Major_Tom Explains Game Dumping/Mods on 3.60

Discussion in 'PS Vita - Hacking & Homebrew' started by dkabot, Aug 2, 2016.

  1. dkabot
    OP

    dkabot Better With Others' Systems Than Their Own

    Member
    1,000
    349
    Sep 9, 2014
    United States
    https://twitter.com/MajorTomVita/status/760595053865820166
    [​IMG]
    Pastebin: http://pastebin.com/pz9FbTet

    While we can't directly read game assets with the old Manual method, we can with HENKaku~
    Apparently the patch directory works similar to PBOOTs in PSP-land in that anything in it is replaced... including the executable.
    So we can run Manual to decrypt the game, then run MolecularShell as the game to read its data from app0: to get anything we want (barring patch data itself, apparently).

    This also brings up that HENKaku lets us run unsigned EBOOTs, so if we could theoretically decrypt a game EBOOT, we could do... things. Yes, things.
     
    Last edited by dkabot, Aug 2, 2016


  2. metroid maniac

    metroid maniac An idiot with an opinion

    Member
    1,800
    718
    May 16, 2009
    Half of the Vita community is very excited right now. The other half is very nervous.
     
    Shadowfied, Benuno, MKKhanzo and 5 others like this.
  3. Bubsy Bobcat

    Bubsy Bobcat halloween peener

    Member
    1,472
    5,698
    Jul 8, 2015
    Zimbabwe
    I'm listening.... :creep:
     
  4. DinohScene

    DinohScene Capture the Dino

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    16,058
    12,574
    Oct 11, 2011
    Antarctica
    В небо
    Why does all the good stuff happen when I have massive bills to pay ;-;
    Somebody be so kind and gift me a Vita pls <З
    I'll love you forever~
     
    Lord M and Scarlet like this.
  5. naughtyotsel

    naughtyotsel GBAtemp Regular

    Member
    126
    14
    Jul 17, 2016
    thats interesting i hope it gets some progress
     
  6. Transdude1996

    Transdude1996 GBAtemp Regular

    Member
    207
    62
    Dec 28, 2011
    United States
    Colorado Springs, CO
    You can pick up a used Vita TV for $30 at GameStop.
     
    zoogie and Shrinefox like this.
  7. Tony_93

    Tony_93 GBAtemp Addict

    Member
    2,195
    1,004
    Jun 13, 2015
    United States
    California
    Amazon, newegg and ebay too.

    No excuses xD
     
  8. leerz

    leerz GBAtemp Advanced Fan

    Member
    528
    133
    Jan 11, 2015
    Makati
    looking at the pastebin..

    so

    makes neebs like me excited.
     
  9. AIDA

    AIDA Member

    Newcomer
    47
    172
    Aug 3, 2016
    Maritropa
    Can confirm this works, used it to dump two games. I'm working on modifying the text for one and creating an English patch. I just wish there were some way to avoid the WiFi speeds. D:
     
    Shadowfied likes this.
  10. Shrinefox

    Shrinefox GBAtemp Regular

    Member
    114
    76
    Sep 5, 2013
    United States
    This is great news. I'm having trouble getting a repacked CPK to run as a patch, however. Specifically, the data.cpk from Persona 4 Golden.
    I'm using Cri Packed File Maker to create the new CPK from a directory extracted using quickBMS (no other programs will extract the CPK, saying it's invalid).
    I just get an error saying the game is corrupted unless I delete it from the patch directory.

    [​IMG]
    Here's a comparison of the original CPK and the repacked CPK. I did replace a few model files but it shouldn't account for such a big difference. The main problem seems to be the selective compression. I haven't tried without compression though, I will test that shortly.

    Anyone know of any other CPK tools?

    EDIT: With all this trial and error, it'd be nice if you could duplicate the bubble. Like have one be molecularshell and another actually be the game
     
    Last edited by Shrinefox, Aug 3, 2016
  11. olembet

    olembet Advanced Member

    Newcomer
    57
    19
    Sep 16, 2011
    United States
    so, u can save edit ur game save now ? max money?
     
  12. Shrinefox

    Shrinefox GBAtemp Regular

    Member
    114
    76
    Sep 5, 2013
    United States
    Yes, as long as you can find the money value in a hex editor.
     
  13. VitaType

    VitaType GBAtemp Advanced Fan

    Member
    752
    333
    Jul 16, 2016
    Germany
    Does it mean that I'm a bad human if I have more problems with that than piracy?
     
    Shadowfied likes this.
  14. zoogie

    zoogie simple pimp tool

    Member
    6,341
    8,026
    Nov 30, 2014
    United States
    A little bit of reality touch-up :P
     
  15. bache

    bache GBAtemp Advanced Fan

    Member
    694
    292
    Sep 28, 2009
    Considering the PSTV doesn't have the "near" app, does that mean those users are out of luck?
     
  16. metroid maniac

    metroid maniac An idiot with an opinion

    Member
    1,800
    718
    May 16, 2009
    I assume there'll be a workaround like there was for Welcome Park and PS3 Remote Play.
     
  17. bache

    bache GBAtemp Advanced Fan

    Member
    694
    292
    Sep 28, 2009
    Bummer, guess I'll have to wait a bit longer to make my P4G undub :P
     
  18. DarkSynopsis

    DarkSynopsis GBAtemp Fan

    Member
    399
    235
    Oct 15, 2014
    New Zealand
    New Zealand
    Awesome, keep checking back into the VITA Community to see whats going on, more and more reason I might want to pick up the system but leaning towards PSTV.

    Right now I mainly want a dump of Taiko no Tatsujin V so I can get a look at the song files/note chart files and maybe port them to 3DS games, Taiko DX from PSP was possible, anyone manages to dump the files drop me a PM ;)
     
  19. Wuigi

    Wuigi GBAtemp Fan

    Member
    315
    104
    Sep 14, 2012
    Germany
    Actually it is already possible with PS Vita TV, but you have to change a few steps and you lose access to the E-Mail app until you remove the DB entries again and write them back via molecule:
    You have to use the ID NPXS10072 instead of NPXS10000 in all steps it is mentioned, when you add the entries to the app.db you previously dumped with molecule.
    Also you have to change in the step with the eboot path the ID from NPXS10072 to NPXS10027 which is the manual app.
    For now it's best to install the whitelist to launch any game on PS vita TV and then connect it via LAN to the router, I got speeds up to 5.0 MB/s like this.
     
  20. bache

    bache GBAtemp Advanced Fan

    Member
    694
    292
    Sep 28, 2009
    I've added NPXS10072 to table_uri, and changed the eboot path to NPXS20027.

    I input the path into the web browser, but it tells me it could not find the application. I've double checked the path, and it seems to be correct. Any ideas?

    My path is gro0:app/PCSA00147, but I have also tried gro0:/app/PCSA00147