Memory Card
The Vitas MemoryCard uses a new variant of the previous invented MagicGate security for the PSP. For sure it is one of the most wanted Hacks of users, to be able to use much cheaper non Sony brand microSD or others, instead of the Vitas heavy overpriced standart MCs.
Pinout
don't try to take it apart like this
Pin | Signal | Description |
---|---|---|
1 | INS | Detection Pin |
2 | SCLK | Serial Clock |
3 | VCC | Voltage |
4 | D3 | Data 3 |
5 | D2 | Data 2 |
6 | D1 | Data 1 |
7 | D0 | Data 0 |
8 | BS | Bus State |
9 | VSS | Ground |
pinouts by Asdron also confirmed by RichDevX
About Pin 1: "it's an input pin on the host controller (pulled up high), and the pin on the card is grounded" (source RichDevX)
Soft Reversing
The OS driver for the Memory Card can be found here:
os0:kd/magicgate.skprx
But this will require a kernel exploit source to be able to dump this kernel driver and reverse / analyze it for future purpose which is right now not possible to do the lack of the source code for HENkaku.
HW Reversing
(by RichDevX)
- Waveform of the memory card, planning to release the source code for the simple logic analyzer soon. PulseView is awesome :D picture
- Hmm, although it appears to be based on memory stick pro, looks like they may be using a different command set picture
- Here's the famous serial to parallel transition command (was it designed to look like a transformer E core on purpose? ^_^) picture
@RichDevX I don't know what is that picture... But seems good. Right? @ACViperPro it's just a graphical representation of two separate sessions of 1s and 0s ^_^ (binary state of digital signals). as for the significance, the sessions are exactly the same. there's also a lot of whitespace which is a good indication :P.
@RichDevX i'm totally noob but, quoting @yifanlu.. "Some.. packets are constant.. others--partially change after each time you turn on Vita". @RichDevX "This is most likely related to some encryption mechanism." Encrypting the handshake is not much different from encrypting all! xD. @Danyfenix69 we can deal with challenge/response handshakes, session encryption would require much more work