Idumpvitastuff on reddit released Hidden Applications for Vita 3.63, This enables sign Up for PSN, which lets you do account switching and it also enables the package installer
Heres a Tutorial for the Developer
0. Download ★Hidden Applicatons (CreateBackup.zip)
1. Download VitaIMGTools for your OS
2. Obtain your CMA Key. Just enter your AID (the random letters and numbers where your CMA backups are stored.) and it will give you the key
3. put the PSVIMGTools in the same folder you extracted CreateBackup.zip
4. Run the BuildScript for your OS. either the win32 one of osx/linux depending on what you have
5. Paste/Enter your CMA Key and press enter
6. Copy the “HIDENAPPS” folder into your CMA Backups/APP Folder
7 Refresh CMA Database, and restore backup to your vita
Vita Developer @Yifan Lu has released Psvimgtools v0.1 via Github for Windows/OSX/Linux and is used for decrypting CMA Vita Backups (Info below)
Heres a quote from Yifan’s website
psvimgtools: Decrypt Vita Backups
The Vita’s Content Manager allows you to backup and restore games, saves, and system settings. These backups are encrypted (but not signed!) using a key derived in the F00D processor. While researching into F00D, xyz and Proxima stumbled upon a neat trick (proposed originally by plutoo) that lets you obtain this secret key and that has inspired me to write a set of tools to manipulate CMA backups. The upshot is that with these tools, you can modify backups for any Vita system including 3.63 and likely all future firmware. This does not mean you can run homebrew, but does enable certain tricks like disabling the PSTV whitelist or swapping X/O buttons.
Because my friends who discovered this are pretty busy with other stuff at the time, I will attempt to document their findings here. The backup encryption process is documented in detail on the wiki, but the short version is that your AID (unique to a PSN account) is used to generate a key seed. This key seed is used by the F00D processor (the security coprocessor) to generate a AES256 key, which is passed directly to the hardware crypto device. The ARM (application) processor can access this crypto hardware but cannot read any keys out of it. This means that ARM can use the hardware as a black-box to encrypt backups without knowing the key. Of course you can try to brute force the key since you know both the plaintext and ciphertext thanks to the HENkaku kernel hack, but that would take 22562256 time, which is physically impossible. However, since we can hack any Vita on 3.60, it is possible to use the Vita itself as a black box for extracting and modifying backups for other devices on unhackable firmwares, but since the process requires access to a hacked Vita, it is not very useful.
Here’s a quote form the Section Hacking Backups
What I did is completely reverse how CMA generates and parses the backup format. I have documented extensively how these formats work. I also wrote tools to dump and repack CMA backups and all this works with backups generated from the latest firmware.
Hacking backups isn’t as fun as having a hacked system. So, don’t update from 3.60 if you have it! You cannot run unsigned code with this, so you are only limited to tricks that can be done on the registry, app.db, and other places. This includes:
Enabling almost any games to run on the PSTV
Swap X/O buttons for out-of-region consoles
Run PSP homebrew with custom bubbles
and maybe more as people make new discoveries
My hope is that other people will take my tools as building blocks for a user-friendly way of enabling some of the tricks above as currently the processes are pretty involved. This also increases the attack surface for people looking to find Vita exploits as parsing of files that users normally aren’t allowed to modify are common weak points.
Additionally, because of how Sony implemented CMA backups and that the key-erase procedure is a hardware vulnerability, this is pretty much impossible to patch in future firmware updates. Unless Sony decides to break all compatibility with backups generated on all firmware up until the current firmware. And that would mean that any backup people made up until this theoretical update comes out would be unusable. Sony is known for pulling stunts like removing Linux from PS3, but I think this is beyond even what they would do.
With GekiHEN coming to a close soon I thought it might be a good idea to go back and update some of my Henkaku tutorials
A lot of my tutorials are older and I was covering most of Henkaku when it was new. Some of the information is outdated and I wanted to do a recap on some of the stuff I covered previously. In the following Video tutorial you can see how to install Henkaku, allow unsafe homebrew, install vita shell, install offline installer, and install adrenaline for ePSP homebrew (without a PSP game.) I covered what I consider the essentials. All the needed files can be found in the youtube description as well as at the bottom of this post.
Remember the the GekiHEN contest will be closing in a couple of weeks. If you are a developer get your entries in now. If you just like to play make sure to check out the contest. There is a lot of great Vita homebrew that has been entered: http://gekihen.customprotocol.com/
Today, Vita developer Yifan Lu with help from H made PSVIMGTools for backing up and restoring Vita Data
wiki.henkaku.xyz/vita/PSVIMG Said this
When CMA is used to backup system, game, or savedata from the Vita to a PC or PS3, the following algorithm is used:
Using a tar-like structure, stream all of the file data into a file.
If making a PSVMD file, use the deflate algorithm to compress.
Generate a random nonce for the first 0x10 bytes using the RndNumber syscall.
Generate a unique session AES256 key using a secret phrase and the PSN account id of the PSVita.
generate a SHA256 hash of the plaintext every 0x8000 bytes and insert the hash into the filestream.
Encrypt the stream data using EncDecKeygen syscall from SceSblDmac5Mgr with the nonce as the header and the AES256 session key.
Transmit to PC or PS3.
If you look at the 16 character hex directory name included in part of the backup path, that is your PSN account id. The AES256 session key is calculated by doing a SHA256 hash of the 8 byte hex binary representation of the PSN account id followed by the secret phrase: Sri Jayewardenepura Kotte
01 23 45 67 89 AB CD EF 53 72 69 20 4A 61 79 65 77
61 72 64 65 6E 65 70 75 72 61 20 4B 6F 74 74 65
SHA256 of this buffer generates the AES256 session key of
Sony has released yet another pointless for the Vita. This firmware update comes right after an update to henkaku was announced. The firmware appears to do nothing but “Increase system stability” This has to be the most stable system on the planet by now. If you are currently enjoying all the things that 3.60 has then do not update. Henkaku’s built in “spoof” still appears to be working as I am able to access the PS store as well as anything dealing with PSN
With this the PS3 also saw a fw update. The current OFW version for ps3 is now 4.81
Long time coder/hacker/programmer of the PlayStation scenes RichDevX has released finalised images of his RESEARCH BOARD, why am i highlighting and making RESEARCH BOARD so big and highlighting it, it is because people are confusing this RESEARCH BOARD for something else, this RESEARCH BOARD is for RESEARCH purposes, this RESEARCH BOARDWILL NOT give you the ability to add a microSD card, now that you are aware of what it is, here are images of said RESEARCH BOARD:
This RESEARCH BOARD is quite a sexy little thing, but don’t go expecting it to perform any magical tricks for your PS Vita/Vita TV, this RESEARCH BOARD isonly for people who wan‘t to research, if you want it because you think it will give you extra space on your Vita or it will allow you to insert a microSD card, then you are wanting it for the wrong reason as it does not function as such, here are some tweets from RichDevX:
So if you understand all above, hit RichDevX on Twitter
Everyone here loves games and i am sure most of you have given to charity at some stage, i also know there are some Capcom fanboys in here such as @BobbyBlunt
so this news will be cool for all of us
Before in the past i have posted about various Humble Bundles, specifically for the Wii U/3DS, but this time its PlayStation’s turn and you can grab some awesome PS3 and PS4 games for as little as $15, of course you can choose to give more or choose if the money goes all to the developers or all to the charities.
Henkaku has been out a while and we are enjoying all the goodness, such as awesome applications, kick ass games and emulators, but as the norm in any console scene, with the good also comes the bad and this is why i am creating this thread to warn you of some dangers.
DO NOT SHARE YOUR PS VITA DUMPS – DO NOT SHARE ANY FILES YOU RIPPED FROM YOUR PS VITA
With various applications, you can take files form your PS Vita and save them on your computer, some of these files contain extremely sensitive and important information, which is why i advise you NOT to share any file you have taken from your PS Vita with anyone, one file specifically:
system.dreg – This file contains your complete PSN login details in plain text, that is your sign in email and password, both clearly visible through a text editor
THERE IS NO HENKAKU FOR FIRMWARE 3.61 – WEBSITES CLAIMING THERE IS ARE TELLING YOU LIES
The PS3 scene was full of this bullshit, website claiming to have a CFW for the latest firmware, when in fact the files where either the most recent official firmware or bullshit surveys that earned the asshole who owned the site money, if there ever is a release for firmware version 3.61 or any other firmware, you will find the news on reputable websites, you can find a list of those websites here: