PSP/Vita : How to find your own exploits
I regularly get emails from people who want us to port VHBL to this or that game, or people who contact me with a game crash but don’t know where to take it from here. PSP (usermode) exploits used to be seen as voodoo magic, and doable only by an elite of hackers, until I started writing tutorials on how to do it, back in 2009. Finding an exploit in a PSP game requires brains, lots of free time, and minimal programming knowledge, but is nowhere as complex as most people think. The techniques to find them used to be a secret, not that hackers in those days thought it was a secret to be kept, but because nobody ever took the time to write the process down in a user-friendly way.
Those who have been following this blog for a while know that I try very hard to bridge the gap between the “hackers” and people who have technical interest in what they do, but don’t know where to start. It’s for this reason that my involvement with m0skit0’s Half Byte Loader (now VHBL) has always been about simplifying it to the max, and make it portable to as many games as possible, as easily as possible.
Today, finding an exploit and porting VHBL to it is not a one click process, but it is reasonably simple. Porting VHBL can be done within a few hours, which is insanely fast if you think about the months it took to create the tool initially.
Our tutorials for finding exploits and porting VHBL are fairly old, but they are still valid, so I think it is worth refreshing everyone’s memory. and if you are worried that “you won’t make it”, keep in mind that pretty much every single VHBL release we have done in the past 2 years, was the work of a different person, generally someone pretty new to the scene.
finding and exploiting your own PSP/Vita vulnerabilities
- The first step is to find a game with an exploit. This is a time consuming process, but does not require too much programming skills. You’ll need a PSP, lots of games, and a few tools. The whole process is described here: Finding Gamesave exploits on the PSP (wow, I wrote this 5 years ago, and it is still very relevant today). I estimate that 10% of PSP games have “easy” vulnerabilities such as a buffer overflow in the player’s name.
- The second step is usually to write a binary loader to leverage your exploit. This will confirm that your exploit can let you load simple pieces of code, such as a “hello world”. I describe this process here: Writing a binary loader. Many hackers prefer to write a simple hello world before writing a binary loader, but writing a binary loader is simple enough and puts you on the right track for a VHBL (or TN-V) port later on.
- The third step is to port VHBL to your exploit. The binary loader you previously wrote will load VHBL for you. I describe the VHBL port here: Porting VHBL to your game exploit
These steps all require a hacked PSP to do the probing and debugging, even though the goal is to run VHBL on a PS Vita. Looking for PSP vulnerabilities without a PSP is not as convenient, but doable. Check hgoel0974’s guide to writing a psp exploit directly on your PC through PSP emulators: finding vhbl exploits without a psp
Again, everyone I know who’s given it a try has been baffled at how simple the process is, in hindsight. If you’re interested in PSP/Vita hacking, this is a first step that I really recommend (you can train with previously exploited games, Sony do not patch those anymore on the PSP, only on the Vita). It’s the people who decided one day to give it a try, that made it possible for us to release more than 20 game exploits in the past 2 years!
Excellent Article.
Ta`goodjob!
Put this together with the last Vita exploit article and you get “Do you need new exploits? Do it yourself” hahaha.
thanks ^^
first. for this in an emulator finding exploits or live.
u need to port usbtools to nettools for psplink wifi
since it works without usb it has minimal usage
and needs a port of tools from *.usb to *.net usage
things like gdb debugger and others dont work with
psplink wifi
i never use a psp and usb anymore … nor will u i imagine.
i use a vita and usb xor wifi but thats something else
as i cant use it to debug like with psplinkusb
cheers
ps. and i need a live mysql database lol
hi, could u put the wololo.net/feed.rss back online ?
so i can have fun reading parsed
thanks
strange the feed is online
Bonsoir,
“To five it a try.”
Light Xela Error report 1
20 exploits in 2 year, 1.8~~ per month, i guess; one person taking 15 days to find a exploit (more than one person working), ?… i dont know if a agree with “is reasonably simple”. Oo
Hello,
I don’t write many time but i read your site often (everyday). I think the psp is dead and people who wan’t to play emulator or psp game can buy a psp for little money.
I think the psp scene is dead and we don’t need an other exploit on the ps vita. I hope the dev will try to find an exploit for ps vita game and not for psp emulator on ps vita.
I bought the ps vita when she came in store at the begening and i have only 3 games and ps+ but i never play with my vita. She’s in the box.
Sorry for my poor english, i’m french.
I think there are elements of thruth there, possibly why this articles been put up. the latest under the hood changes made it near impossible to get kernel access so yea.
anyone can go buy a used psp, but playing psp games on the vita is much nicer.
you have bilinear filtering as well as being able to assign the touchscreen corners and right analouge stick, all this on a bigger screen makes for a much nicer psp experience in my opinion
I finally updated mine and got when vicking attack and urban trial freestyle city rampage all for 3 bucks vita has nice deals now on psn that its better to buy another psp i honestly think its has a crsiper graphics cause the psp games are native on it while on the the vita it still stretched even with bilinear filtering.. Cant pass killzone merc online now with botmode beats tn-v all day
tis why i have 2 vitas 😉
thanks i might five it a try too
what about a wololo.net rss parse reader for psp
meaning an eboot rss reader :p
but the feed ends in wololo.net/feed/
and not in feed.rss
is ther a script convert to xml or rss or any
or even cvs
lets code a feed parser
this is the php code on the webserver
http://maxburstein.com/blog/build-your-own-rss-feed-reader/
then how do i parse feeds from older than 2 weeks
next is to add this php page on some sebserver to
an eboot psp webbrowser mutex app
anybody have a sample of hooks ?
PSVITA Hacking for noobs!
the other way to run the rssreader script
is to run a localhost apache plus php in a prx
aside from ur demo eboot and just point
the webrowser hook to localhost
pge phoenix game library has a lua utils browser script for an eboot
next would be porting running host httpd and php as prx
I found four new games that seem to offer hope. Where do I share this info to see if they are indeed new?
what about sharing ur thoughts in /talk
/talk is the forum, scroll up and u will see it
If I am on the lastest firmware in PS Vita (3.12) but I’ll buy an exploited game for 3.01 (I read in this site they’re back in the PSN) can I install psp emulator? (I read the tutorial and i thought that and i understood that the savedata file don’t relate to the firmware).
Thank You For Helping And Explaining.
no you cant do that
What if you found a game exploit that has not been patched yet, would it work on 3.12?
yes
Great job
what about a bluetooth network link from vita to a gateway(pc)
I wanted for a long time to work on psp exploits, thanks a lot for explaining. every psp game that exist can be found on the psvita psn (except the ones that have been removed) ?
thx
No, not all of them are available. You should check on the PSN if it says “PSP/Vita” or “PSP” only, before looking for exploits in a given game.