ICAL Exploit: Difference between revisions
CelesteBlue (talk | contribs) No edit summary |
|||
(6 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
== System URI | ICAL Exploit is a PS Vita exploit that allows a PS Vita to call any System URI. The vulnerability was discovered and exploited by "Li". Chained with a bug in the PSN Sign Up application, that allows for Account Switching even on the latest PS Vita firmware [[3.74]]. | ||
The | == System URI calling == | ||
*Note: You CANNOT use the Calendar application itself to do this | System URI's are URI's defined in param.sfo surrounded by triangle brackets. They can only be run by the system and not by the web browser. The PS Vita [[Calendar]] application allows user to create ICAL event files in the (.ics) format, which is an .INI-Like format with ':' instead of '=' for defining values. These files can be sent over PSN messenger and the Email client. To execute SUPPORT_URI's you simply have to write the URI you want into the .ics file's URL: entry and then view the event either in the Email application or the PSN messenger application and click the "www" browser icon. | ||
Here is an example .ics file | *Note: You CANNOT use the Calendar application itself to do this. It must be done in the event preview screen found in Email or Messenger applications. You should be able to do this in any text editor. | ||
== Example == | |||
Here is an example .ics file that launches the Package Installer application. | |||
BEGIN:VCALENDAR | BEGIN:VCALENDAR | ||
Line 39: | Line 41: | ||
END:VEVENT | END:VEVENT | ||
END:VCALENDAR | END:VCALENDAR | ||
== Changing PSN | == Tools == | ||
If you | |||
"Please Wait..." and then take you to the "Welcome <yourname> to PSN" screen | A website for easily exploiting the libical bug mentioned is available at: [http://vitatricks.xyz]. | ||
The source code of this website is available: [http://bitbucket.org/SilicaAndPina/vitatricks]. | |||
== Changing PSN accounts == | |||
If you run again the Sign Up application via the 'psnreg:' URI call after you have already got an account linked, then the Sign Up application will say | |||
"Please Wait..." and then take you to the "Welcome <yourname> to PSN" screen. However if you remove internet access from the console at the correct time using the "Please Wait..." screen then PSN authentication will fail. You will be booted back to the "Sign In" screen from here. You can sign in using any credentials and your PS Vita will be linked to this PSN account. However `ux0:/id.dat` is NOT updated so you will have to go back to your original PSN account before rebooting or you will be greeted with the fatal "Please format your memory card" message. |
Latest revision as of 01:47, 25 December 2024
Introduction[edit | edit source]
ICAL Exploit is a PS Vita exploit that allows a PS Vita to call any System URI. The vulnerability was discovered and exploited by "Li". Chained with a bug in the PSN Sign Up application, that allows for Account Switching even on the latest PS Vita firmware 3.74.
System URI calling[edit | edit source]
System URI's are URI's defined in param.sfo surrounded by triangle brackets. They can only be run by the system and not by the web browser. The PS Vita Calendar application allows user to create ICAL event files in the (.ics) format, which is an .INI-Like format with ':' instead of '=' for defining values. These files can be sent over PSN messenger and the Email client. To execute SUPPORT_URI's you simply have to write the URI you want into the .ics file's URL: entry and then view the event either in the Email application or the PSN messenger application and click the "www" browser icon.
- Note: You CANNOT use the Calendar application itself to do this. It must be done in the event preview screen found in Email or Messenger applications. You should be able to do this in any text editor.
Example[edit | edit source]
Here is an example .ics file that launches the Package Installer application.
BEGIN:VCALENDAR PRODID:-//SCE Inc//PSVitaCalendar 0.00//EN VERSION:2.0 BEGIN:VTIMEZONE TZID:106 BEGIN:STANDARD DTSTART:19700101T000000 TZOFFSETFROM:+1100 TZOFFSETTO:+1000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4 END:STANDARD BEGIN:DAYLIGHT DTSTART:19700101T000000 TZOFFSETFROM:+1000 TZOFFSETTO:+1100 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=10 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:2017100712075551579 DTSTAMP:20171007T121157Z DTSTART;TZID=106:20171007 DTEND;TZID=106:20171008 SUMMARY:Package Installer SEQUENCE:6 URL:psgm:play?titleid=NPXS10031 END:VEVENT END:VCALENDAR
Tools[edit | edit source]
A website for easily exploiting the libical bug mentioned is available at: [1].
The source code of this website is available: [2].
Changing PSN accounts[edit | edit source]
If you run again the Sign Up application via the 'psnreg:' URI call after you have already got an account linked, then the Sign Up application will say "Please Wait..." and then take you to the "Welcome <yourname> to PSN" screen. However if you remove internet access from the console at the correct time using the "Please Wait..." screen then PSN authentication will fail. You will be booted back to the "Sign In" screen from here. You can sign in using any credentials and your PS Vita will be linked to this PSN account. However `ux0:/id.dat` is NOT updated so you will have to go back to your original PSN account before rebooting or you will be greeted with the fatal "Please format your memory card" message.