The Engineer Behind Vita's First Big Exploit

  • 105 results
  • 1
  • 2
  • 3
Posted by patrickklepek (4921 posts) -

Yifan Lu is a Texas-based student, one who resents the term “hacker.” He’d prefer to be called a reverse engineer, and he’s claiming to be responsible for a breakthrough that may open up the Vita. Eventually.

Lu disclosed his progress last Saturday on the Wololo.net message boards. He was seeking developers to help him out, which prompted a news post on the front page of Wololo.net. As more people started paying attention, this quickly lead to apocalyptic speculation that Lu had “cracked” the Vita, and would open the floodgates to piracy.

None of this is true, Lu told me over email this week.

“I did not expect this to be news,” said Lu. “Naive, I know. The announcement was basically ‘hey, we're at the point where we can actually write a loader now, so if anyone wants to jump on board and help, that'll be cool.’”

Lu has previous experience exploiting hardware, a task he takes on for the sheer challenge of it.

Lu is known for previous exploits, including the first jailbreak for the Kindle Touch and PSXperia, which converts any PlayStation game into something playable on the Xperia Play. In short, he’s legit.

Lu claimed that piracy on a Vita would not be possible with the exploit he’s discovered.

This assumes Sony doesn’t patch Lu’s exploit, the details of which are being kept private. Lu described himself as “very anti-piracy” and said he will not code anything to support the practice.

That said, Lu acknowledged there’s not much preventing someone else from taking the baton, and using his work for nefarious means.

“My work could be used as a stepping stone for others,” he said. “Personally, I am not talented enough to find exploits that could be used for piracy, and I am in contact with those who do have the skills, but they are also against piracy.”

“We can't stop it, but I can promise that I will never help it,” he said. “I made this metaphor before, but it's like the invention of airplanes. They're good for transportation, but somebody decided it can be used to drop bombs. But to prevent bombing cities, would it have been better if airplanes were never invented?”

The subtext of Lu’s comments is that homebrew is a good thing for the Vita community, and encourages more people to purchase a Vita and use it for a variety of reasons, including some that Sony never intended. It’s an argument fans of the rather impressive PSP homebrew community might agree with, but Sony? Yeah, probably not.

"I'm convinced and we're convinced that piracy has taken out a big chunk of our software sales on PSP," said senior VP of marketing at Sony Computer Entertainment America Peter Dille in a 2009 interview with Gamasutra. "It's been a problem that the industry has to address together; it's one that I think the industry takes very seriously, but we need to do something to address this because it's criminal what's going on, quite frankly."

I asked Lu to try and break down what he’s accomplished thus far in laymen terms. Let’s try.

Lu’s first breakthrough was getting a RAM dump. On 3DS, exploiters accomplished this by creating a physical RAM dumper. Since RAM is on the same chip as the CPU on a Vita, that’s not possible. Lu wouldn’t explain how he solved that issue on Vita, “but it wasn't as creative as engineering a hardware dumper.” Once the RAM dump was successful, he was able to analyze the code running in memory, and puzzle over how to get their own code going.

They’ve figured that part out.

In a best case scenario, homebrew is used for emulation. In a worst case, it's games for free.

Lu worked with a team to accomplish his feat, but didn’t feel comfortable naming other people.

Now, it’s a matter of recruiting developers to program a loader that can actually run unsigned (read: unauthorized) code. Lu doesn’t expect the loader to be ready for at least a couple of months, and it could take much longer for anything interesting to come out of the homebrew community after that. Those folks work fast, though.

I asked Lu for verifiable proof of his success. Sure, he’s proven his exploitation chops with previous pieces of hardware, but why not more? For now, it’s just his word.

“There is no proof I can offer, and as of right now, it would be wiser to not believe me and go on with life as usual,” he said. “Don't hold off updating, don't go and stockpile on Vitas, etc. Because between now and when it's released, anything could happen.”

Given the speculation created by Lu’s discovery, that wouldn’t be a huge surprise.

Sony has not yet contacted Lu, and Sony has not responded to my request for comment.

“If they tell me to stop, I will,” he said. “I don't have the time or resources to fight them. This is only a hobby.”

Until Sony steps in, he'll keep at it. It's exciting.

"Like some people do crossword or sudoku, it's mainly the intellectual challenge and the euphoria of success," he said. "I'd be lying if I didn't say there's also a bit of pride involved for being the 'first' to do something."

Staff Online
#1 Posted by patrickklepek (4921 posts) -

Yifan Lu is a Texas-based student, one who resents the term “hacker.” He’d prefer to be called a reverse engineer, and he’s claiming to be responsible for a breakthrough that may open up the Vita. Eventually.

Lu disclosed his progress last Saturday on the Wololo.net message boards. He was seeking developers to help him out, which prompted a news post on the front page of Wololo.net. As more people started paying attention, this quickly lead to apocalyptic speculation that Lu had “cracked” the Vita, and would open the floodgates to piracy.

None of this is true, Lu told me over email this week.

“I did not expect this to be news,” said Lu. “Naive, I know. The announcement was basically ‘hey, we're at the point where we can actually write a loader now, so if anyone wants to jump on board and help, that'll be cool.’”

Lu has previous experience exploiting hardware, a task he takes on for the sheer challenge of it.

Lu is known for previous exploits, including the first jailbreak for the Kindle Touch and PSXperia, which converts any PlayStation game into something playable on the Xperia Play. In short, he’s legit.

Lu claimed that piracy on a Vita would not be possible with the exploit he’s discovered.

This assumes Sony doesn’t patch Lu’s exploit, the details of which are being kept private. Lu described himself as “very anti-piracy” and said he will not code anything to support the practice.

That said, Lu acknowledged there’s not much preventing someone else from taking the baton, and using his work for nefarious means.

“My work could be used as a stepping stone for others,” he said. “Personally, I am not talented enough to find exploits that could be used for piracy, and I am in contact with those who do have the skills, but they are also against piracy.”

“We can't stop it, but I can promise that I will never help it,” he said. “I made this metaphor before, but it's like the invention of airplanes. They're good for transportation, but somebody decided it can be used to drop bombs. But to prevent bombing cities, would it have been better if airplanes were never invented?”

The subtext of Lu’s comments is that homebrew is a good thing for the Vita community, and encourages more people to purchase a Vita and use it for a variety of reasons, including some that Sony never intended. It’s an argument fans of the rather impressive PSP homebrew community might agree with, but Sony? Yeah, probably not.

"I'm convinced and we're convinced that piracy has taken out a big chunk of our software sales on PSP," said senior VP of marketing at Sony Computer Entertainment America Peter Dille in a 2009 interview with Gamasutra. "It's been a problem that the industry has to address together; it's one that I think the industry takes very seriously, but we need to do something to address this because it's criminal what's going on, quite frankly."

I asked Lu to try and break down what he’s accomplished thus far in laymen terms. Let’s try.

Lu’s first breakthrough was getting a RAM dump. On 3DS, exploiters accomplished this by creating a physical RAM dumper. Since RAM is on the same chip as the CPU on a Vita, that’s not possible. Lu wouldn’t explain how he solved that issue on Vita, “but it wasn't as creative as engineering a hardware dumper.” Once the RAM dump was successful, he was able to analyze the code running in memory, and puzzle over how to get their own code going.

They’ve figured that part out.

In a best case scenario, homebrew is used for emulation. In a worst case, it's games for free.

Lu worked with a team to accomplish his feat, but didn’t feel comfortable naming other people.

Now, it’s a matter of recruiting developers to program a loader that can actually run unsigned (read: unauthorized) code. Lu doesn’t expect the loader to be ready for at least a couple of months, and it could take much longer for anything interesting to come out of the homebrew community after that. Those folks work fast, though.

I asked Lu for verifiable proof of his success. Sure, he’s proven his exploitation chops with previous pieces of hardware, but why not more? For now, it’s just his word.

“There is no proof I can offer, and as of right now, it would be wiser to not believe me and go on with life as usual,” he said. “Don't hold off updating, don't go and stockpile on Vitas, etc. Because between now and when it's released, anything could happen.”

Given the speculation created by Lu’s discovery, that wouldn’t be a huge surprise.

Sony has not yet contacted Lu, and Sony has not responded to my request for comment.

“If they tell me to stop, I will,” he said. “I don't have the time or resources to fight them. This is only a hobby.”

Until Sony steps in, he'll keep at it. It's exciting.

"Like some people do crossword or sudoku, it's mainly the intellectual challenge and the euphoria of success," he said. "I'd be lying if I didn't say there's also a bit of pride involved for being the 'first' to do something."

Staff Online
#2 Posted by Zelyre (1208 posts) -

Firmware update incoming in 3...2...1...

#3 Posted by thaijedi (140 posts) -

Interesting read

#4 Posted by HT101 (1157 posts) -

Sounds pretty cool.

#5 Posted by paisan13 (150 posts) -

I'll buy a Vita if I can use it to run Emu's, that would be sweet ^_^

Online
#6 Edited by stalefishies (333 posts) -

I'm no expert, far from it, but running unsigned code seems like it's but a small jump to just running dumped roms of the cartridges. So while the guy's anti-piracy slant is noble, it seems pretty naïve to me.

#7 Posted by langdonx (120 posts) -

It seems like a lot of companies (Sony included) have matured to a point where Sony's response to this could be really interesting. I would love to see them fly this guy out and have him show them what he did and how he did it so that they could head it off at the pass (if possible). That seems like the smartest thing they could do... it's essentially crowd sourcing.

Aside from piracy, I don't see much value in a hacked Vita. The SDK seems to offer developers an outlet for getting anything within reason running on the device.

#8 Posted by btakasper (16 posts) -

Hey Sony, just think, if an exploit is made, you will see an increase in units sold. On the other hand, you might not, since there's nothing to play on it. I have a vita, but i only own 1 game. I'm not even sure why i bought the vita to begin with. It's more of a paperweight than anything else. I pick it up once and awhile and play that free Treasures of Montezuma Blitz game. I for one hope it leads to an exploit, i would love to run random junk on it from emulators to who knows what else. Piracy is inevitable, doesn't matter if i agree with it or not, it will happen.

Just my two cents.

#9 Posted by Jon93 (156 posts) -

Great article Patrick.

#10 Edited by Kosayn (452 posts) -

Ideally, we'll reach an equilibrium where game consoles tend to get completely hacked right around the time that the next generation machines come out. That way, gaming history still gets preserved through the internet, and the industry takes less of a hit from piracy.

Eventually, there will be no working NES's, Commodores, Spectrums, and Ataris, for example. And I suspect many in the industry do gain insight from beign able to examine how early game designers did things. Without piracy that software record would be fragmentary at best.

#11 Posted by langdonx (120 posts) -
#12 Posted by Ehker (235 posts) -

@langdonx said:

It seems like a lot of companies (Sony included) have matured to a point where Sony's response to this could be really interesting. I would love to see them fly this guy out and have him show them what he did and how he did it so that they could head it off at the pass (if possible). That seems like the smartest thing they could do... it's essentially crowd sourcing.

That's what they did with Hotz. They invited him and he walked into the Sony HQ eating from a box of Lucky Charms, dropping marshmallows across the lobby.

http://www.newyorker.com/reporting/2012/05/07/120507fa_fact_kushner#ixzz25ob3V0vU

#13 Posted by chickdigger802 (502 posts) -

@stalefishies said:

I'm no expert, far from it, but running unsigned code seems like it's but a small jump to just running dumped roms of the cartridges. So while the guy's anti-piracy slant is noble, it seems pretty naïve to me.

which is why you aren't an expert. Let's just say, it's about as apples and oranges as it gets.

#14 Posted by Rincewind (253 posts) -

And so the cat and mouse game on the vita begins.

#15 Posted by beepmachine (618 posts) -

At this point, any news is good news for the vita.

#16 Posted by algertman (852 posts) -

If anyone thinks this will cause people to buy a Vita you are crazy. The same line was used for PSP in the western market. In reality people bought a PSP with a game or two and never messed with it again and that why the software sales were horrible. The Vita is a failure. Wake up Sony fanboys, the dream is over. $599 was the downfall of the Playstation brand.

#17 Posted by believer258 (11949 posts) -

@algertman said:

If anyone thinks this will cause people to buy a Vita you are crazy. The same line was used for PSP in the western market. In reality people bought a PSP with a game or two and never messed with it again and that why the software sales were horrible. The Vita is a failure. Wake up Sony fanboys, the dream is over. $599 was the downfall of the Playstation brand.

As someone with a modified PSP who spent a lot of time looking into what I could get out of that scene?

You're horribly wrong. Certainly I bought my PSP for games a long time ago, but if I had not had one and still found out about the things on it, I'd have bought one quick. And many people did, in fact, pick one up soon after figuring all of that out. This is also why Sony sold PSP's a good bit but not a whole lot of games.

#18 Posted by Cybexx (1176 posts) -

Umm, why? Why do you need to do a bunch of work to hack homebrew applications (while claiming to not be assisting piracy) when Playstation Mobile Developer Program exists? You can already run homebrew applications with that and its Sony developed. I don't trust this man's anti-piracy claims, maybe I'm missing something.

#19 Posted by WJist (313 posts) -

I'm curious what this means for Vita owners (and those thinking about purchasing one) down the road. I don't doubt someone will come up eventually with something to break into the back door with Lu's exploit, but Sony's response could impact whether devs will continue to be interested in making games for it. I liked the PSP, but when the homebrew community came in, I noticed a lot more brick-and-mortar stores stopped selling PSP games.

#20 Posted by jakob187 (21676 posts) -

I've always appreciated guys like this: he's doing it because of the challenge, not because he wants to be malicious and pirate shit. He's a tinkerer, the guy that took everything apart when he was a kid to see what makes it tick and understand the complexities behind it all. He's not the guy that smashes something, glues it back together, and then tries to sell it for a profit because he's a dick.

I hope Sony DOESN'T stop him, but instead decides to give him a job.

#21 Posted by GrantHeaslip (1616 posts) -

I don't doubt that there are people who jailbreak/root their systems and continue to buy games, but they're the extreme minority. Most people who are doing this are doing it to play games without paying for them (I'd say steal, but I don't even want to get into that piracy:stealing argument).

I agree in theory that people should have the right to do what they want with their hardware, but the unfortunate reality is that most people are selfish dicks who will steal stuff if they don't think they'll get caught. If this leads to PSP-style widespread piracy, it will be a real shame. Obviously the lack of PSP game sales wasn't just a result of piracy, but it probably played a big part.

#22 Posted by Krakn3Dfx (2492 posts) -
#23 Posted by Enigma777 (6074 posts) -

I sure as hell hope the Vita isn't hacked. Piracy killed the PSP and it will kill the Vita, especially when you consider that the Vita isn't dong so hot right now.

#24 Posted by mrEkli (2 posts) -

Emulation is Piracy. Furthered by the fact that old games (most of the ones people want to play too) are being sold on modern systems.

#25 Posted by OllyOxenFree (4974 posts) -
@Krakn3Dfx said:

#26 Posted by BlackLagoon (1441 posts) -

@algertman said:

The Vita is a failure. Wake up Sony fanboys, the dream is over. $599 was the downfall of the Playstation brand.

The PS3 is currently the best selling console (month to month) world wide, the 360 really only beat it in North America and the UK. And Hatsune Miku would like to have a word with you about the Vita's viability - the best selling game in Japan right now by quite a margin is Project Diva F for the Vita.

#27 Posted by Xer0Signal (32 posts) -

“We can't stop it, but I can promise that I will never help it,” he said. “I made this metaphor before, but it's like the invention of airplanes. They're good for transportation, but somebody decided it can be used to drop bombs. But to prevent bombing cities, would it have been better if airplanes were never invented?”

I'm not entirely sure that hacking the Vita is just as important of a discovery in science as was MASTERING THE ABILITY OF FLIGHT.

I get the analogy he's trying to make, but, it rings false to me.

#28 Posted by ChrisTaran (1622 posts) -

Very impressive stuff. Looking forward to what the homebrew community can deliver!

#29 Posted by WMWA (1162 posts) -

Nice grab. First article I've seen naming him, much less getting an interview

#30 Posted by ValiantGoat (376 posts) -

Sony has it under control, don't release anything worthwhile on the system and nobody will pirate the software.

#31 Posted by Rayeth (1051 posts) -

@mrEkli:

Except that isn't true. Emulation is legal if you own copies of the physical game involved. So my legally owned copies of Legend of Zelda, SMB 3, Final Fantasy 3, 6, 7, whatever, are fair game for ME to emulate. Assuming I am doing all the rom dumping myself (which is actually a pretty fun process, I think). I should be able to create backup copies of software I own, I can and I do when available.

The fact that some of these games are available for modern systems is irrelevant.

Online
#32 Posted by Deusoma (3013 posts) -

It's weird, I've never seen a hacker in denial about being a hacker before. :P

#33 Posted by FMinus (394 posts) -

@Krakn3Dfx said:

This is what people call, "admit defeat".

#34 Posted by algertman (852 posts) -

@BlackLagoon said:

@algertman said:

The Vita is a failure. Wake up Sony fanboys, the dream is over. $599 was the downfall of the Playstation brand.

The PS3 is currently the best selling console (month to month) world wide, the 360 really only beat it in North America and the UK. And Hatsune Miku would like to have a word with you about the Vita's viability - the best selling game in Japan right now by quite a margin is Project Diva F for the Vita.

PS3 is running on fumes at this point. The vita has bombed HARD. You are going off of sales for ONE WEEK. One week, in Japan, Vita has been been dragged up the from abyss when it has been having a hard time busting 10k a week in Japan. On top of that Miku was the ONLY Vita game in the top thirty this week. Vita is dead. Quit living in a dream world.

#35 Posted by Patman99 (1593 posts) -

@FMinus said:

@Krakn3Dfx said:

This is what people call, "admit defeat".

While the tweet is pretty funny, that is a parody account.

#36 Posted by Ravenlight (8040 posts) -

He may resent the widely-believed public misconception of what "hacker" means, but by the traditional definition is apropos in Lu's case.

#37 Posted by tourgen (4515 posts) -

@langdonx said:

It seems like a lot of companies (Sony included) have matured to a point where Sony's response to this could be really interesting. I would love to see them fly this guy out and have him show them what he did and how he did it so that they could head it off at the pass (if possible). That seems like the smartest thing they could do... it's essentially crowd sourcing.

Aside from piracy, I don't see much value in a hacked Vita. The SDK seems to offer developers an outlet for getting anything within reason running on the device.

noooooo! The SDK is kind of terrible. It's mono (C#), a managed language. The SDK is pretty limited in terms of actual direct access to hardware to do interesting things. Sure you can write a shitty sprite platformer pretty easily... Running compiled C or raw ASM with direct hardware access would be GREAT. Too bad we'll never see published hardware specs.

Closed, proprietary system SUCK. I miss fun hardware like the C64, Amiga, and Atari ST with full published hardware specs and no DRM, signed code bullshit.

#38 Edited by Terramagi (1159 posts) -

@langdonx said:

It seems like a lot of companies (Sony included) have matured to a point where Sony's response to this could be really interesting. I would love to see them fly this guy out and have him show them what he did and how he did it so that they could head it off at the pass (if possible). That seems like the smartest thing they could do... it's essentially crowd sourcing.

Aside from piracy, I don't see much value in a hacked Vita. The SDK seems to offer developers an outlet for getting anything within reason running on the device.

Yeah, not a goddamn chance. They nailed the guy who hacked the PS3 to a fucking wall. This guy will be no different.

#39 Posted by Phat2 (22 posts) -

stop posting gay porn in comments, thanks

#40 Posted by Krakn3Dfx (2492 posts) -

@FMinus said:

@Krakn3Dfx said:

This is what people call, "admit defeat".

It's not really his account, I thought it was hilarious though.

#41 Posted by Solh0und (1783 posts) -

I think it's safe to say that we all know that piracy will EVENTUALLY happen on the Vita and 3DS at some point.

#42 Posted by Napalm (9020 posts) -

@algertman said:

@BlackLagoon said:

@algertman said:

The Vita is a failure. Wake up Sony fanboys, the dream is over. $599 was the downfall of the Playstation brand.

The PS3 is currently the best selling console (month to month) world wide, the 360 really only beat it in North America and the UK. And Hatsune Miku would like to have a word with you about the Vita's viability - the best selling game in Japan right now by quite a margin is Project Diva F for the Vita.

PS3 is running on fumes at this point. The vita has bombed HARD. You are going off of sales for ONE WEEK. One week, in Japan, Vita has been been dragged up the from abyss when it has been having a hard time busting 10k a week in Japan. On top of that Miku was the ONLY Vita game in the top thirty this week. Vita is dead. Quit living in a dream world.

Hi, get out. We're not about console wars. Go back to wherever you came from.

#43 Posted by GrantHeaslip (1616 posts) -

@algertman said:

@BlackLagoon said:

@algertman said:

The Vita is a failure. Wake up Sony fanboys, the dream is over. $599 was the downfall of the Playstation brand.

The PS3 is currently the best selling console (month to month) world wide, the 360 really only beat it in North America and the UK. And Hatsune Miku would like to have a word with you about the Vita's viability - the best selling game in Japan right now by quite a margin is Project Diva F for the Vita.

PS3 is running on fumes at this point. The vita has bombed HARD. You are going off of sales for ONE WEEK. One week, in Japan, Vita has been been dragged up the from abyss when it has been having a hard time busting 10k a week in Japan. On top of that Miku was the ONLY Vita game in the top thirty this week. Vita is dead. Quit living in a dream world.

Why are you so invested in Sony failing? You seem to like the Xbox, and that's fine, but if you're looking for a console war, do us all a favour and leave.

#44 Posted by Brodehouse (9967 posts) -

I really want to get behind the homebrew stuff, the idea of making your console work for you... but then on the other hand, the piracy stuff just always runs along with it. I want people to be freely developing and innovating with the platforms, but at the same time, it just makes doing any kind of business on them impossible. And I'd rather game developers had actual 9-to-5 jobs making games than work at Kinko's and draw game art or write stories on their lunch break. That's my life. I wouldn't wish it on professionals.

#45 Posted by Brodehouse (9967 posts) -

@Xer0Signal said:

“We can't stop it, but I can promise that I will never help it,” he said. “I made this metaphor before, but it's like the invention of airplanes. They're good for transportation, but somebody decided it can be used to drop bombs. But to prevent bombing cities, would it have been better if airplanes were never invented?”

I'm not entirely sure that hacking the Vita is just as important of a discovery in science as was MASTERING THE ABILITY OF FLIGHT.

I get the analogy he's trying to make, but, it rings false to me.

Yeah, his comparison is more akin to looking at an airplane that someone developed privately, and then reverse engineering the blueprints and sending them to every corporation and country in the world. Great for everyone else, probably really bad for the person who actually built the plane.

#46 Posted by Boopie (191 posts) -

sounds good if I don't have to pay for games on the Vita it's more interesting

#47 Posted by ripelivejam (4068 posts) -

@Boopie said:

sounds good if I don't have to pay for games on the Vita it's more interesting

so people nowadays freely and wantonly admit to being pirates?

#48 Edited by nickux (1385 posts) -

I can appreciate Lu's efforts in the sense of a technical achievement but as a Vita owner it's a bummer to see people had to hack it. Small developers lose, consumers lose, pirates win. I understand this exploit does not allow piracy but it's just a matter of time. Hopefully Sony can squash it with updates.

#49 Posted by algertman (852 posts) -

@GrantHeaslip said:

@algertman said:

@BlackLagoon said:

@algertman said:

The Vita is a failure. Wake up Sony fanboys, the dream is over. $599 was the downfall of the Playstation brand.

The PS3 is currently the best selling console (month to month) world wide, the 360 really only beat it in North America and the UK. And Hatsune Miku would like to have a word with you about the Vita's viability - the best selling game in Japan right now by quite a margin is Project Diva F for the Vita.

PS3 is running on fumes at this point. The vita has bombed HARD. You are going off of sales for ONE WEEK. One week, in Japan, Vita has been been dragged up the from abyss when it has been having a hard time busting 10k a week in Japan. On top of that Miku was the ONLY Vita game in the top thirty this week. Vita is dead. Quit living in a dream world.

Why are you so invested in Sony failing? You seem to like the Xbox, and that's fine, but if you're looking for a console war, do us all a favour and leave.

I own a PS3 and love it. It's Sony fanboys who are the problem. Quit buying shitty JRPGs.

#50 Posted by das9000 (174 posts) -

It begins...

Time to get a vita

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.