Thereís lots of things to be said about what just happened over the past couple days, and sadly I donít have much time right now, but answers will be given asap to all of you. What matters for now is that a PSP
Kernel exploit, as well as a CFW relying on it, fully working on the PS Vita, was leaked 2 days ago by a ďSam JordamĒ guy on Youtube (download links below). One of the main persons behind this work (which wasnít supposed to be released now), famous PSP
developer Coldbird, decided to leave the scene today, after this leak happened.
I will give as much details as I can in the days to come, but for now let me just say that the files that were leaked have been confirmed by Coldbird to contain a Kernel exploit, but these files are encrypted, and potentially useless for anybody who does not have strong reverse engineering skills. Coldbird has confirmed to me (and in his blog) he has no plan anymore to release this CFW, so what we have here is a Kernel exploit that will most likely be wasted since I expect Sony to patch the vulnerability in a firmware update.
In addition to the Kernel exploit leak, the name of a game with a usermode exploit (as well as the user mode exploit) was also leaked. That game is the PSP
Mini Urbanix, which, if you can read between the lines, readers of this blog already knew was vulnerable. If you are on 1.81, I recommend you get this game before it gets removed from the PSN, fully knowing that as of now, I personally donít have anything running on this exploit (in particular no VHBL release is ready for this yet).
People who are running on 1.80 with the Monster Hunter exploits might want to stay on 1.80. If anything useful ever comes out of the kernel exploit, I am sure it will run fine on Monster Hunter as well.
At this point I think a bit more info is required about the leaker and how all of this was leaked. A private group of beta testers existed for this exploit, and in a sad chain of events, this person (who goes by the names of Sam Jordam, Batman:beyond, or ipadboy, among other of his identities) got his hands on these files through some basic social engineering, and decided to publish them.
It needs to be emphasized that all people involved were aware of the legal risk of publicly releasing such a tool, but this person seems to not be afraid of that (good for him, I guess, he probably thinks he can succeed where geohot and graf_chokolo failed). The hackers even went as far as encrypting the files to limit the damage in case those files were stolen, which is why, in their current state, the files are useless.
I also need to insist on the fact that, in unrelated events, this person had threatened the security of my site several times in the past, involving threats of hacking this site, attempts at stealing information, illegal port and vulnerability scanning, as well as threats to some members of our community and some of our moderators. This person also insists on his video that hackers were trying to hide this hack from the scene in order to enjoy the hack for themselves, which is not true. Simply, most hackers working on that type of thing are realistic about the legal risks of enabling piracy on Sonyís latest device, which doesnít seem to have crossed that individualís mind. In other words, a truly great person, who doesnít seem to worry he is doing illegal stuff.
Some of you might question the decision from Coldbird to leave the scene and not release his work after this. Please understand that it was not an easy decision for him, but there is way too much risk in releasing a Kernel exploit on the PS Vita right now, from a legal point of view. Sam Jordam took the risk of being the first person to release a tool that could easily enable PSP
piracy on the PS Vita, while reasonable hackers were all clever enough to avoid these dangerous waters until know, and keep their work for themselves. Will this lead to Sony taking legal action against this guy? I canít tell for sure, but other hackers didnít want to be the ones testing the waters for that. Their files were stolen, so legally everything is on this guyís shoulders, and I understand that nobody else would want to share the legal burden with a leaker, so there is a huge risk nobody will ever even try to touch these files.