the older ones. Anyway, enjoy...

  • Filename fix
  • Download FW added
  • Minor stuff

Download Windows : CLICK
Download Linux: CLICK


Friday, December 16, 2011

VITA PKG AES Key Changed :(

I just got my tried to unpack the Twitter application for PS VITA and sadly I have to say that the AES key for PKG encryption and decryption changed.

The PKG's I used for my testings were pretty old and the key update was expected.
Nevertheless it's a bit disappointing but a new nice challange :)

The PS3 can decrypt the new packages on firmware 4.00 which contains the new PS VITA PKG AES key for the PS3 <--> PS VITA content exchange feature. This means we can decrypt and get the content of the PS VITA PKG files via a 4.00 PS3. Sadly there's no solution to re-encrypt it again, yet.

Let the games begin! (again...) :D


Wednesday, December 14, 2011

HOW-TO: Not get fu*ked 4 life by Billion-$-Company-X

Due the law suites against a PS3 researchers I write this little how-to. It is based on my personal experience under european law. Don't expect this to be a doctor exam like text, just a little guideline how to not fully destroy your life :)

HOW-TO: 10 Not get fu*ked 4 life by Billion-$-Company-X
*replace x with rich company of your choice

1. Self control !

Do not lose your self control, this is the most important thing.

2. Encrypt all your data with up to date encryption tools like TrueCrypt

The court can arrange to take your hardware into custody and check all data on it. If it is encrypted you can be sure they will not get anything against you here. You can not be forced
to disclose your private password to decrypt it! The problem is, you might not get it back if it's encrypted. You decide if it's worth it. As well the court can account a sum X per item to be checked. This might become expensive, so expect that you can not get all back without investing a huge sum.

3. Never publish, share or distribute copyrighted code in any way, this might break your neck

Publishing, sharing or redistributing copyrighted data is illegal. Don't do it! Once you did, it's hard to proof anything else. If possible, remove all files or data which you published. This may be an advantage and good for you in front of court.

4. Do not agree personal meetings with Billion-$-Company-X

The company might invite you to a private personal discussion. Under any circumstances - do not go there if you don't feel 100% prepared. You will be confronted with 1-3 of highly skilled lawyers if you decide to join their meeting. Usually their lawyers have a very good experience in human psychology and will get you to sign contracts which they can use against you sooner or later. An example would be that this contract includes that you are responsible for ALL further damage which MIGHT be caused through your data you may have published. This damage has a trivial worth and can raise up to multiple hundred thousand euros. If the company has anything reliable proof against you, they arrange a court meeting, not a personal one. Remember you can not be forced to agree a private meeting. It can cause a lot more trouble than you expect.

5. Keep all communication text-based or via lawyer

Any phone or personal communication can be used against you. Text-communication is easier to overview and you can let it be checked by your lawyer or person of trust.

6. Get an attorney of law and NOT the cheapest backyard lawyer

Be sure your lawyer (if you choose to take one) has great experience in IT law. Every lawyer will say "YEAH SURE" if you need one, but just because they are interested in your money and not your behavior. Use Google or ask at your local government for a decent attorney of law.
If they company insist on a contract, let your lawyer setup it.

7. If you do not have millions on your bank account, say sorry and give up

Do not be too optimistic and think you could win against a Billion-$-Company-X. There is a difference between "be in right" and "get right". In 99,9% of the cases, the party with more money will win even if you acted 100% legal. They can spend limitless resources to make your life worse. A court case can take several years and in those years you have to pay your lawyer and more. Do you have the money to do this? No? Then accept that you are fu*ked and contact the company. If it is not too late, make a clear statement that you will not continue your work which belongs to the case. Say sorry and distance yourself from anything relating.

8. Hope for an out-of-court agreement

As mentioned in point 7, a long and time consuming court case costs money. Probably more than you have. Follow point 7 as fast as you can, so you are aware if the company is OK with your apologize. If you are lucky, you are out of the deepest sh*t.

9. In front of court

If it comes to a confrontation in front of court, you are warned weeks in advance. Make notes, let your lawyer research all possible ways to defend you. Most courts are not aware of up to date IT law, as the most laws were formed in analog times, so the Billion-$-Company-X will try as hard as they can to proof that what you did was wrong, even if it is actually legal. Don't let them provoke you. Shut up and let your lawyer do the work, except the court asks you. If possible, "no comment". No comment == you can't make anything worse.

10. Don't fight with dragons

As said before, if you do not have unlimited money or some atomic bombs behind you do not fight against dragons. You can not win. The world is ruled by money and the ones with the most will always get their will. Do not think you can change this, even if it sounds a bit sad it has to be said.

Since I experienced many of such cases myself, I know best how you feel if it happens. If you need assistance, do not hesitate to e-mail me. If you find any huge mistakes or think I have forgotten something important, let me know.


Wednesday, November 30, 2011

PS VITA Live Area preViewer

This application is probably not of use for the community but some official PS VITA developers.

I required it just for some tests, but it would be a waste of codelines not to share it, so here it is:

PS VITA Live Area preViewer outputs various information about a game, including it's style it uses on the PS VITA.

Download: CLICK

To use it, simply choose the root folder of a PS VITA game. Then check the style in the upper right of the program which it is ment to be displayed with and choose the correct tab. All else is self-explaining.


Friday, November 25, 2011

PS VITA .pkg xTractor 1.00

After two sleepless nights and great help of iQD and PS3-690, finally the PS VITA .pkg xTractor application 1.00 is finished.

This program can decrypt & extract PS VITA game package (.pkg) files.

To use the program you need to place the PS VITA .pkg AES key in the same dir as the executable.

Funny as SONY is, they probably were to lazy to think of a new key and just used *hehe*, the PSP .pkg AES key.

Information tab not finished, yet. It will be completed in next version.

So just put the PSP .pkg AES key in hex syntax in aes.key file in the same folder and you are ready to go.

Download: CLICK

Another thing worth to mention is that thanks to GregoryRasputin the PS VITA developer wiki is now online.

For now it's near empty but I hope it will fill fast:


Thursday, November 24, 2011

PS VITA .pkg Content Structure

At the moment I try to get a first overview about all filetypes, structures and as the basic research on the firmware file (.pup) is done, I continue with PS VITA package (.pkg) files.

Due the next days I plan to open a wiki for devs about the PS VITA, then I will summarize and publish more specific information about all I my research.

For now here's an overview about the PS VITA game package file content structure:


PS VITA Firmware xTractor 2.00

And here we go with version 2.00:

As the last version was hardcoded for a specific firmware, this new version supports any PS VITA firmware file.

As well graphic bugs which appeared for some users should been fixed now.

As a little extra I implemented an information tab, which shows various info about the loaded firmware.

Information about the single files will be added in the next release, to be honest I was to lazy to implement it for now :P

In the next days I will compile it for Linux and MAC, so anyone can use it.

Download: CLICK

Thanks for the support I got, to everyone who deserves it.


Monday, November 21, 2011

PS VITA FW xTractor 1.01 update + linux version

Here a little update for the PS VITA FW xTractor:

Because of some requests I compiled a linux version.
The download is available below.

Aswell I added a simple check for the input file validation.

On linux I didnt bother to fix graphical issues, yet.

Version updated to 1.01.

Download 1.01 WIN: CLICK
Download 1.01 LNX: CLICK



Saturday, November 19, 2011

PS VITA Firmware xTractor

Since a more or less short break from public posts I am back with a little tool called "PS VITA Firmware xTractor".

For now it only works with firmware 00.945.040, tho surely I will update it sooner or later.

Just a short info about the firmware itself, it is not unencrypted like the PS3 ones.

The tool is ment for those who will join the VITA scene as a little sign that you are not alone ;-)

Crawl out of your holes and come up with your tools and research, guys! :)

I hope the PS VITA scene will not fuck up as the PS3 scene did over the last months cuz of the piracy infected environment.

If you ask anyone who was with the beginning of the PS3 scene it was much more fun without the commercial sense behind it all.

Without this shit it would even have saved many talented people of a lot of trouble.

Nevertheless I hope to see the good guys back @ VITA!

Download: CLICK

Greetz to the ones who kept it real,


Tuesday, April 26, 2011

PSN Hack Information

The PSN is down, all accounts got dumped by an anonymous hacker and the community is cryin' for answers. 77 million accounts with password and sometimes CC info are worth a lot in several hack chans. This is a very huge case.

Now SONY engaged an external security company to discover the holes in SONY's system and find answers. As I was wondering if there may be some information about the actual case we can find out publically, I researched a bit myself.

One interesting point I found is a not secured access log of a PSN environment.
You will quickly notice the IP, which sends requests like a vulnerability scanner.
The IP points to the DoD Network Information Center, based in Ohio USA.

The first log entry of this IP is [03/Mar/2011:07:10:38 -0800]. As the DoD is knows as beeing easy to hack, the anonymous hacker could have used this as proxy.

Maybe SONY might want to take a look at this IP, I hope soon we get some news and details about the case...