Recently I’ve seen people are desperate for an exploit, so I thought of writing this post. Even though you might think it’s difficult, the thing is it isn’t difficult at all. You just have to know the difference between crash and exploit.
A crash is when the PSP freezes and shuts down but you cannot write any code to get access usermode level. An exploit is when you can write some code and then gain control. So lets start (There is another tutorial by wololo here, I am orienting that tutorial to a PSVita exploit):
- PSP CFW 6.60
- PSPLink (Windows version)
- Hex Editor (I recommend HxD)
- SaveGame Deemer (PSP Plug-in)
Firstly, I am going to explain why you don’t need a PSVita. You don’t need it because we are looking for an exploit inside PSVita-PSP Emulator, which has OFW 6.60, so, normally, if your exploit works on PSP CFW 6.60 it should do the same on the Vita.
Ok, let’s start, move Savegame Deemer to ms0:/SEPLUGINS/ folder and activate it only in game.txt. Then, start any game you know is in the PS Store in your PSP and then Create a new profile (If you don’t have one) or simply load your profile. Then save it. This will create a folder called “SAVEPLAIN” and inside there will be the savegame you loaded, but decrypted!
Open HxD and open the SDDATA.BIN file. Then, find your profile name and add lots of “a” at the end of the profile name. Then save it. Now load PSPLink’s plugins, usbhostfs.prx and psplink.prx, in game.txt and in vsh.txt. You must have Drivers Type-B for the PSP installed on the computer!! Launch pspsh.exe and usbhostfs.exe. Now when you load or play the game with the modified savedata you will get a crash in pspsh.exe, copy what it says and make a post in the /talk forums so that devs will tell you if you can make that crash an exploit and run VHBL on it!
Have any doubts? Comment!