VHBL exploits for 3.30+ from qwickrazor87

[samsara]

qwickrazor87 just updated the binloader for the 3.18 exploits for the big leak last year in addition to the patches to allow them to work on FW 3.30+.

https://twitter.com/qwikrazor87/status/ ... 5366202368

This is not for end-user yet. Should be pretty easy to port some of the older exploits though. qwick may want to announce this himself later though so this is just a notice for the developers lurking here.

For exploit source, since zload is down, Conjo has a mirror:
viewtopic.php?f=23&t=39712&start=10#p372430

Edit; moved from VHBL subforums.

Advertising

[The Z]

Keep in mind that Sudoku got patched in 3.35 and every other of these games is pretty much useless if you intend to do anything with it that is bigger than 1MB.

Setting up a VHBL bubble should still work, though.

Advertising

[jeerum]

Patapon 2 EU crashes and wont load simple hello world
Inernational Athletic's EU corrupted savedata

[samsara]

Was going to try updating some of them but my psp died over the vacation. Any way to get the game key without a psp?

[jeerum]

Was going to try updating some of them but my died over the vacation. Any way to get the game key without a psp?

ppsspp run iso and get from Log - search "Game key"

[doctorgoat]

Someone more talented than me:

http://www.filedropper.com/ulus10461disgaea006

Here's an uncompressed copy of Disgaea 2 US' save that's already been set up as a basic h.bin loader.

Disgaea EU and JP were publicly exploited, but this wasn't. It's probably useless aside from this. It might not be, but w/e.

I've spent way too long on this and hopefully someone here can do something better. A VHBL bubble would be great.

Loader is at 8463D, in memory at 0x08DC53C0.

Overflow begins at 1106 and has a jump address at 11B3. In memory, it's at 0x08D41F33.

[jeerum]

Someone more talented than me:

http://www.filedropper.com/ulus10461disgaea006

Here's an uncompressed copy of Disgaea 2 US' save that's already been set up as a basic h.bin loader.

Disgaea EU and JP were publicly exploited, but this wasn't. It's probably useless aside from this. It might not be, but w/e.

I've spent way too long on this and hopefully someone here can do something better. A VHBL bubble would be great.

Loader is at 8463D, in memory at 0x08DC53C0.

Overflow begins at 1106 and has a jump address at 11B3. In memory, it's at 0x08D41F33.

have you control over ra register?

[doctorgoat]

The jump address and the memory address listed after that are the same thing. They're both controlling ra.

That save's already loading an h.bin file. It's just useless in my hands.

Demonstration:
https://www.youtube.com/watch?v=jO0AvGNUyz8

edit:
http://www.filedropper.com/dumps
Memory dump, decrypted file binary, UIDlist.

I also found that causing enough havoc in the game's program would lead to the actual Vita UI becoming sluggish and unresponsive, but that probably doesn't mean anything.

EDIT:
There have been two major releases of Disgaea 2. Use the US PSN version for debugging, not the original. Use the release pa-d2upsn.

[DarkenLX]

any word on a fixed version of arcade darts? i could not find any suitable jump addresses hope someone had better luck 3.18 exploit does still crash 3.3x but wont launch tnv or vhbl in current state so not sure the issue..

[doctorgoat]

any word on a fixed version of arcade darts? i could not find any suitable jump addresses hope someone had better luck 3.18 exploit does still crash 3.3x but wont launch tnv or vhbl in current state so not sure the issue..

Nothing's going to launch TN on something over 3.18 for now.