You can’t wait for the next exploit? Here’s how to find one yourself!
Recently I’ve seen people are desperate for an exploit, so I thought of writing this post. Even though you might think it’s difficult, the thing is it isn’t difficult at all. You just have to know the difference between crash and exploit.
A crash is when the PSP freezes and shuts down but you cannot write any code to get access usermode level. An exploit is when you can write some code and then gain control. So lets start (There is another tutorial by wololo here, I am orienting that tutorial to a PSVita exploit):
Requirements
- PSP CFW 6.60
- PC
- PSPLink (Windows version)
- Hex Editor (I recommend HxD)
- SaveGame Deemer (PSP Plug-in)
Firstly, I am going to explain why you don’t need a PSVita. You don’t need it because we are looking for an exploit inside PSVita-PSP Emulator, which has OFW 6.60, so, normally, if your exploit works on PSP CFW 6.60 it should do the same on the Vita.
Ok, let’s start, move Savegame Deemer to ms0:/SEPLUGINS/ folder and activate it only in game.txt. Then, start any game you know is in the PS Store in your PSP and then Create a new profile (If you don’t have one) or simply load your profile. Then save it. This will create a folder called “SAVEPLAIN” and inside there will be the savegame you loaded, but decrypted!
Open HxD and open the SDDATA.BIN file. Then, find your profile name and add lots of “a” at the end of the profile name. Then save it. Now load PSPLink’s plugins, usbhostfs.prx and psplink.prx, in game.txt and in vsh.txt. You must have Drivers Type-B for the PSP installed on the computer!! Launch pspsh.exe and usbhostfs.exe. Now when you load or play the game with the modified savedata you will get a crash in pspsh.exe, copy what it says and make a post in the /talk forums so that devs will tell you if you can make that crash an exploit and run VHBL on it!
Have any doubts? Comment!
grrrr i tried 20 games today…. when i put many “aaaa” everywhere and when i load, some game continue to play normally, other are stop on an image and the sound continue, but i have 0 game crash :(:(:( i continue
and i tried 10 minis, it’s the same –‘
Does this TUTO works wuth a UMD game or not?
Hey but wait, you forgot about format-string exploit … people always forget about this one. Basically it is same as tons of ‘a’, you just use something like %500X – this could substitute 500 ‘a’ (spaces actually), if name field is vulnerable to format-string exploit.
But remember that this might be exploitable later in game, like in MOHH, exploitable part was when player died, not when game loaded modified save – it tried to display your name – with 500 characters instead of simple %500X. Check every place where you can find your name if you plan to try this.
when i remplace with many “a” i write maybe 4 or 5 line of a and i delet the other letter who was write before, the exploit can be run?
May be you can try to use Mad Blocker Alpha first? Then you’ll know how’s the behaviour of the game that works on the exploit? Just a suggestion…
Do we actually have to have a PSP with CFW 6.60? I don’t feel like updating my PSP.
I wanna know where is the freaking exploit at? :{
I wish PSPLink worked on Vita, I really want to contribute but don’t have a PSP
I’m having some problems with psp savegame deemer.it’s not working on killzonde liberation!
Fixed, sorry
interesting,i will attempt
please wololo can you do hack with ape quest pack demo
where do these tards come from?
who cares if you don’t have a psp or other problems in your life… get a blog. tired of these useless facebook type comments. if you have a psp and want to help follow the directions and read comments, including previous forum posts about the subject. then the comments can be easier to read and freed up for those who ARE participating to get their questions easily seen and answered.
Sorry if this is a dumb question, but does upgrading to OFW 6.60 disable/block pandora battery. I’m on 5.50 prome-4 and I want to try and find and exploit on DFF012 prologus, but I need to be in 6.60 CFW. I can’t try it right now because the select button on my psp is stuck and won’t let me switch between options. I have a faulty home bar and I already ordered a replacement from DX but I don’t know when it will arrive.
Pandora battery is a hardware hack. If your hardware supports it (1k only?), then it can not be blocked by software. The battery puts your PSP into a repair mode allowing you to flash any firmware you want (or at least any your system is capable of running). So, as long as your have access to a hacked battery (or do the hardware hack on a normal battery) you can update as high as you want or as low as your original firmware (the one it had when it was new).
Does anyone know if the batteries themselves were updated (removing the ability to to do the hardware hack on them or something similar)? I have a total of 5 minutes of battery life on my current battery (making it a PSUnportable 🙂 ) and need to buy a new one.
Thanks. I just didn’t want to upgrade and find that I can’t downgrade anymore if I wanted to or that my game saves were corrupt.
I had a PSP I had a temporary hack so when I pull the battery out or completely discharge you have to run the program again. I used to run 6.60 pro-b I even think there is a pro-c now
is there anyone find some?? share please, even title of the game only, thanks in advance…
How do u do this sombody tell me all easy way
Help
Check the forums. I can not imagine an easier way to explain the process. If you’re determined enough though, all the info is in this and the linked above post from Wololo or in the forums of this very site. I wish you luck 😀
got everything working now….
It’s all part of my elaborate plan >:)
Hey wololo i talking with u i need the texas hold em poker zynga.Can u make it homebrew?
Hey wololo I had a great idea when my Vita crashed I had to go to the recovery menu to reboot (how to access the menu you turn off psp and hold Ps button and the r(toggle) button and you have several options. One of which is to update. I am not sure if it ANY use at all. But it could allow possible downgrading.
nope sony has already thought of this. same thing on ps3
There has bin no news about vita hacking for days now…
I feel your pain, it feels like theres no hope
it is used for sb who missing the chance. Thanks for sharing…
just come on. We will suport u all the time
does the save gotta come from an original UMD or can we use an iso to do this?
wololo,may I ask a question?
CAN I USE PIRATE GAMES AS WELL?
recently, i have been looking for exploits within psp games, but i have difficulty for the games in which you dont put a name. Usually most minis dont have the option to put a name to your save game. Now, my question is how do you create a buffer overflow with these, where should a place a bunch of “aaaa” in order to get a crash?
Any help will be welcomed.
i have a question … i have edited the file from the SAVEPLAIN but when i try to load the save data the name on my save is still the same ???
do we still need to encrypt the save data ???