Finding gamesaves exploits on the PSP


We are constantly looking for guest bloggers at If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

You may also like...

102 Responses

  1. mascii

    I hope this yyoossk’s bug become an example.
    I am Sorry for my bad English.

  2. soulless

    Very good!!! this is something that I was willing to know about. Just a question, you said that the $ra is changed for a regular address to run some code, right??? then, my question is: “is that code regular C code or Assembly code for mips???”

  3. Jeerum

    Thanks, good job with this article :)

  4. Lekim

    Realy nice post! Thx ^^

  5. wololo

    @soulless: the code that will be executed is compiled code. So, yeah, to make it simple, you can say it is assembly code, although that’s a bit incorrect.
    I highly suggest you open MaTiAz’s proof of concept file with a hex editor to have a better understanding of what it does

  6. B

    good, understandable article, great work!

  7. Anderson

    BUG not very useful, right? Hope you succeed! My English is not very well, please forgive me.

  8. Rider

    Good job!Try you ability?

  9. JJJJ

    Realy nice post! Thx ^^

  10. PSPer

    come on!

  11. vegeta

    good job .

  12. YDB

    Also is a spill vulnerability

  13. Thirsty Cow

    Find a way to progress this and ur name wll go down in the history of the psp 3000 wololo!!!!

  14. Qowface

    Nice tutorial/explanation! This really cleared some things up for me!

  15. Nice Wololo, good job…

  16. hahh

    we hoping dat you will success on this project ehe, once you success ready for paypal acc. for donating you…good try man

  17. Digikid13

    Lets see what I can find….

  18. SifJar

    Can anyone tell me where i can find a decrypter for PSP save games? I want to try this stuff, but can’t because i cant decrypt the files. :( help please!!

  19. Slim Hacker

    Hey can you send me an email i have an exploit like this i need help with.

  20. Doublehawk

    Very well-written guide wololo. I just have a few questions.
    I stared to look for savegame exploits after reading this, and I get as far as decrypting the savefiles with Savegame deemer. Now, I don’t know if I am writing stuff correctly in the hex editor. Do I just find the profile name and overwrite it all?
    Also, could you give us a link to the PSPlink files?

  21. wololo

    @Doublehawk: I got PSPLink from the Minimalist PSPSDK at . You might want to use the latest version from the SVN though (

    @Slim Hacker: I’m lazy, why don’t YOU send me an email ?

    @SifJar: try to use savegame-deemer (link in the article)

  22. andrewcha

    can i have the links/file that is necessary for this kinda exploits? Will try it out once i have my psp back with some games. my email is Together we HACK that 3000.

  23. wololo

    @andrewcha: google is your friend.
    Oh, and don’t give your email address on a public blog, that’s just stupid and the best way to get spammed.

  24. r0cks0ul

    Is there a hope that the Pre-IPL of TA-088v3 be hack?
    has someone got a hold of the PRE-IPL of it?

    if ever it is hackable already, would it be possible to unbrick a fully brick one?

    I understand that this out of topic but atleast if someone has any idea please let me know.


  25. qweasd

    hey wololo, great to find your website :)
    So I opened the hex workshop, and now I want to open a file from the save data, what file do I choose ?
    there are png icon and some other formats

  26. wololo

    @qweasd: look at the documentation in Savegame Deemer. It’s been a long time since I last used it and I don’t remember exactly which file is the correct one.

  27. S1mm3

    Hey Wololo, I wrote an article about the same Idea and I want you to read it and if you don’t mind allow me to post your website link in my article ?

    Is that okay ?

  28. wololo

    No problem at all :)

  29. S1mm3


    I posted the article twice and still can’t see my comments !!
    if they nee approval please post only the first one


  30. S1mm3

    aha, so the problem was with my browser sorry

    please wololo visit my article and feel free to give me suggestions or
    pointing for my mistakes :)

  31. Tiosolid

    Awesome text man. Its really hard to find these kind of “newbie proof” information about the PSP inner works 😉

  32. Hellnow

    I have a serious problem when i decrypt the savedata with savegame-deemer i got a .bin i hex edit it for now it fine and when i try to make the decrypt the bin file i dont know how ? any ideas ? (mean got a real save content : icon0, param.sfo, …)
    Thank you !

  33. Curious cat

    I have a psp-1k.
    I’ve been playing with 2k10’s dynasty mode for more than 10 years in the game. Now whenever i load my data it stops halfway from loading, is that a possible sign of a potential exploit?
    i know the game’s been patch or decrypted with yoshhro’s decrypt thingy. and cfws arent that perfect.

    BTW. wagic is absolutely awesome.
    i lost in touch with magic.
    We hope to see it with adhoc function.
    Thank you very much.weeeeeeeeeeeeeeeeeeeeeee!!

  34. curious

    nice, very nice!

  35. sawdsa

    BUG suggest
    PSP connect computer Rely on comuter program ……

  36. Foxyboy

    Hi wololo,
    I have a question, how to decrypt a PSP savegame (on PC) because I use a PSP 3000 so I can’t install savegame-deemer. I try to find a logiciel like that with google but i don’t found one. So maybe you know one ??

  37. wololo

    @Foxyboy: you need a hacked PSP to decrypt/encrypt savegames. You can’t do this on a PC because the encryption/decryption process is unknown.

  38. kirby1997

    why do you need a hacked psp cant you make the program work on hbl?

  39. wololo

    @kirby1997 : it might work on HBL (I never tried), but I think a part of the process requires kernel access…

  40. Caio

    Great guide! Thanks for clearing things up.

    It would be a good idea (I think) to start a forum thread dedicated to posting exploits… Putting any exploits people find in a single list could help the scene. That’s probably the best we newbies at programming can do.

  41. my grand father used to have those old spanish gold coins in stock*:’

  42. Vien

    Peace and cake for me

  43. sony can kiss my ass

    explains why there is almost nobody looking for exploids. people with CFW don’t care about HBL users >:(

    anyway: does it matter which place i put the garbage? and could it be that the game crashes on CFW but don’t crash on OFW 6.31? i dont own a psp that have CFW but a friend of my has (i am stuck with a sucking 6.31 firmware 3000 psp)

    BTW: another reason why don’t update to 6.31: since i have installed it many games crashes sometimes. never had this on 4.60 (sony gives more about security that about stability)

  44. sony can kiss my ass

    thanks :-)

  45. XeX

    hi guys i dont really know about psp exploits end everything but i’ve got interested on making homebrews a CFWs. If anyone can teach me how to make a homebrew with weather SDLBasic or Dev-C++ please email me at : or at windows live messenger:

    And pleaseeeeeeee teach me i want to make a program just like HEN.

  46. alastor


  47. gabe

    in resident evil 3 whenever i walk through a certain door my psp crashes could that be turned into a exploit?

    • Raizuke

      i think i just saw that too, lol .. im commenting in the past..just a bit curious on how to find my own exploit

  48. Fadl

    wololo i saw you are using xvi32 can this program modify save games or you used it for explanation only ?? and was patapon exploit discovered that way ??

  49. Query

    How exactly does Savegame deemer work? Everytime I edit the data in my saveplain folder it doesn’t seem to load the edited version, it instead loads the original savedata. Am I supposed to move the content from my saveplain folder to savedata, or just leave it alone in the saveplain folder?

  50. CoOL KiD

    @wololo If i find a crash how will i report it to you since i am working on Test Drive Unlimited

  51. Hobo DAni

    wololo i think i found something
    see i install 6.31 pro i run the lastest daedalusx64 i press right then left and crashes the psp and says some thing like the phantasy star crashed the exception is bus error (data) pls email me at if you think i found somethimg

  52. kiddyshaq34

    I found a crash on a game(which that game I cannot reveal because sony will patch it which means we(even me) will get more annoyed)! I crashed it a few times. The very first crash was Bus error: Data and a few frustrations and crashes later, I found a proper crash with ra as 0x61616161! The crash before this crash the ra was 0xFFFF62 which is kind of no use. So now I found a crash in my game, do I actually move on to making a binary loader?

  53. Nickolas

    Hi i ran the savegame deemer tool and i now have a decrypted save game i try this method and it crashed how can i reencrypt it so that it runs without the need of savegame deemer?? somebody please help me!!!!!!!!!!

  54. Nickolas

    ok nvm i found out how to do it now i need an experienced developer to tell me if this is exploitable :

  55. Hi there Could you tell me precisely what template it is your working with for your site? i have used to use shopperpress to promote acne products however i can not seem to convert my website traffic with it here is a example of an acne product we are advertisingIn case you could sent me contact info to your developer or style company that would be wonderful, ill even pitch in a link for your site for helping me outCheers Anna

  56. dntEat.SmokeMore

    to learn how to break WEP/WPA security took me 4 days,but this sounds that gonna takes me a bit longer, looks more advanced.

    anyway great work wololo, unfortunately i was too late to get my copy of motorstorm arctic age on my psv, and i cant run homebrew, but is it any possibility that some demo for psv would have an exploitable vulnerability and build working homebrews with that??

  57. psp

    Hey Wololo. I was wondering if it’s possible to exploit the PSP with an mp3 file? I created an mp3 file with a hex editor and was able to crash the PSP, I also modified it to bring up “Buffering…” on the screen and have it stay there, and only on certain modifications that I do it brings up an error. While the PSP is saying “Buffering…” and I press the Home button to go back to the music list in the XMB the two white things that circle eachother on a currently playing song is a fuzzy square instead.

  58. Andre

    Did anybody ever tried with the psp games that sony allow to free download when the psn stayed offline almost one month

  59. npissoawsome

    I might take a look at this, who knows I’ve been researching C++ and Assembly a lot lately, maybe this will help my skills, and I could contribute to the scene :)