Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
While most are awaiting the 35c3 Talk on Exploiting PS4 Video Apps for ALL Firmware this December 28th, there will also be a Viva la Vita Vida (Live Stream - Relive) PlayStation Vita hacking lecture by Yifanlu and Davee at the Chaos Communication Congress on December 29th, 2018.

Until then, those who still own a PS Vita may want to check out xerpi's PlayStation Vita Linux Loader Kernel Plugin for PS Vita with details below! :cool:

Download: linux_vita-master.zip / GIT / vita-linux-loader-master.zip / GIT

From the README.md to quote: PlayStation Vita Linux Loader

What's this?

This is a kernel plugin that lets you run Linux in ARMv7 non-secure System mode.

How does it work?

At first, the plugin allocates a couple of physically contiguous buffers where it loads the Linux kernel image and the Device Tree Blob.

Then it triggers a power standby request and when PSVita OS is about to send the Syscon command to actually perform the standby, it changes the request type into a soft-reset and the resume routine address to a custom one (resume.s).

Once the PSVita wakes from the soft-reset, the custom resume routine executes and identity maps the scratchpad (address 0x1F000000) using a 1MiB section. Afterwards, the Linux bootstrap code (linux_bootstrap.s) is copied to the scratchpad where it proceeds and jumps to (passing some parameters such as the Linux and DTB physical addresses).

Since the Linux bootstrap code is now in an identity-mapped location, it can proceed to disable the MMU (and the caches) and finally jump to the Linux kernel.

Instructions

You will need a compiled Linux kernel image (placed at ux0:/linux/zImage) and the corresponding DTB file (placed at ux0:/linux/vita.dtb).

Debugging

This Linux loader will print debug info over UART0. Check UART Console for the location of the pins.

Credits

Thanks to everybody who has helped me, specially the Team Molecule (formed by Davee, Proxima, xyz, and YifanLu), TheFloW, motoharu, and everybody at the HENkaku Discord channel.

Download: Injecting_Software_Vulnerabilities_with_Voltage_Glitching.pdf (212 KB)
PlayStation Vita Linux Loader Kernel Plugin for PS Vita by Xerpi.jpg
 

Comments

nice great work by xerpi tho did anyone catch hostboot or htif being fully supported across 2 systems?

seems ppl love to run linux on own hardware. why not get a hifive unleashed
  • Microsemi HiFive Unleashed Expansion board
    • Again, this is the only expansion board available with multiple I/O Support
    • However, only PCIe, SATA, M.2 SSD connectors are enabled right now.
  • Radeon HD 6450 GPU card
    • Any Caicos-based card should be OK, but the kernel config instructs specific firmware to be used. It is recommended to use the above specific GPU as it is verified. In case you want to use any other GPU, load the appropriate firmware accordingly.
    • The GPU uses x16 PCI Express card connector.
  • PCIe to USB card (I have used this)
    • x1 PCI Express card connector can be used to provide USB ports for mouse/keyboard.
  • SATA Drive(HDD/SSD) or NVMe SSD. This is where the Fedora image will be copied. It is not recommended to use an image from a micro SD card.

    FYI: NVMe SSD should be connected via the NVMe M.2 connector present at the bottom of the expansion card. The board layout is available here:

layout-1.png

cross compile from x86 then mnt to first disk partition

Spoiler
 
Status
Not open for further replies.
Back
Top