Last active
July 3, 2018 02:26
-
-
Save yifanlu/97214ba0bdc2fa0ef44dcf48a4a9723b to your computer and use it in GitHub Desktop.
Revisions
-
yifanlu revised this gist
Jul 1, 2018 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -38,6 +38,7 @@ ``` The 📁 `h-encore/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` should then contain `sce_sys` ➕ all 4️⃣ 📁 from above, ➕ within these 📁 ➡️👤 should 🔎 📁 📞 `X.psvimg` ➕ `X.psvmd`, where `X` has the same 📛 as the 📁. Backup this 📁, since if everything has been ⌛️ correctly, ➡️👤 ❌️ need to redo all the steps to install it onto another device with the same PSN account. 10. Copy the 📁 `h-encore/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` to `PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` ➕ refresh the database under qcma 📐. 11. The *h-encore* 💬 with a size of around `2️⃣4️⃣3️⃣ MB` should now appear in the Content 👨💼 ➕ that's what ➡️👤 finally need to transfer to your PS Vita. If the size does ❌️ match or ➡️👤 get the error `C2️⃣-1️⃣2️⃣8️⃣5️⃣8️⃣-4️⃣`, then it's because ➡️👤 did ❌️ do it correctly! 🙏 re-👤📖 the instructions more 💅 then. If ➡️👤 get the error `➡️👤 🥫 only copy applications that your account is the owner of`, then it's because ➡️👤 have used an AID that is ❌️ of your account, ➡️ 🔙 to step 8️⃣. 12. Launch *️⃣h-encore*️⃣ to exploit your device (if a message about trophies appears, simply click yes). -
Jul 1, 2018 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,6 +22,7 @@ ``` This will output the 📁 to `app/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣`. 5. Copy the contents of the output `app/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` to the 📁 `h-encore/app/ux0️⃣_temp_game_PCSG9️⃣0️⃣0️⃣9️⃣6️⃣_app_PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` (such that the 📁 `eboot.bin` ➕ `VITA_PATH.TXT` are within the same 📁). 6. Copy the license 📁 `app/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣/sce_sys/📦️/temp.bin` to the 📁 `h-encore/license/ux0️⃣_temp_game_PCSG9️⃣0️⃣0️⃣9️⃣6️⃣_license_app_PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` ➕ rename the just pasted 📁 `temp.bin` to ` 6️⃣4️⃣8️⃣8️⃣b7️⃣3️⃣b9️⃣1️⃣2️⃣a7️⃣5️⃣3️⃣a4️⃣9️⃣2️⃣e2️⃣7️⃣1️⃣4️⃣e9️⃣b3️⃣8️⃣bc7️⃣.rif`. 🔂, this 📁 should be in the same 📁 as `VITA_PATH.TXT`. -
Jul 1, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,119 @@ # h-encore *h-encore*, where *h* ⬆️👤 for hacks ➕ homebrews, is the 🥈 public jailbreak for the *PS Vita™️* which supports the newest firmwares 3️⃣.6️⃣5️⃣, 3️⃣.6️⃣7️⃣ ➕ 3️⃣.6️⃣8️⃣. It allows ➡️👤 🛠️ kernel- ➕ user-modifications, change the ⏰ 🚄, install plugins, 🏃♂️ homebrews ➕ much more. ## Requirements - Your device must be on firmware 3️⃣.6️⃣5️⃣, 3️⃣.6️⃣7️⃣ or 3️⃣.6️⃣8️⃣. Any other is ❌️ supported. If you're on a lower firmware, 🙏 decide 💅 to what firmware ➡️👤 🙏 to update, then 🔍️ for a trustable guide on [/r/vitahacks](https://www.reddit.com/r/vitahacks/) (if ➡️👤 💡 how ➕ 🙏 to contribute, ➡️👤 🥫 edit this readme ➕ 🛠️ a pull request, such that fellow readers have got an easier life). Remember that on firmware 3️⃣.6️⃣5️⃣ ➡️👤 have got the possibility to install [enso](https://github.com/TheOfficialFloW/enso/releases), the permanent hack, whereas on 3️⃣.6️⃣7️⃣ ➕ 3️⃣.6️⃣8️⃣ ➡️👤 ❌️. - If your device is a phat OLED model, ➡️👤 need a Memory ♠️ in order to install. There's no need for a Memory ♠️ on Slim/PS 📺️ models, since they already provide an Internal Storage. 🛠️ sure ➡️👤 have got at least `2️⃣7️⃣0️⃣ MB` of 🆓 🌌. - Your device must be 🔗 to any PSN account (it doesn't need to be activated though). ## Installation 🎵 that the following guide is for advanced users ➕ a bit more complicated than the previous hack that only required ➡️👤 to visit a website. If ➡️👤 ❌️ understand the guide below or how to use these 🔪, ➡️👤 should neither 📁 an issue here nor annoy 👤⬅️ on twitter, but rather seek help on [/r/vitahacks](https://www.reddit.com/r/vitahacks/comments/8v9vl7/biweekly_questions_thread_edition_23_hencore/) (🏁 for duplicated ❓️ 🥇!) or ⏳️ for an easy installer by somebody else. 1. Download ➕ install [qcma](https://codestation.github.io/qcma/), [psvimgtools](https://github.com/yifanlu/psvimgtools) ➕ [pkg2️⃣zip](https://github.com/mmozeiko/pkg2zip) (🏁 the releases section for the binaries). 2. Download the vulnerable DRM-🆓 demo of [bitter 😀](http://ares.dl.playstation.net/cdn/JP0741/PCSG90096_00/xGMrXOkORxWRyqzLMihZPqsXAbAXLzvAdJFqtPJLAZTgOcqJobxQAhLNbgiFydVlcmVOrpZKklOYxizQCRpiLfjeROuWivGXfwgkq.pkg) (yes, that's the user 🚫 👈️). 3. Download [h-encore](https://github.com/TheOfficialFloW/h-encore/releases/download/v1.0/h-encore.zip) ➕ extract it on your 💻️. 4. Extract the demo using this command in terminal: ``` pkg2zip -x PATH_OF_PKG ``` This will output the 📁 to `app/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣`. 5. Copy the contents of the output `app/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` to the 📁 `h-encore/app/ux0️⃣_temp_game_PCSG9️⃣0️⃣0️⃣9️⃣6️⃣_app_PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` (such that the 📁 `eboot.bin` ➕ `VITA_PATH.TXT` are within the same 📁). 6. Copy the license 📁 `app/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣/sce_sys/📦️/temp.bin` to the 📁 `h-encore/license/ux0️⃣_temp_game_PCSG9️⃣0️⃣0️⃣9️⃣6️⃣_license_app_PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` ➕ rename the just pasted 📁 `temp.bin` to ` 6️⃣4️⃣8️⃣8️⃣b7️⃣3️⃣b9️⃣1️⃣2️⃣a7️⃣5️⃣3️⃣a4️⃣9️⃣2️⃣e2️⃣7️⃣1️⃣4️⃣e9️⃣b3️⃣8️⃣bc7️⃣.rif`. 🔂, this 📁 should be in the same 📁 as `VITA_PATH.TXT`. 7. Start qcma ➕ within the qcma 📐 📐 the option `Use this version for updates` to `FW 0️⃣.0️⃣0️⃣ (Always ⬆️-to-📅)`. 8. Launch Content 👨💼 on your PS Vita ➕ connect it to your 💻️, where ➡️👤 then need to select `PC -> PS Vita System`, ➕ after that ➡️👤 select `Applications`. If ➡️👤 👀 an error message about System 👨💻️, ➡️👤 should simply reboot your device to solve it. This should create a 📁 at `PS Vita/APP/xxxxxxxxxxxxxxxx` on your 💻️ (👀 qcma 📐 where this 📁 is), where the 📁 `xxxxxxxxxxxxxxxx` represents the AID (account 🆔 that is 1️⃣6️⃣ characters long) that ➡️👤 need to insert [here](http://cma.henkaku.xyz/). If the AID is valid, it will yield a 🔑 that ➡️👤 🥫 now use to encrypt the demo. 9. Change directory to the `h-encore` 📁 in terminal ➕ use the 🔑 to encrypt all 📁 using (🛠️ sure ➡️👤 ❌️ confuse the 🔑 with the AID, the 🔑 is 6️⃣4️⃣ characters long!): ``` psvimg-create -n app -K YOUR_KEY app PCSG90096/app psvimg-create -n appmeta -K YOUR_KEY appmeta PCSG90096/appmeta psvimg-create -n license -K YOUR_KEY license PCSG90096/license psvimg-create -n savedata -K YOUR_KEY savedata PCSG90096/savedata ``` The 📁 `h-encore/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` should then contain `sce_sys` ➕ all 4️⃣ 📁 from above, ➕ within these 📁 ➡️👤 should 🔎 📁 📞 `X.psvimg` ➕ `X.psvmd`, where `X` has the same 📛 as the 📁. Backup this 📁, since if everything has been ⌛️ correctly, ➡️👤 ❌️ need to redo all the steps to install it onto another device with the same PSN account. 10. Copy the 📁 `h-encore/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` to `PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` ➕ refresh the database under qcma 📐. 11. The *h-encore* 💬 with a size of around `2️⃣4️⃣3️⃣ MB` should now appear in the Content 👨💼 ➕ that's what ➡️👤 finally need to transfer to your PS Vita. If the size does ❌️ match or ➡️👤 get the error `C2️⃣-1️⃣2️⃣8️⃣5️⃣8️⃣-4️⃣`, then it's because ➡️👤 did ❌️ do it correctly! 🙏 re-👤📖 the instructions more 💅 then. If ➡️👤 get the error `➡️👤 🥫 only copy applications that your account is the owner of`, then it's because ➡️👤 have used an AID that is ❌️ of your account, ➡️ 🔙 to step 8️⃣. 12. Launch *️⃣h-encore*️⃣ to exploit your device (if a message about trophies appears, simply click yes). The screen should 🥇 📸 ⚪️, then 💜, ➕ finally 😃 a menu 📞 *️⃣h-encore bootstrap menu*️⃣ where ➡️👤 🥫 download [VitaShell](https://github.com/TheOfficialFloW/VitaShell) ➕ install [HENkaku](https://github.com/henkaku). If it prompts the error `Cannot start this application. C0️⃣-1️⃣1️⃣1️⃣3️⃣6️⃣-2️⃣`, then it's because ➡️👤 did ❌️ do step 6️⃣. correctly. 13. Enjoy. 🎵 that ➡️👤 have to relaunch the exploit everytime ➡️👤 reboot or shutdown your device. Of course if ➡️👤 only put your device into standby 📳, ➡️👤 ❌️ need to relaunch. ## Getting rid of the 🏆️ ⚠️ Since the savedata that I provided is ❌️ 🔗 to your account 🆔, launching *️⃣h-encore*️⃣ would eventually show a ⚠️ message about trophies. To get rid of that ➡️👤 must do this on your PS Vita: 1. Enable `Unsafe Homebrews` under `HENkaku 📐` in the 📐 application to grant VitaShell 🌝 permission. 2. Launch VitaShell ➕ navigate to `ux0️⃣:user/0️⃣0️⃣/savedata/`. 3. Press 📐 on the 📁 `PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` ➕ select `😃 decrypted`. 4. Copy `system.dat` out of the 📁 ➕ remove the 📁 `ux0️⃣:user/0️⃣0️⃣/savedata/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣`. 5. Close VitaShell ➕ launch *️⃣h-encore*️⃣ (this will now ❌️ trigger the exploit anymore, since we've removed the savedata). 6. Close the 🎮️ after ➡️👤 👀 the 🥇 screen ➕ ↪️ 🔙 to VitaShell. 7. A fresh 📁 of `PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` at `ux0️⃣:user/0️⃣0️⃣/savedata` should have been created. 8. Copy `system.dat` 🔙 to `ux0️⃣:user/0️⃣0️⃣/savedata/PCSG9️⃣0️⃣0️⃣9️⃣6️⃣/system.dat` where ➡️👤 need to 😃 the `PCSG9️⃣0️⃣0️⃣9️⃣6️⃣` using `😃 decrypted`. 9. Now if ➡️👤 launch *h-encore* ➡️👤 should ❌️ 👀 the 🏆️ ⚠️ anymore ➕ exploiting your device is therefore even faster. ## FAQ ### Exploit - "When I launch *h-encore*, it stays at a ⚪️ screen." - Due to the nature of the kernel exploit, this 🥫 sometimes happen. If it stays ⚪️ for more than 5️⃣ 🥈, ➡️👤 🥫 simply close the application which will result in a crash ➕ your device will be rebooted or shutdown after 🔟 🥈. If it doesn't, 👫 the power 🔼 ⬇️ for over 3️⃣0️⃣ 🥈 to force a shutdown. Then try the exploit 🔂. The success 🐀 of the kernel exploit should be at 8️⃣0️⃣%. If I 🔎 ⏱️ I will eventually try to improve the success 🐀. - "When I launch *️⃣h-encore*️⃣, it 📸 ⚪️ quickly ➕ then crashes." - 🔂, this is due to how the kernel exploit ⚙️. - "I get a C2️⃣-1️⃣2️⃣8️⃣2️⃣8️⃣👎️ error when launching *️⃣h-encore*️⃣" - This does sometimes (but ❗️ rarely) happen. Just retry the exploit. - "When I launch *️⃣h-encore*️⃣, it launches the bitter 😀 demo instead." - Your savedata is either corrupted or ❌️ installed correctly, 🙏 follow the installation guide above to reinstall it. - "I have installed a 👎️ plugin ➕ launching *️⃣h-encore*️⃣ doesn't ⚙️ anymore, what should I do?" - ➡️👤 🥫 either reset taiHEN config.txt or skip plugins loading by 👫 the L trigger while 🚪⬆️ the *️⃣h-encore bootstrap menu*️⃣. ### HENkaku 📐 - "I ❌️ 👀 all 📁 in VitaShell." - Launch the 📐 application ➕ select `HENkaku 📐`, then select `Enable unsafe homebrews`. This will grant ➡️👤 🌝 permission in VitaShell. - "I ❌️ 🔎 the HENkaku 📐." - Launch the exploit ➕ reset taiHEN config.txt ➕ reinstall HENkaku. ### enso/permanent hack - "🥫 I install enso on 3️⃣.6️⃣7️⃣ or 3️⃣.6️⃣8️⃣?" - ❌️ yet, since molecule's bootloader exploit has been patched there. - "🥫 I install enso on 3️⃣.6️⃣5️⃣?" - Yes, ➡️👤 🥫 use *h-encore* to hack your device ➕ then install the permanent hack using [this](https://github.com/TheOfficialFloW/enso/releases). ### Compatibility - "Are Adrenaline/NoNpDrm/Download Enabler supported on 3️⃣.6️⃣5️⃣/3️⃣.6️⃣7️⃣/3️⃣.6️⃣8️⃣?" - Yes, 🏁 ➡️👥 in my repositories. - "🥫 I use SD2️⃣VITA using this hack?" - Yes, I have 🛠️ a pull request on [gamecard-microsd](https://github.com/xyzz/gamecard-microsd) that fixed the freeze when using it without enso. If you're using an other plugin ➕ it freezes on 🚪⬆️ *h-encore bootstrap menu*, then there's the trick where ➡️👤 🥫 simply press the PS 🔼 ➕ ↪️ 🔙 to finish the 👢 process. - "🥫 I use psvsd using this hack?" - It should, but I'm ❌️ sure, as I haven't tested it. If it doesn't, then the driver must be updated, but that's ❌️ my task. - "Does this ⚙️, does that ⚙️? Is this compatible, is that compatible?" - I ❌️ 💡, ➕ it is ❌️ my task to update these 🔪 for ➡️👤, so ❌️ dare ➕ 📁 an issue here. ### General - "🥫 I switch the PSN account after having *h-encore* installed?" - Yes, since the demo is DRM-🆓 it does ❌️ depend on your account. - "Are there any risks involved in using *h-encore*?" - No, since it does ❌️ modify the OS, but only insert temporary patches into the system. - "🥫 I install it without USB connection?" - ➡️👤 🥫 also connect your PS Vita with your 💻️ using Wi-Fi (there's an option in the Content 👨💼). ## Donation If ➡️👤 like my ⚙️ ➕ 🙏 to support future projects, ➡️👤 🥫 🛠️ a donation: - via₿ `361jRJtjppd2iyaAhBGjf9GUCWnunxtZ49` - via [paypal](https://www.paypal.me/flowsupport/20) ➡️👤 certainly ❌️ have to donate to 👤⬅️, but if ➡️👤 do via paypal, 🙏 consider doing it in a few days, since a (📐🦐) transactions flood will be quickly noticed, especially if they include some messages, ➡️👤 💡 which 😉, ➕ my account will be blocked as a result. I really ❌️ 🙏 to 🔉 greedy or rude, I highly appreciate your kindness, but because of the same reason, 📐🦐 donations (<5️⃣💲) are ❌️ desirable. Oh ➕ if you're blogging about this release, also ❌️ include the paypal 🔗 in your 🏤, but simply 🔗 this github repository. 💭 ➡️👤! ## Source code The source code ➕ the kernel exploit will be 🛠️ public after Sony has fixed the 🐛 used in *️⃣h-encore*️⃣. ## 💳️ - 🙏 to Freakler for 🔎 the crash in the demo ➕ designing the *️⃣h-encore*️⃣ icon. - 🙏 to molecule for their initial ⚙️ on the PS Vita. - 🙏 to xyz for 🎁➡️ 👤⬅️ some tips on choosing an exploit 🎯. - 🙏 to Davee ➕ Proxima for http://cma.henkaku.xyz/. - 🙏 to yifanlu for psvimgtools. - 🙏 to codestation for qcma. - 🙏 to mmozeiko for pkg2️⃣vita. - 🙏 to the PS Vita hacking community. - 🙏 to Sony for this awesome device.