Hacking [GUIDE] The Ultimate Noob PS Vita/PSTV Hacking Guide OP OUTDATED

  • Thread starter Deleted User
  • Start date
  • Views 698,208
  • Replies 1,848
  • Likes 45
D

Deleted User

Guest
OP
NPSVPSTVHG-Logo.png
Hello!

To save time on asking questions in new threads, I have constructed a guide for users to follow, and to ask about/point out additional info! It has plenty of information you will need to set up your Vita for many existing hacks, and ones to come! :)

Take note that the tutorials in the "Older Tutorials" category are not to be followed unless you're below 3.60 for whatever reason, they're here for archival purposes only.


Latest firmware: 3.73
Latest EXPLOITABLE firmware: 3.73
PSN Spoofing? Yes




Table of Contents:

1 - Introduction
2 - Guides
3 - Older Guides (Do not use these if you are looking to get the latest hacks and homebrew)

4 - FAQ





Purchasing a Vita (If you haven't already!)

Recently been interested in getting into the Vita scene, but unsure of where to start where buying is concerned? This simple guide to purchasing a Vita should be able to clean up all of your concerns of what exactly to look out for.

Which is the right firmware for me?
As of writing, all Vitas/PSTVs are fully hackable. For firmwares 3.65 up to 3.72, H-Encore2 can be used to run native homebrew and plugins, and optionally downgrade to either 3.60 or 3.65 if you wish to install HENkaku Enso and run homebrew and plugins straight from bootup.
3.60 is considered the absolute golden firmware to be on, as almost all plugins and homebrews have been developed to work on this particular version. And as well, you will be able to install a permanent hack which will persist on every reboot, called Ensō. 3.65 also has the same level of maintainence as 3.60 in terms of homebrew and plugins (and support for Ensō), though there might be a couple of old plugins that were not updated for it. However there are some updated plugins, Vitacheat Z06 being one of them, which will only function correctly on 3.65, therefore it's ultimately your choice as to which of the two firmwares you wish to proceed to and use.
(And if you're wondering how you will be able to play games on 3.60/65 which require higher firmware versions, there is a plugin called reF00D which enables just that, provided you fill in the necessary encryption keys)






HENkaku Tutorials

Below are a series of HENkaku-related tutorials. You can understand how to set up HENkaku for the first time, as well as installing VPKs for both homebrews and Vita game backups, plus much more.




Updating your Vita to 3.60 (HENkaku Update Server)

This is for users still under 3.60 looking to get a piece of HENkaku quickly and easily, without any hassle. This guide will take you all the way to the golden firmware, 3.60, through the use of Yifan_Lu's DNS server! It's seriously a very easy process, and extremely noob-friendly!

1) Go to Settings -> Network -> Wifi Settings -> Your Connected Access Point -> Advanced Settings
2) Under DNS Settings, select 'Manual', and set the Primary DNS to 212.47.229.76.
3) Now you may go back to the root Settings menu and choose 'System Update' -> 'Update using Wifi'.
4) Only update if it says "Firmware 3.60 (変革 Compatible)", otherwise you should follow these steps again and ensure any other settings are not conflicting the process!
5) After you have downloaded and installed the 3.60 update, you are now free to start setting up HENkaku!


Setting up HENkaku for the first time (3.60 Users)

HENkaku is a relatively easy exploit to install, requiring just an internal memory card and access to the internet. Here's a quickstarter to get the MolecularShell bubble installed, and then install the VitaShell VPK straight afterwards.

With HENkaku, thanks to the immense amount of work put in by developers and communities alike, you can:
  • Access native Vita homebrew and homebrew games
  • Dump/install PS Vita backups
  • Spoof PSN to access features under the latest firmware
  • Get access to the full file system and its features
  • Run Vita romhacks and translations made by the community
All you need is just over 10MB of storage space on your memory card, and an internet connection also.

1) On your 3.60 Vita, navigate to the internet browser application. Then open up the address bar.

2) In that address bar, type the following link: http://go.henkaku.xyz

You should now either recieve an error or the "welcome to HENkaku" alert screen. If you recieve an error, just try and try again; it takes a little bit of time to work its magic.

3) When on the "Welcome to HENkaku" message, click OK and the HENkaku installation screen should show up.
Allow 15-20 seconds of VitaShell (formerly known as MolecularShell) installation time, and the installation screen should auto-close after a few additional seconds.

When you scroll down the LiveArea, you should now see that "MolecularShell" (actually VitaShell now) is now installed to your Vita, and HENkaku mode is enabled on your Vita!

3) MolecularShell is great and all, but nowadays it lacks the latest features such as installing from a folder, USB support, etc, which are all present in the superior VitaShell app.
By following the next tutorial, you can install the latest VitaShell VPK (from the official github page here), as well as any other homebrew/game VPKs of your choice, via MolecularShell's FTP server.

Setting up H-Encore (3.65-3.68 Users)

This is a new exploit for 3.65-3.68 users who missed out on the HENkaku train. It installs a bubble to your Vita's home screen which allows running the exploit in order to access homebrews, game backup loading, and the like.
It is a 'semi-tethered' exploit, which means you'll have to re-run it on every reboot (though as it's a bubble and completely offline, it doesn't take long), though if you are on 3.65, you may use this as a gateway to installing Enso (3.67 or higher users cannot use Enso, therefore must continue to use this bubble all the time in order to keep using homebrews and backups)

Follow TheFloW's official readme file for steps on how to install the app onto the Vita via psvimgtools and CMA: https://github.com/TheOfficialFloW/h-encore


Installing VPKs via your new MolecularShell installation (through FTP)

So now you have your basic HENkaku needs, you are ready to dive into the rapidly-developing scene of homebrew and games! If you would like to see a diverse archive of Vita homebrews and utilities in VPK format, ready to be installed straight to your Vita, GBATemp member @VitaType has been working hard round the clock to bring you the latest and greatest apps and games for us to enjoy! Head on over to his impressive sticky thread for those said homebrew apps!

:!: DISCLAIMER: :!:
Please be wary of malicious apps. There has been known to be disguised brickers out there in the wild, so when VitaShell states the app "remounts partitions", cease installing it and be sure to contact the person who made the app if you can! Running it could cost you your Vita...!

1) Make sure you install a suitable FTP manager on your PC/Android device. (I'm gonna leave iOS out for the simple reason of that I have little-to-no experience with iPhone FTP apps)
I highly recommend WinSCP for PC, and TurboFTP for your Android device, as they work with almost no fuss or fiddling around with settings!

I will leave it up to you to configure the site for connecting to your Vita. (Just press select on your Vita while in VitaShell and it will tell you the IP address and port to set up the site to connect to!)

2) After you have set up your respective FTP manager, connect to your Vita (make sure to stay on the "now running FTP server" screen, or press X to have it run in the background) and the FTP manager on your PC/Android device should display all the main partitions within the Vita.

3) [OPTIONAL] Navigate to ux0: in the manager, and create a folder (preferably called "VPK") to store all of your incoming VPK files in.

4) Back on the PC/Android device, send over your downloaded VPK file of choice to the desired location on your Vita. Then close the FTP window on your Vita, and navigate to the folder you placed the VPK into.

5) Press X on the VPK file, and X again to confirm the installation. If you get a window saying "This app will gain higher priveliges and may be dangerous", think twice about what you just downloaded/transferred, and hit X once again to really confirm the installation.

6) When the installation is successful, your app should now show up in the LiveArea with no errors. If you encountered an error while installing the VPK, something is wrong with your file and should try to investigate the issue the best you can, because it could simply be anything...

And that is how you install a VPK with ease!

Transferring files from the memory card through USB to/from a PC

Starting from VitaShell 1.5, users now have the option to manage files on the memory card via USB instead of FTP. This allows for much faster transfer speeds, and is generally one of the most simplest ways to manage files. There are some things you will need to know if you wish to have complete ux0 access though, as Windows automatically hides a few protected folders...

1) Enable USB connection in VitaShell if you haven't already, and locate the root of the memory card on PC.

2) In the top menu bar in Windows Explorer, go to View -> Options, and you will see a screen like this:

upload_2017-11-9_15-45-33.png


In the "View" tab, scroll down to a tickbox that says "Hide protected operating system files (recommended)" and disable it. You will also need to click on "Show hidden files, folders, and drives" as well. When you've done that, hit 'Apply', ignore the warning message if you get one, and close the window.

upload_2017-11-9_16-3-47-png.105382


Note that this affects all other files and folders on your PC and not just the memory card drive. You can temporarily hit the 'hidden files/folders' tickbox on the fly from the "View" menu bar in Explorer to hide everything again.

Now you know how to easily transfer any files to protected folders when you need to.

HENkaku Enso Installation (permanent HENkaku)

On 29th July 2017, Team Molecule publicly released HENkaku Enso to mark their 1st anniversary since the original HENkaku debut. This variation of the well-known 3.60 browser-based exploit is installed into the boot sequence, eliminating the need to constantly revisit the web browser and execute the exploit on every reboot. This is also very useful and convenient for PSVSD and SD2Vita adapter users, as you will no longer have to keep remounting your adapter as ux0 either. Everything is now executed at boot time!

This can be installed on 3.60, or 3.65 if you set up H-Encore. Firmwares 3.67 and above are not supported!

1) Visit either of the following links based on whichever firmware you are installing Enso on:
3.60 - https://github.com/HENkaku/enso/releases
3.65 - https://github.com/TheOfficialFloW/enso/releases

2) Transfer the VPK to your Vita and install via VitaShell like any other homebrew app. A bubble should appear on the LiveArea screen, as per usual.

3) Carefully read the disclaimer at the top (remember, this is not a 100% stable exploit, even if it has gone through rigorous testing!) and press Circle to continue to options.

4) Press the Cross button to install/reinstall Enso. It should take around 10 seconds tops to complete. When prompted, press Cross again to reboot.

5) If all is successful, the Molecule logo should appear in place of the usual PlayStation logo. Now, when you arrive at the LiveArea screen and try to open a homebrew app, it should instantly load without fault. If this happens, congrats! You've successfully installed Enso!

NoNpDrm dumps - Creating/Installing

NoNpDrm dumps are almost 1:1 backups of a legitimate game. They are much, much more stable in terms of compatibility than Vitamin or MaiDump dumps, so nowadays it is highly recommended to install NoNpDrm dumps instead.

In this guide, I will go through how to dump legitimate games, then briefly how to install them at the end. If you are here solely for the piracy aspect, I suggest you look up a neat app called PKGi.

1) Grab the latest NoNpDrm release from here.

2) Place nonpdrm.skprx anywhere on your Vita, preferably somewhere in ur0 or ux0. Afterwards, in ux0:tai/config.txt, add a path to wherever you placed the plugin, just under the *KERNEL section. Then reboot your device for the plugin to activate.

3) Launch any legitimate app you wish to make a dump out of, and some licenses will be generated in ux0:nonpdrm/license/

4) Now to create the dump for use on another device. Copy all the content of the legitimate app/game (for downloaded content: ux0:app/TITLE_ID or if it's game-card based: gro0:app/TITLEID

5) Then copy the fake license over from ux0:license/app/TITLE_ID/random_numbers_and_letters.rif to TITLE_ID/sce_sys/package/ delete the existing work.bin already there, then rename the RIF file to work.bin.

6) You now have a NoNpDrm dump ready to install to another device. To install, place the contents in ux0:app/ (make sure the folder you're placing there is the 9-character folder, with an eboot.bin inside it and all that stuff) and on VitaShell's home menu, press triangle -> Refresh LiveArea screen to make the new NoNpDrm dump's bubble appear on the LiveArea!


Installing Adrenaline (ePSP Custom Firmware)

Adrenaline is a PSP eCFW, created and developed by TheFloW, for henkaku users. It allows you to install a fully-fledged PSP CFW, then transfer PSP EBOOTs/ISOs of your choice over to your memory card to access and play them.

Adrenaline is a software that modifies the official PSP Emulator using taiHEN CFW framework to make it run a PSP 6.61 custom firmware. Thanks to the power of taiHEN, Adrenaline can inject custom code into the IPL which allows unsigned code to run at boottime.

Note: An activated Vita with a PSN game used to be required to use Adrenaline, but this is no longer the case. Adrenaline can now be installed from a VPK.

To install Adrenaline to your Vita, download the latest version from this link:
https://github.com/TheOfficialFloW/Adrenaline/releases

Tom Bombadildo's full guide to installing Adrenaline:
http://gbatemp.net/threads/installing-adrenaline-6-61.449344/

(PSTV only) Mounting USB Stick as ux0

This tutorial will guide you on how to get a USB pen drive up and running on your PSTV. This is a really useful and money-saving feature, as the infamous memory cards are still often more expensive than the PSTV itself to this day!

Manually mounting
1) Format your chosen USB drive to FAT32/exFAT, then launch VitaShell and navigate to the partition selection menu (aka the 'home' section)
2) Press the Triangle button and select 'Mount uma0', then attach your USB to the PSTV. Copy any stuff you need to copy over to that USB now. (auch as apps, patches, VPKs, etc.)
3) After you have done all that, making sure uma0 is still mounted in the partitions menu, press triangle again and select 'Mount USB ux0' from the side-menu. The USB is now acting as the memory card.
4) If you want to refresh the livearea with all the apps transferred to your USB, select 'Refresh livearea' from the same side-menu as before.
5) You have now successfully set up a USB Stick for use with your PSTV!

Mount on boot
Thanks to Enso, we can now mount our USB sticks on boot. If you don't have Enso installed, that's fine, it'll just mount when you launch HENkaku.
1) Download the latest version of usbmc_installer
2) Transfer it to your Vita and install it
3) Open the usbmc_installer application and follow the on-screen instructions
4) After it has finished installing, the USB device should now mount on boot!






Older Tutorials

NOTE: Do not read further/use these tutorials if you are looking to get the latest hacks and homebrew! These tutorials were written before HENkaku was around, and are here for archival purposes only.

These guides were originally some of the many hacks and tricks for earlier firmwares, before the time of HENkaku. They are all obsolete, and are only to be used if you absolutely insist on staying on a firmware pre-3.60 for whatever reason.

For the latest, better, up-to-date Vita hacking and homebrew content, use the several tutorials above the page.




Mail Exploit SetupEditing your "app.db"TN-V and VHBL SetupPSM Dev for UnityActivating lower-firmware VitaDumping the Vita memcardVita Registry Hacks3.00-3.55 calendar exploit


  1. Mail Exploit Setup

    This is a tutorial to set up the fail-mail exploit. It can allow you to dump, delete, and write to specific parts of the Vita's NAND. The fail-mail exploit will NOT WORK WITH FIRMWARES 3.55 AND UP, NOR WILL IT WORK ON FIRMWARES UNDER 3.00!

    The process for this turorial is exactly the same for the PSTV.
    1) Download, Install, and set up Mozilla Thunderbird from Here.

    2) Now create a new email address to use with your vita if you haven't already, and set up your Vita with that email address. I would highly recommend using a gmail account for Vita hacking.

    3) download this .eml file and open it in Thunderbird. It should open a preview page of the email + attachment you are about to send.

    4) Click on forward. Now enter your Vita's email address in the recipient box (who you're sending it to). Now click send. You shouldn't have tampered with anything else. I get a lot of users here who make the mistake of either renaming the attachment or forgetting to fill in the necessary fields. :P

    5) Now launch the email application on your vita and enter in your gmail account details, once you have done that, click on inbox and you should see the forwarded message with an attachment.


    6) Click on the message and then click on the attachment.

    6) You should get a "Could not display this image" message. DON'T CLICK ON THE "OK" BUTTON! Instead, press the PS button and close the email app.

    7) Now open the email app again. You should be prompted to set up your email account. Just set it up as usual again, and you're done! You are now ready to exploit your vita further!

  2. Editing your Vita's "app.db"

    In this step, we will take a look at modifying an important file in our Vita's system - app.db! It is a file which manages home menu "bubbles", executable paths, and app icons.

    The steps in this tutorial are also the same for the PSTV.

    1) Open gmail on your PC, (Making links in emails for the Vita only work in gmail-sent emails.) click on 'compose', and fill in the "To:" field with your Vita's email.

    2) paste this support_uri call into the message:

    email:send?attach=ur0:shell/db/app.db.


    (It's important you also copy the full stop at the end, as well!)

    3) Now highlight the support_uri call in the message and at the bottom of the email composer, click "insert link", and paste the exact same support_uri call as a webpage link, and click OK.

    4) If all went successful, the text should be blue and underlined, as a webpage link would normally be. Now just send the email.
    1) Back on your Vita, open up the email app if you haven't already. Find the email you generated, and then click the link below in the email. It should take you to the "Create Message" screen. Send it to yourself, and then click "Send".

    2) The email app should close automatically just after you sent the message. Don't worry, this is normal!

    3) Open your gmail on your PC, and find the message with "app.db" as the attachment. download the attachment somewhere onto your PC.
    1) Download SQLite Browser from here: SQL Browser and then open it up.

    2) Drag and drop your saved "app.db" into SQLite Browser. It should look like this, when you have done:


    5.PNG


    3a) Next, go to 'Browse Data', and then in the drop-down box, click on 'tbl_appinfo'. This is where all of your application data and paths are. You can also add new tables into the database to create bubble data for your own bubbles!

    3b) Now go to the drop-down box again, and click on 'tbl_appinfo_icon'. Here is where you can create and customize new bubbles for the home screen. You can also change the layout and icons of existing bubbles, too!

    4) When you are done modifying your app.db, you will want to inject it back into your Vita so simply hit "write changes" if you did make any changes. After that, rename the app.db to "#0" (without quotation marks)

    5) Now open Thunderbird and click "write" in the top-left part of the window. drag and drop the #0 file (app.db) into the top-right part of the window. It should now show up as an attachment named "#0" (without quotes). Fill in the recipient box with your Vita's email account and send the email with the attachment.

    6) On your vita, open the mail app again. Find the email you just sent, and click on the #0 attachment. If successful, it should display "Could not open Image". AS USUAL, DO NOT CLICK ON "OK"! Instead, just like when we did the mail exploit setup, press the PS button and close the email app.

    7) Reboot your Vita. When you open it up again, your app.db modifications will take place! And this will remain permanent until you rebuild your database. If you rebuild your database, your app.db modifications will be lost, and you have go back to step 6 again.

  3. TN-V and VHBL Setup

    In this tutorial, I will show you how to Replace a PSP game with either TN-V or VHBL.
    You WILL need a downloaded and fully working PSP basegame to use this.
    You will also need QCMA: Download


    TN-V is suited more to play PSP ISOs.
    VHBL is suited more to play Homebrew.

    1) Download the Savedata and PBOOT.PBP for your choice of menu:

    VHBL - Download
    TN-V (3.5X) - Download
    TN-V (1.00-3.36) - Download

    2a) Extract the contents of your downloaded zip file. Place the VHBL01234, TNV, or TNV_00000 folder into your QCMA savedata directory.

    As for the PBOOT you can send it with Thunderbird. Just rename the PBOOT.PBP to "#0" (without quotes), attach it to the email, set the email subject to "ux0:pspemu/PSP/GAME/Basegame's TITLE ID/PBOOT.PBP" (without quotes), and send the email with the #0 (PBOOT.PBP) attachment.

    If you are using TN-V, then move onto step 2b. If you are using VHBL, you can skip to step 3.

    2b) Before transferring your savedata, you need 660.PBP. I dunno if it's a file you can host on here, so I'm not gonna link to it. However, when you do find it, place it in your TNV or TNV_00000 savedata directory.

    3) Transfer your TN-V or VHBL savedata onto your Vita using QCMA (as the official CMA won't work). Then open up the email app, find your email with the (#0) PBOOT attachment you sent earlier, and then click on it. AS USUAL, DO NOT CLICK ON "OK"! Instead, press the PS button and close the email app.

    4) After that, you can either:

    i) Transfer your basegame to the PC and back again for the PBOOT to take place. (better option)
    OR
    ii) Rebuild your database for the PBOOT to take place.


    After that, Reboot your Vita, and then you're done! The TN-V or VHBL bubble should now replace your basegame!

  4. PSM Dev for Unity Installation >=3.15 - Make your own PS Vita games!

    In this tutorial, I will show you how to install PSM Dev for Unity for firmwares 3.15-3.51. Dev Assistant for Unity can allow you to develop for, and utilize, PS Vita hardware!

    If you are using a PSTV, you can only set up VitaDefilerClient (for Rejuvenate) since you can't link your PSTV to a PC using a USB cable. The method for the 1.05/1.06 update installation is different, too.


    1) Download and extract the following contents: Download

    2) Rebuild your existing database.

    3) Forward "test2.eml" from the zip we just extracted.

    4) Now copy the PCSI00009 savedata to your Vita using QCMA.

    5) Find an app that needs updating. Click and accept the game update. (You can also use PSM Runtime Package as the update payload.)

    6) Open the notifications bar, and pause the download as soon as you see some of the green bar showing.

    7) Open the email app, and navigate to the forwarded "test2" email.

    8) Click on the first attachment. AS USUAL, DO NOT CLICK ON "OK"! Instead, press the PS button and close the email app.


    9) Re-open the email app and click on the other attachment. ONCE AGAIN, DO NOT CLICK ON "OK"! Instead, press the PS button and close the email app.

    10) Turn wifi and bluetooth off, and then reboot your vita.

    11) Check your notification area. Your update should say "Could not download", and should be clickable. Now click on it, and PSM Dev Assistand for Unity should install!

    6.jpg

    Image courtsey of logsic-sunrise.com
    1) Either set up a Package Installer bubble by modifying app.db, or use Gmail to make an email link to open Package Installer. ("psgm:open?titleid=NPXS10031." as the support_uri call. Make a link out of it like we did in Tutorial 2, Stage 1.)

    2) Download the appropritate update data for your firmware version. They're DRM-free, so I am allowed to link them here:

    3.15 - 3.20 = Download
    3.30 - 3.51 = Download

    3) You will need to use QCMA again. Place your downloaded PSM Unity app update into your QCMA "PSV Packages" folder.

    4) Now open Package Installer on your Vita. Connect your Vita to QCMA and install the update package.

    5) Your PSM Dev for Unity is now ready to be licensed!
    Thanks to bache for the new info! :)

    1) Open up QCMA on your PC and PSTV.

    2) When connected to the PSTV, switch to the Package Installer app, and you should be able to see a list of PKGs.

    3) Install the Unity update Package for your Firmware! :)
    1) Simply follow the instructions at PSM Plus and set up PSM+

    2) Install the appropriate Unity for PSM program on your PC.

    If you installed PSM Dev for Unity 1.05: Download
    If you installed PSM Dev for Unity 1.06: Download

    You will also need PSM Tool Set for Unity to be able to import your keys and stuff: https://mega.nz/#!KBkTXBpY!z1DqPZ-oCHwVt-sJuY31xZY7TJ0OCBQsvaLHCM7ux_M

    3) When you have installed Both programs onto your development PC, open PSM Toolset for Unity first.

    4) You will need to import your license, device seed, and device key, all of which you created and set up on the PSM+ website.

    5) Now make some kickass PS Vita games using Unity for PSM!

  5. Activation of a lower FW Vita

    This tutorial will guide you to activating your Vita via the use of a PS3 and USB cable, to be able to play PSP games and content. This is also useful for if you don't have PSN access from your Vita, and are wanting to download a PSP demo* specifically to set up Adrenaline/TN-V.
    *(LocoRoco Midnight Carnival (USA) and Ape Quest Starter Pack (EUR) are 2 demos you can download from the PS Store for use during eCFW setup)

    Note that this method doesn't work for PSTV users since it involves using a USB cable to plug in to the PS3.
    1) First of all, check that your Vita is linked with a PSN account. You can do this By going to Settings -> PSN.

    2) If your Vita isn't linked with a PSN account, then proceed to step 3. If it is, then go to step 4.


    3a) Reboot your vita into safe mode. (Shut down, then "PS Button + Power Button + R Button all held down").

    3b) Choose "Restore the PS Vita System". The proceed to link your PSN account through the setup process.

    4) When all ready, Boot up your PS3. Make sure no apps are running on there! (Also make sure your PS3 has PS Store access and the same PSN account as you used to link your Vita with.)

    5) Back on your Vita, turn on flight mode and reboot. Open up "Content Manager" and choose "Copy Content", then connect the USB cable to your PC and start QCMA. When your Vita is successfully recognised and ready to transfer stuff, disconnect the cable from the PC end and DON'T CLICK OFF OF THE ERROR MESSAGE!

    6) If the error message states "The PC has been disconnected" then connect your Vita to the PS3 and wait for the prompt on your PS3 to appear. Now click off of the error message on your Vita and click on the "PS3" connection option.

    7) Now it should bypass the update nag! Now transfer any content from your PS3 (preferably a pre-downloaded game waiting for install) to your Vita to automatically activate it, and you should be good to go!!

  6. Fully Dumping your Vita's Memory Card (All of the ux0: Partition)

    In this tutorial, we will take a look at making a full dump of your Vita's memory card. That means you will be dumping the entire ux0: partition, so not only will you make a dump of your pspemu part of the memcard, you will be dumping encrypted vita apps and their metadata, and a lot of other configuration files and extras!

    Also, this guide assumes you are on any firmware up to 3.52. Any higher firmware version this guide doesn't support at the moment.

    So without further ado, on to the tutorial!
    1) First, download this modified PBOOT file that we will be injecting into one of our required PSP games/minis. However, if you are wanting to use the email exploit method to inject the PBOOT, use this one instead!

    2a) If you have direct write access to PSP/GAME (that's any firmware under 3.50), use VitaFTP to FTP over the PBOOT file to ms0:PSP/GAME/TitleID Of Chosen Game/PBOOT.PBP

    2b) If you are on 3.00-3.52, you can use the email exploit to mail over the (smaller!) PBOOT file to ux0:pspemu/PSP/GAME/TitleID Of Chosen Game/PBOOT.PBP. Make sure you follow the rules of the email exploit to make sure you don't mess up!

    Optional) Delete any /temp folder you see at ms0: just to be sure everything goes alright when dumping the whole memory card.

    3) Transfer the chosen PSP/PS1 game over to the PC. When finished, transfer it back over to the Vita again, and you should notice the bubble change its look! (very important step!)

    4) Now for the transferral of your entire memory card partition! Transfer the game once more to the PC, and you should notice it takes longer to transfer, since we are transferring the whole memory card.

    5) After that, transfer the game back to the Vita yet again.

    6) Check the temp/ folder. All of your memory card should now be dumped into that temp/ folder! If not, something went wrong, and you should try again.

    Optional) FTP over the entire temp/ folder to the PC, so you can free up a lot of the space the dump took over! :P

    Finished! Have fun experimenting and exploring your dumps! :D

  7. Various Vita Registry hacks!

    In this tutorial, we will look at applying different registry hacks to your Vita. This includes swapping your Vita's X/O button assignment (doesn't affect games though), faking the Vita's region, and reading out your PSN Login data. Credit to Hackinformer and Co. for these findings. :yay:

    However, I am not responsible for any damage or System resets that may occur by doing this! Do at your own risk!

    ALSO, DO NOT SHARE YOUR REGISTRY FILES WITH ANYONE, AS THEY CONTAIN YOUR PSN LOGIN DATA UNENCRYPTED!!

    You will also need fixregvita from here.

    1) Send yourself an email with the following links:

    email:send?attach=vd0:registry/system.dreg.
    email:send?attach=vd0:registry/system.ireg



    2) On your Vita, click on each of the links and send them as attachments in seperate emails.

    3) Retrieve the files through your desired email application on the PC.

    Done. You are now ready to start modifying the registry files!
    1) Put your registry files in the same location as fixregvita and run the executable, causing a 'seg' folder full of .dreg files to be created.

    2) Open the system.dreg file with your desired Hex Editor.

    3) Search for "button_assign" using the 'find' function.

    4) Somewhere after or underneath, there should be a 01 hex value. To swap the 'enter' functionality to the O button, change that 01 value to 00 and click 'save'.

    00 = O is enter
    01 = X = enter



    5) Now run fixregvita again to apply the changes and fix the checksum. You should get a new and patched 'system_.dreg' file.

    6) Assuming you saw the previous tutorials on how to insert files back into the Vita, now send an email with the system_.dreg file as an attachment and renamed to #0, and set vd0:registry/system.dreg as the email subject.

    7) On the Vita, click on the #0 attachment and don't click off the error! Instead, just press the PS Button and close the email app altogether.

    Now just restart, and you should notice the O button is now the enter button, if you changed the hex value to 00! :)
    1) Put your registry files in the same location as fixregvita and run the executable, causing a 'seg' folder full of .dreg files to be created.

    2) Open the system.dreg file with your desired Hex Editor.

    3) Search for "region_no" using the 'find' function.

    4) Somewhere after or underneath, there should be a hex value that is completely different to the continuous row of '00's. When you've found it, change it to one of the following values, depending on what you want to change your region to, then click 'save'.

    Japan = 01
    America = 02
    Europe = 03
    Korea = 04
    UK = 05
    UK 2 = 06
    Australia = 07
    Hong Kong = 08
    Taiwan = 09
    Russia = 0A
    China = 0D



    5) Now run fixregvita again to apply the changes and fix the checksum. You should get a new and patched 'system_.dreg' file.

    6) Assuming you saw the previous tutorials on how to insert files back into the Vita, now send an email with the system_.dreg file as an attachment and renamed to #0, and set vd0:registry/system.dreg as the email subject.

    7) On the Vita, click on the #0 attachment and don't click off the error! Instead, just press the PS Button and close the email app altogether.

    Now just restart, and you should now be a different region!
    1) Put your registry files in the same location as fixregvita and run the executable, causing a 'seg' folder full of .dreg files to be created.

    2) In the 'seg' folder, find buf_NP.dreg and open it in your desired hex editor.

    3) Go to offset 0x360 and you should now see your PSN ID and password in plain text. One reason why you should NOT ever share your registry! ;)

  8. An Alternative Method to Dumping Files - The Calendar exploit! (Works from 3.00 to 3.55!)

    If you are having a little bit of difficulty dumping files from your Vita using just the email app, there is another method that Mr.Gas found not too long back this year. It lets you create a new calendar event with a support_uri call to dump the file, and then can be emailed, which in turn, dumps the desired file into the email.

    Another benefit of this method is that it works not just on firmwares 3.00-3.52, but also 3.55 as well! (but not 3.57 or higher, as it got swiftly patched by Sony!)

    1) Create a new calendar, if you haven't already.

    2) Now tap and hold a date to add an event.

    3) In the event description, enter the support_uri call to dump your desired file. However, do not add the dot like you would for the email exploit!

    For example:

    email:send?attach=vd0:registry/system.dreg



    4) save the event, and then click on it. Enter the little sub-menu in the bottom-right and click on "send as email".

    5) The email composition should open up, and you should now see the desired file you want to dump attached.

    6) Send the email, and you should now be able to retrieve that file on your PC.







FAQ:

(This FAQ is still a work-in-progress...)
Q: My attachment is still showing the ? Symbol!
A: Try re-doing the mailwriter process again.

Q: My TN-V/VHBL bubble isn't showing!
A: Try to do the process again.

Q: Will I lose my TN-V and VHBL Bubbles if I update to 3.55?
A: Nope; they are now of a permanent nature, even if you update, or rebuild the database.
However, you will lose access to the mail exploit if you update to the latest Firmware, so think carefully!
EDIT: Updating any higher than 3.55 WILL NOW BREAK TN-V/ARK!

Q: The notification to install PSM Dev for Unity is unclickable?!
A: That may be because you waited too long to pause the original update payload. Try over again, it takes a couple of tries!

Q: My PSM Dev for Unity app tells me that the license "could not be confirmed".
A: The PSM+ license always resets at 00:00. You can either:
1) Refresh your license on the PSM+ website.
OR
2) Change the date back to when you last activated the license.

Q: Anything that will allow me to spoof to *insert latest firmware*?
A: If you're using HENkaku then yes, you can spoof to the latest firmware. If you're not using HENkaku however, there is no way.

Q: What about an ARK-2 tutorial?
A: No ARK tutorials, as I believe TN-V and Adrenaline make it a somewhat redundant eCFW.

Q: Can we play Vita backups yet?
A: Absolutely. HENkaku/H-Encore allows you to run almost 1:1 backups of legitimate Vita games; see my guide to install NoNpDrm dumps inside this guide.

Q: Why does PSM Dev for Unity not work on FWs >3.51?
A: Sony shut down PSM in mid-2015, so 3.52 and upwards revokes PSM Dev Assistant support.

Q: I can only see a small handful of folders in ux0/can't delete anything in ux0/can't access other partitions!
A: Make sure you have "Enable unsafe homebrew" turned on in molecularShell's options menu, then reboot for the change to take effect.
 
Last edited by ,
D

Deleted User

Guest
OP
Very cool man. I will wait for the rejuvenate version. I have it but without a larger memory I'm waiting.
I will think about writing a tutorial on Rejuvenate. :)
I will also write a tutorial for PSM Dev for Unity, so you can learn to make your own games! :D

Edit: I have now finished the PSM Dev assistant for Unity tutorial!
 
Last edited by ,
  • Like
Reactions: shaams007

Reploid

Well-Known Member
Member
Joined
Jan 20, 2010
Messages
2,807
Trophies
2
XP
6,201
Country
Serbia, Republic of
Add a FAQ pls. By FAQ I mean something like
Q: Can I have vita games on my vita yet?
A: Nope. Just PSP ones.
 
D

Deleted User

Guest
OP
Add a FAQ pls. By FAQ I mean something like
Q: Can I have vita games on my vita yet?
A: Nope. Just PSP ones.
On it!

--------------------- MERGED ---------------------------

Ok, thanks. Let's say I want to update my vita, can all this be reverted? Also, how do I get the PSP game on my vita if I am on a lower version, I can't access the store.
Yeah, that's also something I need to clarify. Unless Vita Update Blocker works again, you can't enter the PS Store for now.
 
D

Deleted User

Guest
OP
Updated - Added 3 Tricks you can do with your Vita as a little extra something. :)
 

RazorX2014

Well-Known Member
Member
Joined
Mar 18, 2014
Messages
621
Trophies
0
Age
39
XP
421
Country
you dont need to install thunderbird or use writer.eml, my Vita Email Hacker will do all that for you including sending the package installer email too you its under presets.

for part 1 it can simply be click settings and enter your email details then click save now click upload then browse and select the mail.db file and click send email
 
Last edited by RazorX2014,
  • Like
Reactions: KarasLegion
D

Deleted User

Guest
OP
you dont need to install thunderbird or use writer.eml, my Vita Email Hacker will do all that for you including sending the package installer email too you its under presets
Thanks for the info! I'll make sure to add that! :)
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: Good night