​

Earlier today, Yifan Lu, a well-known member of the Vita hacking scene famous for the Rejuvenate hack for the Dev Assistants, has announced that a new (native!) Vita homebrew enabler for the latest firmware version, as of writing (3.60), will be arriving tomorrow at "9:00AM UTC".

The new hack, known as "HENKaku", will require the following:

• A Vita/PSTV running 3.60
• A memcard with at least 10MB of free space (internal memory is currently not supported!)
• An FTP client
• An internet connection**

**Offline support is now available! Launch the exploit straight from the email app without the need for internet access at all! See the unofficial release thread for more details. (Internet connection still required for installation)


This is a small paragraph of Yifan Lu himself explaining what the properties of this new homebrew enabler does:

HENkaku simply lets you install homebrew as bubbles in LiveArea. It is a native hack that disables the filesystem sandbox. It installs molecularShell, a fork of VitaShell that lets you access the memory card over FTP and install homebrew packages (which we create as VPK files). With vita-toolchain, developers have access to the same system features licensed developers have access to as well as undocumented features that licensed developers cannot use (including overclocking the processors).

The hack has been released at http://henkaku.me ~ Furthermore, the hack is said to be exclusive to 3.60, and there is to be no backports for the time being.

Source: http://yifan.lu/2016/07/28/henkaku-vita-homebrew-for-everyone/

 

[metroid maniac]

I don't know but I want to know if this will give us a chance to a Digimon World Next Order translation.

Vita romhacks won't come without a kernel exploit, I believe.

 

[Romsstar]

It's basically the same as the old dumping method.

But many things don't work with the email exploit anymore.
When I try to open a manual and dump the data over, it will give an error.
Can you also dump a cartridge decrypted on henkaku? With the old method you could only dump installed games.
Can you please explain to me (over PM is also fine) what you have to do different with henkaku this time?
You help will be much appreciated. I'm sorry if I seem helpless, Vita is just not my field but you would really help me out if you could explain it just a bit.

I can dump the encrypted data (from the cartridge) over to the memory card just fine, license as well, but I'm stuck after that...

 

[yifan_lu]

I'm guessing the Vita really has little tolerance for finding unexpected files in those partitions?

Just that people usually do stupid things when they get access and I don't want to deal with angry kids blaming me for their $100 brick.

 

[Deleted User]

Just that people usually do stupid things when they get access and I don't want to deal with angry kids blaming me for their $100 brick.

I'm pretty sure they wouldn't. The only person you have to blame, if you brick, is yourself. It's nothing to be overly worried about lol. I mean look at the 3DS community! People are bricking left, right, and center and they are blaming theirselves for their errors!

 

[Romsstar]

Just that people usually do stupid things when they get access and I don't want to deal with angry kids blaming me for their $100 brick.

omg it's you?
First and foremost: Thank you for your work.
Please answer just one question to me because I've hard various contradicting statements: Is it on 3.60 with henkaku still possible at all, to dump game data decrypted (installed or cartridge)?
I have no intention to copy it back or anything, or use it for any piracy measures. But before I try I just want to know if it's possible and I wouldn't be wasting my time.

 

[metroid maniac]

I'm pretty sure they wouldn't. The only person you have to blame, if you brick, is yourself. It's nothing to be overly worried about lol. I mean look at the 3DS community! People are bricking left, right, and center and they are blaming theirselves for their errors!

Are 3DS bricks really that common these days?

omg it's you?
First and foremost: Thank you for your work.
Please answer just one question to me because I've hard various contradicting statements: Is it on 3.60 with henkaku still possible at all, to dump game data decrypted (installed or cartridge)?
I have no intention to copy it back or anything, or use it for any piracy measures. But before I try I just want to know if it's possible and I wouldn't be wasting my time.

I believe game data is in the gro0: partition. Just dump that.

 

[Deleted User]

Are 3DS bricks really that common these days?

Oh, well... it varies. Sometimes it's common, sometimes it's not. Depends on how well dangerous tools are developed, I guess.

 

[Romsstar]

Are 3DS bricks really that common these days?

believe game data is in the gro0: partition. Just dump that.

Yes I know. And as I said: Already did that. The resulting data is encrypted. I want to dump the data decrypted.
This was possible up to 3.52 with the email exploit. I want to know how exactly the process has chanced with henkaku now and if and how it works.
Yes maybe I'm asking a bit too much, but I still would be really gratefull...

 

[metroid maniac]

Yes I know. And as I said: Already did that. The resulting data is encrypted. I want to dump the data decrypted.
This was possible up to 3.52 with the email exploit. I want to know how exactly the process has chanced with henkaku now and if and how it works.
Yes maybe I'm asking a bit too much, but I still would be really gratefull...

Can you show me a guide describing how to dump Vita game content decrypted using the email exploit?

 

[Romsstar]

Can you show me a guide describing how to dump Vita game content decrypted using the email exploit?

https://gbatemp.net/threads/how-to-dump-psvita-games.413600/

 

[yifan_lu]

omg it's you?
First and foremost: Thank you for your work.
Please answer just one question to me because I've hard various contradicting statements: Is it on 3.60 with henkaku still possible at all, to dump game data decrypted (installed or cartridge)?
I have no intention to copy it back or anything, or use it for any piracy measures. But before I try I just want to know if it's possible and I wouldn't be wasting my time.

Short answer: no.

Long answer: There are many layers of encryption. First is the HW encryption. This layer is decrypted by the Vita as soon as you insert the cart and only prevents external dumping. BlackFin bypasses this. FailMail bypasses this. and of course henkaku ftp lets you bypass this. Second is PFS encryption. This layer is decrypted when the game launches. There was a method posted a while back using near and game manual to bypass this and it has nothing to do with henkaku (google it). Third is NPDRM encryption. Nobody has gotten past this yet.

 

[Duo8]

Short answer: no.

Long answer: There are many layers of encryption. First is the HW encryption. This layer is decrypted by the Vita as soon as you insert the cart and only prevents external dumping. BlackFin bypasses this. FailMail bypasses this. and of course henkaku ftp lets you bypass this. Second is PFS encryption. This layer is decrypted when the game launches. There was a method posted a while back using near and game manual to bypass this and it has nothing to do with henkaku (google it). Third is NPDRM encryption. Nobody has gotten past this yet.

Is the last one only on the eboot?

 

[SkyDX]

I have a quick question for security reasons, after I sign-out of PSN can I just sign-in later again without anything being reset and can I play my games while signed-out?

 

[Romsstar]

Short answer: no.

Long answer: There are many layers of encryption. First is the HW encryption. This layer is decrypted by the Vita as soon as you insert the cart and only prevents external dumping. BlackFin bypasses this. FailMail bypasses this. and of course henkaku ftp lets you bypass this. Second is PFS encryption. This layer is decrypted when the game launches. There was a method posted a while back using near and game manual to bypass this and it has nothing to do with henkaku (google it). Third is NPDRM encryption. Nobody has gotten past this yet.

I asked a stupid question and had to be more exact. I'm sorry about that. I try to be more exact: I'm aware of all that. My issue is there were statements that claimed that the near and game manual method to bypass the PFS encryption no longer works in 3.60. Can you confirm that?
When I tried yesterday (and Shrinefox tried as well) we were facing various error codes. Has Henkaku anything to do with that? Or rather: COULD Henkaku have anything to do with that? Or should it, in theory still be possible?

Do you have any knowledge whether that PFS bypass was patched or not?

So what I really try to ask is I guess: Is it possible with Henkaku (and the other knowledge) to do (in terms of dumping) the same as was possible at 3.52, or are there any restrictions that come with that?

 

[yifan_lu]

Is the last one only on the eboot?

Yes. Although PFS signatures prevent modified data files from working.

 

[orly3]

2) Even if you do find a way to write to vs0, os0 (and you will, it's not that hard). DON'T DO IT. You'll basically end up bricking your vita beyond recovery unless you REALLY know what you're doing.

What about index.dat modification? Would it brick the vita if I entered invalid data/re-signed it incorrectly? Would recovery mode repair that?
That's assuming you've tested index.dat modification and actually know the answers to those questions.
Am I on the right track with main.c lines 1269 to 1309 being about the areas of memory (storage, not ram) that have rw permissions or am I way off?

Sorry for all the questions, I'm just really interested in this and don't have an advanced knowledge in C and I'm unable to get around the 'sandbox' in molecularShell.
I totally agree with it's presence, but maybe you should have a way for 'advanced' people to be able to bypass vs0 rw restrictions without knowing how to reverse software? (assuming it's a restriction that's been put in place and not just lack of code that gains rw access over the system partitions)

 

[yifan_lu]

I asked a stupid question and had to be more exact. I'm sorry about that. I try to be more exact: I'm aware of all that. My issue is there were statements that claimed that the near and game manual method to bypass the PFS encryption no longer works in 3.60. Can you confirm that?
When I tried yesterday (and Shrinefox tried as well) we were facing various error codes. Has Henkaku anything to do with that? Or rather: COULD Henkaku have anything to do with that? Or should it, in theory still be possible?

Do you have any knowledge whether that PFS bypass was patched or not?

So what I really try to ask is I guess: Is it possible with Henkaku (and the other knowledge) to do (in terms of dumping) the same as was possible at 3.52, or are there any restrictions that come with that?

I don't see why not. I have heard reports that people got it to work but I haven't confirmed it myself. You're on your own with that though.

--------------------- MERGED ---------------------------

What about index.dat modification? Would it brick the vita if I entered invalid data/re-signed it incorrectly? Would recovery mode repair that?
That's assuming you've tested index.dat modification and actually know the answers to those questions.
Am I on the right track with main.c lines 1269 to 1309 being about the areas of memory (storage, not ram) that have rw permissions or am I way off?

Sorry for all the questions, I'm just really interested in this and don't have an advanced knowledge in C and I'm unable to get around the 'sandbox' in molecularShell.
I totally agree with it's presence, but maybe you should have a way for 'advanced' people to be able to bypass vs0 rw restrictions without knowing how to reverse software? (assuming it's a restriction that's been put in place and not just lack of code that gains rw access over the system partitions)

Even if you get index.dat to work correct and even if you spoof the fw version correctly, that won't give you psn access in the future. Sony can easily push new certificates (as they are wont to do).

 

[metroid maniac]

I totally agree with it's presence, but maybe you should have a way for 'advanced' people to be able to bypass vs0 rw restrictions without knowing how to reverse software? (assuming it's a restriction that's been put in place and not just lack of code that gains rw access over the system partitions)

I kind of get the feeling that anyone who's careful enough to go poking around in those ro partitions is also able to bypass the ro restriction themselves.

 

[Romsstar]

I don't see why not. I have heard reports that people got it to work but I haven't confirmed it myself. You're on your own with that though.

Thanks that's all I needed to hear. As long as I know that it's possible in theory, I can figure something out from there

 

[memomo]

Look for the Locoroco midnight carnival demo in the us store

I've got VHBL working with it
Thanks