Memory Card: Difference between revisions

From Vita Developer wiki
Jump to navigation Jump to search
Line 46: Line 46:


* [https://twitter.com/RichDevX/status/780558540566069248 Here's the famous serial to parallel transition command (was it designed to look like a transformer E core on purpose? ^_^)] [https://pbs.twimg.com/media/CtUZysbXgAAidfO.jpg picture]
* [https://twitter.com/RichDevX/status/780558540566069248 Here's the famous serial to parallel transition command (was it designed to look like a transformer E core on purpose? ^_^)] [https://pbs.twimg.com/media/CtUZysbXgAAidfO.jpg picture]
* [https://twitter.com/RichDevX/status/780845430401798144 Some good news for the community, doesn't look like the session is encrypted. ^_^] [https://pbs.twimg.com/media/CtYetLcXEAE34Px.jpg picture]
[https://twitter.com/RichDevX @RichDevX] I don't know what is that picture... But seems good. Right?
[https://twitter.com/ACViperPro @ACViperPro] it's just a graphical representation of two separate sessions of 1s and 0s ^_^ (binary state of digital signals). as for the significance, the sessions are exactly the same. there's also a lot of whitespace which is a good indication :P.
[https://twitter.com/RichDevX @RichDevX] i'm totally noob but, quoting @yifanlu.. "Some.. packets are constant.. others--partially change after each time you turn on Vita". [https://twitter.com/RichDevX @RichDevX] "This is most likely related to some encryption mechanism." Encrypting the handshake is not much different from encrypting all! xD.
[https://twitter.com/Danyfenix69 @Danyfenix69] we can deal with challenge/response handshakes, session encryption would require much more work

Revision as of 23:01, 28 September 2016

Pinout

Media-Pinout

don't try to take it apart like this

Pin Signal Description
1 INS Detection Pin
2 SCLK Serial Clock
3 VCC Voltage
4 D2 Data 2
5 D3 Data 3
6 D1 Data 1
7 D0 Data 0
8 BS Bus State
9 VSS Ground

pinouts by Asdron also confirmed by RichDevX

About Pin 1: "it's an input pin on the host controller (pulled up high), and the pin on the card is grounded" (source RichDevX)


Soft Reversing

The OS driver for the Memory Card can be found here:

os0:kd/magicgate.skprx

But this will require a kernel exploit source to be able to dump this kernel driver and reverse / analyze it for future purpose which is right now not possible to do the lack of the source code for HENkaku.


HW Reversing

(by RichDevX)

@RichDevX I don't know what is that picture... But seems good. Right?
@ACViperPro it's just a graphical representation of two separate sessions of 1s and 0s ^_^ (binary state of digital signals). as for the significance, the sessions are exactly the same. there's also a lot of whitespace which is a good indication :P. 
@RichDevX i'm totally noob but, quoting @yifanlu.. "Some.. packets are constant.. others--partially change after each time you turn on Vita". @RichDevX "This is most likely related to some encryption mechanism." Encrypting the handshake is not much different from encrypting all! xD. 
@Danyfenix69 we can deal with challenge/response handshakes, session encryption would require much more work