Vita Custom Firmware for dummies

This guide explains the latest and greatest way to Jailbreak your PS Vita and install a Custom Firmware, the proper way. As of writing this guide, all PS Vita firmwares up to Firmware 3.74 (included) can be hacked.

Note: People looking for the older “PS Vita custom firmware for Dummies” page can find it here.

How is this vita CFW guide different from others?

Unlike other guides you might find on the internet, this guide is “opinionated”: I’ve used my decades of knowledge of the PlayStation hacking scene to curate what I believe to be the best possible solution for Vita Custom Firmware. There are other ways, other firmwares you could go with, but if you want something straightforward, and, technically the best of what the Vita hacking scene has to offer today, this is the way to do it.

As another difference from other guides out there, in this page, I’ll try to explain not only how we do things, but why we do them. This is why I try to point you to the “original” tools and hacks rather than “packages” that are supposed to simplify the work for you but don’t let you learn what’s happening and why it’s happening.

I’m not saying other guides are wrong. As a matter of fact, if you want options, https://vita.hacks.guide/ might be a better choice for you. Conversely, if you’re tech savvy, you might want to go to the h-encore² github directly and follow the instructions there. Actually, these two pages were significant sources for writing this guide, and they might suit your style better. I do hope that my approach can work for some people.

Ready? Let’s get started. Check the Table of Contents below if you want to quickly jump to a specific step

0. Why would you want to Jailbreak your PS Vita?

It’s never been easier to install Custom Firmware on the PS Vita, thanks to the insane work of many hackers, in particular folks like Team Molecule, YifanLu and TheFloW. What used to be a cumbersome process is now reasonably easy, and the heavy lifting only needs to be done once. All known firmwares of the PS vita can be hacked, so it doesn’t matter if you’re on the latest firmware, or an older one at this point (but this guide will recommend you are at a “reasonably recent” firmware instead of convincing you to stay on an outdated version)

A hacked PS Vita gives you access to hundreds of games and utilities, from emulators to AAA game ports. Furthermore, Sony officially stopped supporting the PS Vita a long time ago: they’ve made it painful to use almost all official services on the console, to the point that if your Vita isn’t hacked today, it might almost feel useless. The combination of value added by Custom Firmwares and the decrease of value of the official features makes it a no-brainer to Jailbreak the PS Vita.

Installing a Custom Firmware on the PS Vita is relatively painless and safe, with options to make it permanent if that’s more your thing (I personally recommend that approach but we’ll see about that below)

1. Choose your hack: Temporary (h-encore² + Henkaku)  or Permanent (Henkaku Enso), and prepare your PS Vita

There are basically two options I think make sense nowadays to hack your PS Vita: The “live” (or temporary) Custom Firmware h-encore² + Henkaku, or the “permanent” Custom Firmware Henkaku Enso.

From a user perspective, the main difference between h-encore² + Henkaku on the one hand, and Henkaku Enso on the other, is that Henkaku Enso is installed permanently on your console (once your console is hacked with Enso, you have nothing else to do to run Homebrew), while h-encore² + Henkaku is more temporary: every time you reboot the console, you will have to run the hack again (but just to be clear, this simply requires clicking an icon, and is a 10 second process)

Another thing is that Henkaku Enso is only compatible up to firmware 3.65, but in practice this is not a problem since downgrades are possible on the PS Vita.

To sum this up:

h-encore² + Henkaku Henkaku Enso
  • Runs on the latest and greatest firmware (3.74 at the time of writing)
  • Isn’t permanently installed on the console: needs to be relaunched every time you reboot
  • Is overall less risky
  • Installing it is a required step no matter what you ultimately choose
  • Requires firmware 3.65 or lower (but it is possible – and easy – to downgrade from 3.74 to 3.65)
  • Carries some risk as it makes permanent changes to the console boot
  • Is permanent: once installed, nothing else to do, your console is hacked for good.

What I recommend:

Normally I would recommend people to just use the “temporary” h-encore² hack. I personally find these temporary custom firmwares to be more convenient, less dangerous, and in general more user friendly: if you lend your console to a friend or family, there’s limited risk they’re doing something stupid. However, 1) Enso has proven over the years to be extremely stable, and 2) running h-encore² at every boot has actually been kind of a chore in my tests. The hack fails semi randomly, and that means rebooting the console and trying again. It’s not the end of the world, but the convenience of Enso has convinced me.

Additionally, there are other hacks for lower firmwares, but this late in the console’s life, I see no value in remaining on a lower firmware.

So, bottom line, depending on whether you choose h-encore² + Henkaku or Ensoyou’ll want to be either on firmware 3.74, or 3.65. Which one you’re at initially doesn’t matter that much, what matters is that you might have to downgrade to 3.65 during the process if you choose to go with the permanent Enso hack.

Steps:

  1. Choose whether you want to install h-encore² + Henkaku or Enso based on the explanation above (note that you can try h-encore² + Henkaku first, and decide later to install Enso!)
  2. Ensure your PS Vita is running on either Firmware 3.74 or 3.65
    1. if not, the easiest way to ensure this today, is by simply letting the PS Vita update to the latest firmware 3.74 through the official system update
  3. Your PS Vita needs to be linked to a PSN account
    1. you can verify that by checking Settings/PlayStation Network. If there’s no PSN account, link one by following the official instructions on the console. I recommend not using the same account you use for “official” gaming.

      If your console is not linked to a PSN account, click on “sign up” and follow the instructions. We recommend creating a separate account for your hacked console

2. Install and run h-encore² and Henkaku

You need to do these steps no matter what CFW solution (temporary or permanent) you chose. These steps are the same whether you are on firmware 3.65 or 3.74

Steps:

TL,DR: Follow the great instructions at https://github.com/TheOfficialFloW/h-encore-2#installation . That’s it, you can move to Step 3!

Read the rest of this chapter only if the link above didn’t help! I’m barely copy/pasting TheFloW’s instructions here.

  1. Download h-encore² and extract it on your computer.

  2. Download and install qcmapsvimgtools and pkg2zip (check the releases section for the binaries).
    If you don’t know where to put psvimgtools and pkg2zip binaries, just put them in the h-encore-2 folder.

  3. Download the vulnerable DRM-free demo of bitter smile (yes, that’s the user entry point).

  4. Extract the demo using this command in terminal/cmd:

    pkg2zip -x PATH_OF_PKG
    

    This will output the files to app/PCSG90096.

  5. Copy the contents of the output app/PCSG90096 to the folder h-encore-2/app/ux0_temp_game_PCSG90096_app_PCSG90096 (such that the files eboot.bin and VITA_PATH.TXT are within the same folder).

  6. Copy the license file app/PCSG90096/sce_sys/package/temp.bin to the folder
    h-encore-2/license/ux0_temp_game_PCSG90096_license_app_PCSG90096 and rename the just pasted file temp.bin to 6488b73b912a753a492e2714e9b38bc7.rif. Be careful with the file extension, it should not be .rif.bin. Again, this file should be in the same folder as VITA_PATH.TXT.

  7. Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date) to spoof the System Software check. (note from Wololo: these seem to be the default settings in qcma)

  8. Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PC -> PS Vita System, and after that you select Applications. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn’t solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to 212.47.229.76 to block updates. This should create a folder at PS Vita/APP/xxxxxxxxxxxxxxxx on your computer (see qcma settings where this folder is), where the folder xxxxxxxxxxxxxxxx represents the AID (account ID that is 16 characters long) that you need to insert here. If the AID is valid, it will yield a key that you can now use to encrypt the demo.

  9. Change directory to the h-encore-2 folder in terminal/cmd and use the key to encrypt all folders using (make sure you don’t confuse the key with the AID, the key is 64 characters long!):

    psvimg-create -n app -K YOUR_KEY app PCSG90096/app
    psvimg-create -n appmeta -K YOUR_KEY appmeta PCSG90096/appmeta
    psvimg-create -n license -K YOUR_KEY license PCSG90096/license
    psvimg-create -n savedata -K YOUR_KEY savedata PCSG90096/savedata
    

    The folder h-encore-2/PCSG90096 should then contain sce_sys and all 4 folders from above, and within these folders you should find files called X.psvimg and X.psvmd, where X has the same name as the folder. Backup this folder, since if everything has been done correctly, you don’t need to redo all the steps to install it onto another device with the same PSN account.

  10. Copy the folder h-encore-2/PCSG90096 to PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG90096 and then select Refresh database in qcma.

  11. The h-encore² bubble with a size of around 243 MB should now appear in the Content Manager and that’s what you finally need to transfer to your PS Vita. If the size does not match or you get the error C2-12858-4, then it’s because you did not do it correctly! Please re-read the instructions more carefully then. If you get the error You can only copy applications that your account is the owner of, then it’s because you have used an AID that is not of your account, go back to step 8.

  12. Launch h-encore² to exploit your device (if a message about trophies appears, simply click yes). The screen should first flash white, then purple, and finally open a menu called h-encore bootstrap menu where you can download VitaShell and install HENkaku. If it prompts the error Cannot start this application. C0-11136-2, then it’s because you did not do step 6. correctly.

  13. Enjoy. Note that you have to relaunch the exploit everytime you reboot or shutdown your device. Of course if you only put your device into standby mode, you don’t need to relaunch.

At this point, your PS Vita is technically hacked. Although you’ll need to run the “h-encore²” application from your home screen every time you reboot the console, for all intents and purposes, you can choose to stop here!

3. Change Henkaku settings and Install VitaShell

h-encore² has an option to Download and install VitaShell. If you haven’t done so in the step above, we strongly recommend you do it now. VitaShell is an essential tool for hacked PS Vita and you will need it at the minimum to copy files to and from your PS Vita, including Homebrew games and tools. You also need it for the steps that follow.

Steps:

  1. Go to Settings > Henkaku Settings and check “Enable Unsafe Homebrew”
  2. Install VitaShell from the h-encore² application

4. Downgrade your PS Vita to 3.65 if needed

By the end of Step 2 above you got your vita hacked. Everything we do below is for the purpose of installing the more permanent solution, Enso. I’ve described in Chapter 1 why I think it’s a superior solution to “just” running h-encore², go back at the top of this page if you need help to decide.

Check this first:

  • This downgrade step is only necessary if 1) you are on a firmware higher than 3.65 (typically, 3.74) and 2) you want to install the Permanent CFW Enso.
  • Skip to Chapter 5 below (“Install Enso”) if you are already on 3.65

To downgrade from 3.74 (or other firmware) to 3.65, we are going to use Modoru: modoru means “to go back” in Japanese and is a downgrader for the PS Vita.

Here again, TheFloW has a great step-by-step guide on his official page, unfortunately a couple of links point to the older versions of Modoru which can be confusing, so I will replicate a fixed explanation below. Additional notes highlighted in red, not because they’re more important than the actual steps, but in the hope that I’m answering frequent questions

Requirements

  • Your device must already run HENkaku/h-encore on firmwares 3.60-3.74 in order to use this software.
    • note from wololo: this should already be the case if you’ve been following this guide. If not, go back to the top of this page
  • Your device’s battery has be at least at 50%.
  • All your plugins must be disabled, therefore you will not be able to launch the downgrader from a SD2VITA and hence, you must have a Memory Card (or Internal Storage).
  • If you have installed IMCUnlock by SKGleba, it is recommended to uninstall it first before attempting to downgrade to a firmware lower than 2.10.

Steps

  1. Download and install modoru.vpk using VitaShell.
    • Notes from wololo: if you’ve never used vitashell before:
      1. run VitaShell with your Vita connected to your computer via usb
      2. once in VitaShell, click on “select” to open the USB drive, this should show up as a folder on your computer
        • On windows, If you’re only seeing a handful of folder (in particular if you don’t see the “app” folder): go to the folder’s options and under “view”, uncheck “hide protected operating system files”
      3. Copy the vpk somewhere on the memory stick (I personally made a “vpk” folder and put it there)
      4. Close the USB connection from VitaShell, then navigate to where you copied the VPK file, and click on it (X button) to install it
  2. Obtain the PSP2UPDAT.PUP file of firmware 3.65  and place it at ux0:app/MODORU000/PSP2UPDAT.PUP (don’t install modoru.vpk afterwards, otherwise the update file will be removed).
    1. Note from wololo: check the notes in the item above if you’re not seeing the “app” folder
  3. Disable all your plugins. Easiest way is renaming ux0:tai and ur0:tai to some other name.
  4. Reboot your device and relaunch HENkaku/h-encore.
  5. Launch the modoru application and follow the instructions on screen.
  6. Enjoy the installation and welcome to your favourite firmware.

At this point, your PS Vita should be back to Firmware 3.65. Note that since you rebooted, you probably need to relaunch h-encore² 🙂

5. Install Enso

This is required only if you want the hack permanently installed on your console. If you are satisfied with just the temporary CFW h-encore²+Henkaku, you could have stopped after Chapter 3. It’s not too late to stop (or pause) now 🙂

Please note that there is some risk involved with installing Enso, as it does some permanent modifications to the boot code of the PS Vita. Do understand that if a problem happens, it could brick the PS Vita, and there is no known way to revive the console. Nonetheless, it has been used by thousands of Vita enthusiast by now, with no significant problem reported.

Steps:

  1. Download Enso from the project’s github (at the time of writing, latest release is 1.1)
  2. This is a VPK, install and run it with VitaShell, following the same process used for Modoru above.
  3. Follow the instructions
  4. If everything goes well, the PS vita should reboot and you should see the PS logo replaced by Team Molecule’s logo. This means Enso is correctly installed and running
  5. You’re done!

At this point you’re running a permanent Custom firmware. Your PS vita is “as hacked” as can be, congrats!

6. Next Steps: recommended stuff to install

Now that you have a hacked PSVita, whether you’re running h-encore²+Henkaku or Henkaku Enso, there are lots of homebrew games and tools you might want to try. What we consider essential at this point are the following:

  1. VitaShell, which you should already have installed in the steps above. File Manager + package installer + FTP Server…the swiss army knife of your hacked PS vita
  2. VitaDB downloader. This is the most complete “appstore” of the Homebrew scene. It will make it easier for you to Download, install and keep up to date with most of your unofficial games
  3. Adrenaline – PSP Custom Firmware to run PSP Games and homebrews within the PS Vita

633 Responses

  1. This Is Thrancred says:

    Hey thankyou for the guide im new to custom homebrew and ihave a psvita running 3.67 firmware do ineed to upgrade it to 3.74 or ican directly make the custom firmware install while running 3.67?
    Iknow this sounds stupid i have no idea what im doing and im trying to make it right

    • wololo says:

      You should be able to do everything from 3.67. The only reason you might want to update to 3.74 is if you don’t have a Linked PSN account: A linked PSN account is required to run the hack, and if you don’t have one already, the console will ask you to update first thing, when you try to link your account.

      So, in other words:
      – if you already have a PSN account on the console you should be able to do everything from 3.67 (and then you’ll downgrade from there to 3.65)
      – if you don’t have a PSN account, it’s likely the console will ask you to update to 3.74 in order to create one, and it’s fine to upgrade to 3.74 to do that, you’ll downgrade to 3.65 afterwards

  2. Mauro says:

    Buongiorno Wololo!!spero che tu mi possa aiutare..io ho un problema con una psvita 1000 con già installato Henkaku 3.65,il mio problema è che per sbaglio ho formattato la sd con la modifica sul PC e adesso la ps vita non me la rileva più come posso fare?io ho l’adattatore sd2vita ed una memory da 128 gb grazie mille

    Saluti

    • wololo says:

      If your PS Vita refuses to boot, you can boot into Safe Mode, and Reset factory settings with “Restore the PS Vita” option.

      If your only issue is that your Vita does not read your SD Card, make sure about the following:
      – Format your SDCard to exFAt
      – Do NOT set a volume label
      – Make sure you have the required plugin installed (e.g. StorageMgr) on the Sony memory card (and the tai/config.txt file set up to run the plugin)

  3. Grimmious says:

    Your link to enso for 3.65 is incorrect, you are linking to the version for 3.60. The correct link is https://github.com/TheOfficialFloW/enso/releases

    • wololo says:

      Hmm…indeed…? I fixed the article but I had no issue installing the original one on my 3.65 When I tested the tutorial. Weird.

      Thanks!

  4. kuro says:

    Got anymore links to the “bitter smile” in step 2.3? I tried clicking into the link and nothing happens. Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding