35c3 Talk on Exploiting PS4 Video Apps for ALL Firmware this December 28th, there will also be a Viva la Vita Vida (Live Stream - Relive) PlayStation Vita hacking lecture by Yifanlu and Davee at the Chaos Communication Congress on December 29th, 2018.
Until then, those who still own a PS Vita may want to check out xerpi's PlayStation Vita Linux Loader Kernel Plugin for PS Vita with details below!
Download: linux_vita-master.zip / GIT / vita-linux-loader-master.zip / GIT
From the README.md to quote: PlayStation Vita Linux Loader
This is a kernel plugin that lets you run Linux in ARMv7 non-secure System mode.
How does it work?
At first, the plugin allocates a couple of physically contiguous buffers where it loads the Linux kernel image and the Device Tree Blob.
Then it triggers a power standby request and when PSVita OS is about to send the Syscon command to actually perform the standby, it changes the request type into a soft-reset and the resume routine address to a custom one (resume.s).
Once the PSVita wakes from the soft-reset, the custom resume routine executes and identity maps the scratchpad (address 0x1F000000) using a 1MiB section. Afterwards, the Linux bootstrap code (linux_bootstrap.s) is copied to the scratchpad where it proceeds and jumps to (passing some parameters such as the Linux and DTB physical addresses).
Since the Linux bootstrap code is now in an identity-mapped location, it can proceed to disable the MMU (and the caches) and finally jump to the Linux kernel.
You will need a compiled Linux kernel image (placed at ux0:/linux/zImage) and the corresponding DTB file (placed at ux0:/linux/vita.dtb).
This Linux loader will print debug info over UART0. Check UART Console for the location of the pins.
Thanks to everybody who has helped me, specially the Team Molecule (formed by Davee, Proxima, xyz, and YifanLu), TheFloW, motoharu, and everybody at the HENkaku Discord channel.
Download: Injecting_Software_Vulnerabilities_with_Voltage_Glitching.pdf (212 KB)