Giant Bomb News

107 Comments

The Engineer Behind Vita's First Big Exploit

Known exploiter Yifan Lu explains why this doesn't necessarily mean the floodgates are open for Vita, and whether someone could use it for piracy.

No Caption Provided

Yifan Lu is a Texas-based student, one who resents the term “hacker.” He’d prefer to be called a reverse engineer, and he’s claiming to be responsible for a breakthrough that may open up the Vita. Eventually.

Lu disclosed his progress last Saturday on the Wololo.net message boards. He was seeking developers to help him out, which prompted a news post on the front page of Wololo.net. As more people started paying attention, this quickly lead to apocalyptic speculation that Lu had “cracked” the Vita, and would open the floodgates to piracy.

None of this is true, Lu told me over email this week.

“I did not expect this to be news,” said Lu. “Naive, I know. The announcement was basically ‘hey, we're at the point where we can actually write a loader now, so if anyone wants to jump on board and help, that'll be cool.’”

Lu has previous experience exploiting hardware, a task he takes on for the sheer challenge of it.
Lu has previous experience exploiting hardware, a task he takes on for the sheer challenge of it.

Lu is known for previous exploits, including the first jailbreak for the Kindle Touch and PSXperia, which converts any PlayStation game into something playable on the Xperia Play. In short, he’s legit.

Lu claimed that piracy on a Vita would not be possible with the exploit he’s discovered.

This assumes Sony doesn’t patch Lu’s exploit, the details of which are being kept private. Lu described himself as “very anti-piracy” and said he will not code anything to support the practice.

That said, Lu acknowledged there’s not much preventing someone else from taking the baton, and using his work for nefarious means.

“My work could be used as a stepping stone for others,” he said. “Personally, I am not talented enough to find exploits that could be used for piracy, and I am in contact with those who do have the skills, but they are also against piracy.”

“We can't stop it, but I can promise that I will never help it,” he said. “I made this metaphor before, but it's like the invention of airplanes. They're good for transportation, but somebody decided it can be used to drop bombs. But to prevent bombing cities, would it have been better if airplanes were never invented?”

The subtext of Lu’s comments is that homebrew is a good thing for the Vita community, and encourages more people to purchase a Vita and use it for a variety of reasons, including some that Sony never intended. It’s an argument fans of the rather impressive PSP homebrew community might agree with, but Sony? Yeah, probably not.

"I'm convinced and we're convinced that piracy has taken out a big chunk of our software sales on PSP," said senior VP of marketing at Sony Computer Entertainment America Peter Dille in a 2009 interview with Gamasutra. "It's been a problem that the industry has to address together; it's one that I think the industry takes very seriously, but we need to do something to address this because it's criminal what's going on, quite frankly."

I asked Lu to try and break down what he’s accomplished thus far in laymen terms. Let’s try.

Lu’s first breakthrough was getting a RAM dump. On 3DS, exploiters accomplished this by creating a physical RAM dumper. Since RAM is on the same chip as the CPU on a Vita, that’s not possible. Lu wouldn’t explain how he solved that issue on Vita, “but it wasn't as creative as engineering a hardware dumper.” Once the RAM dump was successful, he was able to analyze the code running in memory, and puzzle over how to get their own code going.

They’ve figured that part out.

In a best case scenario, homebrew is used for emulation. In a worst case, it's games for free.
In a best case scenario, homebrew is used for emulation. In a worst case, it's games for free.

Lu worked with a team to accomplish his feat, but didn’t feel comfortable naming other people.

Now, it’s a matter of recruiting developers to program a loader that can actually run unsigned (read: unauthorized) code. Lu doesn’t expect the loader to be ready for at least a couple of months, and it could take much longer for anything interesting to come out of the homebrew community after that. Those folks work fast, though.

I asked Lu for verifiable proof of his success. Sure, he’s proven his exploitation chops with previous pieces of hardware, but why not more? For now, it’s just his word.

“There is no proof I can offer, and as of right now, it would be wiser to not believe me and go on with life as usual,” he said. “Don't hold off updating, don't go and stockpile on Vitas, etc. Because between now and when it's released, anything could happen.”

Given the speculation created by Lu’s discovery, that wouldn’t be a huge surprise.

Sony has not yet contacted Lu, and Sony has not responded to my request for comment.

“If they tell me to stop, I will,” he said. “I don't have the time or resources to fight them. This is only a hobby.”

Until Sony steps in, he'll keep at it. It's exciting.

"Like some people do crossword or sudoku, it's mainly the intellectual challenge and the euphoria of success," he said. "I'd be lying if I didn't say there's also a bit of pride involved for being the 'first' to do something."

Patrick Klepek on Google+