Tutorial
Updated
Registry hacking | Transfer any backup right onto your Vita (games included)
Hello,
This tutorial will allow you to transfer any backup on your Vita, games included, even if you don't own the backup. This is very powerful but comes with a lot of limitations. Most notably, you can NOT USE THE BACKED UP GAMES unless you follow this tutorial to render them usable.
Credit to HackInformer for the original tutorial.
Here is what you require:
Explaination
Here is how this is gonna work: In a normal environment, Vita backups are restricted to a specific account, but are not console-restricted (quite clever, considering it allows basically legal game backups between even Vitas who share the same account.) How this is enforced is with the use of what's called your AccountID. You can find it by going in your QCMA folder: the seemingly random sequence of letters and numbers is a 16 character hex string. For example, 12 34 AB CD 13 37 90 01 is a legitimate AccountID and will be accepted by the Vita when registry hacking.
When your AccountID is modified, however, you can get an backup on your Vita easy peasy as long as the AccountID matches with the one specified in the backup. As such, we simply modify our AccountID and transfer the backup seamlessly.
Modifying registry
You will need to have a functional MailWriter setup beforehand. If you do not have one, follow this guide.
Send yourself an email with these two links:
For each of those strings, you will have to make hem links. Highlight the first string then embed it, linking it to itself (email:send?attach=vd0:registry/system.dreg.). Do the same with the second string. You can do this easily from Gmail. Do not forget the full stop at the end. Once done, send them to yourself, click the links on your Vita, then send them to your desired email account.
You now have system.dreg and system.ireg on your computer. Run fixreg_vita.exe. After this, you should have a fixed system.dreg and a system.ireg file on your computer. In the case that you use HxD to open the system.dreg file, press Ctrl+F to bring up the search prompt, search for your current AccountID (find this in QCMA by looking at the string of number of letters inside the folders: that is your AccountID) as hex values. Note that the offset is different for every firmware, so you won't find it at the same place (it should be just over a string saying "privacy_confirmation", though, so search for that.)
Change the AccountID to the one of the backup of which you wish to transfer back. Finally, run fixreg _vita again and write back the modified registry back to your Vita by emailing to yourself with system.dreg renamed as #0 with no extension, and the subject as "vd0:registry/system.dreg" (the path we want the file to be written to.)
Proceed as you would with any MailWriter email: open #0, get an error message, press PS and close the email app completely.
FROM HERE ON, DO NOT POWER OFF/REBOOT YOUR VITA without unslaving the memory card first. Open the Content Manager and find your backup. If it does not show up, make a system backup and the list of restorable backups will 'update'. Now simply transfer it and you are done!
Congratulations! You now have a backup you don't own, right on your PS Vita. As you'll find out very soon, however, its state is very limited. Working around these restrictions is where the challenge begins.
This tutorial will allow you to transfer any backup on your Vita, games included, even if you don't own the backup. This is very powerful but comes with a lot of limitations. Most notably, you can NOT USE THE BACKED UP GAMES unless you follow this tutorial to render them usable.
Credit to HackInformer for the original tutorial.
Here is what you require:
- A Vita on an exploitable firmware that can use MailWriter (3.52 max)
- QCMA
- An hex editor (HxD is what I would recommend)
- An USB cable.
- A backup of the target AccountID (you can check this by going in the backup's owner QCMA and checking the hex string of 16 numbers and letters)
- fixreg_vita
Explaination
Here is how this is gonna work: In a normal environment, Vita backups are restricted to a specific account, but are not console-restricted (quite clever, considering it allows basically legal game backups between even Vitas who share the same account.) How this is enforced is with the use of what's called your AccountID. You can find it by going in your QCMA folder: the seemingly random sequence of letters and numbers is a 16 character hex string. For example, 12 34 AB CD 13 37 90 01 is a legitimate AccountID and will be accepted by the Vita when registry hacking.
When your AccountID is modified, however, you can get an backup on your Vita easy peasy as long as the AccountID matches with the one specified in the backup. As such, we simply modify our AccountID and transfer the backup seamlessly.
Modifying registry
You will need to have a functional MailWriter setup beforehand. If you do not have one, follow this guide.
Send yourself an email with these two links:
Code:
email:send?attach=vd0:registry/system.dreg.
email:send?attach=vd0:registry/system.ireg.For each of those strings, you will have to make hem links. Highlight the first string then embed it, linking it to itself (email:send?attach=vd0:registry/system.dreg.). Do the same with the second string. You can do this easily from Gmail. Do not forget the full stop at the end. Once done, send them to yourself, click the links on your Vita, then send them to your desired email account.
You now have system.dreg and system.ireg on your computer. Run fixreg_vita.exe. After this, you should have a fixed system.dreg and a system.ireg file on your computer. In the case that you use HxD to open the system.dreg file, press Ctrl+F to bring up the search prompt, search for your current AccountID (find this in QCMA by looking at the string of number of letters inside the folders: that is your AccountID) as hex values. Note that the offset is different for every firmware, so you won't find it at the same place (it should be just over a string saying "privacy_confirmation", though, so search for that.)
Change the AccountID to the one of the backup of which you wish to transfer back. Finally, run fixreg _vita again and write back the modified registry back to your Vita by emailing to yourself with system.dreg renamed as #0 with no extension, and the subject as "vd0:registry/system.dreg" (the path we want the file to be written to.)
Proceed as you would with any MailWriter email: open #0, get an error message, press PS and close the email app completely.
FROM HERE ON, DO NOT POWER OFF/REBOOT YOUR VITA without unslaving the memory card first. Open the Content Manager and find your backup. If it does not show up, make a system backup and the list of restorable backups will 'update'. Now simply transfer it and you are done!
Congratulations! You now have a backup you don't own, right on your PS Vita. As you'll find out very soon, however, its state is very limited. Working around these restrictions is where the challenge begins.
Last edited by xy2_,
