In addition to memdump.bin, you need a list of UIDs from the same psplink session, that you will name uidlist.txt.
#PS1 EBOOT VHBL PSP#
Important note: For Vita compatibility, that dump must be done on a PSP running firmware 6.60. You need to have a usermem dump named memdump.bin (that you acquired from psplink with the command savemem 0×08800000 0×01800000 memdump.bin). The gen_exploit_config.rb has 2 “modes”, but I will only describe the first one, which is required the first time you adapt your exploit. The contents of the config folder, as well as sdk_hbl.S, loader.h, and most of exploit_config.h (details below for exploit_config.h) are automatically generated by a ruby script that you can find in eLoader/tools/gen_exploit_config.rb. Done!Ĭonfig folder, exploit_config.h, sdk_hbl.S, loader.h, Most likely, if you created a hello world, you already have this file so I won’t give more details for now. If you don’t have this sdk, you can create it either by running prxtool on the EBOOT.BIN of the game, or by using the moskitool (a ruby version of the moskitool can be found in the eLoader/tools folder of the HBL). If you created a binary loader and a hello world, you probably already have this file, and named it sdk.S. Copy linker.x from your hello world to linker_loader.x. If you created a binary loader and a hello world, you already have this file from your hello world, and most likely you named it “ linker.x“. Most of these files are automatically generated by a script, so this should be fairly simple. The folder contains 6 files and 1 folder (which contains 1 file) that you will want to adapt to your exploit. Basically, we want to reproduce the files that are in this folder for another exploit, and adapt them to our exploit. Let’s imagine you game is called wololo, then you can create a subfolder “wololo” in the eLoader folder. for example, make FOLDER=lifeup will compile HBL for the Motorstorm (EU) exploit.Īs you guessed, you will create a folder dedicated to your own exploit. Compilation is fairly easy, but in order to compile the HBL for a specific exploit, you have to specify the folder of the exploit.
In order to compile it, you need the PSPSDK (which you probably already have if you wrote a binary loader). The sources of HBL can be downloaded here (SVN client required) (As I write this, it is recommended to test compilation with either the Mototrstorm or the Everybody’s tennis exploits, as we might have broken backwards compatibility with older exploits) The first step is to get the HBL sources, compile them, and if you’re motivated, test them on an existing game exploit, to make sure the copy you have works correctly. To complete this tutorial, you need basic shell skills, a working pspsdk, a working game exploit and the associated binary loader / hello world, a ruby interpreter, and basic ruby skills (usually, if you know any other scripting language, you’ll figure it out easily, there are not so many changes required). Most Game-specific files (except one) go in a subfolder that I will describe below. HBL was designed to be easily ported to new game exploits. Additionally, depending on your game (and its function imports), the compatibility and speed of homebrews might vary. In theory, HBL will work on future firmwares, but of course new kinds of security might be introduced in new firmwares. This tutorial is valid at the time of its writing, for all games, and up to firmware 6.60 (Vita firmware 1.61). HBL opens the door to lots of legal contents on the PSP and the Vita, and we designed it so that porting it to your game exploit can be done fairly easily. A much more doable task, that will make lots of people happy, is to port HBL to your exploit. Of course, this requires a kernel exploit, and we know how these are difficult to find.
Well, the next step is, ideally, a HEN or a custom firmware. A hello world is nice, but it accomplishes nothing, it just draws Sony’s attention to your exploit, and you know the vulnerability will be patched soon, while nobody really used the exploit. So now what’s next? Well, as you probably know if you’ve gone that far, the PSP scene doesn’t really like “hello worlds”. This guide assumes that you found a user mode exploit in a game, and that you were able to write a binary loader.
I just updated the main file needed to create the exploit, so the timing is right.
#PS1 EBOOT VHBL HOW TO#
In this guide I will explain how to port Half Byte Loader to your game exploit, and in particular to make it work on the PS Vita. This guide is the second major revision of a guide I wrote a year and a half ago.
0 kommentar(er)
