TheFloW releases Trinity, the third public PS Vita jailbreak

psvita.jpg

After announcing it via a PSA in late March of the current year, TheFloW has finally released Trinity, the third public jailbreak for the PS Vita. Trinity relies on a PSP emulator escape exploit (as well as a MIPS and ARM kernel exploit) in order to work. You can see it in action in the following video shared by the developer himself:

If you've already followed the instructions written in the PSA back when it was originally posted then you can proceed to install the jailbreak right away. However, if you didn't, you will need to download any PSP game to your Vita first; a PSN account linked to your Vita is required to do so. Demos and minis are OK, while PS Classics and Vita games will not work. TheFloW recommends to download the following free demos based on your region: Ape Quest (EU or UK), LocoRoco Midnight Carnival (NA or SG), YS seven (JP). If you're on firmware 3.69, you will also need to either upgrade to 3.70 or set your connection's DNS to 212.47.229.76.

Once you're ready, you can follow these instructions to install Trinity to your PS Vita:

  1. Download and install qcma and psvimgtools (check the releases section for the binaries).

  2. Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date) to spoof the System Software check.

  3. Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PS Vita System -> PC, and after that you select Applications. Finally select PSP™/Other and click on the game that you want to turn into the Trinity exploit. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn't solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to 212.47.229.76 to block updates.

  4. Transfer the game over to your computer by clicking on Copy on your PS Vita. After copying, you go to the folder /Documents/PS Vita/PGAME/xxxxxxxxxxxxxxxx/YYYYZZZZZ on your computer, where xxxxxxxxxxxxxxxx is some string corresponding to your account ID and YYYYZZZZZ is the title id of the game that you've just copied over. You can look at the image at YYYYZZZZZ/sce_sys/icon0.png to verify that it is indeed your chosen game. Furthermore, the YYYYZZZZZ folder should contain these folders: game, license and sce_sys.

  5. Before you attempt to modify the backup, you should make a copy of it. Just copy YYYYZZZZZ somewhere else, such that if you fail to follow the instructions, you can copy it back and retry.

  6. Insert the xxxxxxxxxxxxxxxx string here. If the AID is valid, it will yield a key that you can now use to decrypt/re-encrypt your game.

  7. Decrypt the game backup as follows (if you haven't installed psvimgtools yet, then just place them in the YYYYZZZZZfolder):

    psvimg-extract -K YOUR_KEY game/game.psvimg game_dec

    If done correctly, you should see an output like this:

    creating file ux0: pspemu/temp/game/PSP/GAME/YYYYZZZZZ/EBOOT.PBP (x bytes)...
    creating file ux0: pspemu/temp/game/PSP/GAME/YYYYZZZZZ/__sce_ebootpbp (x bytes)...
    all done.

  8. Download Trinity and copy the PBOOT.PBP file to game_dec/ux0_pspemu_temp_game_PSP_GAME_YYYYZZZZZ/PBOOT.PBP(the files EBOOT.PBP, __sce_ebootpbp and VITA_PATH.txt should exist in this folder). If PBOOT.PBP does already exist there, just overwrite it.

  9. Now re-encrypt the backup similar to above:

    psvimg-create -n game -K YOUR_KEY game_dec game

    If done correctly, you should see an output like this:

    adding files for ux0: pspemu/temp/game/PSP/GAME/YYYYZZZZZ
    packing file ux0: pspemu/temp/game/PSP/GAME/YYYYZZZZZ/EBOOT.PBP (x bytes)...
    packing file ux0: pspemu/temp/game/PSP/GAME/YYYYZZZZZ/PBOOT.PBP (x bytes)...
    packing file ux0: pspemu/temp/game/PSP/GAME/YYYYZZZZZ/__sce_ebootpbp (x bytes)...
    created game/game.psvimg (size: x, content size: x)
    created game/game.psvmd

  10. Remove the game_dec folder and select Refresh database in qcma settings.

  11. Now you need to copy back the modified backup to your PS Vita: Launch Content Manager on your PS Vita and connect it to your computer (if it's already open, just go back to the first menu), where you then need to select PC -> PS Vita System, and after that you select Applications. Finally select PSP™/Other and click on the modified game. Perform the copy operation and exit Content Manager.

  12. In the livearea, the game should now have a different icon and should now be called Trinity. If not, please re-read the instructions more carefully and begin from fresh.

  13. Turn on Wi-Fi, then reboot your device and straightly launch Trinity. Do not do anything else, otherwise the exploit will be less reliable. It is very important that you do not have any running downloads in background.

  14. Enjoy the exploitation process and wait until it launches the Construct. If the exploit fails, simply rerun Trinity.

  15. Within the Construct, select Download VitaShell, then Install HENkaku and finally Exit.

  16. Congratulations, your device is now able to run homebrews. It is highly suggested that you downgrade your device to either firmware 3.60 or 3.65/3.67/3.68 using modoru. On 3.60, you can use HENkaku and on 3.65/3.67/3.68 you can use h-encore. If you don't downgrade your device now, you may lose the ability to launch Trinity later and therefore not be able to hack your device anymore.

The developer has stated that this will probably be his last Vita release. If you're interested in jailbreaking your vita it's strongly recommended you do so as soon as possible, as Sony could patch the needed exploits in a later firmware release.

:arrow: Source
 

KyleHyde

Well-Known Member
Member
Joined
Dec 10, 2018
Messages
195
Trophies
0
Age
28
XP
421
Country
Puerto Rico
Oh, so then if I wasn't already on 3.60, then it would be useful to me. Just thought that if it was 3.70, it would mean playing new released games that lower firmware can't. :ninja:
That hasn't been an incentive to update from 3.60 or 3.65 for quite some time now, thanks to compatibility packs and the reFOOD plugin, both of which allow you to play backups of games that would normally require a higher firmware.
 

Sonic Angel Knight

Well-Known Member
Member
Joined
May 27, 2016
Messages
14,030
Trophies
1
Location
New York
XP
11,389
Country
United States
That hasn't been an incentive to update from 3.60 or 3.65 for quite some time now, thanks to compatibility packs and the reFOOD plugin, both of which allow you to play backups of games that would normally require a higher firmware.
Tell me more about this food for my vita I have been neglecting to feed. :blink:
 

Ryccardo

watching Thames TV from London
Member
Joined
Feb 13, 2015
Messages
7,406
Trophies
0
Age
26
Location
Imola
XP
6,335
Country
Italy
Tell me more about this food for my vita I have been neglecting to feed. :blink:
Incorrectly oversimplified, the Molecule team has been able to dump the security chip (f00d), and team Faps cloned part of its functionality with less restrictions - so you can now decrypt software encrypted with keys "exclusive to newer versions"

Is this a temporary like the henkaku.xyz or is it permanent?
Temporary
 

kuwanger

Well-Known Member
Member
Joined
Jul 26, 2006
Messages
1,510
Trophies
0
XP
1,778
Country
United States
The Vita is one pretty amazing piece of hardware, security wise. But hackers are more amazing. :) Cache attacks and other clever tricks never cease to amaze. Thanks TheFloW for all your hard work. Thanks all the Vita hackers, for which I'm very grateful.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Coto @ Coto: YYZ - Rush . Neil Peart was a living legend.