VITA / PsTV H-Encore² - PSVITA/PSTV - "3.65-3.72" by THE_FLOW

Discussion in 'Tutorials & Guides' started by Naked_Snake1995, Aug 26, 2019.

  1. 1,692
    1,154
    297
    Naked_Snake1995

    Naked_Snake1995 Senior Member

    Joined:
    Dec 11, 2017
    Messages:
    1,692
    Likes Received:
    1,154
    Trophy Points:
    297
    Gender:
    Male
    Occupation:
    Graphic Designer
    Location:
    NEC/TOKIN wants to know your location
    Since the release of 3.71, Sony blocked the latest Trinity Exploit, blocking all access to homebrew and emulation on the PlayStation Vita/TV, and many newer users and veterans whom have they´re console felt dissapointed that they´re machines were updated on 3.71, as THE_FLOW left the H-Encore and Trinity 3.70 announced the retirement of THE_FLOW from the PSVITA hacking scene, publishing his source code.

    Later upon hours of 3.71 Update the developer @st4rk revealed on Twitter a short glimpse of the newest 3.71 Henkaku Exploit using a private DNS Server to exploit the machine, but the exploit remained in private and all hope of the 3.71 seamed lost for the 3.71 users.

    Ladies and Gentelmen i am happy to announce the return of the legendary THE_FLOW and his newest addition to the PSVITA/TV Scene the H-Encore², compatible with the firmwares 3.65 up to 3.71, you heard this right 3.71 users are now able to exploit the firmware and they´re machines,no more accidental firmware updates.

    h-encore², where h stands for hacks and homebrews, is the fourth public jailbreak for the PS Vita™ which supports the newest firmwares 3.65-3.71. It allows you to make kernel- and user-modifications, change the clock speed, install plugins, run homebrews and much more.


    ATTENTION: You should NOT attempt downgrading using modoru on FW 3.71


    Requirements

    • Your device must be on firmware 3.65-3.71. If you're on a lower firmware, please decide carefully to what firmware you want to update, then search for a trustable guide on /r/vitahacks.

    • If your device is a phat OLED model, you need a Memory Card in order to install. There's no need for a Memory Card on Slim/PS TV models, since they already provide an Internal Storage. Make sure you have got at least 270 MB of free space.

    • Your device must be linked to any PSN account (it doesn't need to be activated though). If it is not, then you must restore default settings in order to sign in.

    Installation

    1. Download h-encore² and extract it on your computer.
    2. Download and install qcma, psvimgtools and pkg2zip (check the releases section for the binaries).
      If you don't know where to put psvimgtools and pkg2zip binaries, just put them in the h-encore-2 folder.
    3. Download the vulnerable DRM-free demo of bitter smile (yes, that's the user entry point).
    4. Extract the demo using this command in terminal/cmd:
      pkg2zip -x PATH_OF_PKG

      This will output the files to app/PCSG90096.
    5. Copy the contents of the output app/PCSG90096 to the folder h-encore-2/app/ux0_temp_game_PCSG90096_app_PCSG90096(such that the files eboot.bin and VITA_PATH.TXT are within the same folder).
    6. Copy the license file app/PCSG90096/sce_sys/package/temp.bin to the folder
      h-encore-2/license/ux0_temp_game_PCSG90096_license_app_PCSG90096 and rename the just pasted file temp.bin to 6488b73b912a753a492e2714e9b38bc7.rif. Be careful with the file extension, it should not be .rif.bin. Again, this file should be in the same folder as VITA_PATH.TXT.
    7. Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date)to spoof the System Software check.
    8. Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PC -> PS Vita System, and after that you select Applications. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn't solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to 212.47.229.76 to block updates. This should create a folder at PS Vita/APP/xxxxxxxxxxxxxxxx on your computer (see qcma settings where this folder is), where the folder xxxxxxxxxxxxxxxx represents the AID (account ID that is 16 characters long) that you need to insert here. If the AID is valid, it will yield a key that you can now use to encrypt the demo.
    9. Change directory to the h-encore-2 folder in terminal/cmd and use the key to encrypt all folders using (make sure you don't confuse the key with the AID, the key is 64 characters long!):
      psvimg-create -n app -K YOUR_KEY app PCSG90096/app
      psvimg-create -n appmeta -K YOUR_KEY appmeta PCSG90096/appmeta
      psvimg-create -n license -K YOUR_KEY license PCSG90096/license
      psvimg-create -n savedata -K YOUR_KEY savedata PCSG90096/savedata

      The folder h-encore-2/PCSG90096 should then contain sce_sys and all 4 folders from above, and within these folders you should find files called X.psvimg and X.psvmd, where X has the same name as the folder. Backup this folder, since if everything has been done correctly, you don't need to redo all the steps to install it onto another device with the same PSN account.
    10. Copy the folder h-encore-2/PCSG90096 to PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG90096 and then select Refresh databasein qcma.
    11. The h-encore² bubble with a size of around 243 MB should now appear in the Content Manager and that's what you finally need to transfer to your PS Vita. If the size does not match or you get the error C2-12858-4, then it's because you did not do it correctly! Please re-read the instructions more carefully then. If you get the error You can only copy applications that your account is the owner of, then it's because you have used an AID that is not of your account, go back to step 8.
    12. Launch h-encore² to exploit your device (if a message about trophies appears, simply click yes). The screen should first flash white, then purple, and finally open a menu called h-encore bootstrap menu where you can download VitaShell and install HENkaku. If it prompts the error Cannot start this application. C0-11136-2, then it's because you did not do step 6. correctly.
    13. Enjoy. Note that you have to relaunch the exploit everytime you reboot or shutdown your device. Of course if you only put your device into standby mode, you don't need to relaunch.

    FAQ
    Exploit

    • "When I launch h-encore², it flashes white quickly and then crashes." - The success rate of the exploit is around 25%. You need to attempt it a few times. Note that trimming the bittersmile application seems to make the exploit less reliable.
    • "I get a C2-12828-1 error when launching h-encore²" - This does sometimes (but very rarely) happen. Just retry the exploit.
    • "When I launch h-encore², it launches the bitter smile demo instead." - Your savedata is either corrupted or not installed correctly, please follow the installation guide above to reinstall it.
    • "I have installed a bad plugin and launching h-encore² doesn't work anymore, what should I do?" - You can either reset taiHEN config.txt or skip plugins loading by holding the L trigger while exiting the h-encore bootstrap menu.
    HENkaku Settings

    • "I don't see all folders in VitaShell." - Launch the Settings application and select HENkaku Settings, then select Enable unsafe homebrews. This will grant you full permission in VitaShell.
    • "I can't find the HENkaku Settings." - Launch the exploit and reset taiHEN config.txt and reinstall HENkaku.
    enso/permanent hack

    • "Can I install enso on 3.67-3.71?" - Not on this firmware, but you can downgrade to firmware 3.65 using modoru and then install enso.
    • "Can I install enso on 3.65?" - Yes, you can use h-encore² to hack your device and then install the permanent hack using this.
    General

    • "Can I switch the PSN account after having h-encore² installed?" - Yes, since the demo is DRM-free it does not depend on your account.
    • "Are there any risks involved in using h-encore²?" - No, since it does not modify the OS, but only insert temporary patches into the system.
    • "Can I install it without USB connection?" - You can also connect your PS Vita with your computer using Wi-Fi (there's an option in the Content Manager).

    For the full guide, visit THE_FLOWs GitHub page: https://github.com/TheOfficialFloW/h-encore-2

    You can donate to THE_FLOW for his work via Paypal or Patreon

    Credits

    • Thanks to Freakler for finding the crash in the demo and designing the h-encore² icon.
    • Thanks to molecule for their initial work on the PS Vita.
    • Thanks to Davee and Proxima for http://cma.henkaku.xyz/.
    • Thanks to yifanlu for psvimgtools.
    • Thanks to codestation for qcma.
    • Thanks to mmozeiko for pkg2vita.
    • Thanks to the PS Vita hacking community.
    • Thanks to Sony for this awesome device.

    EC5jkj6XoAIHM9n.jpg
     
    Last edited: Aug 26, 2019
  2. 11,980
    4,785
    497
    pinky

    pinky Bitsiboo's Other Half Developer

    Joined:
    Mar 8, 2015
    Messages:
    11,980
    Likes Received:
    4,785
    Trophy Points:
    497
    Gender:
    Male
    Location:
    The Great Gig in the Sky
    you can downgrade on this firmware (that's what it says on github and your post)? I thought modoru would've been blocked post 3.70.
     
  3. 1,692
    1,154
    297
    Naked_Snake1995

    Naked_Snake1995 Senior Member

    Joined:
    Dec 11, 2017
    Messages:
    1,692
    Likes Received:
    1,154
    Trophy Points:
    297
    Gender:
    Male
    Occupation:
    Graphic Designer
    Location:
    NEC/TOKIN wants to know your location
    I think yes, you can as long as there is a exploit chain available, remember, back when Modoru was released 3.69/3.70 werent downgradable yet, as the exploit was released these firmwares were downgradable, so i think 3.71 is no exception, as long as Henkaku is there,but ill confirm it tonight.

    Apolagies for this quick news article, as i am currently on vacation, i dont have the usual equipment with me, regarding Modoru, yes 3.71 is downgradable, confirmed with GitHub :)
     
    pinky likes this.
  4. 11,980
    4,785
    497
    pinky

    pinky Bitsiboo's Other Half Developer

    Joined:
    Mar 8, 2015
    Messages:
    11,980
    Likes Received:
    4,785
    Trophy Points:
    497
    Gender:
    Male
    Location:
    The Great Gig in the Sky
    hmm...I've thought about downgrading 3.65 ensou to 3.60 ensou, but I've been unable to find information regarding whether you have to uninstall ensou on 3.65 first.
     
  5. 1,692
    1,154
    297
    Naked_Snake1995

    Naked_Snake1995 Senior Member

    Joined:
    Dec 11, 2017
    Messages:
    1,692
    Likes Received:
    1,154
    Trophy Points:
    297
    Gender:
    Male
    Occupation:
    Graphic Designer
    Location:
    NEC/TOKIN wants to know your location
    Yes, if you are on 3.65 Enso,to downgrade to 3.60 you´ll have to uninstall it first, in my case on of the siblings updated my PSVITA to 3.71,so i lost Enso in the process, with 3.60, now with this my plans are to downgrade to 3.65,and then 3.60, just as a safe threshold.
     
    pinky likes this.
  6. 11,980
    4,785
    497
    pinky

    pinky Bitsiboo's Other Half Developer

    Joined:
    Mar 8, 2015
    Messages:
    11,980
    Likes Received:
    4,785
    Trophy Points:
    497
    Gender:
    Male
    Location:
    The Great Gig in the Sky
    I might downgrade for an easier exploit in case I have to get rid of a banned account again. though, that shouldn't happen anyway, since I don't sign in to psn on any system. I do remember needing to uninstall ensou before updating to 3.65 ensou. it was pretty painless.
     
  7. 1,692
    1,154
    297
    Naked_Snake1995

    Naked_Snake1995 Senior Member

    Joined:
    Dec 11, 2017
    Messages:
    1,692
    Likes Received:
    1,154
    Trophy Points:
    297
    Gender:
    Male
    Occupation:
    Graphic Designer
    Location:
    NEC/TOKIN wants to know your location
    If i recall correctly, Enso gets wiped with the Update, so no traces will be left, like a fresh install, but when downgrading uninstalling enso is advised.
     
  8. 1,692
    1,154
    297
    Naked_Snake1995

    Naked_Snake1995 Senior Member

    Joined:
    Dec 11, 2017
    Messages:
    1,692
    Likes Received:
    1,154
    Trophy Points:
    297
    Gender:
    Male
    Occupation:
    Graphic Designer
    Location:
    NEC/TOKIN wants to know your location
    Update: The Flow just updated his GitHub 12 min ago with the following message: ATTENTION: You should NOT attempt downgrading using modoru on FW 3.71.

    Ive added to the thread for future notice, until a new downgrade method arrives,do not downgrade on 3.71, or it will result in a softbrick.
     
    jolek likes this.

Share This Page