PS Vita homebrew hacker says games can’t be pirated on the system

A hacker claims to have cracked the PlayStation Vita to allow for homebrew code to be run on the handheld. However, it appears that’s the extent of the hack as gamers won’t be able to pirate games on the PS Vita.
According to an interview with PlayStation Lifestyle, Yifan Lu, a “reverse engineer” claims to have hacked the PS Vita to allow it to run homebrew code. Apparently, Lu is known for jailbreaking the Kindle, which according to him nobody really cared about.

However, with the PS Vita, he made an announcement very early on on his progress in hopes to bring others together to work on exploit. Lu’s announcement actually backfired as it attracted the gaze of the Internet and probably that of Sony’s upon his progress prematurely as he does not have a working demo yet.
When probed about his stance on piracy, Lu responded that he was 100% against it and that his tool would not benefit piracy.

I am 100% against piracy and no tool I will make will benefit piracy. This tool, in fact, cannot be used for loading backups/pirated content even if I want to because of the physical limitations of the exploit (it is userland, no rights to decrypt/load games)

While Lu’s tool won’t allow piracy, it could help other hackers further analyze the inner workings of the PS Vita, and possibly leading to finding a kernel exploit which would open up to other possibilities such as CFWs, other OS, and ISO loaders.

However, Lu feels that there isn’t anyone out there with the proper skills willing to find such an exploit. When asked how secure the PS Vita’s kernel was, Lu explained that Sony has cleverly designed the portable in a way to prevent hackers from looking at the memory to find the kernel. Apparently, the RAM is physically on the same chip as the CPU, which makes dumping the kernel memory extremely difficult.
Lu also explained that even if you were able to somehow dump the kernel, you wouldn’t be able to decrypt it without the key. This was possible on the PS3 due to the key being leaked out into the wild. It is widely speculated that the PS3 key was leaked from a Sony repair enter, leading to the eventual hack. However, Lu doesn’t believe that such a leak will ever happen again from Sony.

First of all, we don’t have any idea what the kernel looks like, where it is in memory, or anything. In order to even begin to look for a kernel exploit, you need to dump the kernel memory or decrypt the kernel files on the NAND. In order to dump the kernel memory, usually you need system privilege (which if we have, we already hacked the kernel), so it’s a circular problem there. Another method, as we see with the 3DS scene, is physically analyzing the RAM chip. Can’t do that for the Vita because the RAM is on the same chip as the CPU. In order to decrypt the kernel files, you need either a key leak like PS3 (it’s safe to say that that will never happen again) or find a kernel exploit to get it to decrypt itself. Either way, it’s a circular problem. Now a third way is blind chance, or fuzzing. Keep throwing data at the kernel and see what sticks. However, even if you do somehow get a crash that way, it’s impossible to run a payload until you have the kernel memory dumped. Now, this was easy on the PSP because FW1.0 ran unsigned code without modifications AND the kernel files were unencrypted. All they had to do was build on that for newer FW versions.

Lu advises anyone against stockpiling PS Vitas and not updating firmwares as his exploit will not lead to piracy and that he will stop his work if Sony asks him to.

And as mentioned before, Sony could unknowingly close the hole or scare me into stopping work (seen it happen, and I’m not going to mess with them if they tell me to stop). Anything could happen in the next couple of months. Nobody should get hopes up, or go out and stockpile on Vitas, or refuse to connect to PSN anymore or anything.

(from: http://gamer.blorge.com/2012/09/09/ps-vita-homebrew-hacker-says-games-cant-be-pirated-on-the-system/)