ICAL Exploit: Difference between revisions

From Vita Developer wiki
Jump to navigation Jump to search
No edit summary
 
(6 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== Introduction ==
== Introduction ==
ICAL Exploit was Created by [[SilicaAndPina]] allows for System Uri Calling on the latest PSVita firmware [[3.70]]
as well as a bug with the PSN Sign Up application, that allows for Account Switching also on the latest PSVita Firmware [[3.70]]


== System URI Calling ==  
ICAL Exploit is a PS Vita exploit that allows a PS Vita to call any System URI. The vulnerability was discovered and exploited by "Li". Chained with a bug in the PSN Sign Up application, that allows for Account Switching even on the latest PS Vita firmware [[3.74]].
(system uri's are URI's defined in param.sfo surrounded by triangle brackets. and they can only be run by the system and not the browser
 
The PSVita [[Calendar]] Application allows you to create ical event files in the (.ics) format, which is an .INI-Like format with ':' instead of '=' for defining values.
== System URI calling ==
these files can be sent over PSN Messager and the EMail client, to execute SUPPORT_URI's you simply have to write the uri you want into the ics file's URL: entry and then view the event either in the Email Application or the PSN Messager application and click the "www" browser icon.
 
*Note: You CANNOT use the Calendar application itself to do this, it must be done in the event preview screen found in Email or Messager apps 
System URI's are URI's defined in param.sfo surrounded by triangle brackets. They can only be run by the system and not by the web browser. The PS Vita [[Calendar]] application allows user to create ICAL event files in the (.ics) format, which is an .INI-Like format with ':' instead of '=' for defining values. These files can be sent over PSN messenger and the Email client. To execute SUPPORT_URI's you simply have to write the URI you want into the .ics file's URL: entry and then view the event either in the Email application or the PSN messenger application and click the "www" browser icon.
you should be able to do this in any Text Editor.
 
Here is an example .ics file (run package installer)
*Note: You CANNOT use the Calendar application itself to do this. It must be done in the event preview screen found in Email or Messenger applications. You should be able to do this in any text editor.
 
== Example ==
 
Here is an example .ics file that launches the Package Installer application.
    
    
     BEGIN:VCALENDAR
     BEGIN:VCALENDAR
Line 39: Line 41:
     END:VEVENT
     END:VEVENT
     END:VCALENDAR
     END:VCALENDAR
A website for easily exploiting the libical bug mentioned can be found at http://vitatricks.tk
(src code: http://bitbucket.org/SilicaAndPina/vitatricks)


== Changing PSN Accounts ==
== Tools ==
If you re-run the signup app via the 'psnreg:' uri call after you've already got an account linked then the SignUp application will say
 
"Please Wait..." and then take you to the "Welcome <yourname> to PSN" screen, however if you remove internet access to the console at the correct time using the "Please Wait..." screen then PSN Authentication will fail. and you will be booted back to the "Sign In" screen, from here. you can sign in using any credentials your vita will be linked to this account. however `ux0:/id.dat` is NOT updated. so you'll have to go back to your original account before rebooting or you'll be greeted with the "Please format your memory card" message
A website for easily exploiting the libical bug mentioned is available at: [http://vitatricks.xyz].
 
The source code of this website is available: [http://bitbucket.org/SilicaAndPina/vitatricks].
 
== Changing PSN accounts ==
 
If you run again the Sign Up application via the 'psnreg:' URI call after you have already got an account linked, then the Sign Up application will say
"Please Wait..." and then take you to the "Welcome <yourname> to PSN" screen. However if you remove internet access from the console at the correct time using the "Please Wait..." screen then PSN authentication will fail. You will be booted back to the "Sign In" screen from here. You can sign in using any credentials and your PS Vita will be linked to this PSN account. However `ux0:/id.dat` is NOT updated so you will have to go back to your original PSN account before rebooting or you will be greeted with the fatal "Please format your memory card" message.

Latest revision as of 01:47, 25 December 2024

Introduction[edit | edit source]

ICAL Exploit is a PS Vita exploit that allows a PS Vita to call any System URI. The vulnerability was discovered and exploited by "Li". Chained with a bug in the PSN Sign Up application, that allows for Account Switching even on the latest PS Vita firmware 3.74.

System URI calling[edit | edit source]

System URI's are URI's defined in param.sfo surrounded by triangle brackets. They can only be run by the system and not by the web browser. The PS Vita Calendar application allows user to create ICAL event files in the (.ics) format, which is an .INI-Like format with ':' instead of '=' for defining values. These files can be sent over PSN messenger and the Email client. To execute SUPPORT_URI's you simply have to write the URI you want into the .ics file's URL: entry and then view the event either in the Email application or the PSN messenger application and click the "www" browser icon.

  • Note: You CANNOT use the Calendar application itself to do this. It must be done in the event preview screen found in Email or Messenger applications. You should be able to do this in any text editor.

Example[edit | edit source]

Here is an example .ics file that launches the Package Installer application.

   BEGIN:VCALENDAR
   PRODID:-//SCE Inc//PSVitaCalendar 0.00//EN
   VERSION:2.0
   BEGIN:VTIMEZONE
   TZID:106
   BEGIN:STANDARD
   DTSTART:19700101T000000
   TZOFFSETFROM:+1100
   TZOFFSETTO:+1000
   RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
   END:STANDARD
   BEGIN:DAYLIGHT
   DTSTART:19700101T000000
   TZOFFSETFROM:+1000
   TZOFFSETTO:+1100
   RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=10
   END:DAYLIGHT
   END:VTIMEZONE
   BEGIN:VEVENT
   UID:2017100712075551579
   DTSTAMP:20171007T121157Z
   DTSTART;TZID=106:20171007
   DTEND;TZID=106:20171008
   SUMMARY:Package Installer
   SEQUENCE:6
   URL:psgm:play?titleid=NPXS10031
   END:VEVENT
   END:VCALENDAR

Tools[edit | edit source]

A website for easily exploiting the libical bug mentioned is available at: [1].

The source code of this website is available: [2].

Changing PSN accounts[edit | edit source]

If you run again the Sign Up application via the 'psnreg:' URI call after you have already got an account linked, then the Sign Up application will say "Please Wait..." and then take you to the "Welcome <yourname> to PSN" screen. However if you remove internet access from the console at the correct time using the "Please Wait..." screen then PSN authentication will fail. You will be booted back to the "Sign In" screen from here. You can sign in using any credentials and your PS Vita will be linked to this PSN account. However `ux0:/id.dat` is NOT updated so you will have to go back to your original PSN account before rebooting or you will be greeted with the fatal "Please format your memory card" message.