search

RealYoti / project-amber

WebKit+Kernel exploit chain for all actual PS Vita firmwares
MIT License
21 stars 3 forks source link

[Feature request] Self-host VitaShell/arbitrary.vpk and replace NEAR #5

Open Darthagnon opened 1 year ago

Darthagnon commented 1 year ago

I'm trying to self-host Project Amber, to jailbreak my Vita 1000 OFW 3.73 over the LAN. It is currently impossible to do so (related #4), as, while Henkaku installs perfectly offline, VitaShell cannot be installed offline, nor can it be installed without dependency on a memory card/SD2Vita. As not even molecularShell is included, this means I cannot install any other VPKs: no modoru.vpk to downgrade to 3.60/3.65, no VitaShell to install other VPKs, no VitaDeploy or IMCUnlock to format the internal storage.

The other henlo project (https://github.com/SKGleba/henlo_jb/blob/main/bootstrap_lite/main.c#L121) has a function to temporarily replace NEAR with VitaDeploy, which allows reformatting internal storage on Vita 1000s via IMCUnlock, bypassing any need of a memory card/SD2Vita for the initial setup. However, it has hardcoded external URLs to download config.txt, gamesd.skprx, henkaku.skprx, henkaku.suprx, taihen.skprx, vdep.vpk and cannot be self-hosted without either major code changes to abstract the URL/IP, or recompiling for every IP address change.

Is there any way a feature to install an arbitrary VPK locally (no Download), replacing NEAR, could be added? This would allow standalone offline jailbreaking, and ensure longevity of the project.

Yoti commented 1 year ago

Amber is intended to be a "Vanilla" hack. You may: 1) Rebuilt bootstrap to change download link (and then rebuilt HENlo payload): https://github.com/RealYoti/h-encore/blob/master/bootstrap/bootstrap.c#L17 2) Redirect http://vitawiki.xyz/release to localhost using proxy or any other method. Don't forget to put this files: https://github.com/RealYoti/VitaShell/tree/master/release

Darthagnon commented 1 year ago

I ended up using method 2 - self-hosted using simplehttpserver (Python http server seems to require pinging a well-known external server to get IP), and used Charles Proxy to rewrite external requests. I was able to self-host both Project Amber and HenloJB on the same LAN server, and ended up having to use HenloJB to install VitaDeploy to format my Vita1000's internal memory, from which I was able to downgrade to 3.65 and install Henkaku Enso. VitaDeploy just seems to be a hard requirement for jailbreaking the Vita 1000 due to lack of internal storage (or use of a mem-card/SD2Vita)

I do prefer Project Amber's way of doing things, though. Vanilla is better.