PS Vita’s Firmware 2.10 was recently released, and we already know that Sony blocked the Apache Overkill VHBL, but this update comes with quite a few hidden surprises called “stability improvements”
You are currently browsing the archive for the HBL category.
Finding PSP exploits without owning a PSP was considered impossible because of the absence of PSPLink. But now, PSP emulators are finally starting to behave like the real thing. They have become so accurate that now it is possible to find exploits using just the PSP emulators on a PC.
Famous scene hacker Coldbird, one of the core developers of the Pro CFW, announced a few weeks ago on the prometheus forums that the “online” feature of Pro Online might become available to Phat (PSP 1000) models, after he discovered a new way to get 4MB extra ram available on the PSP.
The most requested feature ever for the HBL, is an iso loader: many “developers” promised the release of an iso loader for HBL, but nobody managed to code one so far. To understand what an iso loader is and why it won’t work on HBL, first, we have to know what a .iso file is.
Syscalls, NIDs, Imports?? If you know what HBL is, you have at least heard one of those three terms, especially “syscall”. Most time spent on developing HBL was trying to improve syscall estimation (even if now it’s broken again). Syscall estimation is one of the most advanced and important parts of HBL, without it you wouldn’t able to run so many awesome homebrews on your PSV or PSP! Most of the times, people talk about this and have no idea what they’re talking about, so here’s a brief explanation.
I just submitted an update to file “gen_exploit_config.rb” in the HBL svn, you can find the file here.
That file is experimental (and also in need of some massive cleanup), but basically it should generate almost everything that is needed to get VHBL to compile and run (including, and especially, on the PS Vita) assuming you already have an exploit and the associated binary loader.
This is still experimental, and I need to update the “how to port HBL” tutorial with this new information, but mid term this should allow you to port HBL to your game exploit in about 5 minutes (compared to about 1 week for people without experience now).
Developer Yosh (a.k.a. wth) recently found another savegame exploit on a PSP game, which he confirmed to work on the vita (video below).
Today developer SKFU was able to confirm that my port of HBL to Teck4′s exploit is still working on 1.52 (this also means that Teck4′s exploit is still here on 1.52, which had been confirmed by mamosuke a few days ago). He also confirmed that the potential vulnerabilities and other stuff he’s found so far are still available in vita 1.52, so it’s relatively safe to upgrade to 1.52 if you own a Vita (I am myself still on 1.51). On Twitter he also posted a picture of a homebrew running through HBL.
I want once again to thank Teck4 for the trust he put in me with this exploit, and for agreeing with the idea of making this exploit available to trusted people like SKFU before we attempt any public release.
Mamosuke confirmed to me today that Teck4′s exploit for the PSP Emulator in the vita is still working on 1.52. Note that it doesn’t guarantee 100% that some of the techniques used to get HBL to work on top of this exploit haven’t been patched, as I haven’t tested myself. But for now I’m confident. I might update to test that, at some point.
The 1.52 Vita firmware can be downloaded here
I managed to port HBL to the US version of Teck4′s exploit in exactly 45 minutes (including writing the savedata exploit and the binary loader), which is a new personal record, thanks to the scripts included in HBL’s repository, and also to the fact that the different versions of the game are internally fairly similar (which is to be expected because technically the game is supposed to be the same, just translated, but I seem to recall it wasn’t that easy for the Hotshots golf exploit)
We’ve seen through Teck4′s exploit that PSP exploits run flawlessly on the PSP emulator of the Vita. I’ve spent the past 3 weeks working on leveraging Teck4′s exploit and port HBL to it. I’ve been receiving lots of questions (probably from people who haven’t used HBL back when it was the only possible way to play homebrews on the PSP Go) and will try to answer them here.
In the past days I stabilized HBL for Teck4′s exploit and got some major homebrews to work. In the video below I’m showing a few homebrews running on the PS Vita. I also included Picodrive again to show that fixing the sound issue is relatively easy as it is just a setting in the emulator. Check the video below. Read the rest of this entry »
A quick report: I’m making some progress on porting HBL to the Vita. Although I’m sad to say that I can’t get syscall estimation to work, I got some major homebrews such as Doom to run already, so overall I think it’s in an acceptable shape. Because it is roughly stable now, today I focused on porting HBL to the EU version of the exploited game (I was working – obviously – on the Japanese version of the game so far). This went smoothly and I can confirm HBL runs fine on the EU version of the game, although of course I could only test on a PSP, not on a Vita.
I used the opportunity to refresh my two guides, how to write a binary loader and how to port HBL. The guides are now simplified, and the binary loader tutorial now has download links to the tools used in the examples.
Writing the first “usable” version of HBL for the patapon exploit took several developers and about 4 months. Thanks to the portability of HBL, bringing it to Teck4′s exploit took me only a few days. Adapting that to the EU version took a couple hours (including porting the exploit itself), so I am confident for the US version.
A year and a half ago when I got Doom for PSP to run on the PSP Go, website hackaday noticed it and said “[being able to run Doom is] a prerequisite for any cracked device”. Some people try to run Linux on their hardware at all cost, I prefer Doom. Today I was able to tweak HBL a bit on the PS Vita to get Doom to run on it. Will I get hackaday’s attention this time too? That’s, hands down, the best fps available on the vita so far, check the video below!
Update: one important clarification: this video shows HBL running on the latest firmware 1.510. The firmware update that happened today does not patch the exploit, unlike what some sites are saying.
A few days ago Japanese developer Teck4 posted a picture of a “hello world” running on the PS Vita through the PSP emulator. I contacted him immediately with some help from Mamosuke, and I soon got enough information to start working on porting Half Byte Loader to this exploit (note that Teck4 is also working on exploiting this vulnerability further, but I don’t know how far he’s been).
What you see in the video below is the game “Sonic & Knuckles” running in picodrive, a Megadrive emulator for the PSP.