You can’t wait for the next exploit? Here’s how to find one yourself!

Recently I’ve seen people are desperate for an exploit, so I thought of writing this post. Even though you might think it’s difficult, the thing is it isn’t difficult at all. You just have to know the difference between crash and exploit.

A crash is when the PSP freezes and shuts down but you cannot write any code to get access usermode level. An exploit is when you can write some code and then gain control. So lets start (There is another tutorial by wololo here, I am orienting that tutorial to a PSVita exploit):

Requirements

Firstly, I am going to explain why you don’t need a PSVita. You don’t need it because we are looking for an exploit inside PSVita-PSP Emulator, which has OFW 6.60, so, normally, if your exploit works on PSP CFW 6.60 it should do the same on the Vita.

Ok, let’s start, move Savegame Deemer to ms0:/SEPLUGINS/ folder and activate it only in game.txt. Then, start any game you know is in the PS Store in your PSP and then Create a new profile (If you don’t have one) or simply load your profile. Then save it. This will create a folder called “SAVEPLAIN” and inside there will be the savegame you loaded, but decrypted!

Open HxD and open the SDDATA.BIN file. Then, find your profile name and add lots of “a” at the end of the profile name. Then save it. Now load PSPLink’s plugins, usbhostfs.prx and psplink.prx, in game.txt and in vsh.txt. You must have Drivers Type-B for the PSP installed on the computer!! Launch pspsh.exe and usbhostfs.exe. Now when you load or play the game with the modified savedata you will get a crash in pspsh.exe, copy what it says and make a post in the /talk forums so that devs will tell you if you can make that crash an exploit and run VHBL on it!

Have any doubts? Comment!

 

  1. stOneskull’s avatar

    who cares if you don’t have a psp or other problems in your life… get a blog. tired of these useless facebook type comments. if you have a psp and want to help follow the directions and read comments, including previous forum posts about the subject. then the comments can be easier to read and freed up for those who ARE participating to get their questions easily seen and answered.

    Reply

  2. mr.sigint’s avatar

    Sorry if this is a dumb question, but does upgrading to OFW 6.60 disable/block pandora battery. I’m on 5.50 prome-4 and I want to try and find and exploit on DFF012 prologus, but I need to be in 6.60 CFW. I can’t try it right now because the select button on my psp is stuck and won’t let me switch between options. I have a faulty home bar and I already ordered a replacement from DX but I don’t know when it will arrive.

    Reply

    1. ChaosAgent’s avatar

      Pandora battery is a hardware hack. If your hardware supports it (1k only?), then it can not be blocked by software. The battery puts your PSP into a repair mode allowing you to flash any firmware you want (or at least any your system is capable of running). So, as long as your have access to a hacked battery (or do the hardware hack on a normal battery) you can update as high as you want or as low as your original firmware (the one it had when it was new).
      Does anyone know if the batteries themselves were updated (removing the ability to to do the hardware hack on them or something similar)? I have a total of 5 minutes of battery life on my current battery (making it a PSUnportable :) ) and need to buy a new one.

      Reply

      1. mr.sigint’s avatar

        Thanks. I just didn’t want to upgrade and find that I can’t downgrade anymore if I wanted to or that my game saves were corrupt.

        Reply

    2. Dilan Parmar’s avatar

      I had a PSP I had a temporary hack so when I pull the battery out or completely discharge you have to run the program again. I used to run 6.60 pro-b I even think there is a pro-c now

      Reply

  3. walala’s avatar

    is there anyone find some?? share please, even title of the game only, thanks in advance…

    Reply

  4. Chris’s avatar

    How do u do this sombody tell me all easy way

    Reply

    1. ChaosAgent’s avatar

      Check the forums. I can not imagine an easier way to explain the process. If you’re determined enough though, all the info is in this and the linked above post from Wololo or in the forums of this very site. I wish you luck :D

      Reply

  5. m0rb1t’s avatar

    got everything working now….

    Reply

  6. Mojo jojo’s avatar

    It’s all part of my elaborate plan >:)

    Reply

  7. Azio’s avatar

    Hey wololo i talking with u i need the texas hold em poker zynga.Can u make it homebrew?

    Reply

  8. Dilan Parmar’s avatar

    Hey wololo I had a great idea when my Vita crashed I had to go to the recovery menu to reboot (how to access the menu you turn off psp and hold Ps button and the r(toggle) button and you have several options. One of which is to update. I am not sure if it ANY use at all. But it could allow possible downgrading.

    Reply

    1. speedbump’s avatar

      nope sony has already thought of this. same thing on ps3

      Reply

  9. Xinefury’s avatar

    There has bin no news about vita hacking for days now…

    Reply

    1. Yesterday i was born’s avatar

      I feel your pain, it feels like theres no hope

      Reply

  10. tglforwololo’s avatar

    it is used for sb who missing the chance. Thanks for sharing…

    Reply

  11. tglforwololo’s avatar

    just come on. We will suport u all the time

    Reply

  12. itsugawakun’s avatar

    does the save gotta come from an original UMD or can we use an iso to do this?

    Reply

  13. xyphon’s avatar

    wololo,may I ask a question?
    CAN I USE PIRATE GAMES AS WELL?

    Reply

  14. Sephisel’s avatar

    recently, i have been looking for exploits within psp games, but i have difficulty for the games in which you dont put a name. Usually most minis dont have the option to put a name to your save game. Now, my question is how do you create a buffer overflow with these, where should a place a bunch of “aaaa” in order to get a crash?
    Any help will be welcomed.

    Reply

  15. Sergey’s avatar

    i have a question … i have edited the file from the SAVEPLAIN but when i try to load the save data the name on my save is still the same ???

    Reply

  16. Sergey’s avatar

    do we still need to encrypt the save data ???

    Reply

· 1 · 2

Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>