HENkaku: Yifanlu releases files for offline hosting, officially challenges hackers to reverse and explain the exploit


We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

39 Responses

  1. vampula says:

    Go ahead pros)

  2. Ricochet90 says:

    What about the guy who reverse-engineered this a few days ago?

    Is this what they want?

  3. Zerocoolak says:

    This is getting good!

  4. kosuke says:

    i actually think he wants to challenge ppl cause you can add support for maybe psp and even vita game via backups but dont want to be the one responsible

    • TheRealSlimShady says:

      Man i was thinking the exxacct thing when he first challenged us! 🙂
      He doesnt want to be held responsible for piracy but wants us to to find it ourselves and release it then go to jail. 😀

      • MyLegGuy says:

        You guys are clearly geniuses. The smartest people out there. Here’s the really cryptic thing the team said:

        “We carefully designed HENkaku to be as permissive as possible for developers to write homebrew supporting private APIs and the option to bypass sandboxes. However, we also made sure to make it as difficult as possible to repurpose our tools to enable piracy. While piracy is always inevitable, we will not make it easy.”

        Me, a person of average intelligence, would’ve never been able to find the real message behind this. But you guys have. Well done.

      • satan89 says:

        He just wants more devs to return to the Vita scene and make it popular again. Why would he want piracy for everyone else? What would he gain?
        If he wanted a backup loader for himself, I’m sure he could do it.
        Stop trying to discredit devs with your conspiracy theories

    • TheRealSlimShady says:

      You guys are assuming way too much here, since they placed mechanisms in place to slow down piracy I don’t think they would call it a “nice bonus” for people who gets there, I think that bonus would be something like another undisclosed possible exploit that may lead to other possibilities, it doesn’t have to be strictly a piracy enabler…

  5. PSvitaK says:

    You can do it Major_Tom

  6. Fez says:

    I downloaded the files from Github, setup a local webserver. from my PS Vita I can browse to my local server IP address and I get the welcome message and click ok. the Molecular shell boots and starts downloading the files from the /pkg directory but the install fails with the error “failed to open version.txt” then the web browser closes. anyone else experience this?

    • wololo says:

      I’d suggest you start a thread on /talk to see if others can help. The comments sections of the blog is not super user friendly for that kind of talk 🙁

      • Fez says:

        Worked it out. Looked through the web server logs and found that the \pkg\sce_sys\param.sfo file was not being served. Had to create a MIME mapping in IIS for the .sfo file extension. All worked after that.

    • Madridi says:

      I’d like to understand how you did this, as I seem to be stuck at an earlier stage. After compiling, I set up a local apache server (Actually, I already have one “xampp” for hosting wiiu exploit.. I just made a new vita folder).. and I host the files there.
      Now, from what I understand, this is where stage1 will be hosted. Now how can you host stage2? It mentions nothing about how to host with php or Go (which I’m failing to use anyway).. so this part I left untouched

      At this current point, I’m getting the welcome address, and greated with the famous C2-12828-1 error, which is not fixed by the known methods. I think it because stage2 is not accessed, and it would go away once I can properly do something with that. Any info would help. Thanks!

      • Fez says:

        I only have a windows 8 PC so did my setup with a mixture of IIS for stage 1 and using Go programming language to launch the stage2.go webserver for the stage 2 component. The readme says that you can use pretty much any web server for stage1, it is stage2 that seems to be all the trouble. I tried to get it working using the stage2.php file so I could have it all setup just using IIS and PHP which would have been cleaner but couldn’t work out from the readme how they were explaining to do it. I ended up using Go for stage2 and seems to be working consistently now.

        • Madridi says:

          Thank you that’s very helpful to know. I assume setting up IIS is similar to my setup of xampp. Xampp also supports PHP so it should’ve worked, but it didn’t.
          So, could you give me a link and a brief steps on what I should do for go? I ask for a link because there is Go programming language, and Go server. I downloaded the later, and the server produced an error for whatever reason saying VM couldnt allocate memory or something (can’t remember the msg, and it was more than one error anyway). So I got frustrated and uninstalled it.
          Anyway, I’d appreciate your help on this. Thanks!

          • Fez says:

            The one you want is Go programming language not server. This is where I got it from. https://golang.org/ basically installing it allows you to run the code in the stage2.go file.
            To start the Go web server in the stage2.go file I ran “go run stage2.go -payload stage2.bin -port 8080” from the command line in Windows. You change port 8080 to what ever TCP port you are using.

          • Madridi says:

            Not sure why it’s not letting me post after your last comment, but just wanted to report back that It worked!

            I will now be on a hunt to get it working with PHP. I’ll let you know if I have any success. Thanks for the help!

          • Fez says:

            No problem let me know how you go with PHP. Also what OS are you using? Windows or Linux?

          • Madridi says:

            I’m using windows 7 x64 .. Will try several configs when I wake up and let you know. Bed time for me! 🙂

          • Madridi says:

            Quick question if you dont mind. I was playing with the settings and ports before I went to bed, and I noticed that everytime I run that go run stage2 command, it asks to unblock stage2.exe from firewall .. I digged around and noticed the reason was that everytime we run that command, that exe goes to a different folder in user/(username)/appdata/local/temp .. This is getting added to the firewall rules every single time! Any way around that, or better yet, disable it?


          • Fez says:

            I ditched IIS and am just using go now. I made a video to show how I set it up – https://youtu.be/nRNvGTpuy7I

          • Madridi says:

            Cool video, but it has some unnecessary steps:
            1- No need for git bash, you can use windows cmd. The only change that “./build” will be “build”
            2- No need for the simple server to be renamed to stage1.go and running that before running the “go run” command.. Instead, you do this:
            – open cmd, type this “go build stage2.go” .. You only have to do this the first time. It will create a stage2.exe in your directory. So you will run it a local copy instead of creating a new one in temp everytime.
            – create a text file, call it whatever (I called it Start GO), open it, and put this “stage2.exe -payload stage2.bin -port xx” where xx is your port number. Save it, and rename it to a .bat file instead of .txt file

            Now everytime you want to run the server, just double click the .bat file 🙂

          • Madridi says:

            Update on my last post:
            My fault for on stage1.go, I forgot you ditched IIS, so you need that. However, in that same .bat file, having these 2 lines should do the job for you:
            “go run stage1.go”
            “stage2.exe -payload stage2.bin -port xx” .. where xx is your port number .. obviously after creating the exe

            If for whatever reason that fails, you can put the below line in the middle:
            “Timeout /t 5 /nobreak >nul” .. This will pause the process between the first command and the second command for 5 seconds

            In other news, I could not get PHP to run whatsoever.. I gave up on it at this point. The only thing I dont like about go at this moment is that I have to keep the cmd open, as I’m not just hosting it locally.

  7. Anon says:

    Finally. Now it’s possible to use HENkaku without the fear of getting your PSN account banned after the Vita calls home and uploads all user activity logs to Sony.
    Hopefully someone ports this to 3.18 and/or releases ePSP kernel exploits for playing PSP and PS1 backups on 3.60

  8. KoriTam says:

    Here Stage 2: http://pastebin.com/Gi8TVT9t
    Creates Kernel-Mode Thread that executes Stage 3 (encrypted)

  9. Don Li says:

    Nekminnit Sony comes along an reverse engineers this *** and we all get blocked from all future development in hacking.

  10. Striker says:

    I hope they can install in Henkaku something that can Overclock the CPU of Vita from 333mhz or 444mhz to 2ghz

  11. Alvion says:

    is there a way to make a homebrew that enable cell phones screen on vitas screen that will be cool or tramsform the vita into a keyboard or mouse man i have o loot of ideas if only i know more programming <.< that was off topic now on topic they shouldn't be inspiring hackers to reverse this is really unnecesary they are underestimating he fellows hackers they know that it will take some time but they will break the code and that i don't know if is going to be good or bad.

  12. Erippe says:

    I don’t understand why this should protect you from Sony… you still have to enable WI-Fi to do it.

    • Anon says:

      “Offline hosting” means “not connected to Internet”, as in your Wi-Fi router can be disconnected from the Internet (this prevents the Vita from sending your activity logs to Sony, which prevents them from banning you) and you still can activate HENkaku on your Vita whenever you want, no matter whether the “official” HENkaku server works or not.
      Still, once you finally let the Vita go online, it will send whatever info it collected on you back to Sony, so you’ll have to factory reset it before going online and reactivate it via PS3 if you want to be totally safe.

  13. MrDude says:

    @fez – you get that ‘version.txt’ error because you need to move the pkg folder to the first directory of your website. I was getting the same thing before I moved it as the exploit couldn’t find the files.

    If the molecule bubble was already installed – it worked, but if it wasn’t it needs to find the files – and that’s why you need to move the pgk folder & contents.

  14. Jefphar says:

    I have found a pkg folder in the github download. This one looks like PS Vita app back ups. Is it possible to save it on the computer together with your Vita apps then install it via QCMA? Will it have a problem if you install it on Firmware 3.18?

  15. ThatOne says:

    Simple windows setup using these files and “GO” server.


  1. August 7, 2016

    […] KoriTama and “H” have stepped up for Yifanlu’s challenge to reverse engineer the HENkaku exploit. After H’s explanation of the first stage of the exploit a few days ago, more has […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding