# Potential Vita backup loading breakthrough?



## cearp (Aug 21, 2016)

I looked here, someone saw a tweet about a Chinese hacker decrypting a game, but still no English confirmation etc - so I looked on Chinese sites to get closer to the source, since surely Chinese users will have tested it before people on twitter lol.

<snip>
<snip>
<snip>
<snip>
I think this is the true source: <snip>

I don't think a public method on how to decrypt the games fully is out, but at least it is possible.

@ like 4am China, so like 3 or 4 hours ago.

(How can I give sources if they are warez sites, most Chinese website probably has warez lol... no way around that, but not easy to navigate so I think it's ok.)


Tokyo Xanadu

EDIT: non-warez link to wololo about it the mods put in here (not a source, and wololo doesn't want to put the source either)


----------



## 8BitWonder (Aug 21, 2016)

dl-ed it earlier just in case. 
Will be pretty neat if the floodgates are opened on the vita scene.


----------



## hii915 (Aug 21, 2016)

WHAAT?!


----------



## guisadop (Aug 21, 2016)

Oh boy, what a moment to be alive.


----------



## Rizzorules (Aug 21, 2016)

what game is it?


----------



## cearp (Aug 21, 2016)

Rizzorules said:


> what game is it?


lol good question! tokyo xanadu


----------



## zoogie (Aug 21, 2016)

Lol, all of you circling the Vita like hungry lions waiting to pounce at the first sign of weakness.

Pure evil.


----------



## cearp (Aug 21, 2016)

yifanlu said that it could take a year:
https://www.reddit.com/r/vitahacks/...s_to_vs0_achevied_expect_a_downgrader/d6o8y8n

"How many months until we get piracy do you reckon?"


> There is no possibility until someone solves KOTH (from the current progress, it might take a year) or we decide to release the source anyways (which I don't plan to until Sony stops selling the vita and no new games are planned to come out). There might be some harder piracy method before then--like decrypt the SELF (somehow), then generate the metadata required to launch the game which has been stripped in the decryption process (difficult and requires intricate knowledge of the loader to attempt--pirates should familiarize themselves with vita-toolchain now if they even want a chance). But if ISO/psv loading is even possible, it would require someone to fully figure out how henkaku works. Then (somehow) dump the kernel and reverse the game cart works. Then write a iso driver. Or reverse npdrm to strip it from self


----------



## Rizzorules (Aug 21, 2016)

How are we sure this isnt a game from a dev console like the last time?


----------



## cearp (Aug 21, 2016)

Rizzorules said:


> How are we sure this isnt a game from a dev console like the last time?


yeah there can't be multiple stuff like that them lying about that people are brave enough to share lol


----------



## 8BitWonder (Aug 21, 2016)

zoogie said:


> Lol, all of you circling the Vita like hungry lions waiting to pounce at the first sign of weakness.
> 
> Pure evil.


----------



## cearp (Aug 21, 2016)

it's like team molecule shot it with a rubber bullet, but it's still alive and although we just want to eat the meat, we are closer because at least the vita is on the ground and we can smell it and get closer to it and people are saying it might take a while until we can hit it some more and it's difficult and people keep poking it everyday but the vita doesn't get any worse and meanwhile we want the meat so bad and the vita is just lying there still alive and some people in fact think we won't get to eat any of the vita meat but we keep close watching it on the floor moving about and writhing it knows it's time will be up, even if there are non believers and me and a few others are all ready with a knife and fork and spoon ziplock bag to take some meat home because i'm not sleeping until i get this meat i don't know how to kill it and get the meat myself it's way to hard i don't have the skills but thankfully this chinese dude in china used his skills and sent a missile to the vita and blew it up and now everyone can eat the meat that we have been waiting for i have been waiting since 2012 i'm hungry yummy yum time to eat


----------



## KingpinSlim (Aug 21, 2016)

cearp said:


> it's like team molecule shot it with a rubber bullet, but it's still alive and although we just want to eat the meat, we are closer because at least the vita is on the ground and we can smell it and get closer to it and people are saying it might take a while until we can hit it some more and it's difficult and people keep poking it everyday but the vita doesn't get any worse and meanwhile we want the meat so bad and the vita is just lying there still alive and some people in fact think we won't get to eat any of the vita meat but we keep close watching it on the floor moving about and writhing it knows it's time will be up, even if there are non believers and me and a few others are all ready with a knife and fork and spoon ziplock bag to take some meat home because i'm not sleeping until i get this meat i don't know how to kill it and get the meat myself it's way to hard i don't have the skills but thankfully this chinese dude in china used his skills and sent a missile to the vita and blew it up and now everyone can eat the meat that we have been waiting for i have been waiting since 2012 i'm hungry yummy yum time to eat


*is speechless*...
slowly begins to applaud...
...
you sound hungry


----------



## RedDragonEmperor (Aug 21, 2016)

Well would you look at that. My vita got all clean and shit after being a dust collector for fck who knows how many years.


----------



## SonyUSA (Aug 21, 2016)

Rizzorules said:


> How are we sure this isnt a game from a dev console like the last time?



We aren't. Time will tell...


----------



## cearp (Aug 21, 2016)

as long as we get a dev leak every week, i'm happy.

but, i will be really annoyed if it is. but - (free to disagree) - i don't think the user would have said dumped from cart unless he meant it.
better to just be honest, or say nothing about where the game came from. but yeah, maybe he was getting our hopes up? possibly, but i think it's more likely it's actually decrypted really from cart.


----------



## Lisandra_brave (Aug 21, 2016)

https://github.com/joshaxey/ebootSegs
This exists now, so???


----------



## Rizzorules (Aug 21, 2016)

Lisandra_brave said:


> https://github.com/joshaxey/ebootSegs
> This exists now, so???


That is not enough to convert them into useful.vpk files


----------



## Lisandra_brave (Aug 21, 2016)

All you need is to decrypt everything else (easy), and then use this or something like it to get a decrypted eboot.
A vpk is literally just a renamed zipfile.


----------



## Jay Clay (Aug 21, 2016)

cearp said:


> as long as we get a dev leak every week, i'm happy.
> 
> but, i will be really annoyed if it is. but - (free to disagree) - i don't think the user would have said dumped from cart.
> better to just be honest, or say nothing about where the game came from. but yeah, maybe he was getting our hopes up? possibly, but i think it's more likely it's actually decrypted really from cart.



hard to tell, since the author likely (weiweiok55) just drop the bomb XD and he did not answer anything at all, so they are evoking Yifan or any other dev so they can figure it out if this is a decrypted retail game or just a devout leak, Wololo is already aware of this so, pretty sure we will have more info soon.


----------



## hug0-a7x (Aug 21, 2016)

Or just fantasy ?


----------



## fikatr (Aug 21, 2016)

get hyped get hyped


mighty no 9


no man's sky


no fuck no no need for hype


----------



## SonyUSA (Aug 21, 2016)

Lisandra_brave said:


> All you need is to decrypt everything else (easy), and then use this or something like it to get a decrypted eboot.
> A vpk is literally just a renamed zipfile.



This only works for certain eboots, over a certain FW version and only a certain type. But not only must you decrypt it, but then you must also reconstruct the header and inject it into the boot before it will even play. So this tool is mostly useless right now...


----------



## cvskid (Aug 21, 2016)

I hope developers won't stop supporting the ps vita if this becomes big.


----------



## fikatr (Aug 21, 2016)

cvskid said:


> I hope developers won't stop supporting the ps vita if this becomes big.


vita is already dead 

we need a hero for vita cfw @smealum


----------



## demounit (Aug 21, 2016)

holy shit this scene is crazy. every day I wake up and something new has exploded. 

it these guys can decrypt and launch any game . . . oh man.


----------



## HohoKing (Aug 21, 2016)

PSV第一款完整解密游戏
-> PSV first fully decrypted game
转自KF 原帖地址
-> Originate from KF address
-address snipped-
前段时间貌似出现过一个解密的游戏？但那个游戏似乎是从开发机上直接提出来的？反正那游戏我没兴趣
-> Awhile ago, there was seemly a decrypted game(Adventure Time), however it seem to originate from development kit. Anyway that game didnt interest me.
完事儿现在我解的这个游戏是卡带版东京迷城，不知道算不算是第一个？
->now i had completed decrypting the cartiage version of Tokyo Xanadu, i wonder if it will be considered as the first (to be decrypted)
话说本来打算解伊苏8的 鉴于刚出嘛...嗯
-> anyway i originally intented to decrypt YS 8, however considering it was released recently... so yea...
然后就弄东京迷城了
-> hence i proceeded with Tokyo Xanadu
完事儿现在小于3.60的游戏不出意外我应该都能解，当然前提是我要有卡（或者哪一天我把工具发出来
-> in conclusion, it isnt surprising any game with firmware requirement 3.60 or below i will be able to decrypt. Of course i will need to own the cartiage in the first place. (or one day when i release the tool)
游戏安装使用方法：（确保psv上没有 东京迷城
-> Game installation method: (ensure your psv do not have tokyo xanadu)
1.安装 henkaku
->1. Install henkaku
2.安装 vitashell 0.7
-> 2. Install vitashell 0.7
3.本来这个时候只需要将xanadu.vpk通过vitashell带的ftp传到psv再安装就行了，但vitashell 0.7似乎并不支持太大的文件，（也许以后会修正或者出mod）
->3. Normally all you need to do is to install xanadu.vpk through the use of vitashell, however vitashell is unable to support such a large file. (Maybe this will be fixed in the future update or mod)
因此先安装 xanadu0.vpk 再在电脑上将xanadu.vpk改名为xanadu.zip并解压 完事儿将解压出来的东西用vitashell带的ftp覆盖掉ux0:app/PCSG00608里面的内容就行了
->Hence first install xanadu0.vpk. At your computer, rename xanadu.vpk to xanadu.zip and decompress. Afterward take the decompressed file and transfer it using vitashell's FTP and "cover" over ux0:app/PCSG00608 content.
4.可以玩儿游戏了
->4. Game can be played from this point forward
（最后不要手贱去点升级游戏，补丁我没解，你点了就玩儿不了了
-> (Lastly do not itchy hand and click update game, i have not decrypt the patch. If you do you wont be able to play)
（我试了下玩到第二话似乎没问题，奖杯似乎工作正常，怎么同步到psn自己琢磨，同步了奖杯会不会被ban我不知道，反正现在最新系统3.61
-> (i have tried playing till second chapter and it seemly worked fine. The throphy seem to work fine ,as for how to sync with with psn you will have to figure out yourself. I am not sure if i will be ban for syncing throphy, since the current firmware is 3.61.)
xanadu.vpk.rar
链接: -address snipped- 密码: idk2
-> link: -address snipped- password: idk2
xanadu0.vpk.rar
链接: -address snipped- 密码: ayuw
->link -address snipped- password: ayuw
（先解压成vpk
->(first decompress to vpk)

Tried to translate... hope this helps
Edit: just completed translating, i apologise if i made any mistake or if you do not understand my english.
Edit2: edited the section i am not too sure previously. The sentence make more sense now.


----------



## demounit (Aug 21, 2016)

wow that's insane. 

if he releases the tool this whole thing blows wide open.


----------



## frogboy (Aug 21, 2016)

HohoKing said:


> 话说本来打算解伊苏8的 鉴于刚出嘛...嗯
> -> anyway i intent to de-encrypt YS 8, however considering it is recently released.... so yea...


the big question is... did the same team who translated tokyo xanadu translate ys viii?

i'm not super-knowledgeable about translations so please don't eat me alive if the answer is obvious.


----------



## HohoKing (Aug 21, 2016)

frogboy said:


> the big question is... did the same team who translated tokyo xanadu translate ys viii?
> 
> i'm not super-knowledgeable about translations so please don't eat me alive if the answer is obvious.



Erm the person is talking about de-encrypting tokoyo xanadu, not translating it.

Anyway from my understanding, the team or person who de-encrypt tokyo xanadu initially wanted to de encrypt YS8, however since YS8 was recently release, they decide not to do it and goes with tokyo xanadu instead.


----------



## pastaconsumer (Aug 21, 2016)

frogboy said:


> the big question is... did the same team who translated tokyo xanadu translate ys viii?
> 
> i'm not super-knowledgeable about translations so please don't eat me alive if the answer is obvious.


I don't see any plans from anyone on when Ys VIII is going to come over stateside.
As for Tokyo Xanadu, I think it's going to be translated by Aksys Games and release some time in 2017.


----------



## Xenon Hacks (Aug 21, 2016)

This is everyone right now including me don't lie.


----------



## PlaystationTV (Aug 21, 2016)

I don't even have enough space for a 2gb game , I need the 64g card but there is news of someone making an adapter to use regular sd cards but that can take months /years 

Buy 64gb now or wait ?


----------



## SonyUSA (Aug 21, 2016)

HohoKing said:


> Erm the person is talking about de-encrypting tokoyo xanadu, not translating it.
> 
> Anyway from my understanding, the team or person who de-encrypt tokyo xanadu initially wanted to de encrypt YS8, however since YS8 was recently release, they decide not to do it and goes with tokyo xanadu instead.



The theory is he had a DRM free dev copy and didn't actually break the decryption and reinject the header into the eboot, but rather he leaked the dev version their company was translating and is just saying that for attention or to cover the fact it was a dev copy to shift blame from the translation company.

He was asking if Ys was using the same company as a way to figure out if this was indeed the case.


----------



## HohoKing (Aug 21, 2016)

SonyUSA said:


> The theory is he had a DRM free dev copy and didn't actually break the decryption and reinject the header into the eboot, but rather he leaked the dev version their company was translating and is just saying that for attention or to cover the fact it was a dev copy to shift blame from the translation company.
> 
> He was asking if Ys was using the same company as a way to figure out if this was indeed the case.


I see... thanks for the clarification, as i do not know of the theory beforehand hence was confused by frogboy reply.
But IMO, i think this theory make alot of sense, considering both Y8 and tokyo xandu are publish and produce by nihon falcon, it isnt too surprising that both game rights of translation is given to a single company.


----------



## Jao Chu (Aug 21, 2016)

Exciting times ahead


----------



## raulpica (Aug 21, 2016)

cearp said:


> <snip>
> <snip>
> <snip>
> <snip>
> I think this is the true source: <snip>


Sheesh dude, all four links had the downloads in PLAIN SIGHT! I've removed the fifth one since it requires a log-in, but seeing the first four links, I'm sure that one contains it as well!

Be more careful in the future!


----------



## Earth97 (Aug 21, 2016)

PlaystationTV said:


> I don't even have enough space for a 2gb game , I need the 64g card but *there is news of someone making an adapter to use regular sd cards *but that can take months /years
> 
> Buy 64gb now or wait ?


Link?


----------



## Deleted User (Aug 21, 2016)

fikatr said:


> vita is already dead


I wish people would stop constantly saying this; it's still pretty much a myth through my eyes... the Vita is NOT dead; there are still plenty of games and content being produced for the system, and support by Sony is still ongoing, as far as I know. (well... minus the 1st-party games, I suppose...)


Anyways, back on-topic, I would imagine this is just the same story as the Adventure Time leak, where the DRM of the game was just stripped on a devkit and the eboot was slightly tweaked. It's probably going to be nothing new in my opinion, although it does interest me if the method could be looked into a little more and possibly recreated via PC applications/homebrew tools.


----------



## DinohScene (Aug 21, 2016)

Vita only has like 5 games worth playing ;o;

I hope someone wins the KOTH challange quickly.
I'd be really interested in how "secure" the Vita really is.


----------



## cearp (Aug 21, 2016)

raulpica said:


> Sheesh dude, all four links had the downloads in PLAIN SIGHT! I've removed the fifth one since it requires a log-in, but seeing the first four links, I'm sure that one contains it as well!
> 
> Be more careful in the future!


but we need sources right? (sorry!)
the 5th was the one true source but yeah, you need an account.

--------------------- MERGED ---------------------------



DinohScene said:


> I'd be really interested in how "secure" the Vita really is.


it really is secure! http://wololo.net/2016/08/20/henkaku-xyz-explains-ps-vita-3-60-exploit-details/


----------



## smileyhead (Aug 21, 2016)

cearp said:


> <snip>
> <snip>
> <snip>
> <snip>
> I think this is the true source: <snip>





cearp said:


> Last edited by raulpica


lol


----------



## DinohScene (Aug 21, 2016)

cearp said:


> it really is secure! http://wololo.net/2016/08/20/henkaku-xyz-explains-ps-vita-3-60-exploit-details/



Saw it aye.
Full details of the hack would be better ;p


----------



## cearp (Aug 21, 2016)

DinohScene said:


> Saw it aye.
> Full details of the hack would be better ;p


sure, but from that you can get a feel of the complexity that needs to go into to just the start of cracking it open, no?
if there was no web browser or email app, i wouldn't be surprised if we never saw hacks.
just the simple fact that sony make it so difficult to transfer files to and from the vita - that alone shows how secure it is.

and yeah it will be interesting to read when the full write up is shared, but i can't reverse engineer stuff so it's not really useful to me lol


----------



## Ramzh (Aug 21, 2016)

I guess now I have to see how much the price of Vita will increase on eShops...


----------



## Tom Bombadildo (Aug 21, 2016)

Added a non-warez Wololo link as source.

As for the news, I highly doubt this is anything more than just another dev version of the game, so meh.


----------



## cearp (Aug 21, 2016)

Tom Bombadildo said:


> Added a non-warez Wololo link as source.
> As for the news, I highly doubt this is anything more than just another dev version of the game, so meh.


but it's not a source, so how does that work? i think i posted this before wololo (maybe not)


----------



## Tom Bombadildo (Aug 21, 2016)

cearp said:


> but it's not a source, so how does that work? i think i posted this before wololo (maybe not)


It's close enough, and isn't full of warez links. I dunno when it was posted on Wololo, but irregardless it's better to have a "source" confirming the information.


----------



## cearp (Aug 21, 2016)

sure ok, you're the staff/contributor member lol


----------



## sj33 (Aug 21, 2016)

cvskid said:


> I hope developers won't stop supporting the ps vita if this becomes big.


Let's just all ask that one developer.


----------



## FR0ZN (Aug 23, 2016)

Lisandra_brave said:


> https://github.com/joshaxey/ebootSegs
> This exists now, so???



Anyone managed to get this going? The clues in main.c don't tell me anything, I tried everything I can think of to decrypt one eboot, but all I get is "module not loaded" and that's it.
As far as I understand it, the eboot has to already be running? But then again how to launch this app after a game is already being executed? I tried this app as an patch for near (given the hint in main.c?), but nada, nothing works.


----------

