How to exploit PSX games for PSP and Vita.
The concept of exploiting PSX games was unfamiliar and uninteresting and widely unknown up until qwikrazor87 and myself found one that lead to psx games with perfect sound on the Vita without the need for external plugins.
In my last article I explained the process involved in the 6.60/3.18 POPS exploit, but this is just one of the many exploits that can be found in POPS, the part that’s really interesting for people who want to help out with us is the process of finding an exploit in a PSX game to be able to exploit POPS.
Here I’ll explain it in more detail.
Exploiting a PSX game is just as easy as exploiting a PSP game, perhaps even easier as there was no encryption back then (so access to code execution also allows access to PSX BIOS) and developers didn’t implement any security measure in their games (other than modchip detection which doesn’t bother us).
This tutorial covers how I exploited Sports Superbike 2 (a similar exploit was found in XS Moto and Tekken 2).
First things first, we have to enable psplink debugging in POPS, so we connect our PSP to PC, navigate to the seplugins folder and open pops.txt to add the following lines.
We can now start our exploit adventure, be sure to have psp link open in the background.
We now open Sports Superbike 2 and look for something that might be a good attack vector, in my case I opted for the player name that also shows up in the rankings.
Now we have to edit the savedata, but to do that we have to edit it in RAM, rather than on the save directly. So first things first, we have to pause pops so it stops modifying RAM.
thsusp @popsmain
Now we dump RAM:
savemem 0x08800000 0x01800000 memdump.bin
From there on out I opened the RAM dump with a hex editor a looked for my player name.
So I edited this part in hopes to cause an overflow somewhere.
And load the modified RAM dump back into the PSP with the following command:
loadmem 0x08800000 memdump.bin
And of course we want to resume pops so our game plays again:
thresm @popsmain
And sure enough I got an overflow when attempting a player 1 race that we can use to trigger POPS exploits, like the one explained in the earlier post.
Tekken 2 was similar, but in that one I used the survival ranking.
From here on out it’s just a matter of handing out the exploit to us so we can port it to our POPS exploits and you can enjoy ARK-3 on your Vita with perfect PSX sound. However we have no way to play PSX games beyond 3.52 (for now).
Is there a way to play PSX games on the old (but still good :D) UNO exploit? Would this tutorial work with it?
So, will we have ARK-3 on 3.36 using Tekken 2 with full PSX support?
so once u got the overflow or crash or memdump.bin back in memory…
How do u then proceed that in a gamesave and a menu ?.?
so is the same viable for cod blop decassified ?
so that i can finally play it on a big screen ? playstationtv ?
is there a zombie dlc comming for ur pops loader ?
zombie crashbenicot.
ofc im talking about nazi zombies portable.
but for cod blops declass then ?
and howto cheat in pops psp psvita with a memdump webkit ?
just a litlle question , what I need download to my ps vita now to get this ARK VHBL and the others hacks ?
first you need a game to exploit according your firmware, the save files of ARK o VHBL, there’s a tutorial for every game and firmware on youtube
excellent exploit tutorial xD.
Great article.
cut the *** already and concentrate on proper cfw.
You are wasting your time.
He doesn’t owe you a damn thing. Quit being such a whiner. If it was easy, or even in the same realm of possibility it would be done. Why don’t you make a CFW? *** bag…
Some people are actually interested in how this works, and are also interested in PSX exploits for games that aren’t available on the PSN.
When you say beyond 3.52 does it include 3.52 or is it safe?
If we did enough digging, could this eventually lead to TN-X on 3.51?
“However we have no way to play PSX games beyond 3.52 (for now).” Is this a typo? Or are all PSX games playable up to current firmware with a currently private exploit/method?
I’m still confused whether ARK-3 will have TN-V type PS1 emulation with imperfect sound, or if will have TN-X type “perfect” native PS1 exploit. Will ARK-3 allow me to play PS1 games on 3.36+ with “perfect” sound? Is it essentially TN-X but for 3.36+?
ARK-3 is the same as TN-X but it is a new menu written from scratch but i’m pretty sure it also plays PSP games as well as PSX with support for plugins and stuff.
When running ARK-3 on a PSX exploit (we are working on one for 3.3x) it will have perfect sound, however if running on a PSP exploit is has the not so perfect PEOPS plugin (however there’s always the possibility of finetunning PEOPS and get almost perfect sound).
i’ll be on 3.18 until someone makes a new PSX exploit for higher firmware. I’m not talented enough to do it myself though.
The highest we can get for PSX for now is 3.3X, on 3.52 there’s no way to bypass the 1MB file limitation.
Great. This means people can use rejuvenate 1.06 (444 mhz speed) and perfect sound ps1 games at the same time at 3.3x. For now we either have to choose 444 mhz mode (3.3x) or slow 333 mhz mode and PS1 sound (3.18)
I was hopeful .. until I read this 🙁
Lol are you for real? the 1mb limitation is ONLY present in exploitable games that have been used before and on every mini game, just take a look at the Rockman Rockman vhbl exploit for 3.52.
It is also implemented on all PSX games. The only file that can be opened bigger than 1 MB is the game’s EBOOT.PBP or PBOOT.PBP, and on 3.52 there’s no way to bypass this.
Yeah i apologize for my previous comment. wololo didn’t refresh and i just replied after getting the email without properly checking who commented so i had mistaken it from someone else who assumed there was a 1mb restriction after all the recent psp games that also had it.
i guess i should probably comment with certainty next time.
:(:(:(:(:(:(
so what about a playstationtv and a skfu-proxy3 and a webkit for 3.20 …
how do i load psplink.elf in it ?.? is it a psplink.elf for psp ?
or is it a psvitalink.elf launched by webkit in vitamode ?
or is that only possible via rejuvenate ?
what about a rejuvenate.lprx for vita that cuts out psm dev assistant and psm dev mobile ?
so many questions … ive read about vitagamedump and launch but when will we reprocriate lol.
Does this mean that Ark-3 for 3.51/3.52 will, or won’t have PSX sound support?
:):):):):):)
Awesome tutorial. Do we have to use legit PSN versions for testing or can we use psx2psp converted games? Since it focuses on the save data I’m assuming I would be fine using a converted game but should focus on ones that are available through PSN so it can be used on the vita for all folks.
Please please please release ARK 3 for Hot Brain 🙂
I no longer have a working psp anymore but is there an alternative way to use psplink on a vita/tv or will my only hope of support on this project be possible through directly modifying the save files instead?
You can also use an emulator, but I don’t know how. All I know is that you can find PSX exploits on an emulator and they will also trigger on the PSP/Vita.
I will attempt to exploit a game or two when I find the time.
Thank you for this article!
Hey all just wanted to let you hackers know that if you can reach sce mini satellite in space you’ll have all the info that is needed to decipher any sony console.
Lame..
k
Great goods from you, man. I’ve be mindful your stujff previous
to and you’re simply too excellent. I actually like what you’vegot
right here, really like what you are stating and the best way
wherein you are saying it. You are making it entertaining and you still take care of
to keep iit smart. I can not wait tto learn mhch molre from you.
That is really a greast web site.
Quality content is the main to interest the people to go to
see the website, that’s what this site is providing.
What’s up to every , since I am genuinely keen of reading this webpage’s post to be updated regularly.
It contains nice information.
Another important aspect to consider when you’re getting bikinis online is certainly that most swimwear sites won’t refund your price
unless there exists a flaw in the fabric, or if the swimsuit
bought harmed during shipment. Colon diet tips and
concepts may come as a shock to numerous of
you. When they buy a non-public residence, Individuals, Swiss and nationals from Liechtenstein, Norway and
Iceland can be treated the identical as Singapore citizens, the taxman stated in a guide on Wednesday.
Chicos que consiguen calentar a sus mujeres con largos
besos candentes y suaves caricias que excitan.
Vo – IP phones are gaining lot of importance from business houses and
individuals as it has many benefits such as easy to use, saves money,
efficient etc. This is probably not the best time in which to start a healthy diet, but if you are currently making healthy choices in your foods already,
modifying your diet slightly to accommodate travel is not
as it first may seem. You just simply have to check that
you have your important items with you once in a
while, especially before you hop off a bus,
taxi, or any mode of transportation.
A referring travel agent does not need to know too much in-depth information about the specific travel details.
Happily married, long-term spouses know how to keep that spark alive: They take
chances by doing new things. The Indian government’s decision to instigate the electronic visa (e-Visa) facility by
simply going online will amplify the inbound travel in India.
Hi there everyone, it’s my first go to see at this website, and post is in fact fruitful designed
for me, keep up posting these content.
whoah this weblog is wonderful i like reading your articles.
Keep up the good work! You already know, many people are hunting round for this information,
you could aid them greatly.