Hacking [Question] Attempting to do registry modifications using psvimgtools but nothing sticks

[HarmfulMushroom]

I've been going about this for a few days now, but I suppose I have to throw the towel in and request a little assistance. I have a console on 3.65 that I wanted to do some minor registry tweaks on. Specifically, I would like to set it up in registry to disable 3G features, but since that is something not yet proven to work I am sticking to something very simple which does work, switching X and O as enter key. I've done this about every way you can possibly do it, manually using Yifan's tools and also with Silica's tool. I even went as far as to use older versions of Silica's tool, but same result with every release I tried on. No matter which one I use I get the same issue where the values I adjust do not reflect on the console once it's rebooted. I've been having more luck without the gui so I've stuck with doing it manually:

"psvimg-extract -K bebadMYLEYHERE9008f 201709041146-01.psvimg C:\Users\Nick\Desktop\psv\Extract"

to extract my backup and:

"psvimg-create -n 201709041146-01 -K bebadMYKEYHERE9008f C:\Users\Nick\Desktop\psv\Extract C:\Users\Nick\Desktop\psv\Repacked"

to repack it. This allowed the backup to appear in QCMA after a refresh of the data base. I write the restore file over, console reboots, but still no swapped buttons. I even tried to use the decrypted .psvmd file by running:

"psvimg-create -m Decrypt.psvmd -K bebadbebadMYKEYHERE9008f9008f C:\Users\Nick\Desktop\psv\Extract C:\Users\Nick\Desktop\psv\Repacked"

and even trying it without the .psvmd extension:

"psvimg-create -m Decrypt -K bebadbebadMYKEYHERE9008f9008f C:\Users\Nick\Desktop\psv\Extract C:\Users\Nick\Desktop\psv\Repacked"

but nothing I do works.... I even attempted to purposely corrupt the registry file, but THAT didn't work... I'm only asking as from what I can tell people have managed to do registry modifications before using psvimgtools, but maybe that was only on 3.63... Am I doing something wrong? I had a feeling that the VITA_PATH.txt contained within ur0_tmp_registry was set up to be ur0:tmp/registry by design, but since that folder does not exist I even attempted to change that file to read ur0:temp/registry which broke the restore file (failed to write over about 11% through the process)... I'm running out of ideas, but since I've worked so long on this I want to get it working if possible... Does anyone see something I'm doing wrong? Or something I'm not doing which I should be doing?

And just in case before someone suggests it, I have no interest in swapping this console for 3.60 as I already have 3 consoles running Enso. I don't need a fourth, I want one which can go online without issues.

Thanks in advanced!

EDIT: I believe I confirmed it is not possible to modify registry values using a decrypted system backup. https://gbatemp.net/threads/questio...tools-but-nothing-sticks.483158/#post-7578384

 

[HarmfulMushroom]

Just a quick bump. Anyone have any other ideas to try?

 

[HarmfulMushroom]

One last bump and then I'll just throw in the towel on this one. Any help or ideas welcome. At this point I don't care what I change in registry, I'm willing to change whatever just to see if anything works.

 

[godreborn]

the swap buttons thing is in the system.dreg. r u opening that with fixreg_vita? that's how I swapped my buttons, but I did that on 3.20. u have to use that a second time in order to fix hashes or it won't work.

--------------------- MERGED ---------------------------

I made a tutorial about it which for some reason isn't on temp: http://www.psx-place.com/threads/pinkys-ps-vita-tutorials.9651/

 

[HarmfulMushroom]

the swap buttons thing is in the system.dreg. r u opening that with fixreg_vita? that's how I swapped my buttons, but I did that on 3.20. u have to use that a second time in order to fix hashes or it won't work.

Thanks for the reply! I am actually on 3.65 so I need to rely on the psvimgtools method which exports the registry settings as a file in \ur0_tmp_registry\registryBackup.txt. You can then edit the text file with a hex editor as everything is already decrypted. This might be the part I'm doing incorrectly though, maybe there is another step I'm missing where you need to break the file up or something.... Just in case I tried to run it using fixreg but it didn't do anything but generate a blank file.

 

[godreborn]

I dunno. the file that has the button swap is system.dreg. the system.ireg needs is used to decrypt it, so it needs to be extracted too. I'm not on 3.65, so I don't know much about how to manipulate those sorts of files with just an img. I think the problem might be that you're trying to manipulate a file u don't have. the registry files r in vd0 which isn't backed up by psvimg tools.

--------------------- MERGED ---------------------------

looks like u can edit it. check this out: https://hackinformer.com/PlayStationGuide/PSV/tutorials/how_to_registryhack_buttonswap.html

 

[HarmfulMushroom]

I dunno. the file that has the button swap is system.dreg. the system.ireg needs is used to decrypt it, so it needs to be extracted too. I'm not on 3.65, so I don't know much about how to manipulate those sorts of files with just an img. I think the problem might be that you're trying to manipulate a file u don't have. the registry files r in vd0 which isn't backed up by psvimg tools.

Yeah which is what I'm almost beginning to wonder myself as well.. Though guides such as the one on Hackinformer and I believe even Yifan himself have mentioned that registry modifications made using psvimgtools should work.. And I'm not exactly a noob at this, I have done registry adjustments since the time of the failmail exploit which is why this is confusing me a little. That being said, there might be a chance I'm also doing something really stupid, so I was just curious if anyone has attempted this before. Thanks for the help though!

 

[godreborn]

did u refresh the qcma database? I'm afraid of not messed with psvimg tools aside from playing around with them a bit...but I've never actually installed one.

edit: I think fixreg is only needed for the vd0 version. u get two files and each section extracted once u use it. however, here, u just get one file that needs to be hex edited in the same way. maybe saving it is the issue?

 

[HarmfulMushroom]

did u refresh the qcma database? I'm afraid of not messed with psvimg tools aside from playing around with them a bit...but I've never actually installed one.

Yeah man I'd never ask someone with no need to install a backup to test for me. But I have tried refreshing the database, I've tried both deleting the original backup before repacking after modifications using both the Vita as well as manually on the computer myself. Restarting QCMA all together and rebooting both computer and Vita after the backup was remade, disconnecting it from my PC before rebooting.

One thing I have been noticing though, which I'm assuming is by design, the Vita rebuilds the database after each reboot. I don't recall rebuilding the database effecting system settings, but maybe this is reverting everything back... I've also tried booting safe mode before a full reboot after writing the re-packed backup just to see, but that didn't do anything as expected..

 

[godreborn]

maybe try extracting the new psvimg to see if the change has stuck.

 

[HarmfulMushroom]

maybe try extracting the new psvimg to see if the change has stuck.

Oh forgot to mention I tried this as well, no change stuck. The extracted backup contained stock values. Good idea though.

 

[godreborn]

hmm...I'm not sure then. I did my button swap on 3.20 using the mail method which is what I used in my tutorial before henkaku or psvimg tools existed. I still have it like that on 3.60 with both my pstv and vita. a hex editor app should make a .bk version in case u mess up. hex compare them and see if a change exists. u can do this with say HxD. that's what I use to hex compare ps3 flash files.

 

[HarmfulMushroom]

hmm...I'm not sure then. I did my button swap on 3.20 using the mail method which is what I used in my tutorial before henkaku or psvimg tools existed. I still have it like that on 3.60 with both my pstv and vita. a hex editor app should make a .bk version in case u mess up. hex compare them and see if a change exists. u can do this with say HxD. that's what I use to hex compare ps3 flash files.

No worries man, I do appreciate all the idea's though! I might fiddle with this some more but I've spent far too many weekends doing this haha. If anyone else has idea's I'm still happy to hear them, but if not and I somehow manage to figure out what I'm doing wrong I'll post back for everyone else's information.

 

[godreborn]

the registry might be in ur0 since it has read/write access. I've never really looked into it. vs0 and vd0 would make the change permanent though. u need vita rw to write to either partition. this goes beyond my tutorial since u don't need mail to use it. u just need vita rw, a hex editor, and fixreg. the system_.dreg is the file that's changed in this case.

--------------------- MERGED ---------------------------

I'm referring to the custom white list and the default apps (most of 'em) when it comes to vs0. u can replace those. it doesn't really help here though, but at least u have access to the registry in some form.

 

[HarmfulMushroom]

Just tried one last test, using something which can be altered within the system settings menu of the Vita itself, the console language information. I tried backing up a backup using English as the device's language then changed language to French on the console. Once set, went to content manager, installed backup where english was the language on the device, on reboot everything still in French.

So because of this, I believe it is not possible to backup and restore registry information using psvimgtools. If anyone think's I'm wrong, believe me I would love to be wrong here, please let me know.

 

[flowoeB]

had to test this - got exactly the same result. decrypts fine (psvimgtools_frontend), can edit the files, repack and send to vita but all changes are ignored. i also get a third file called "registryCurrent.txt" besides "registryBackup.txt" when making a new backup after trying to Change something - both files are identical... pch-2000 silver fw 3.65

 

[godreborn]

had to test this - got exactly the same result. decrypts fine (psvimgtools_frontend), can edit the files, repack and send to vita but all changes are ignored. i also get a third file called "registryCurrent.txt" besides "registryBackup.txt" when making a new backup after trying to Change something - both files are identical... pch-2000 silver fw 3.65

maybe it doesn't work on 3.65? it could be cut off after 3.63. ark no longer works on 3.65, so sony may have patched this exploit.

 

[HarmfulMushroom]

maybe it doesn't work on 3.65? it could be cut off after 3.63. ark no longer works on 3.65, so sony may have patched this exploit.

Sorry to come back to such an old post. I thought the same thing but I had the same issue on a console running 3.36. That console of all consoles should be fine given that it's still susceptible to failmail as well.

 

[ShroomKing]

afaik the vita os compares the registry hashes before actually overwriting the previous registry entry's

 

[HarmfulMushroom]

afaik the vita os compares the registry hashes before actually overwriting the previous registry entry's

I could see that as well which is a shame. I was more wondering because tutorial sites like the guide presented on Hackinformer claim that this modification should be possible, and with all the testing I've done I'm pretty confident in saying that it is not possible to modify registry values using the backup decryption method.