Viva la Vita Vida

Explore the intricate process of hacking the PlayStation Vita, one of the most secure handheld consoles, in this 57-minute conference talk. Delve into the device's robust defenses and mitigations, and discover the techniques used to ultimately breach its security. Learn about the proprietary security co-processor F00D, its inner workings, and the challenges of reverse-engineering an architecture with minimal public information. Gain insights into hardware attacks on secure devices, including the setup process and successful attack methods. Examine the Vita's advanced exploit mitigations, such as SMAP, kernel ASLR, and multiple security domains. Follow the journey of the Molecule group as they became the first to run unsigned code and hack kernel mode and TrustZone. Discover how customized ChipWhisperer hardware was used for fault injection and side channel analysis on the complex 12-layer board. Gain practical knowledge on mapping power domains, soldering microscopic points, finding glitch targets, and searching for optimal parameters. Conclude with a discussion on extending the setup for side channel analysis and the potential for future exploration of this niche but fascinating device.

35C3 - Viva la Vita Vida