Note that the following guide is for advanced users and a bit more complicated than the previous hack that only required you to visit a website. If you don't understand the guide below or how to use these tools, you should neither file an issue here nor annoy me on twitter, but rather seek help on
/r/vitahacks (check for duplicated questions first!) or wait for an easy installer.
- Download and install qcma, psvimgtools and pkg2zip (check the releases section).
- Download the vulnerable DRM-free demo of bitter smile (yes, that's the user entry point).
- Download h-encore and extract it on your computer.
- Extract the demo using:
pkg2zip -x PATH_OF_PKG
This will output the files to app/PCSG90096.
- Copy the contents of the output app/PCSG90096 to the folder h-encore/app/ux0_temp_game_PCSG90096_app_PCSG90096(such that the files eboot.bin and VITA_PATH.TXT are within the same folder).
- Copy the license file app/PCSG90096/sce_sys/package/temp.bin to the folder
h-encore/license/ux0_temp_game_PCSG90096_license_app_PCSG90096 and rename the just pasted file temp.bin to 6488b73b912a753a492e2714e9b38bc7.rif. Again, this file should be in the same folder as VITA_PATH.TXT.
- Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date).
- Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PC -> PS Vita System, and after that you select Applications. If you see an error message about System Software, you should simply reboot your device to solve it. This should create a folder at PS Vita/APP/xxxxxxxxxxxxxxxx on your computer (see qcma settings where this folder is), where the folder xxxxxxxxxxxxxxxx represents the AID (account ID) that you need to insert here. If the AID is valid, it will yield a key that you can now use to encrypt the demo.
- Change directory to the h-encore folder in terminal and use the key to encrypt all folders that are listed below using:
psvimg-create -n X -K YOUR_KEY X PCSG90096/X
Where X is (yes, repeat it 4 times or write a script for that):
- app
- appmeta
- license
- savedata
The folder h-encore/PCSG90096 should then contain sce_sys and all 4 folders from above, and within these folders you should find files called X.psvimg and X.psvmd, where X has the same name as the folder. Backup this folder, since if everything has been done correctly, you don't need to redo all the steps to install it onto another device with the same PSN account.
- Copy the folder h-encore/PCSG90096 to PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG90096 and refresh the database under qcma settings.
- The h-encore bubble with a size of around 243 MB should now appear in the Content Manager and that's what you finally need to transfer to your PS Vita.
- Launch h-encore to exploit your device (if a message about trophies appears, simply click yes). The screen should first flash white, then purple, and finally open a menu called h-encore bootstrap menu where you can download VitaShell and install HENkaku.
- Enjoy. Note that you have to relaunch the exploit everytime you reboot or shutdown your device. Of course if you only put your device into standby mode, you don't need to relaunch.
GitHub
