A native homebrew platform for PS Vita. The tools that will be released through the next couple of weeks will allow developers (not in contract with Sony) to develop and test games, apps, and more on the PS Vita.
These unofficial software can run on any PS Vita handheld device without approval by Sony. These tools cannot enable pirated or backup games to run (I’m not just saying this… the exploits used does not have enough privilege to enable such tasks).
Rejuvenate requires PlayStation Mobile Development Assistant to be installed on your Vita! Sony will remove this from PSN soon, so if you wish to ever run homebrew apps on your PS Vita, you must download this app now!
Rejuvenate is composed of three main tools which together provides a platform for developers to write Vita homebrew.
- UVLoader allows executables to be loaded on the PS Vita. The original version was written three years ago for firmware version 1.80. Since then, Sony has taken the source code and made loading code much, much, harder. However, there is no barrier that cannot be bypassed! The latest version includes support for SCE ELF relocations, NID poison antidote, and more. It can run homebrews on Vitas up to firmware 3.51 (at time of writing)
- VitaDefiler is a RPC (remote procedure call) system for Vita userland. Main features includes live peek/poke of userspace memory, execution of arbitrary ARM code, and a scripting interface for quickly running tasks. Originally developed for finding exploits, this tool can also be used by homebrew developers to test and debug their apps. VitaDefiler also serves as the ASLR (address-space-layout-randomization, a technique used by Sony to discourage exploitation) bypass for UVLoader.
- PSM+ is what I call the method I found to bypass the two kill-switches Sony placed into PSM to prevent this very scenario. First, app-keys which are issued by Sony to developers to sign PSM content are required for the exploit to run. These keys usually expire every three months, and Sony can refuse to issue them later. This can be bypassed. Second, every day, PSM phones home to see if it is revoked. If Sony decides to kill the Dev Assistant (and they will), it will refuse to run even if you have it installed. This can also be bypassed.
These tools, along with the open SDK (currently in development) will allow for developers to write Vita homebrew. The demonstration video above shows UVLoader running as a VitaDefiler script (which supplies information for ASLR bypass). The spinning-cube demo was coded up by me, linked together by hand (as the open SDK is currently incomplete), and launched with UVLoader. It is running natively with direct access to the GPU API calls (not within the PSM sandbox).
Limitations
So what’s the catch? The good news is you don’t have to buy any obscure or expensive game (everything is free!). The bad news is that launching homebrews is not as simple as copying some files over. Hopefully, most of these limitations can be bypassed in a later release, but at this point, the following side effects will apply
USB connection is required each time you wish to launch a homebrew. The exploit requires a PC to run, so this is unfortunately a requirement. This also means that the VitaTV is not supported.
Windows PC is required. Blame Sony for never porting PSM tools to other operating systems.
Network is required once each day you decide to run homebrew. This is because PSM has to phone home every day. Although we have a means of bypassing the revoke, we currently cannot bypass the phone-home.
Firmware 3.00+ recommended. Although technically the exploit works on 1.69+, the latest version of the tools have only been tested (and will only support) 3.00+. If there is enough interest, I can port it to lower firmware versions, but it will be very low priority.
FAQ
I don’t want to bother with [insert limitation from above], should I still download PSM Developer Assistant?
Yes, if you ever want to run homebrew at some point. PSM DevAssistant is the only application on the PS Vita that has the required permissions to run arbitrary code in memory. WebKit exploits does not allow for this. Any game exploit does not allow for this. Any system application exploit does not allow for this. PSM DevAssistant is the only application allowed to execute code other than the kernel (operating system), which nobody is even close to hacking. In other words, expect at least a dozen more exploits of PSM DevAssistant (each of which may require less hassle to use) before someone finds a kernel exploit.
Can I run backups/ISOs/copied games for Vita? For PSP? For PSOne?
No.
Stop acting all high any mighty with your anti-piracy stance.
Inability to decrypt/dump/execute official software and games is not something I decided to include by choice (however, I am glad it’s there). The exploits that are used physically does not give permissions for this. Sony did a really good job with security in depth, no application has more privileges than necessary. PSM DevAssistant would never be used officially to decrypt, dump, or execute signed games so it cannot do so even when exploited.
What kind of homebrews will we see? Is it any better than PSP homebrew?
This depends on how many developers are willing to invest time in writing homebrew for the Vita. I’m as hopeful as you are. In terms of pure statistics, the PSP-3000 has 64MB of shared memory, 333MHz CPU, and 166MHz GPU. The Vita has 512MB of main memory and 128MB of dedicated video RAM. It has four cores of CPU running at around ~1GHz and four cores of GPU running at around ~200MHz. In addition, the Vita also has the entire PSP hardware inside its silicon.
The exploit used also allow for developers to use dynamic-recompilation features for speeding up emulators.
Can I install Android, custom themes, cheats, or plugins?
No, this exploit does not give kernel or bootloader level of access. It cannot access the filesystem (unsandboxed), modify system files, or access other process’ memory.