Editing Memory Card

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
The Vitas MemoryCard uses a new variant of the previous invented MagicGate security for the PSP. For sure it is one of the most wanted Hacks of users, to be able to use much cheaper non Sony brand microSD or others, instead of the Vitas heavy overpriced standart MCs.
==== Pinout ====
[http://www.vitadevwiki.com/index.php?title=Media#Pinout_2 Media-Pinout]


== Pinout ==
don't try to take it apart [http://imgur.com/a/yvFYG like this]
[http://www.psdevwiki.com/vita/index.php?title=Media#Pinout_2 Media-Pinout]
 
Don't try to take it apart [http://imgur.com/a/yvFYG like this] ([https://web.archive.org/web/20230505050035/https://imgur.com/a/yvFYG archive])
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 15: Line 13:
| 3 || VCC ||  Voltage
| 3 || VCC ||  Voltage
|-
|-
| 4 || D3 ||  Data 3
| 4 || D2 ||  Data 2
|-
|-
| 5 || D2 ||  Data 2
| 5 || D3 ||  Data 3
|-
|-
| 6 || D1 ||  Data 1
| 6 || D1 ||  Data 1
Line 29: Line 27:
|}
|}


pinouts by [https://twitter.com/Asdron_/status/781948076281954304 Asdron] also confirmed by [https://twitter.com/Asdron_/status/781948076281954304 RichDevX]
pinouts by [https://twitter.com/Asdron_/status/779085451529420800 Asdron] also confirmed by [https://twitter.com/RichDevX/status/779097474803769348 RichDevX]


About Pin 1: "it's an input pin on the host controller (pulled up high), and the pin on the card is grounded" (source [https://twitter.com/RichDevX/status/779282383132626945 RichDevX])
About Pin 1: "it's an input pin on the host controller (pulled up high), and the pin on the card is grounded" (source [https://twitter.com/RichDevX/status/779282383132626945 RichDevX])




== Soft Reversing ==
==== Soft Reversing ====
<span style="text-decoration: line-through;">The OS driver for the Memory Card can be found here:</span>
The OS driver for the Memory Card can be found here:
<br> Analyzing results of the Hardware reversing process did show that, for what it looks like the Memory Card is not using the magicgate.skprx.
[[Files_on_the_PS_Vita#os0|os0]]:kd/magicgate.skprx
<br>'''"[https://twitter.com/RichDevX RichDevX]: yo, as far as I can tell, it isn't using magicgate. maybe when I launch games (perhaps), but doesn't seem to be play an important role"'''


<span style="text-decoration: line-through;">[[Files_on_the_PS_Vita#os0|os0]]:kd/magicgate.skprx</span>
But this will require a kernel exploit source to be able to dump this kernel driver and reverse / analyze it for future purpose which is right now not possible to do the lack of the source code for [[HENkaku]].


Still to be able to reverse this above named kernel driver it will require a kernel exploit source to be able to dump and analyze it for future purpose which is right now not possible to do the lack of the source code for [[HENkaku]].


 
==== HW Reversing ====
== HW Reversing ==
(by [https://twitter.com/RichDevX RichDevX])
*[https://twitter.com/RichDevX/status/780488977023430657 Waveform of the memory card, planning to release the source code for the simple logic analyzer soon. PulseView is awesome :D] [https://pbs.twimg.com/media/CtTX7ETXEAUadPD.jpg picture]
*[https://twitter.com/RichDevX/status/780488977023430657 Waveform of the memory card, planning to release the source code for the simple logic analyzer soon. PulseView is awesome :D] [https://pbs.twimg.com/media/CtTX7ETXEAUadPD.jpg picture]


Line 51: Line 45:


* [https://twitter.com/RichDevX/status/780558540566069248 Here's the famous serial to parallel transition command (was it designed to look like a transformer E core on purpose? ^_^)] [https://pbs.twimg.com/media/CtUZysbXgAAidfO.jpg picture]
* [https://twitter.com/RichDevX/status/780558540566069248 Here's the famous serial to parallel transition command (was it designed to look like a transformer E core on purpose? ^_^)] [https://pbs.twimg.com/media/CtUZysbXgAAidfO.jpg picture]
* [https://twitter.com/RichDevX/status/780845430401798144 Some good news for the community, doesn't look like the session is encrypted. ^_^] [https://pbs.twimg.com/media/CtYetLcXEAE34Px.jpg picture]
[https://twitter.com/RichDevX @RichDevX] I don't know what is that picture... But seems good. Right?
[https://twitter.com/ACViperPro @ACViperPro] it's just a graphical representation of two separate sessions of 1s and 0s ^_^ (binary state of digital signals). as for the significance, the sessions are exactly the same. there's also a lot of whitespace which is a good indication :P.
[https://twitter.com/RichDevX @RichDevX] i'm totally noob but, quoting @yifanlu.. "Some.. packets are constant.. others--partially change after each time you turn on Vita". [https://twitter.com/RichDevX @RichDevX] "This is most likely related to some encryption mechanism." Encrypting the handshake is not much different from encrypting all! xD.
[https://twitter.com/Danyfenix69 @Danyfenix69] we can deal with challenge/response handshakes, session encryption would require much more work
* [https://twitter.com/RichDevX/status/781307476700491777 Looks like we found a match, that wasn't too hard :P http://crccalc.com/  (CRC-16/BUYPASS)] [https://pbs.twimg.com/media/CtfCyNEXYAAMEPP.jpg picture]
* [https://twitter.com/RichDevX/status/781948956666396672 It's game time, all your commands are belong to us ^_^] [https://pbs.twimg.com/media/CtoKK_NXYAAkafs.jpg picture]
* [https://twitter.com/RichDevX/status/782769674085888001 WRITE_SHORT_DATA <br>READ_SHORT_DATA <br>WRITE_SHORT_DATA <br>Seems to be the authentication sequence] <br>[https://pbs.twimg.com/media/CtzzaRoWgAEtfNv.jpg picture]
* [https://twitter.com/RichDevX/status/783886921986637824 ViMC-Decoded (minimal memory card protocol decoder)] <br>Logo designed by [https://twitter.com/gameshack_ @gameshack_] <br>Pinouts discovered by [https://twitter.com/Asdron_ @Asdron_] <br>[https://www.sendspace.com/file/a3ybzs source]
* [https://twitter.com/RichDevX/status/783886966261702656 link] <br>7_________________________0  <br>[X ] [X ] [X ] [D3 ][D2] [D1] [D0] [BS] <br>Binary capture format
== Partitions ==
Memory Card can be accessed with [[SceMsif]] module. It has the following [[Partitions|partitions]]:
{| class="wikitable"
|-
! code !! type !! name !! desc
|-
| 0xD || raw || || Some data
|-
| 0x8 || exfat || ux0 || Memory Card
|-
|}
Please note that all contributions to Vita Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see Vita Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/vita/Memory_Card"