101w ago - Following up on his previous confirmation, today Sony PlayStation Vita hacker wololo has made available a video below demonstrating the Half Byte Loader (HBL) running the Picodrive Sega Megadrive emulator with Sonic & Knuckles on PS Vita.
To quote: Update: One important clarification: This video shows HBL running on the latest firmware 1.510. The firmware update that happened today does not patch the exploit, unlike what some sites are saying.
A few days ago Japanese developer Teck4 posted a picture of a “hello world” running on the PS Vita through the PSP emulator. I contacted him immediately with some help from Mamosuke, and I soon got enough information to start working on porting Half Byte Loader to this exploit (note that Teck4 is also working on exploiting this vulnerability further, but I don’t know how far he’s been).
What you see in the video below is the game “Sonic & Knuckles” running in picodrive, a Megadrive emulator for the PSP.
Yes, I’m running an emulator inside a hacked emulator on the Vita, that’s kind of cool. There’s lots to say about this ongoing work, but first let me state that, for once, this HBL port is entirely my work, except for the underlying PSP exploit which is initially from Teck4. I’ve been testing other people’s work for a while, so it was about time I got back to coding myself
Now that my ego is satisfied, let’s move on to the details of the video below. I have good news, bad news, and ugly news. But first check the video below, the first usable hack on the PS vita, 10 days after the console is released
1. THE GOOD
This is technically HBL rising from the deads, running on the PS Vita, and loading the picodrive emulator. Usually I would show you the entire loading process, but you’ll understand that some of the things I do (in particular the exploit used) need to be kept under wraps until the whole thing is made public (if it is ever made public, read more below).
I hope however that given my reputation on the PSP scene this won’t be categorized as a fake, please understand that I can’t show much this time. Picodrive is one of the easiest homebrews to run on HBL for some reason, that’s why I’m using it in my test. People who’ve used HBL a lot in its early days will recognize the sound glitch, this is some 22kHz sound being played at 44kHz, or the other way around, I can never remember.
That’s because the PSP emulator is using PSP’s firmware 6.60, for which HBL’s syscall estimation code seems to be a bit useless. (I am still pending some reply from Teck4 to see if it would make sense to “officially” involve more hackers on this port, and see if we can fix those syscalls problems. For now, as far as I know I’m the only one who made it that far on the Vita, and I feel kind of lonely on this new hacking scene ^^).
Another good piece of news for me is that before HBL could run Homebrews so “smoothly” on the PSP, it took us several months (I can’t remember exactly, 3 month maybe before we got it running “ok-ish” ?), while here it took me 3 days to get it to a usable state. Clearly, we didn’t lie when we said HBL would be portable to new game exploits
So, that’s the good, I’ve proven to myself that it is possible to run HBL and actual homebrews on the Vita. With little effort, HBL could probably be improved to some extent on that exploit, and run a few useful homebrews.
2. The bad
There are slightly bad news too. One is the syscall estimation algorithm being busted, as I explained above. I discussed a bit with JJS, and it is probable that if a function is not imported by the game itself, we might not be able to use it at all. I’ll have a closer look (if I decide to dig further on this) to see if this can be improved, but that could greatly limit the amount of homebrews that can be played on this.
Another issue is that the time currently needed to load/run homebrews for the “end user” is a bit too long to my taste. In its current state, for now I don’t think this is (or will be, even if improved) very useful for the end user. Basically, if I want to run PSP homebrews for now, it’s way easier and cheaper to do so on a PSP, even on an unhacked one, through HBL.
So, the overall uselessness of this makes me wonder if it should be kept secret in order for other hackers to do some research on it, or if it should really be released. I wouldn’t like people to point fingers at me if Sony patches some security flaws after this exploit goes public… I won’t take that decision alone (since I’m not the only one knowing the exploit), obviously, and there’s still time until the US/EU release, but I’m seriously considering the options here.
I have also yet to find a “good” way to install and run homebrews. I thought I had found a convenient way, but it didn’t work as expected. I’ll dig more on that, but it seems the PSP filesystem, as seen through the emulator on the vita, is a bit tricky and sneaky...
There is, however, far worse than the little concerns above. What concerns me to a great extent is that I realized today that Sony can potentially spy everything we do with the content manager. Today I was forced to update my PS Vita to the new firmware. The content manager refuses to run if its PC client is not connected to the internet, and it refuses to run if the console doesn’t have the latest firmware.
This means not only that Sony can force you to update your Vita firmware whenever they feel like it (something they never dared to do on the PSP or the PS3), but also that every time you copy a file from or to your Vita, some information is possibly sent to Sony’s servers. I half joked about me copying my adult movies to the Vita and Sony knowing about it, but it really concerns me that Sony is spying on the files I have on my hard drive just because I bought one of there gadgets.
I’m thinking here that the upcoming hacks for the PS Vita will involve lots of legal fights. It seems to me that unless Sony can prove they are not spying on their users, it is potentially illegal to require the tool to be connected while the content manager is running. Something as big as CarrierIQ could happen to them if their customers are willing to take it to court at some point (that’s an official call to network engineers would would like to analyze what’s going on when the content manager is connected to the Intern...).
Incidentally, this is also means that Sony could be already aware of the hack and the techniques we’ve been using to trigger it, assuming they take a close look at the interactions between users’ PC and the Vita.
Anyways, despite these massive concerns, I’m proud to announce that I got some homebrew to run on the Vita 10 days after its release… as said before by BlackFire, it’s like “posting a sticker on a fortress”. Not very useful, but a message to Sony that we’re around
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
As previously reported, PlayStation Vita developer wololo has now released the PS Vita Half Byte Loader (VHBL) and updated the source code for the Motorstorm Arctic Edge buffer overflow exploit according to plan!
To quote: If you are lucky enough to be one of the few owners of Motorstorm Arctic Edge, VHBL is now available for download.
Please report Success/Failure here or on our forums (wololo.net/talk). As you will see, installing homebrews is a bit of a pain, so if you’re a good hearted guy who understands my explanations in the readme, please feel free to share homebrews packaged “correctly” for VHBL.
Note: you can have several homebrews in one “install” file. For example if you zip all your PSP/GAME folder, all the homebrews in there can be installed at once by VHBL.
HBL port to the KR/US/EU/JP versions of the exploit by Wololo. Thanks go to:
Teck4 for the Motorstorm exploit
All the devs who made HBL what it is today, in particular m0skit0 and JJS
Mamosuke, j416, Some1, and all the other devs who kept the secret, that’s much appreciated guys
Monsieur2T2R for the cool VHBL icons/wallpapers
For now, I’m off to bed, but I'll be sure to post more in the days to come, with updates, tutos, technical explanations, etc...
Vita Half-Byte Loader
Vita Half-Byte Loader is a project to port the PSP homebrew loader HBL to the Playstation Vita, through the PSP emulator on the Playstation Vita.
For the latest news about Vita Half Byte Loader, check the VHBL Category on this blog.
Half-Byte Loader (HBL) is an open source Homebrew Loader for the Sony PSP and the PS Vita. It allows to play fan-made games on any PSP up to firmware 6.60, and on the Vita up to firmware 1.61. HBL allows to run emulators for the Game Boy, Nintendo 64, Sega Megadrive, NES, Super NES... and many other applications.
VHBL does not technically allow you to play any pirated PSP or Vita games.
Although VHBL is free and open source, the current version relies on a vulnerability in a specific PSP game (Motorstorm Arctic Edge) that you need to buy from the PSN. VHBL comes with no guarantee, especially I cannot guarantee it will work on your Vita, so remember that you pay for a PSP game, and not for anything else. I do not do refunds for the money you gave to Sony
It is super easy for Sony to patch the vulnerabilities used by this tool, given the amount of control they have on the PS Vita. VHBL runs fine on firmware 1.61, but for all I know it is possible for Sony to patch the game’s vulnerability without a firmware update. So, once again, before buying the game and downloading VHBL, you need to understand that you pay for the game, and VHBL is a bonus that might or might not work
How to Install and Run HBL
It is *strongly* recommended that you turn of all wireless connections on your PS Vita, and that you use OpenCMA (wololo.net/downloads/index.php/download/1252) on your PC instead of the regular CMA. This is recommended because otherwise your console has a way to force you to upgrade the firmware even before you get a chance to use the exploit.
Extract this HBL archive in your CMA PSP Savedata folder. It is a folder on your PC named PSSAVEDATA/[lots of random characters here]. If you don’t know where it is, check your settings in CMA
Connect your PS Vita to the PC through the CMA, it should give you the possibility to copy the savedata from your PC to the Vita. If not, you probably extracted it in the wrong folder. (Note: You will also want to install some homebrews with a similar technique, read the section below)
To run HBL, start the Motorstorm game, select “Load” in the savegame menu, open the HBL savegame, then go to “Wreckreation > Time Attack” and select “No”. At this point, HBL should start. See the video below for details:
Motorstorm Arctic Edge VHBL r141 Changelog:
Games using the Quake Engine such as KurokPSP (and probably Quake itself) now work!
Geometry Wars Portable, which was also not working for some reason, is now working fine.
How to Install and Run Homebrews
Installing homebrews on the PSP was an easy task. On the Vita, until better solutions are provided, it’s quite a pain in the ass.
The CMA will only let you copy savedata, and will not recursively browse folders.
To address this, HBL comes with a tool that can extract archives with a specific structure.
Packaging the homebrew for installation on the Vita:
1) download PSP homebrews from your favorite Web site (wololo.net/downloads)
2) extract the homebrew somewhere on your hard drive, and with your favorite utility, zip it again with the *store* setting (no compression), in a file that you will name “install.zip”
3) take any PSP savedata (but not the one used for HBL!), and add the “install.zip” to that folder, in your PC CMA folder. so your PSP Savedata will look something like this:
in folder PSSAVEDATA/1a2b3c4def5678/UCUS12345000/ (or something like this) you will have the following files:
Here you can download an example of packaged homebrew: Doom (http://www.mediafire.com/?yl8518xxh8v9xvp)
1) run OpenCMA on your PC, and CMA on your Vita
2) copy the previously packaged SAVEDATA (see above) with your homebrew in “install.zip” on your Vita
3) run HBL (how to run HBL is explained in the previous section)
4) navigate with the HBL menu to the SAVEDATA folder, then go to the folder you just downloaded (in my example, UCUS12345000), and clikc cross or circle on it
5) At this point, the HBL menu should ask you if you want to install the homebrew. select yes, and wait until HBL is done extracting your homebrew
6) The homebrew is now installed, and you can run it by going to the GAME folder, if everything went well, a new subfolder with your homebrew has been created here, and you can run the homebrew
OpenCMA is strongly recommended to install if you want to use VHBL. Open CMA is a tool by Virtuous Flame that allows you to copy files from and to your vita without being connected to the internet. This is useful, especially if you don’t want Sony to forcefully update your firmware.
Looking for homebrews that run on VHBL? Check this list (wololo.net/wagic/2010/07/18/15-essential-homebrews-that-run-on-half-byte-loader/) of 15 essential homebrews that run fine with VHBL.
Quick Installing/Using VHBL FAQ
As you might have noticed, using HBL on the PSP wasn’t easy, but on the vita it’s even worse. That’s partially because of the many limitations enforced by Sony’s CMA, but also because I was too lazy to make too many improvements to HBL and the wMenu (mostly because I didn’t want to spend too much time on a tool that people might ditch at the next Firmware update)
Anyways, here are quick answers to the most frequently asked questions I got over the past 3 days
Do I really need to have Motorstorm Arctic Edge in order to run VHBL?
For now, yes. Later versions of VHBL (if any) might rely on other games, but for now, MAE is required.
I don’t have Motorstorm Arctic Edge, and I can’t find it on the Store, where do I buy it?
You can’t. Sony removed the Game from their store on March 2nd.
Is there a way to install Motorstorm Arctic Edge even if I didn’t buy it in time? By sharing my account with somebody, or downloading it from somebody’s server?
No. Each copy of the game is tied to the account that bought it, and Sony made it so that the game cannot be re-downloaded for now, even for those who bought it.
I tried to copy the exploit savedata, but The Vita tells me the data is corrupt, and refuses to copy it?
This seems to be happening mostly with the JP version of the VHBL exploit. Some sites have reported that if you mark all files in the savedata to not be read only, this will work. I’ll see if I can fix that in a future release.
I put a homebrew in “install.zip” as you explained, but the HBL menu isn’t able to install it. I’m pretty sure I did things right the “install.zip” file has to be a zip with “no compression” (also known as “store”. This option is available in most compression tools. I recommend 7zip.
I installed an emulator (or a Book reader). Now I want to install roms (ebooks) for it, do I have to reinstall the entire emulator?
In theory no, if you put the full path in your install.zip archive. For example, if you have a rom named “wololo.bin”, and want to put it in PSP/GAME/Snes9xTyl, just create all those folders, put the rom in it, and create an install.zip that will contain your rom (install.zip/PSP/GAME/Snes9xTyl/wololo.bin).
Practically, that can be difficult to remember, in which case the best is indeed to re-install the full homebrew with the roms in it. The benefit of this technique is that the HBL menu will detect the EBOOT file in your archive, and automatically understand where you want to install your stuff.
Note: you can have many homebrews in one install.zip, as long as they are in different subfolders. I personally simply zipped my entire PSP/GAME subfolder from my PSP Go, and installed the result on my vita)
How do I delete homebrews?
The easiest way is to go in the CMA on your Vita, and delete from there. Unfortunately it makes it difficult to know what you’re deleting. An alternate way is to install PSPFiler and use it to delete. I’m hoping to see some volunteer devs out there to provide alternatives if possible
oh well, there must have been a problem with the upload. i don't think that there is a way to transfer the game anyway. it says must sign in and redownload the content. the only other method i can think of is if sony puts a patched version of the game back on the store we could maybe link to this version with the vulnerability using charles and install it that way..