103w ago - Update: Sony has now released PS Vita 1.51 Firmware Update (JPN), and although no official changelog is available according to PlayStation Japan the update fixes an issue with Dynasty Warriors Next that prevented players from progressing further.
With the Japanese release of PlayStation Vita slated for tomorrow, Sony has now released a PS Vita 1.50 Firmware update which allows for PSN feature access including the PlayStation Store alongside a Content Manager Assistant application for updating via PC.
Some PS Vita Disassembled Pictures revealing the internal components are also available, and Andriasang.com also reports that the PlayStation Vita games ship without instruction manuals as it appears Sony is ditching a paper manual in favor of an in-game digital manual.
The package includes a single sheet of paper showing warning messages and details on a firmware update that's included on the card.
To quote from Sony's official PS Vita site: PlayStation Vita System Software Update - System software version 1.50 for PlayStation Vita Update
From 17 December 2011 and began updating the system software version 1.50. To become available and some features of the PlayStation Network features, updates the system software of PS Vita (Update) is required.
PS Vita also system software, by updating, adding and security can be enhanced many features. Please use the update to the latest version.
For more information on the latest system software features of the PS Vita Guide please visit.
Interestingly, the guide reveals that users can now take screenshots during gameplay, which are saved as an image to their PlayStation Vita Memory Stick.
How to Update
By one of the following methods, you can update the system software on PS Vita:
Update using a Wi-Fi - Wi-updates with the PS Vita-Fi. (http://www.jp.playstation.com/psvita/update/ud_wifi.html)
Connected to the PS3 update - Using the network function of PS3, the latest update file download over the Internet. (http://www.jp.playstation.com/psvita/update/ud_ps3.html)
Connected to the PC and update - Using computer networking capabilities, download the latest updates via the Internet. (http://www.jp.playstation.com/psvita/update/ud_pc.html)
PS Vita card to update - If the PS Vita card data includes updates to update using the PS Vita card. (http://www.jp.playstation.com/psvita/update/ud_card.html)
After updating, the home screen of PS Vita Setting (Settings)> [start]> [System]> [System Information and tap. [System Software] If the data is displayed and updated version, and has been updated correctly.
And update the system software update to connect to PlayStation Vita PC
Connected to the PC and update
Using computer networking capabilities, download the latest updates via the Internet. To update your system, you must keep the following states in advance the target computer.
Keep connected to the Internet
Administrative Assistant to the content you download / install the administrative assistant for PlayStation content can be downloaded from the Web site: http://cma.dl.playstation.net/cma/
1. PC, to determine whether to launch a content management assistant. You can check the computer's system tray.
2. Connect the USB cable to PC and PS Vita.
3. In the PS Vita, Setting (Settings)> [start]> [System Update]> [to be updated by connecting to a PC] to tap. Using computer networking capabilities, download the latest updates via the Internet. Please follow the instructions on the screen then.
Content Manager Assistant
Content Manager Assistant for PlayStation is a computer application that enables data transfer between a PS Vita system and a computer. By installing it on your computer, you can do things like copy content from your computer to your PS Vita system and back up data from your PS Vita system to your computer.
Backing up saved data and application data (game data) - You can back up the saved data for games played on your PS Vita system, and the application data (game data) for games purchased from PlayStation Store to your computer.
Copying music, image, and video files - You can display lists of music, image, and video files stored on your computer and transfer them to your PS Vita system. You can also transfer music, image, and video files in the opposite direction.
Backing up system files - You can back up system files saved on the PS Vita memory card or in system memory to your computer.
Performing a system update of the PS Vita system - When a Wi-Fi access point is not available, you can perform a system update of the PS Vita system using a computer that can connect to the Internet.
For detailed operating instructions for each feature, and for information about other features, see the User's Guide for the PS Vita system.
Installation and Uninstallation
Download the installation file (above) and save the file on your desktop or in a convenient folder. When the downloaded file is launched, the installation screen for Content Manager Assistant for PlayStation will appear. Follow the on-screen instructions to perform the installation.
During the installation process, dialog boxes might appear that direct you to download components (additional software) needed to operate Content Manager Assistant for PlayStation. If this happens, follow the on-screen instructions to download the components.
After the installation is complete, a message for creating the database for the PS Vita system will appear when Content Manager Assistant for PlayStation is launched for the first time.
After the installation is complete, if a dialog box like the one shown below appears, click [x] in the upper right of the dialog box to close it.
From the Windows control panel, select “Add or Remove Programs” (if using Windows XP) or “Programs and Features” (if using Windows Vista or Windows 7), and remove the program shown below.
Content Manager Assistant for PlayStation
PS Vita system
PS Vita system (system software version 1.00 or later)
Computer running a Microsoft Windows operating system
One of the following operating systems:
Microsoft Windows XP Service Pack 3 or later (32-bit version only)
Windows Vista Service Pack 2 or later (32-bit or 64-bit version)
Windows 7 Service Pack 1 (32-bit or 64-bit version) or later
1 GHz processor or greater
At least 150 MB of free space on the hard disk
At least 512 MB of RAM
Internet Explorer 7.0 or later
Windows Media Format Runtime 11 or later (for Windows XP) (included in the installation)
Windows Media Player 11 (for Windows Vista)
Media Feature Pack (for Windows 7 N and Windows 7 KN)
A USB 2.0-compatible port (used for connecting the PS Vita system)
An Internet connection
Operations on custom-built computers are not guaranteed.
How to Access the PS Vita Recovery Menu
The PlayStation Vita Recovery Menu offers users several tools to fix corrupt system files, upgrade your firmware, format memory stick and more. It is a powerful tool and several features should be used with caution as they can remove all your settings, as well as all of your saved information.
Turn OFF your PS Vita (Press Power Button for 10 seconds)
Now press and hold “R” + Power + PS (PlayStation Button)
Now you’re in Recovery Menu (Mode)
PS Vita Recovery Menu Options
1. Restart System
This option boots your system as normal without changing any settings or files.
2. Rebuild Database
This can be a useful feature if you have lost files on your system for no apparent reason. Try using this feature to see if it can restore those files. This will also rewrite corrupted files within the database, potentially eliminating future issues. This feature should not erase any of your saved data or settings.
Deletes messages, playlists, changes made on “Information” screens, trimming information for pictures in “Photo”, video thumbnails, video playback history and video resume information. This operation may take a long time depending on the type and number of data items.
3. Format the memory card
This will format the memorycard, effectively erasing all data currently on it.
4. Restore PS Vita System
This will restore your system to original including, formatting and erasing all of the data on internal flash and returning all system settings to default. This will not take your system back to a previous Firmware release. Use this option as a last resort, unless you have nothing on the console that you want or you want to erase everything on the console, do not use this option.
5. System Update
This can useful if your system has become corrupted to the point you can not boot. This will allow the user to update their console with new firmware via PS3, PC or PS Vita memorycard.
PS Vita Hidden System Menu
This PlayStation Vita hidden system menu is present on both PS3 and PSP, and includes the product code, release build, and other internal version strings. To access it, do the following via EmuOnPSP.net:
Go to Settings > System > System Information
Press simultaneously R1 + L1 + DPad Left + Square for a few seconds
Release those buttons then immediately press the start button (and keep it held)
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Below is the guide, to quote from his blog (linked above): This guide assumes that you found a http://wololo.net/wagic/2009/03/11/finding-gamesaves-exploits-on-the-psp/ in a game, and that you were able to write a http://wololo.net/wagic/2010/02/27/writing-a-binary-loader/.
So now what’s next? Well, as you probably know if you’ve gone that far, the PSP scene doesn’t really like “hello worlds”. A hello world is nice, but it accomplishes nothing, it just draws Sony’s attention to your exploit, and you know the vulnerability will be patched soon, while nobody really used the exploit.
Well, the next step is, ideally, a HEN or a custom firmware. Of course, this requires a kernel exploit, and we know how these are difficult to find. A much more doable task, that will make lots of people happy, is to port HBL to your exploit. HBL opens the door to lots of legal contents on the PSP and the Vita, and we designed it so that porting it to your game exploit can be done fairly easily.
This tutorial is valid at the time of its writing, for all games, and up to firmware 6.60 (Vita firmware 1.61). In theory, HBL will work on future firmwares, but of course new kinds of security might be introduced in new firmwares. Additionally, depending on your game (and its function imports), the compatibility and speed of homebrews might vary.
0. Easy as pie
HBL was designed to be easily ported to new game exploits. Most Game-specific files (except one) go in a subfolder that I will describe below. To complete this tutorial, you need basic shell skills, a working pspsdk, a working game exploit and the associated binary loader / hello world, a ruby interpreter, and basic ruby skills (usually, if you know any other scripting language, you’ll figure it out easily, there are not so many changes required).
1. Get the HBL sources and compile them
The first step is to get the HBL sources, compile them, and if you’re motivated, test them on an existing game exploit, to make sure the copy you have works correctly. (As I write this, it is recommended to test compilation with either the Mototrstorm or the Everybody’s tennis exploits, as we might have broken backwards compatibility with older exploits)
The sources of HBL can be downloaded here (SVN client required: http://code.google.com/p/valentine-hbl/source/checkout)
In order to compile it, you need the PSPSDK (which you probably already have if you wrote a binary loader). Compilation is fairly easy, but in order to compile the HBL for a specific exploit, you have to specify the folder of the exploit. for example, make FOLDER=lifeup will compile HBL for the Motorstorm (EU) exploit.
2. Create your own exploit’s folder
As you guessed, you will create a folder dedicated to your own exploit. Let’s imagine you game is called wololo, then you can create a subfolder “wololo” in the eLoader folder. Basically, we want to reproduce the files that are in this folder for another exploit, and adapt them to our exploit. Let’s have a look at the lifeeu folder:
The folder contains 6 files and 1 folder (which contains 1 file) that you will want to adapt to your exploit. I will describe each of them separately. Most of these files are automatically generated by a script, so this should be fairly simple.
3. Create your exploit’s files
This is the linker file for h.bin. If you created a binary loader and a hello world, you already have this file from your hello world, and most likely you named it “linker.x“. Copy linker.x from your hello world to linker_loader.x. Done!
This is the sdk for h.bin. If you created a binary loader and a hello world, you probably already have this file, and named it sdk.S. Copy sdk.s to sdk_loader.S. If you don’t have this sdk, you can create it either by running prxtool on the EBOOT.BIN of the game, or by using the moskitool (a ruby version of the moskitool can be found in the eLoader/tools folder of the HBL). Most likely, if you created a hello world, you already have this file so I won’t give more details for now. Done!
config folder, exploit_config.h, sdk_hbl.S, loader.h,
The contents of the config folder, as well as sdk_hbl.S, loader.h, and most of exploit_config.h (details below for exploit_config.h) are automatically generated by a ruby script that you can find in eLoader/tools/gen_exploit_config.rb.
The gen_exploit_config.rb has 2 “modes”, but I will only describe the first one, which is required the first time you adapt your exploit. You need to have a usermem dump named memdump.bin (that you acquired from psplink with the command savemem 0x08800000 0x01800000 memdump.bin). Important note: For Vita compatibility, that dump must be done on a PSP running firmware 6.60. In addition to memdump.bin, you need a list of UIDs from the same psplink session, that you will name uidlist.txt.
You can get that file by typing uidlist > uidlist.txt in psplink. That file needs to be in unix format, so be sure to convert it if you are running windows. Finally, you need a file named sdk.S, which is nothing else than the sdk.S you created for your game exploit, the one we just named sdk_loader.S above.
Put these 3 files (memdump.bin and uidlist.txt obtained from the same psplink session, as well as sdk.S from your exploit) in the tools folder, and run gen_exploit_config.rb
This should display a list of addresses (you will want to copy these addresses inside the stubs array of gen_exploit_config.rb so that other people who want to improve your exploit won’t need a memory dump/uidlist anymore, although they will still need the sdk.S file), and generate a series of files in the tools/output subfolder.
The files generated by gen_exploit_config.rb in the output folder can be copied “as is” into your game’s folder.
Final edits to exploit_config.h
You’re almost done, but the file exploit_config.h need to be edited in two places, that you will find because they say “TODO” in big letters.
HBL_LOAD_ADDRESS This is where you will load HBL in RAM. You want a value that is outside of the boundaries of the game, and basically, a place where the PSP will accept to alloc roughly 200kB. you can get such an address in psplink while the game is running by typing malloc 2 test l 204800
HBL_ROOT is the name of the folder where your exploited savedata is. That folder name looks like ms0:/PSP/SAVEDATA/UCUS12345000. Important note: my tutorial on how to create a binary loader assumes you will load a file named ms0:/h.bin. On the PS Vita, this is not possible anymore, so you will have to adapt your binary loader in order to load the exploit from ms0:/PSP/SAVEDATA/XXXXXXX/h.bin (where XXXX is the folder of your savedata). In the Vita version of HBL, all HBL files for in that folder, and there is no subfolder.
copy linker_loader.x into linker_hbl.x, and replace the address value with the value of HBL_LOAD_ADDRESS that you figured out earlier while creating exploit_config.h. Done.
Run make FOLDER=yourfolder (alternate ways: make distrib FOLDER=yourfolder to remove debug messaging, make nonids FOLDER=yourfolder to remove NIDs-related heavy debug messaging)
You’re done, grab the h.bin and hbl.bin in the root, the config folder from your exploit’s folder, and the libs_… folders from the root. You now have the meat of your HBL port ready.
5. Last but not least
HBL is licensed under the GPL. If you plan to distribute your compiled binaries, it is required that you provide your source code as well. Don’t make us ask for it
This tutorial is voluntarily vague. Porting HBL is fairly easy, but we assume that if you made it that far, you probably are skilled enough to do some research on your own. Nevertheless, don’t hesitate to ask questions if you are running into problems
You are allowed to reproduce this article on other websites and/or translate it on condition that you put a clear link to this page in your copy.
6. More details
Porting VHBL is simple in theory, but many games do not import some functions that are necessary for HBL to run properly. One goal of the script gen_exploit_config.h is to analyze the imports of your game (this is why the sdk.S is necessary), and define some workarounds in exploit_config.h in case your game does not have all the necessary exports. This should work in most cases, but that script is still experimental and might make mistakes. Below are a few details on some of the “define” sections it creates:
TH_ADDR_LIST, EV_ADDR_LIST, SEMA_ADDR_LIST, and GAME_FREEMEM_ADDR can be computed for you by the tool eLoader/tools/freemem.rb. For that you will need a memory dump and a file uidlist.txt which is the output of the uidlist command in psplink (uidlist > uidlist.txt ). It is important to note that the memory dump and the uidlist need to be from the same session, otherwise the addresses will be incorrect. If you’re on windows, also make sure that the uidlist.txt file is in the unix format (use your favorite editor to convert it if needed). For those interested, here are some technical details about those variables, but basically the tool should do it for you
TH_ADDR_LIST, is the list of threads you want to kill. Threads are defined by a SceUID, but since this value changes all the time, what we actually want is the addresses where they are defined. in psplink, while your game (or your hello world) is running, you can get a list of these thread by typing thlist. Then look for each thread’s uid in ram. The address (hopefully unique) where the thid is defined, is what you want to put in this list.
EV_ADDR_LIST is the list of events you want to kill. You get this list by typing evlist in psplink. The rest is similar to the construction of TH_ADDR_LIST
SEMA_ADDR_LIST is the list of semaphores you want to kill. You get this list by typing smlist in psplink. The rest is similar to the construction of TH_ADDR_LIST above
GAME_FREEMEM_ADDR this is the address in Ram where the game’s memory was allocated. Most game have this but for those that don’t have it (patapon2), this value can be commented out. To find this value, type uidlist” PSPLink and look under the SceSysMemMemoryBlock section. You’re looking for blocks that have a 0xFF (user) attribute (not 0×00!), and are not “stack”. In the golf exploit, this block was simply called “block” and was easy to find. Again, you’re interested in the entry address, not the uid.
UNLOAD_ADDITIONAL_MODULES : define this variable if possible. Comment it out only if you run into issues at the “free memory” stage of HBL
Other variables: The variables above are the basics of the config file. With those, HBL should basically work, or at least take you to a step where you can start debugging. But with time, HBL has grown and has been updated by several people. In order to maintain backwards compatibility and increase game coverage, the exploit_config file was added several config values.
DISABLE_P5_STUBS is useful if you run into a crash/freeze even before hbl is loaded (just after firmware detection). SYSCALL_* are used for perfect syscall estimation on firmwares where this is available (TODO: explain syscalls estimation), etc… at this point you will probably need to dig in previous exploit_config.h files in order to find more on each macro you can possibly define.
Following up on the PS Vita HBL and Doom releases, PlayStation Vita developer wololo reports that http://drakon.ixan.net/?p=622/ has made available a Lamecraft (Minecraft Clone) PSP homebrew port that runs on PS Vita with a demonstration video below.
Sony is CRAPPING themselves from any even minor attempts to hack Vita - it was clearly rushed out to meet the release dates (both in Japan as well as worldwide) and is still full of security holes as Emental cheese ... the sooner this get permanently hacked the better.