How to Reverse-Engineer PS Vita
I’m a bit tired of reversing fake_package_installer, so I note how I’m doing
that.
Dumping modules
Though we (probably) don’t have any mean to decrypt modules, we can dump modules
decrypted and loaded by sceKernelLoadModule. HENkaku seems to have removed
privilege checks of sceKernelLoadModule and we can load most of user-mode
modules.
vitadump is a userful tool to dump with the trick. For convenience, I have
added features to dump SceKernelModuleInfo and save program segments to ELF.
173210/vitadump: 3.60 module dump
Old Good PrxTool
PrxTool is a reverse-engineering tool for PSP modules. It shows data-references, cross-references, and APIs. It’s super neat, but it should be difficult to make a complete alternative for PS Vita.
xyzz’s solution is to use IDA Pro with his plugin which is also named vitadump. That should be nice, but IDA Pro is
stupidly expensive and I cannot afford to buy one.
Instead, I used radare2. Though it also provides a flexible plugin support, it is a bit buggy and I’m not sure it would be the best tool in the future. Eventually I developed a generic tool.
173210/vita-analyze: A tool to add missing metadata specific to PS Vita to ELF
It should work with any tools which can handle ELF. With a few other bug fixes for radare2, I got a nice environment to reverse PS Vita modules.
