Editing ICAL Exploit

== Introduction ==

ICAL Exploit is a PSVita exploit that allows System URI call on OFW.
The vulnerability was discovered and exploited by [[SilicaAndPina]].
Chained with a bug in the PSN Sign Up application, that allows for Account Switching even on the latest PSVita firmware [[3.73]].

== System URI calling ==

System URI's are URI's defined in param.sfo surrounded by triangle brackets. They can only be run by the system and not by the web browser. The PSVita [[Calendar]] application allows user to create ICAL event files in the (.ics) format, which is an .INI-Like format with ':' instead of '=' for defining values. These files can be sent over PSN messenger and the Email client. To execute SUPPORT_URI's you simply have to write the URI you want into the .ics file's URL: entry and then view the event either in the Email application or the PSN messenger application and click the "www" browser icon.

*Note: You CANNOT use the Calendar application itself to do this. It must be done in the event preview screen found in Email or Messenger applications. You should be able to do this in any text editor.

== Example ==

Here is an example .ics file that launches the Package Installer application.
  
    BEGIN:VCALENDAR
    PRODID:-//SCE Inc//PSVitaCalendar 0.00//EN
    VERSION:2.0
    BEGIN:VTIMEZONE
    TZID:106
    BEGIN:STANDARD
    DTSTART:19700101T000000
    TZOFFSETFROM:+1100
    TZOFFSETTO:+1000
    RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
    END:STANDARD
    BEGIN:DAYLIGHT
    DTSTART:19700101T000000
    TZOFFSETFROM:+1000
    TZOFFSETTO:+1100
    RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=10
    END:DAYLIGHT
    END:VTIMEZONE
    BEGIN:VEVENT
    UID:2017100712075551579
    DTSTAMP:20171007T121157Z
    DTSTART;TZID=106:20171007
    DTEND;TZID=106:20171008
    SUMMARY:Package Installer
    SEQUENCE:6
    URL:psgm:play?titleid=NPXS10031
    END:VEVENT
    END:VCALENDAR

== Tools ==

A website for easily exploiting the libical bug mentioned is available at: [[http://vitatricks.tk]].

The source code of this website is available: [[http://bitbucket.org/SilicaAndPina/vitatricks]].

== Changing PSN accounts ==

If you run again the Sign Up application via the 'psnreg:' URI call after you have already got an account linked, then the Sign Up application will say
"Please Wait..." and then take you to the "Welcome <yourname> to PSN" screen. However if you remove internet access from the console at the correct time using the "Please Wait..." screen then PSN authentication will fail. You will be booted back to the "Sign In" screen from here. You can sign in using any credentials and your PSVita will be linked to this PSN account. However `ux0:/id.dat` is NOT updated so you will have to go back to your original PSN account before rebooting or you will be greeted with the fatal "Please format your memory card" message.