This is our second bonus handheld article (the first being PSP) in Rick Wilder’s history of PlayStation piracy series which chronicles Sony’s decades-long fight between pirates and Sony console security. This most recent episode tackles Sony’s second handheld: PlayStation Vita (PS Vita).
PlayStation Vita first debuted in Japan on December 17th of 2011. Though Sony later realised North America to be the optimal launch location for consoles such as PlayStation 4 onward, PS Vita sold best in Japan overall in this case. This being Sony’s second handheld console, many expected the legacy established by the original PSP to guarantee sales records.
The first few days after the Japan launch reinforced those hunches. Though, as many readers might have observed, a collective hunch was all PS Vita amounted to in the end. With 80-82 million confirmed units sold of the PSP and expectations running high, it came as a surprise that PS Vita only sold an estimated 10-15 million units over its entire lifespan.
Despite all that, Sony trusted in the quality of their console and continued to invest in marketing campaigns to boost sales. The linking of remote play and PlayStation TV to Vita were two such attempts. Lowering the RRP of Vita and its memory card lineup was another. All of these rescue attempts were made far past the point of no return. It’s anyone’s best guess how many units of the Vita Sony would have sold without those measures.
The World is in Play (Elsewhere)
Leading up to its launch PS Vita was (incorrectly) advertised as a PS3 for the palms with a myriad of AAA titles to boot. The reality of its launch lineup was far from Sony’s original promise. Whereas every Sony console before it had arguably delivered at launch (for the most part) for the first time ever, a Sony console had been ‘overhyped’. The gaming community cottoned on to this quickly.
Wipeout2048 and Uncharted: Golden Abyss made an appearance early-on, but so did the pricing for the Vita’s memory card upgrades. 1GB of onboard storage was included but, even in 2011, calling it insufficient would have been an understatement.
Byte Monopoly
Sony designed their own proprietary memory card type, seemingly to make things difficult and maximise profits. This was also an anti-piracy move. While the original PSP memory cards were proprietary too, security and anti-piracy measures for the PSP’s ProDuo seem not to have been implemented at all. It seemed that Sony had learned from their mistakes somewhat, doubling down on security with PS Vita storage. The trouble was getting people to buy one.
Price-wise, these new PS Vita cards were extortionate. We’re talking $125 for 32GB extortionate. Allegedly for this reason, Sony didn’t release the 32GB card in the UK at launch. Many gamers agreed that a £100 price tag on a 32GB memory card would have caused mass outrage.
Nonetheless, with mobile gaming increasing in popularity and MicroSD cards becoming cheaper and more common than fresh veggies, Sony had chosen the worst time and angle for their memory card gouging.
There were a few great devs/modders who also saw Vita as a missed opportunity, especially with regard to Homebrew, and so that’s where our story begins.
The PSP Wars 2: Attack of the Devs
Yifanlu of Team Molecule, one of many developers of HENkaku, invested in the First Edition Vita bundle from launch, itching to find exploits; ways into the console. The other members of the team: xyz, Proxima and Davee were also integral in cracking open the system. Within a year they were able to run codes in “user space”. A WebKit exploit in the email app is reported to have been the target for this first attack, implemented by xyz. This was an achievement, no doubt, but permissions-wise this was equal to game-level permissions. For custom apps and homebrew, more had to be done.
It took the better part of two years to get into PS Vita’s kernel (the heart of the OS) using an integer overflow attack. Just as a “buffer overflow” is achieved by sending a larger file than the allocated memory can handle, an “integer overflow” involves creating a numeric value outside of the possible range of results with a given amount of digits. If you had 4 digits, for example, this breaks the arithmetic operation’s rules so that the result will be either more or less than 4 digits long. This is labeled as ‘undefined behavior’ and results in unexpected behaviour from the system, the perfe ct place to begin infiltration.
For readers of the series so far, two years of safety puts Sony’s security methods leagues ahead of the early days and lightyears ahead of the original PSP’s security. Unfortunately, Team Molecule’s initial results from the summer of 2014 were difficult to replicate on a mass scale. It wasn’t over yet.
Sony Learned Too Much
In the end, reverse engineering PS Vita’s kernel–learning to understand it as well as the creators themselves, was what Team Molecule did. They did this by studying the Vita’s system dump file. This was the same method as seen on the original Japan-release PSP, though that was an easier case which allowed users to get a system dump file without any tampering whatsoever.
After sussing the processes of PS Vita decryption and encryption, Team Molecule were able to “draw” to the screen, at which point all of their work culminated into its final form: HENkaku. With access to the system kernel and all of the above, they were able to write their own patches, forcefully disabling code signature checks and therefore allowing the successful boot of their homebrew app and games.
I Update to Live, I Update to Forget (Sony)
Throughout this time, Sony pushed updates under the guise of “performance fixes” when the reality couldn’t be further from the truth. PlayStation Vita ceased production in March of 2019 but the last update wasn’t until October. In spite of this, old legends like TheFloW joined the fray toward the latter half of the Vita’s life, offering a hand to those users who’d updated without realising there was a homebrew community at all.
Although the console was a failure in almost every sense of the word, its continuous misuse resulted in success of a sort Sony was unable to provide. When compared to the back and forth between previous console mods and security patches, a driven and skilled team seems to make all the difference in conquering a system.
By that same thread, it may be that less time and resources were spent on the Vita, further securing its death (and subsequent rebirth). How fitting then, that Vita had its beginnings in the Latin word for life.
Thanks for reading our latest episode on PlayStation hackery, the rest of the series can be found here. Do you think the Vita was an easy target, too? Did you mod your Vita or is PS Vita modding a recent discovery for you? Let us know in the comments!