[Tutorial] Finding VHBL exploits without a PSP!

You may also like...

103 Responses

  1. Mr.H says:

    Geez, this makes everything look easy.

    But there’s something I should ask: Will dynarec *** up everything?

  2. T1gR3X says:

    WOW, that’s so awesome! Thanks for the post!

  3. internally-blazed says:

    Wow thanks for this guide man! Now I’ll be able to find exoits much more efficienttly with this and now don’t have to carry my PSP around with me anymore :)

  4. Necrotek says:

    That’s great! I might give it a try to find one.

  5. gunblade says:

    emulation seems better..

  6. ghassan says:

    some one send me a exploit plz plz to my e mail:ghassan19982@yahoo.com

    • blahblah says:

      Please give me ur home address too, with ur real name & ur social security number. i will send u the exploits, 3 times.

    • gunblade says:

      u can find them use is not that hard think though there more psp game that did get on the psn store so probly get a lot still to test…wish i had more foreing game to test…

      • gunblade says:

        u can find them its not that hard use the post they from ealier i think though there more psp game that didnot get on the psn store so probly got a lot still to test…wish i had more foreing game to test…

  7. gunblade says:

    is a pspsave game editer useful for this..?..

  8. wartaf says:

    can we also able to see Kernel Exploits using it?

    • hgoel0974 says:

      no, kernel exploits are found by reverse engineering the PSP’s OS (basically reading the compiled binaries and writing them back into C code) this cannot help with that, to find kexploits, you need to learn MIPS assembly and you need to have a strong C programming background πŸ˜‰

      • wartaf says:

        i don’t get it? kexploits still using Savegames to load, right? then why would it need to reverse engineer the OS?

        • hgoel0974 says:

          What happens is that a User mode exploit (savegame exploit) is used to launch a crafted homebrew application that then uses the kernel exploit to raise its permissions from user to kernel, to launch the kernel exploit, a user mode exploit is still required

        • aces says:

          Look at it like a bank, we’ll call the exploit “break and enter”, now your on the teller floor (usermode) which public have use of under the banks watch during opening hours, the real goodies are in the vault (kernel mode) which you need the initial access before you can think of anyway

  9. FishSticks says:

    Is there a list of games that have been tested for buffer overflows?
    If not, we should get one going and so us who know how to find an exploit can feel like we are contributing to the scene!

    • hgoel0974 says:

      The thing is, every game is exploitable, just because one or two people didn’t find anything in it we can’t say that the game can’t be exploited πŸ˜‰

    • decius says:

      Compile a list of PSN /PSP/VITA games, take the same games and find out which system calls it accesses while running. Find Exploit, hopefully dev gets Kernel access.

  10. hnk says:

    This may be all fun and games but remember north korea is about to commit suicide by starting a war they could never win. Looks like this could mess with our community here on wololo if satellites get disrupted. I urge devs to release what they can while we can praise and enjoy it.

    • SIM sk says:

      U serious? -.-

    • HappyGold says:

      IT’S A TRAP!!!

    • Kim Un says:

      “This may be all fun and games but remember north korea is about to commit suicide by starting a war they could never win. Looks like this could mess with our community here on wololo if satellites get disrupted.”

      We don’t need the satellites to get online or power.

      • DS_Marine says:

        um, there are no network wires routed thru the bottom of the ocean…

        • hgoel0974 says:

          but N.Korea can’t knock out satellite coms, they don’t want to start the next world war πŸ˜‰

        • squiggs says:

          they use refraction through the earth’s atmosphere to bend the signal around the curvature of the earth across the oceans. you do not need outer space satellites to get internet. duhhhhh.
          jk just though I would give a physics lesion

      • gunblade says:

        jaming towers wifi down…..limited radar….

        • gunblade says:

          looks like they moving out on the northwest pacific first if they could take the south west hawaii and northeast they would have the pacific its wat waz like the last world war well the japan pearl harber situation….

  11. JeoWay says:

    This is pretty awkward… I do this now :(

  12. So if you transfer your psp game thats on the psvita to your computer, can you still do it? like do you just need the savedata or do you also need the eboot.pbp

  13. HappyGold says:

    So now you don’t even need a system to hack it? I love technology!

  14. huz says:

    lol look pc JPCSP lots psp games in 1tb hdd

  15. razor says:

    VHBL exploit for dummies!

  16. Sean says:

    a song to keep you all smiling πŸ˜€

  17. Theredbaron says:

    Yeah, I can see even more exploits being found now. :) Hooray.

  18. fatman01923 says:

    Hey there, anyone know where to find a list of all the games blocked in the PS Vita fw as of 2.06? Just so I won’t waste time doing a game that is already blocked. Thanks.

  19. artmaze7 says:

    You still need a PSP to encrypt the save data to use it. It is good for finding save game exploits. :)

    • hgoel0974 says:

      The thing is, once you have the exploit you can ask any of the VIPs or HBL devsor moderators to get the SED key for you, once you get that, you shouldn’t even need a PSP, I am trying to see if I can modify PPSSPP to do more things to allow us to do EVERYTHING using an emulator but so far, it isn’t going too well :(

  20. Knifes says:

    thats all well and good but i was hopeing someone could teach me how to find a kernal exploit or how the last kernal exploit was found

    • hgoel0974 says:

      I am thinking of doing an article explaining with an example but beware, it isn’t easy, you need to be an expert at many things just to be able to try πŸ˜‰

  21. internally-blazed says:

    Problem, so i done this with Apache Overkill however the 4141414141 does not appear straight away in the register when the jpsp crashes, it only appears after i have clicked play on the jpsp like 15 times. is it ment to be like that?

  22. DS_Marine says:

    nice, congratz on your tut release

  23. JeoWay says:

    I had this idea of trying an emulator. But I used regular Vita anyhow. At least now i know it works πŸ˜‰

  24. Hey guys,
    Seeing the screenshots and the tut my jpsp acts different. When the game crashes it gets put to pause, and the values for AO are not in the register. After ive pressed play many times, 15 times, it gets stuck at play, java error in cmd, and then the values are in the registers.

    Anyone have any idea why this is happening?

  25. Walkerdeath says:

    The file i’ve to open is SECURE.BIN or SAVEDATA.BIN?

  26. ghassan says:


    i’m in UAE sharja send him to my e maile : ghassan19982@yahoo.com

  27. huz says:

    PS Vita Remote Desktop on emulator or JPCSP Apache Overkill exploit

  28. ivo says:


    so wololo for once not an exploit request
    but a different kind of exploit request ?.?
    an online exploit … ie ps3 3.55 cfw original store online ?
    with latest spoof and original store supported ?
    u remember the era of those free games in between them games
    i do
    and i liked the old store
    i dont like the new store spoof
    so hence the request for a store exploit :)
    greetz cyah

  29. NNNRT says:

    I have a PSP! πŸ˜€

  30. any says:

    hace poco se regalo 4 juegos en la store de e.e u.u que son piyorama patapon y pacwark heroes y mi pregunta es si se podria hacer un exploit con alguno de estos ya que muchisima gente los tiene gracias de antemano

  31. SIM sk says:

    i have a data.bin and can’t find the profile name :/

  32. Ruggy says:

    I followed the steps with apache overkill, and i put the same amount of letters A but when i opened the debugger the values are not the same as the photo and the values s0 s1 s2 s3 s4 s5 s6 s7 fp are not equal between them, can someone please help me, please e-mail me at ngppsvita18@gmail.com THX in advance
    P.S.: Sorry for my eng, I’m Italian :)

  33. rey says:

    can this work on the android version of ppsspp?

  34. vhblfans says:

    how do you know that before the ‘APO’? why not after?

  35. deividuskis112 says:

    i did everything as you did but when i open my savedata.bin (no i dont have secure.bin in there) in hxd i dont have that APO there are all U s so what should i do?

  36. b2p1mp says:

    I will have to try this on the 10 or so psp minis that I purchased for psp that are still available on the Vita PS Store.

  37. Ciraldino says:

    can you find an exploit for EU Urbanix???

    • VagosDJ says:

      Urbanix exploit had already been found.If you are at 2.06 ofw then you can’t use another usermode exploit because sony patched kexploits.:)

  38. Hey wololo! I think i found 2 exploits if not crashes,please check this pic http://gyazo.com/fe741023fccd283d25ae64d93d4b7d48.png

    and ask Zett for more! I need help!

  39. stavrosomo says:

    Thanks you for the great tutorial!

    But unfortunately i have got problem when i run PPSSPP program. An error message appears which says: “The program can’t start because XINPUT1_3.dll is missing from your computer. Try reinstalling the program to fix the problem.”

    Can anybody please help me? Thanks!

    • stavrosomo says:

      I managed to remove the error was appearing when i was trying to open the program by reinstalling directx. But now when the program opens, it crashes and ask me to either close it, debug it, or find solution online. Does anybody know how to solve this problem?

  40. Kap1r0t0 says:

    Great tutorial.

    Waiting for the second part :)

  41. Edd says:

    i cant get my save file loaded in the pcscp, i put it in the savedata folder though

  42. Edd says:

    IM trying with the imposible game… it gave me a secure.bin, try it guys

  43. Edd says:

    i get a deadbeef in almost all the registers

  44. gumi says:

    Would this also work on converted PSX eboots?

  45. Faiz says:

    can someone please email me on how to encrypt to vita. thanks

  46. HolyBelias says:

    Can someone send me an exploit? Thanks to everyone πŸ˜€

  47. Sherif Maher says:

    I’m trying to find an exploit in LocoRoco Midnight Carnival (JP) but i got a DATA.BIN with almost null data with header (i think).

  1. April 6, 2013

    […] […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding