psvimgtools: Yifan Lu releases tools to decrypt PS Vita backups (including 3.63)
Yesterday, Yifan Lu released a series of tools to decrypt PS Vita backups (the ones you generate by using CMA, the Content Manager Assistant). The release comes a few days after the tool’s existence was “leaked” by people who had found the repository before the developer was ready to release something in a stable state.
Team molecule have recently found some weaknesses in how some encryption is processed on the PS Vita, which allowed Yifan Lu to work on a tool that helps bruteforce the key used to encrypt the backups. That key is unique to your PSN account, not to your console.
The tool to let you get your key can be downloaded from Yifanlu’s github, but Molecule are now conveniently providing a website that does the work for you. Pass your AID* to cma.henkaku.xyz and let it do the work for you.
* Your AID is the xxxxxxxxxxxxxxxx in PS Vita/PGAME/xxxxxxxxxxxxxxxx/ in your CMA folder
Once you have your key, you can have fun with the other tools of the suite, which let you decrypt your PS Vita backups, then pack them back to install on your PS Vita.
Wait, what does this psvimgtools let me do exactly?
This lets you decrypt backup files, then pack them back to install on your Vita. It does not magically sign content within these files. According to Yifan, this opens the door to some minor hacking for 3.61 and 3.63 users: registry tricks such as the PS TV whitelist, or swapping O/X buttons is now doable for 3.61 and 3.63 owners. According to the hacker, this also lets you install PSP homebrew (usermode, this would include VHBL) through the Custom Bubble technique (basically the same as here except the whole email part to get files from the database can be done with the backup tools – anyone willing to write a cool tutorial or tools here?).
People are already releasing applications that will help end users on 3.63 and 3.61, stay tuned for details.
Maybe more importantly, for hackers, this brings new way to try and exploit the ps vita, through files that were not easy to edit until now. Savedata comes to mind.
Yifan Lu states it would be hard for Sonyy to patch this vulnerability in future firmwares, unless they decide to make backups forward incompatible in the next firmware update, which would be a pretty bold and unlikely move.
Last but not least, there’s a great writeup on Yifan Lu’s blog on how Team Molecule found the weakness (based on a suggestion from plutoo) that allow them to bruteforce the encryption key in minutes, compared to the normal “billions of billions of years” that would be expected
Download psvimgtools
- get your AID (Your AID is the xxxxxxxxxxxxxxxx in PS Vita/PGAME/xxxxxxxxxxxxxxxx/ in your CMA folder)
- Retrieve your encryption key
- you can download the tools to decrypt/repack on Yifan Lu’s github here.
Source Yifan Lu
first
Neat. Even though it’s unique to your PSN account, would this still require a hardware redo to patch? Thanks Team molecule.
Nooope.. XD CMA Backups are now compleettly hacked.
Pls would you stop trolling to your youtube channel and help Ty LabShooo XDDDD
SilicaAndPina, thank you for realeasing this, I was an idiot for upgrading to 3.61. I was drunk, I know it’s almost impossible but I was wondering, would it now be possible to now get ffx-hd save file and hex edit throuh pc and use ffxed then transfer it back? If it is how and if not darn. I am still waiting for you guys and Yifan, TheFliw and Mr.gas to someday make a 361 native hack or a downgrader although it’s almost impossible. Fighting!
PS please reply the answer to my question at twitter @viral_zero, rarely visits wololo these days. Thanks!
Very nice
Sorry, I got confused. I do understand that this won’t allow me to download homebrews, but will I be able to download and play Vita games if I don’t have a PSTV? Or do I actually need one to play?
it will allow you to download other peoples save files (and since vita save files are backups of the entire game, im guessing it will let you trick sony into thinking you own the liscence of any backup you resign, so if i buy ff-x for example and back it up, the save file is like 3.6gigs, then you can download this save file and resign it to your account, therefor letting you play my save file and the game…. AT THE VERY LEAST it lets you download other peoples save files for games you already own so you can bypass long ardous grinds for maxed out accounts)
First
Question: do you think it will be possible to play the undub legit games again by replacing the necessary files? I could on 3.61 but not anymore 3.63.
already done this .. but my problem is when i open package installer it says “An error has occured. (C2-12570-5)” . don’t know what’s wrong i just follow the steps correctly and put it in my vita. I’m on 3.63 btw.
So this works for playing backups on 3.61+? I don’t understand well the psn thing, does that mean it works only with backups of your own games?
Also would this enable users of 3.60 play games requiring 3.61+ fw?
no salio el psvimgtools 0.1 para win32
I live in Brazil, where a single Vita game could go from 90$ to 300$+, depending on the game. The same games can be found for 30$-40$ in countries such as USA, but shipping them not only is expensive, but also takes quite a lot of time to arrive and with no guarantees.
I had to save money for years to buy a Vita (which can cost to 800$ to 1000$+ around here.), and I only managed to buy it because it was pre-owned. Being the lucky guy that I am, it came on 3.63.
Why am I telling this? It’s because, as implied, investing in games here can be quite difficult. So I really would like to know if this discovery could potentially lead to downloading and playing games for free. There are many great titles that I’d like to try, and many can’t even be found here. I do know a hack like henkaku could take years to be made, but could this be a solution?
Can i install vpk on my ps vita 3.63 with this hack? If yes how i can do it?
Will this let you decrypt downloaded through psn game updates?
Would it be possible to decrypt the backup, then send it to someone and repack it?
of course you can repack it, the problem is when copying to ur vita through cma
Since it’s the encryption key used for your psn account that you get, could it be used to decrypt stuff on ps4 if the same account is used on one?
Heads up, I’m currently trying to do the custom VHBL bubble thing and CMA will disconnect from the system after trying to place the pboot.pbp file in the directory. So far not working. I did how ever get Wipeout Pulse to recognize that there is DLC installed (wohooo!) but I need to inject a EUR version.
Don’t use CMA instead use qCMA
Noob question.
I have a Vita on firmware 3.60. My Final Fantasy VIII game.psvmd got corrupted so i have to delete it. Don’t know why i keept the game.psvimg of this game. With this tool can i regenerate a game.vsvmd to be abble to play FFVIII? Thanks
Thanks to Yifan Lu
I was able to install VHBL without any problem on my Vita 3.63.
So what are the chances of this leading to 3.63 users being able to play ‘acquired’ games?
the CPK files generate4d by this how do i open them ?
any reasong why it doesnt run on my pc
If I have a 3.63 system and I do this with psvimgtools, am I able to install PSPHombrew? How does the PSP homebrew works? Can I just download, copy PSP games and run it on my PSVita with PSP homebrew?