Memory Card: Difference between revisions

From Vita Developer wiki
Jump to navigation Jump to search
No edit summary
m (Added archive link)
 
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
The Vitas MemoryCard uses a new variant of the previous invented MagicGate security for the PSP. For sure it is one of the most wanted Hacks of users, to be able to use much cheaper non Sony brand microSD or others, instead of the Vitas heavy overpriced standart MCs.
== Pinout ==
== Pinout ==
[http://www.vitadevwiki.com/index.php?title=Media#Pinout_2 Media-Pinout]
[http://www.psdevwiki.com/vita/index.php?title=Media#Pinout_2 Media-Pinout]


don't try to take it apart [http://imgur.com/a/yvFYG like this]
Don't try to take it apart [http://imgur.com/a/yvFYG like this] ([https://web.archive.org/web/20230505050035/https://imgur.com/a/yvFYG archive])
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 33: Line 35:


== Soft Reversing ==
== Soft Reversing ==
The OS driver for the Memory Card can be found here:
<span style="text-decoration: line-through;">The OS driver for the Memory Card can be found here:</span>
  [[Files_on_the_PS_Vita#os0|os0]]:kd/magicgate.skprx
<br> Analyzing results of the Hardware reversing process did show that, for what it looks like the Memory Card is not using the magicgate.skprx.
<br>'''"[https://twitter.com/RichDevX RichDevX]: yo, as far as I can tell, it isn't using magicgate. maybe when I launch games (perhaps), but doesn't seem to be play an important role"'''
 
  <span style="text-decoration: line-through;">[[Files_on_the_PS_Vita#os0|os0]]:kd/magicgate.skprx</span>


But this will require a kernel exploit source to be able to dump this kernel driver and reverse / analyze it for future purpose which is right now not possible to do the lack of the source code for [[HENkaku]].
Still to be able to reverse this above named kernel driver it will require a kernel exploit source to be able to dump and analyze it for future purpose which is right now not possible to do the lack of the source code for [[HENkaku]].




Line 58: Line 63:


* [https://twitter.com/RichDevX/status/781948956666396672 It's game time, all your commands are belong to us ^_^] [https://pbs.twimg.com/media/CtoKK_NXYAAkafs.jpg picture]
* [https://twitter.com/RichDevX/status/781948956666396672 It's game time, all your commands are belong to us ^_^] [https://pbs.twimg.com/media/CtoKK_NXYAAkafs.jpg picture]
* [https://twitter.com/RichDevX/status/782769674085888001 WRITE_SHORT_DATA <br>READ_SHORT_DATA <br>WRITE_SHORT_DATA <br>Seems to be the authentication sequence] <br>[https://pbs.twimg.com/media/CtzzaRoWgAEtfNv.jpg picture]
* [https://twitter.com/RichDevX/status/783886921986637824 ViMC-Decoded (minimal memory card protocol decoder)] <br>Logo designed by [https://twitter.com/gameshack_ @gameshack_] <br>Pinouts discovered by [https://twitter.com/Asdron_ @Asdron_] <br>[https://www.sendspace.com/file/a3ybzs source]
* [https://twitter.com/RichDevX/status/783886966261702656 link] <br>7_________________________0  <br>[X ] [X ] [X ] [D3 ][D2] [D1] [D0] [BS] <br>Binary capture format
== Partitions ==
Memory Card can be accessed with [[SceMsif]] module. It has the following [[Partitions|partitions]]:
{| class="wikitable"
|-
! code !! type !! name !! desc
|-
| 0xD || raw || || Some data
|-
| 0x8 || exfat || ux0 || Memory Card
|-
|}

Latest revision as of 06:03, 5 May 2023

The Vitas MemoryCard uses a new variant of the previous invented MagicGate security for the PSP. For sure it is one of the most wanted Hacks of users, to be able to use much cheaper non Sony brand microSD or others, instead of the Vitas heavy overpriced standart MCs.

Pinout[edit | edit source]

Media-Pinout

Don't try to take it apart like this (archive)

Pin Signal Description
1 INS Detection Pin
2 SCLK Serial Clock
3 VCC Voltage
4 D3 Data 3
5 D2 Data 2
6 D1 Data 1
7 D0 Data 0
8 BS Bus State
9 VSS Ground

pinouts by Asdron also confirmed by RichDevX

About Pin 1: "it's an input pin on the host controller (pulled up high), and the pin on the card is grounded" (source RichDevX)


Soft Reversing[edit | edit source]

The OS driver for the Memory Card can be found here:
Analyzing results of the Hardware reversing process did show that, for what it looks like the Memory Card is not using the magicgate.skprx.
"RichDevX: yo, as far as I can tell, it isn't using magicgate. maybe when I launch games (perhaps), but doesn't seem to be play an important role"

os0:kd/magicgate.skprx

Still to be able to reverse this above named kernel driver it will require a kernel exploit source to be able to dump and analyze it for future purpose which is right now not possible to do the lack of the source code for HENkaku.


HW Reversing[edit | edit source]

(by RichDevX)

@RichDevX I don't know what is that picture... But seems good. Right?
@ACViperPro it's just a graphical representation of two separate sessions of 1s and 0s ^_^ (binary state of digital signals). as for the significance, the sessions are exactly the same. there's also a lot of whitespace which is a good indication :P. 
@RichDevX i'm totally noob but, quoting @yifanlu.. "Some.. packets are constant.. others--partially change after each time you turn on Vita". @RichDevX "This is most likely related to some encryption mechanism." Encrypting the handshake is not much different from encrypting all! xD. 
@Danyfenix69 we can deal with challenge/response handshakes, session encryption would require much more work
  • link
    7_________________________0
    [X ] [X ] [X ] [D3 ][D2] [D1] [D0] [BS]
    Binary capture format

Partitions[edit | edit source]

Memory Card can be accessed with SceMsif module. It has the following partitions:

code type name desc
0xD raw Some data
0x8 exfat ux0 Memory Card