The HENkaku exploit partially reverse engineered and explained


We are constantly looking for guest bloggers at If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

27 Responses

  1. jogdan says:

    Ahhh, potato

    • Hardin says:

      Hahahahah I had the same reaction. I started off determined to make sense of the thing but shortly thereafter I was scrolling through the whole thing in frustration. I did manage to catch a couple of grammatical errors that made me feel better about my mundane self…

  2. Luis says:

    I think HENkaku was released by Sony…

  3. Nooo, not yet! Give it some time. After sony patches it, THEN go full hack on it. But for now just let it spread as far as it can… Don’t help them out

    • william wade says:

      They already know. They probably knew half this and a bunch of other stuff the first time they ran it on their diagnostic equipment.

      The patch is probably already done, but testing is what will take time.

  4. Sony says:

    Thanks guys! Patch coming out tomorrow!

  5. synapze says:

    Awesome to see all the recent news about progress on the Vita. I sold my Vita because it was just collecting dust, but if a native CFW came out I’d be tempted to get another one. No I’m not a pirate I pay for my games but tinkering with your device to see what you can make it do is a lot of fun.

    I think it was a very bad idea disclosing this information so early. With this information handy, the devs that have made such great progress just shot the community in the foot. Sony now knows how to patch the bug, quicker than they normally would have known.

    • Dasutein says:

      I agree. I was hoping that the finer details of the exploit would have been kept under wraps for awhile. The more information that gets divulged, the quicker Sony releases an update that patches Henkaku.
      Although unlikely, I’m hoping that Sony just ignores Henkaku and doesn’t push out an update, like how Nintendo has not updated the Wii U since January, despite having exploits that enable piracy.
      Then again, having these details could be beneficial to improving Henkaku, and its homebrew. But at the same time, it carries the risk of being patched sooner.

    • Anon says:

      “Sony now knows how to patch the bug”
      They have a team of security experts working full-time with a full access to all in and outs of the console random hackers can only dream of. They knew as much in mere hours after HENkaku went live, so all this info changes nothing for Sony. I’m sure FW3.61 is in already in beta testing right now.
      All this does is allowing HENkaku to be ported to older firmwares easier, which is nothing but fantastic. Thank you very much, H.

  6. Hating4am says:

    Magic. Got it.

  7. Aurizen says:

    This could be a way to cfw hopefully.

  8. rainman says:

    Henkaku is dark Alex!!!

  9. XXX says:

    Base on same method. maybe can apply on PS4 as well with current system (without 1.76)?

  10. sowhat says:

    So all they do is use a bunch of older exploits + the help of an anonymous source, but still dare to give themselves this stupid name and present themselves as the shining knight, including their pseudo *** look on piracy.

    cough cough


    • wololo says:

      You make it sound way much easier than it actually is. Saying “reuse a bunch of older exploits” is like saying “wow, all you need to cook food is basic ingredients, and those people dare call themselves chefs just because they can mix and cook these ingredients?”

  11. Sony Entertainment Network says:

    Got it.

  12. Zeke says:

    I’m no coder but that wasn’t terribly hard to follow, can’t say I understood ALL of it but there’s some obvious things going on there. It’s amazing that across a handful of consoles a good WebKit implementation gets the exploit done (PS4, 3DS, Wii U, Vita).

  13. Max says:

    Normal user now knows a bit more about the hack.
    Sony knows everything about it. And patching it is easy for them.
    Anyway the hype makes useful things happen, more consoles sold and more rubbish superexpensive memory cards for Vita too.
    Sony sits and waits.

  14. dimy93 says:

    This actually helped me a lot in understanding the code – thx. The interesting part – the second payload – remains a mystery. H doesn’t know what the kernel functions calls are (apart from the create thread one). Also we need to know how the molecule shell is working on its own.

  15. KoriTama says:

    Here Stage 2:
    Creates Kernel-Mode Thread that executes Stage 3 (encrypted)

  1. August 20, 2016

    […] Webkit exploit itself is only the first step of the HENkaku hack. Some people have already partially explained some of the HENkaku hack (also see here),  but obviously the explanation from one of the authors of the hack brings lots of […]

  2. October 21, 2016

    […] might also want to read more about stage 1 and  stage 2 of the […]