Vita Custom Firmware for dummies

This guide explains the latest and greatest way to Jailbreak your PS Vita and install a Custom Firmware, the proper way. As of writing this guide, all PS Vita firmwares up to Firmware 3.74 (included) can be hacked.

Note: People looking for the older “PS Vita custom firmware for Dummies” page can find it here.

How is this vita CFW guide different from others?

Unlike other guides you might find on the internet, this guide is “opinionated”: I’ve used my decades of knowledge of the PlayStation hacking scene to curate what I believe to be the best possible solution for Vita Custom Firmware. There are other ways, other firmwares you could go with, but if you want something straightforward, and, technically the best of what the Vita hacking scene has to offer today, this is the way to do it.

As another difference from other guides out there, in this page, I’ll try to explain not only how we do things, but why we do them. This is why I try to point you to the “original” tools and hacks rather than “packages” that are supposed to simplify the work for you but don’t let you learn what’s happening and why it’s happening.

I’m not saying other guides are wrong. As a matter of fact, if you want options, https://vita.hacks.guide/ might be a better choice for you. Conversely, if you’re tech savvy, you might want to go to the h-encore² github directly and follow the instructions there. Actually, these two pages were significant sources for writing this guide, and they might suit your style better. I do hope that my approach can work for some people.

Ready? Let’s get started. Check the Table of Contents below if you want to quickly jump to a specific step

0. Why would you want to Jailbreak your PS Vita?

It’s never been easier to install Custom Firmware on the PS Vita, thanks to the insane work of many hackers, in particular folks like Team Molecule, YifanLu and TheFloW. What used to be a cumbersome process is now reasonably easy, and the heavy lifting only needs to be done once. All known firmwares of the PS vita can be hacked, so it doesn’t matter if you’re on the latest firmware, or an older one at this point (but this guide will recommend you are at a “reasonably recent” firmware instead of convincing you to stay on an outdated version)

A hacked PS Vita gives you access to hundreds of games and utilities, from emulators to AAA game ports. Furthermore, Sony officially stopped supporting the PS Vita a long time ago: they’ve made it painful to use almost all official services on the console, to the point that if your Vita isn’t hacked today, it might almost feel useless. The combination of value added by Custom Firmwares and the decrease of value of the official features makes it a no-brainer to Jailbreak the PS Vita.

Installing a Custom Firmware on the PS Vita is relatively painless and safe, with options to make it permanent if that’s more your thing (I personally recommend that approach but we’ll see about that below)

1. Choose your hack: Temporary (h-encore² + Henkaku)  or Permanent (Henkaku Enso), and prepare your PS Vita

There are basically two options I think make sense nowadays to hack your PS Vita: The “live” (or temporary) Custom Firmware h-encore² + Henkaku, or the “permanent” Custom Firmware Henkaku Enso.

From a user perspective, the main difference between h-encore² + Henkaku on the one hand, and Henkaku Enso on the other, is that Henkaku Enso is installed permanently on your console (once your console is hacked with Enso, you have nothing else to do to run Homebrew), while h-encore² + Henkaku is more temporary: every time you reboot the console, you will have to run the hack again (but just to be clear, this simply requires clicking an icon, and is a 10 second process)

Another thing is that Henkaku Enso is only compatible up to firmware 3.65, but in practice this is not a problem since downgrades are possible on the PS Vita.

To sum this up:

h-encore² + Henkaku Henkaku Enso
  • Runs on the latest and greatest firmware (3.74 at the time of writing)
  • Isn’t permanently installed on the console: needs to be relaunched every time you reboot
  • Is overall less risky
  • Installing it is a required step no matter what you ultimately choose
  • Requires firmware 3.65 or lower (but it is possible – and easy – to downgrade from 3.74 to 3.65)
  • Carries some risk as it makes permanent changes to the console boot
  • Is permanent: once installed, nothing else to do, your console is hacked for good.

What I recommend:

Normally I would recommend people to just use the “temporary” h-encore² hack. I personally find these temporary custom firmwares to be more convenient, less dangerous, and in general more user friendly: if you lend your console to a friend or family, there’s limited risk they’re doing something stupid. However, 1) Enso has proven over the years to be extremely stable, and 2) running h-encore² at every boot has actually been kind of a chore in my tests. The hack fails semi randomly, and that means rebooting the console and trying again. It’s not the end of the world, but the convenience of Enso has convinced me.

Additionally, there are other hacks for lower firmwares, but this late in the console’s life, I see no value in remaining on a lower firmware.

So, bottom line, depending on whether you choose h-encore² + Henkaku or Ensoyou’ll want to be either on firmware 3.74, or 3.65. Which one you’re at initially doesn’t matter that much, what matters is that you might have to downgrade to 3.65 during the process if you choose to go with the permanent Enso hack.

Steps:

  1. Choose whether you want to install h-encore² + Henkaku or Enso based on the explanation above (note that you can try h-encore² + Henkaku first, and decide later to install Enso!)
  2. Ensure your PS Vita is running on either Firmware 3.74 or 3.65
    1. if not, the easiest way to ensure this today, is by simply letting the PS Vita update to the latest firmware 3.74 through the official system update
  3. Your PS Vita needs to be linked to a PSN account
    1. you can verify that by checking Settings/PlayStation Network. If there’s no PSN account, link one by following the official instructions on the console. I recommend not using the same account you use for “official” gaming.

      If your console is not linked to a PSN account, click on “sign up” and follow the instructions. We recommend creating a separate account for your hacked console

2. Install and run h-encore² and Henkaku

You need to do these steps no matter what CFW solution (temporary or permanent) you chose. These steps are the same whether you are on firmware 3.65 or 3.74

Steps:

TL,DR: Follow the great instructions at https://github.com/TheOfficialFloW/h-encore-2#installation . That’s it, you can move to Step 3!

Read the rest of this chapter only if the link above didn’t help! I’m barely copy/pasting TheFloW’s instructions here.

  1. Download h-encore² and extract it on your computer.

  2. Download and install qcmapsvimgtools and pkg2zip (check the releases section for the binaries).
    If you don’t know where to put psvimgtools and pkg2zip binaries, just put them in the h-encore-2 folder.

  3. Download the vulnerable DRM-free demo of bitter smile (yes, that’s the user entry point).

  4. Extract the demo using this command in terminal/cmd:

    pkg2zip -x PATH_OF_PKG
    

    This will output the files to app/PCSG90096.

  5. Copy the contents of the output app/PCSG90096 to the folder h-encore-2/app/ux0_temp_game_PCSG90096_app_PCSG90096 (such that the files eboot.bin and VITA_PATH.TXT are within the same folder).

  6. Copy the license file app/PCSG90096/sce_sys/package/temp.bin to the folder
    h-encore-2/license/ux0_temp_game_PCSG90096_license_app_PCSG90096 and rename the just pasted file temp.bin to 6488b73b912a753a492e2714e9b38bc7.rif. Be careful with the file extension, it should not be .rif.bin. Again, this file should be in the same folder as VITA_PATH.TXT.

  7. Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date) to spoof the System Software check. (note from Wololo: these seem to be the default settings in qcma)

  8. Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PC -> PS Vita System, and after that you select Applications. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn’t solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to 212.47.229.76 to block updates. This should create a folder at PS Vita/APP/xxxxxxxxxxxxxxxx on your computer (see qcma settings where this folder is), where the folder xxxxxxxxxxxxxxxx represents the AID (account ID that is 16 characters long) that you need to insert here. If the AID is valid, it will yield a key that you can now use to encrypt the demo.

  9. Change directory to the h-encore-2 folder in terminal/cmd and use the key to encrypt all folders using (make sure you don’t confuse the key with the AID, the key is 64 characters long!):

    psvimg-create -n app -K YOUR_KEY app PCSG90096/app
    psvimg-create -n appmeta -K YOUR_KEY appmeta PCSG90096/appmeta
    psvimg-create -n license -K YOUR_KEY license PCSG90096/license
    psvimg-create -n savedata -K YOUR_KEY savedata PCSG90096/savedata
    

    The folder h-encore-2/PCSG90096 should then contain sce_sys and all 4 folders from above, and within these folders you should find files called X.psvimg and X.psvmd, where X has the same name as the folder. Backup this folder, since if everything has been done correctly, you don’t need to redo all the steps to install it onto another device with the same PSN account.

  10. Copy the folder h-encore-2/PCSG90096 to PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG90096 and then select Refresh database in qcma.

  11. The h-encore² bubble with a size of around 243 MB should now appear in the Content Manager and that’s what you finally need to transfer to your PS Vita. If the size does not match or you get the error C2-12858-4, then it’s because you did not do it correctly! Please re-read the instructions more carefully then. If you get the error You can only copy applications that your account is the owner of, then it’s because you have used an AID that is not of your account, go back to step 8.

  12. Launch h-encore² to exploit your device (if a message about trophies appears, simply click yes). The screen should first flash white, then purple, and finally open a menu called h-encore bootstrap menu where you can download VitaShell and install HENkaku. If it prompts the error Cannot start this application. C0-11136-2, then it’s because you did not do step 6. correctly.

  13. Enjoy. Note that you have to relaunch the exploit everytime you reboot or shutdown your device. Of course if you only put your device into standby mode, you don’t need to relaunch.

At this point, your PS Vita is technically hacked. Although you’ll need to run the “h-encore²” application from your home screen every time you reboot the console, for all intents and purposes, you can choose to stop here!

3. Change Henkaku settings and Install VitaShell

h-encore² has an option to Download and install VitaShell. If you haven’t done so in the step above, we strongly recommend you do it now. VitaShell is an essential tool for hacked PS Vita and you will need it at the minimum to copy files to and from your PS Vita, including Homebrew games and tools. You also need it for the steps that follow.

Steps:

  1. Go to Settings > Henkaku Settings and check “Enable Unsafe Homebrew”
  2. Install VitaShell from the h-encore² application

4. Downgrade your PS Vita to 3.65 if needed

By the end of Step 2 above you got your vita hacked. Everything we do below is for the purpose of installing the more permanent solution, Enso. I’ve described in Chapter 1 why I think it’s a superior solution to “just” running h-encore², go back at the top of this page if you need help to decide.

Check this first:

  • This downgrade step is only necessary if 1) you are on a firmware higher than 3.65 (typically, 3.74) and 2) you want to install the Permanent CFW Enso.
  • Skip to Chapter 5 below (“Install Enso”) if you are already on 3.65

To downgrade from 3.74 (or other firmware) to 3.65, we are going to use Modoru: modoru means “to go back” in Japanese and is a downgrader for the PS Vita.

Here again, TheFloW has a great step-by-step guide on his official page, unfortunately a couple of links point to the older versions of Modoru which can be confusing, so I will replicate a fixed explanation below. Additional notes highlighted in red, not because they’re more important than the actual steps, but in the hope that I’m answering frequent questions

Requirements

  • Your device must already run HENkaku/h-encore on firmwares 3.60-3.74 in order to use this software.
    • note from wololo: this should already be the case if you’ve been following this guide. If not, go back to the top of this page
  • Your device’s battery has be at least at 50%.
  • All your plugins must be disabled, therefore you will not be able to launch the downgrader from a SD2VITA and hence, you must have a Memory Card (or Internal Storage).
  • If you have installed IMCUnlock by SKGleba, it is recommended to uninstall it first before attempting to downgrade to a firmware lower than 2.10.

Steps

  1. Download and install modoru.vpk using VitaShell.
    • Notes from wololo: if you’ve never used vitashell before:
      1. run VitaShell with your Vita connected to your computer via usb
      2. once in VitaShell, click on “select” to open the USB drive, this should show up as a folder on your computer
        • On windows, If you’re only seeing a handful of folder (in particular if you don’t see the “app” folder): go to the folder’s options and under “view”, uncheck “hide protected operating system files”
      3. Copy the vpk somewhere on the memory stick (I personally made a “vpk” folder and put it there)
      4. Close the USB connection from VitaShell, then navigate to where you copied the VPK file, and click on it (X button) to install it
  2. Obtain the PSP2UPDAT.PUP file of firmware 3.65  and place it at ux0:app/MODORU000/PSP2UPDAT.PUP (don’t install modoru.vpk afterwards, otherwise the update file will be removed).
    1. Note from wololo: check the notes in the item above if you’re not seeing the “app” folder
  3. Disable all your plugins. Easiest way is renaming ux0:tai and ur0:tai to some other name.
  4. Reboot your device and relaunch HENkaku/h-encore.
  5. Launch the modoru application and follow the instructions on screen.
  6. Enjoy the installation and welcome to your favourite firmware.

At this point, your PS Vita should be back to Firmware 3.65. Note that since you rebooted, you probably need to relaunch h-encore² 🙂

5. Install Enso

This is required only if you want the hack permanently installed on your console. If you are satisfied with just the temporary CFW h-encore²+Henkaku, you could have stopped after Chapter 3. It’s not too late to stop (or pause) now 🙂

Please note that there is some risk involved with installing Enso, as it does some permanent modifications to the boot code of the PS Vita. Do understand that if a problem happens, it could brick the PS Vita, and there is no known way to revive the console. Nonetheless, it has been used by thousands of Vita enthusiast by now, with no significant problem reported.

Steps:

  1. Download Enso from the project’s github (at the time of writing, latest release is 1.1)
  2. This is a VPK, install and run it with VitaShell, following the same process used for Modoru above.
  3. Follow the instructions
  4. If everything goes well, the PS vita should reboot and you should see the PS logo replaced by Team Molecule’s logo. This means Enso is correctly installed and running
  5. You’re done!

At this point you’re running a permanent Custom firmware. Your PS vita is “as hacked” as can be, congrats!

6. Next Steps: recommended stuff to install

Now that you have a hacked PSVita, whether you’re running h-encore²+Henkaku or Henkaku Enso, there are lots of homebrew games and tools you might want to try. What we consider essential at this point are the following:

  1. VitaShell, which you should already have installed in the steps above. File Manager + package installer + FTP Server…the swiss army knife of your hacked PS vita
  2. VitaDB downloader. This is the most complete “appstore” of the Homebrew scene. It will make it easier for you to Download, install and keep up to date with most of your unofficial games
  3. Adrenaline – PSP Custom Firmware to run PSP Games and homebrews within the PS Vita

642 Responses

  1. Alex says:

    Hey, i didn’t see this new jailbreak, and i updated to 3.61 🙁
    I searched LONG LONG hours in the internet how to downgrade my system back to 3.60 or back more.. I got some sites, they said i can do it, and they have a step by step tuto, and i downloaded the files to do so but it’s password protected (fukkin surveys )
    I can’t believe and i don’t want to believe that there is absolutely no way to downgrade this fukkin vita. I’m very angry for myself 😀
    There is need to be a way. PLEASE HELP!!!!
    I got programming skills, but never worked with the Vita before.
    How can i go back to 3.60? I just thinking , that what if i restore my device? Is it going to restore a previous version system or be the same ?
    H
    E
    L
    P

  2. Yyu says:

    where is total – noob?. I want he crack my ps vita 3.60, I want plays psp game

  3. Captainkussh says:

    Can we start up a fund again for a contest to either develop a downgrade method, or get Henkaku or something similar working on 3.61? I can tell you right now for me it’s come down to a ONE SHOT situation. I’ll pitch $50 myself, and if nothing comes up, i’m going to just sell the Vita. I like the device, I just can’t convince myself that i should be paying $75 for portable games from a company that is clearly not putting a lot of effort into supporting a product outside of making it less and less friendly for homebrew.

    Is this something we can do? If 100 of us put in $50, that’s $5000. I’d rather put $50 into something constructive than a *** Vita game i’m never going to look at again after i beat.

  4. XxLeonxX says:

    can downgrade psvita 3.61 to 3.60 for can hack it whith henkaku? i need a downgrade

  5. john says:

    Please add dates to when the sections were added. I’m checking up on this stuff everyday and find myself 2 sentences in only to realize that I have read this one.

  6. ??666?? says:

    Hi guys. I want to buy a PS VITA but I have some doubts. Could you help me answering them?

    1) If I use henkaku, can i still connecting on internet with my vita? I need be connected in PSN to only use the vita on internet?
    2) Can the future games, released after the 3.61 firmware, be dumped to run on henkaku 3.60?
    3) Are the dumped games totally functional? Aren’t there any problematic issues like corrupt save files?

    Already thanks.

    • ??666?? says:

      Better english:

      Hi guys. I want to buy a PS VITA but I have some doubts. Could you help me answering them?

      1) If I use henkaku, can i normally use internet on my vita? Do I need PSN connection to use internet on vita?
      2) Can the future games, released after the 3.61 firmware, be dumped to run on henkaku 3.60?
      3) Are the dumped games totally functional? Aren’t there any problematic issues like corrupted save files?

      Already thanks.

      • Hello
        The Psvita 3.60 with Henkaku can use spoofer and connect to Psn,so it’s like 3.61.
        Dumped Games Are Fully Functional,but some games have savedata corrupted,but do not corrupt other savedata.
        Future games in 3.61 can be dumped on 3.60.But it require a “translation”.
        If you need Games click my name.

  7. Hamilton says:

    hi I don’t know much about this but I have a question. I also plan to buy a PS Vita, what do I have to do for this to work?

  8. CsSwanJJJ says:

    Hello, I want to know if I did this on 3.6.1 will it work? chances? and is there a way to make my vita 3.6.0 again?
    Thank you :>

  9. whoah this blog is wonderful i like studying your articles.
    Keep up the great work! You recognize, lots
    of people are hunting round for this info, you can aid them greatly.

  10. Sims says:

    Long story short I updated my ps vita to version 3.61 and I know it cannot be undone. So now I am desperately waiting for the 3.61 hack .. anybody who knows when it’s gonna come or if u have any ideas about ps vita games which I can play for free. Please let me know.. ThankU..

  11. Shouyu says:

    where i can download PS vita ISO?

  12. Sector says:

    Is there any RSS functionality for this page? I don’t want to miss an exploit again.

  13. Chad says:

    I found this site for an install for Henkaku for 3.61+. i’m not sure if I should trust it. They want you to download a separate txt file that includes a password to unlock the zip which you need to complete a survey to do Anyone else try this and had success.. [scam site removed by mods]

  14. Shadowjesse626 says:

    Can i use the 3.60 hack on my vita 3.55?

  15. Kenneth Baumgart says:

    Ok, I found a program that unpacks the update files fro the vita and I did a l?t of editing to the code, I just need to find a program to repackage .PUP files to test it, does anyone know where I can find one>

  16. Dan says:

    Hey guys… I’ve just dusted off my PS Vita 1000 and checked it’s on 3.01 firmware… Didn’t realise you could hack it till 3 days ago… now… What is the best way to go about hacking this? I see heaps of options above… just wanted some eggs-pert opinions. Cheers 🙂

    • Muffinz47 says:

      connect to the henkaku server and update straight to 3.60. After that, just go to go.henkaku.xyz or even better beta.henkaku.xyz

  17. Mr. MaGoo says:

    OK so I just ordered a new ps tv and wanted to know what it the best route to take with this. I see options for a white list and also for Henkaku. Also I have a 2.02 wifi vita with the uno entry. Thoughts?

  18. Sam says:

    Hello Wololo ,

    First of all thanks for this comprehensive guide here. I did read up on the information above but needed some experts opinion before i move ahead and commit to any procedure.

    What I Have
    1> Ps vita with 3.51 official firmware(Current). I had modded my ps vita before getting on to 3.51 with TN-v using FIFA as the exploit game. I still have the fifa game with me but the mod got scr*** with the upgrade to 3.51 which happened by accident. Anyway now i have that fifa game and 3.51 official firmware.

    My Doubts
    Should i upgrade to 3.60 and go with henkaku route??? I would have done this except that i read an article on wololo here itself that henkaku does not allow me to play psp iso/cso and also another link here suggesting that it can be done with henkaku on 3.60 . Confused with conflict of info here regarding henkaku being able to allow me to play psp iso/cso directly or indirectly .

    Since i am on 3.51 , is it best to go for the native hacks like rejuvenate , ARK or others… Really confused here….

    What I need from VITA modding
    I need to be able to stay on the latest enough firmware along with being able to play psp iso/cso.

    Given my above simple needs , please suggest me the best route to take to do the same. Thanks for this community and everyone part of it in advance

  19. danosabob says:

    im in a pickle…vita only turns on in recovery,but ony option it alows me to choose is update….how can i get vita to recognise memory card with update if it tecnicaly has never seen beforer..and cant use usb because it doesnt recognise

  20. danosabob says:

    yes i have a soft brick

  21. dan says:

    February 4, 2017 at 6:07 pm
    im in a pickle…vita only turns on in recovery,but ony option it alows me to choose is update….how can i get vita to recognise memory card with update if it tecnicaly has never seen beforer..and cant use usb because it doesnt recognise

    Reply
    danosabob February 4, 2017 at 6:09 pm
    yes i have a soft brick

    Reply

  22. Aparadektos says:

    Hi.
    I have bought a viata and installed henkaku. in order to connect to ps store i must upgrade to 3.63. Can i still do it or there will be a problem?

    Keep up with the good work. Since Sony seems to have abandoned Vita, i hope there should not be any problems with that.

  23. Patc says:

    Hi my vita is on version 1.81 and uses the medblocketalpha exploit. I want to update my firmware but still keppy my system hacked. What should I do?

  24. Carlos says:

    When will TN-V ever comeback?

  25. Paco says:

    How do I completely uninstall Henkaku? And is there anything else I should do before updating my PS Vita to fw 3.6+

  26. D3NY says:

    Will this year be Henkaku 3.63?

  27. Mpl2014 says:

    If we make vita think its on lower firmware than 3.60 (or the .pup file on highter ver.) will be possible to “Downgrade upgrade”?

  28. Justin says:

    Hi, I’m trying to get a right direction. I have tried doing some research on this and not much has turned up. I wan’t to write a custom firmware, one that isn’t native to vita, and re flash the vita to my own custom firmware. Obviously this will require a jtag connection to re flash the vita when it is bricked from bad code from trial and error, would love to write in C++. I noticed on the old boards their was speculation that the port at the top may have been a jtag connection, but this is missing on the newer slim models. Unfortunately this is missing on the new slim model, which I have. Anyways, can I get my hands on a jtag connector, back up the vita firmware to restore it in the future, but also write my own custom in house firmware to the vita. I wan’t to make games for the vita, but after the play station mobile platform had been scraped, it seems like the light of day has faded. Love the hand held but really has let me down, since the games are really dry. Needs more third party development from hobbyists.

  29. Mostafa says:

    Is there any hacking for 3.65??

  30. mathieu says:

    Is it possible to install ps vita games on memory using your vita and put that memory in different vita, pls can the game work on that machine?
    Because I restore my vita not my memory but when I put my memory inside my vita all the games show.

  1. September 1, 2016

    […] Vita CFW […]

  2. September 3, 2016

    […] will need Henkaku for this to work. How to install Henkaku? Look here: http://wololo.net/vita-cfw4dummies/ Type: Decrypted (VPK) Region: Japan (Japanese) Genre: Action role-playing | JRPG […]

  3. September 4, 2016

    […] Vita CFW […]

  4. September 4, 2016

    […] Vita CFW […]

  5. September 5, 2016

    […] Vita CFW […]

  6. September 8, 2016

    […] Vita CFW […]

  7. September 9, 2016

    […] Vita CFW […]

  8. September 20, 2016

    […] Vita CFW […]

  9. September 25, 2016

    […] ce qui au passage montre bien l’échec stratégique de Sony, une news sur le site de wololo a soudainement soulevé un mouvement d’engouement inespéré pour notre pauvre […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding