View vita-dumper-comparsion.md
psvgamesd NoNpDrm Vitamin/MaiDumpTool
Dumps physical games
Dumps digital games, DLC, and updates
Compatible with legit DLC & updates
Saves usable on non-hacked Vitas
All original data untouched
No problems saving after suspend
Format can be converted to work with other tools
Installs physical games as bubbles
View E80558325.md

On 7/29/2017, all hacked Vitas on 3.60 spoofing the latest firmware (3.65) were blocked from console activation. This is particularly odd because the PSN passphrase did not change in 3.65. Additionally with the release of ensō added to the confusion of what happened. Here is the result of a preliminary investigation of the situation.

Upon game activation, the Vita displays an dialog that shows the error number E-80558325. This error number is used in SceNpKdc, which is found in vs0:external/np_kdc.suprx. The error code itself is created when the activation response is received:

v5 = v45 | 0x80558300;

Here, v5 is the return code and v45 is the string error code from the server converted to a number. The request made to Sony's server looks like the following

View extract_psp2swu.c
#include <kernel/iofilemgr.h>
#include <stdint.h>
int extract(const char *pup, const char *psp2swu) {
int inf, outf;
if ((inf = sceIoOpen(pup, SCE_O_RDONLY, 0)) < 0) {
return -1;
}
View jetson_tx1_arm7_attach.cmm
; get to a determinstic state
SYSTEM.RESET
; set up JTAG
SYSTEM.CPU ARM7TDMI
; ARM 14-pin cable does not have RTCK
; If you have a newer cable you can use
; SYSTEM.JtagClock Rtck
SYSTEM.JtagClock 12.15MHz
View convert_key.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static int convert_key(unsigned char *src, unsigned char *dst) {
unsigned char v0, v1, a2, *v1x, a0x;
// convert 7-bit groups to 8-bits
v0 = src[0];
View spiway.patch
diff --git a/SPIway.py b/SPIway.py
index f3a48b7..f79e52c 100644
--- a/SPIway.py
+++ b/SPIway.py
@@ -176,6 +176,22 @@ class SPIFlasher(TeensySerial):
print "Chip type: unknown (0x%02x)"%self.DEVICE_ID
self.close()
sys.exit(1)
+
+ if self.MF_ID == 0x01:
View taihen-b8-release.md

大変革 Beta 8

"When is the actual release?!? Why is this still beta?" Good question. Here's a secret: I have been constantly pushing small updates every couple of days without changing the beta number. Think of these release notes as status reports rather then, well, release notes. The idea of beta.henkaku.xyz is that since molecule has very limited resources, we cannot test all the different configurations, homebrews, and use cases. However, when I push an update to the beta site, I know that if something breaks I would get notified through Twitter, reddit, IRC, etc (although the perferred way of reporting bugs has always been the issue tracker). So if you don't notice any problems, that's good! It means I was able to fix any major issues before you woke up. These problems are usually very surface level (a misconfiguration/typo on my part) and the underlying code has a lot less bugs than HENkaku R6. So do I recommend everyone use beta.henkaku.xyz? Yes.

View taihen-b7-release.md

大変革 Beta 7

Compression support for fself has been added to the toolchain. Compressed fselfs work with taiHENkaku (they have been working since beta 1) but do not work with the latest stable HENkaku. That means any compressed homebrew built would not work on the stable HENkaku. Developers should consider enabling compression support (download the latest toolchain), here's some of the results I've gotten so far

  • VitaShell: 3.2MB => 1.2MB
  • henkaku.suprx: 33KB => 8KB
  • taiHENkaku installer: 160KB => 34KB

Use vita-make-fself -c to create compressed fselfs. Additionally, the latest toolchain also includes weak stubs. The main use case for linking with weak stubs is if you wish to write plugins that import from a module that is loadable via SceSysmodule. Previously you would have to include the required module in taiHEN's config.txt. Now you can use a weak import and call sceSysmoduleLoad. Finally, the toolchain now uses YAML instead of JSON for its NID database--developers should update thei

View taihen-b6-release.md

大変革 Beta 6

Thanks to everyone who helped test taiHENkaku! We are approaching the final release. Indeed, the current "beta" is less buggy than HENkaku R6! On a sidenote, the payload now only has six 3.60 specific offsets (excluding the kernel rop). That means porting it to other firmware versions is easier than ever (just dump SceSysmem and find those offsets).

Developers: Please make sure you are using the latest toolchain from (https://goo.gl/RaEB9L). We made a lot of changes so using an older toolchain to add taiHEN hooks will result in crashes! Also make sure to update your taiHEN development libraries to the latest version.

If you are not interested in helping test the beta, we recommend that you stick with the old stable release at (https://henkaku.xyz/) instead. To update the beta, reboot and visit http://beta.henkaku.xyz/ from your Vita's browser. To remove the beta, delete molecularShell, reboot, and visit https://henkaku.xyz/ ins

View taihen-b5-release.md

大変革 Beta 5

Developers: Please make sure you are using the latest toolchain from (https://github.com/frangarcj/buildscripts/releases) or (https://lolhax.org/bamboo/). We made a lot of changes so using an older toolchain to add taiHEN hooks will result in crashes! Also make sure to update your taiHEN development libraries to the latest version.

If you are not interested in helping test the beta, we recommend that you stick with the old stable release at (https://henkaku.xyz/) instead. To update the beta, reboot and visit http://beta.henkaku.xyz/ from your Vita's browser. To remove the beta, delete molecularShell, reboot, and visit https://henkaku.xyz/ instead.

New Features

  • Rewrote the kernel payload and installer. Installer should be more stable now.
  • Add ability to update HENkaku config and taiHEN config.txt without needing a reboot. VitaShell needs to be updated to use this feature though.