PS VITA / PS TV h-encore² released by TheFloW - Surprise Release for System Firmwares 3.65 until 3.72!

Discussion in 'PS Vita News' started by Roxanne, Aug 26, 2019.

By Roxanne on Aug 26, 2019 at 2:07 PM
  1. 222
    695
    172
    Roxanne

    Roxanne Moderator

    Joined:
    Mar 3, 2018
    Messages:
    222
    Likes Received:
    695
    Trophy Points:
    172
    Gender:
    Female
    Location:
    Germany
    Home Page:
    It is a little bit quiet in these summer days, don't you think? Most people were enjoying their holidays by all the sunshine. Luckily famous PlayStation Vita-Developer TheFloW was busy these days and brings you a suprising Release with an updated Version of h-encore - namely h-encore². Yes, his last release already had a similar name but nevertheless, the main headline for this release is that with this updated Version, you are now again allowed to install you favourite Homebrew, Plugins or you can even Downgrade your PlayStation Vita to a lower System Firmware (thanks to Developer @SKGleba, the latter is now supported with his self-made plaintext loader) and all that from the newest Original System Firmware (OFW) released by Sony (by the time of writing this article). This is huge news, especially for users, who were on a higher System Firmware, which was unsupported to do all those things and the coolest thing is, this Exploit works as simple as the previous Version did. So without any further ado, here are each Steps needed to get this exploit running on your PlayStation Vita. Happy Cracking. :)


    h-encore2.jpg
    Main Screen form h-encore²'s Application (Image courtesy by @theflow0


    • h-encore², where h stands for hacks and homebrews, is the fourth public jailbreak for the PS Vita™ which supports the newest firmwares 3.65-3.71. It allows you to make kernel- and user-modifications, change the clock speed, install plugins, run homebrews and much more.

      • Your device must be on firmware 3.65-3.71. If you're on a lower firmware, please decide carefully to what firmware you want to update, then search for a trustable guide on /r/vitahacks.
      • If your device is a phat OLED model, you need a Memory Card in order to install. There's no need for a Memory Card on Slim/PS TV models, since they already provide an Internal Storage. Make sure you have got at least 270 MB of free space.
      • Your device must be linked to any PSN account (it doesn't need to be activated though). If it is not, then you must restore default settings in order to sign in.


    • 1. Download h-encore² and extract it on your computer.

      2. Download and install qcma, psvimgtools, and pkg2zip (check the releases section for the binaries).
      If you don't know where to put psvimgtools and pkg2zip binaries, just put them in the h-encore-2 folder.

      3. Download the vulnerable DRM-free demo of bitter smile (yes, that's the user entry point).

      4. Extract the demo using this command in terminal/cmd:

      pkg2zip -x PATH_OF_PKG

      This wil output the files to app/PCSG90096.

      5. Copy the contents of the output app/PCSG90096 to the folder h-encore-2/app/ux0_temp_game_PCSG90096_app_PCSG90096 (such that the files eboot.bin and VITA_PATH.TXT are within the same folder).

      6. Copy the license file app/PCSG90096/sce_sys/package/temp.bin to the folder
      h-encore-2/license/ux0_temp_game_PCSG90096_license_app_PCSG90096 and rename the just pasted file temp.bin to 6488b73b912a753a492e2714e9b38bc7.rif. Be careful with the file extension, it should not be .rif.bin. Again, this file should be in the same folder as VITA_PATH.TXT.

      7. Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date) to spoof the System Software check.

      8. Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PC -> PS Vita System, and after that you select Applications. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn't solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to 212.47.229.76 to block updates. This should create a folder at PS Vita/APP/xxxxxxxxxxxxxxxx on your computer (see qcma settings where this folder is), where the folder xxxxxxxxxxxxxxxx represents the AID (account ID that is 16 characters long) that you need to insert here. If the AID is valid, it will yield a key that you can now use to encrypt the demo.

      9. Change directory to the h-encore-2 folder in terminal/cmd and use the key to encrypt all folders using (make sure you don't confuse the key with the AID, the key is 64 characters long!):

      psvimg-create -n app -K YOUR_KEY app PCSG90096/app
      psvimg-create -n appmeta -K YOUR_KEY appmeta PCSG90096/appmeta
      psvimg-create -n license -K YOUR_KEY license PCSG90096/license
      psvimg-create -n savedata -K YOUR_KEY savedata PCSG90096/savedata


      The folder h-encore-2/PCSG90096 should then contain sce_sys and all 4 folders from above, and within these folders you should find files called X.psvimg and X.psvmd, where X has the same name as the folder. Backup this folder, since if everything has been done correctly, you don't need to redo all the steps to install it onto another device with the same PSN account.

      10. Copy the folder h-encore-2/PCSG90096 to PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG90096 and then select Refresh database in qcma.

      11. The h-encore² bubble with a size of around 243 MB should now appear in the Content Manager and that's what you finally need to transfer to your PS Vita. If the size does not match or you get the error C2-12858-4, then it's because you did not do it correctly! Please re-read the instructions more carefully then. If you get the error You can only copy applications that your account is the owner of, then it's because you have used an AID that is not of your account, go back to step 8.

      12. Launch h-encore² to exploit your device (if a message about trophies appears, simply click yes). The screen should first flash white, then purple, and finally open a menu called h-encore bootstrap menu where you can download VitaShell and install HENkaku. If it prompts the error Cannot start this application. C0-11136-2, then it's because you did not do step 6. correctly.

      13. Enjoy. Note that you have to relaunch the exploit everytime you reboot or shutdown your device. Of course if you only put your device into standby mode, you don't need to relaunch.

    • Exploit
      • "When I launch h-encore², it flashes white quickly and then crashes." - The success rate of the exploit is around 25%. You need to attempt it a few times. Note that trimming the bittersmile application seems to make the exploit less reliable.
      • "I get a C2-12828-1 error when launching h-encore²" - This does sometimes (but very rarely) happen. Just retry the exploit.
      • "When I launch h-encore², it launches the bitter smile demo instead." - Your savedata is either corrupted or not installed correctly, please follow the installation guide above to reinstall it.
      • "I have installed a bad plugin and launching h-encore² doesn't work anymore, what should I do?" - You can either reset taiHEN config.txt or skip plugins loading by holding the L trigger while exiting the h-encore bootstrap menu.

      HENkaku Settings

      • "I don't see all folders in VitaShell." - Launch the Settings application and select HENkaku Settings, then select Enable unsafe homebrews. This will grant you full permission in VitaShell.
      • "I can't find the HENkaku Settings." - Launch the exploit and reset taiHEN config.txt and reinstall HENkaku.

      enso/permanent hack

      • "Can I install enso on 3.67-3.71?" - Not on this firmware, but you can downgrade to firmware 3.65 using modoru and then install enso.
      • "Can I install enso on 3.65?" - Yes, you can use h-encore² to hack your device and then install the permanent hack using this.
      • **Please use SKGleba's plaintext loader for Downgrading on System Firmware 3.71 or 3.72**

      General

      • "Can I switch the PSN account after having h-encore² installed?" - Yes, since the demo is DRM-free it does not depend on your account.
      • "Are there any risks involved in using h-encore²?" - No, since it does not modify the OS, but only insert temporary patches into the system.
      • "Can I install it without USB connection?" - You can also connect your PS Vita with your computer using Wi-Fi (there's an option in the Content Manager).

    • If you like my work and want to support future projects, you can make a donation:

      • via bitcoin 361jRJtjppd2iyaAhBGjf9GUCWnunxtZ49
      • via paypal
      • via patreon

      Thank you!

      • Thanks to Freakler for finding the crash in the demo and designing the h-encore² icon.
      • Thanks to molecule for their initial work on the PS Vita.
      • Thanks to Davee and Proxima for http://cma.henkaku.xyz/.
      • Thanks to yifanlu for psvimgtools.
      • Thanks to codestation for qcma.
      • Thanks to mmozeiko for pkg2vita.
      • Thanks to the PS Vita hacking community.
      • Thanks to Sony for this awesome device.

    Source: Twitter @theflow0
    Downgrade Method: Twitter @skgleba
     
    Last edited: Sep 1, 2019

Comments

Discussion in 'PS Vita News' started by Roxanne, Aug 26, 2019.

    1. Naked_Snake1995
      Naked_Snake1995
      3.71 Users Beware, Downgrading with Modoru on 3.71 will result in a softbrick, DO NOT attempt to Downgrade, wait for a Modoru Update or a Official word from THE_FLOW regarding downgrading!

      3.70 and below, Modoru will work just fine.
      STLcardsWS, Rommy667, ntodek and 2 others like this.
    2. Tech Exploit
    3. zfreeman
      zfreeman
      Firmware version 3.72 is out now.
      DeViL303 likes this.
    4. bucanero
      bucanero
      from what I could understand, Sony didn't patch the encore-2 exploit, but rather just blacklisted the software demo that was used to build the payload.

      So there's a chance that in the future someone finds a new attack vector and can use the same encore-2 exploit.
    5. nCadeRegal
      nCadeRegal
      I'm gonna laugh when someone finds out how to use the old way of whitelisting that game to make the exploit good again and then Sony either releases 3.73 or removes that game from the store completely
    6. DeViL303
    7. Naked_Snake1995
      Naked_Snake1995
      Already did, apparently rebuilding and reinstalling H-Encore2 will work on 3.72 without a hitch, testing done by NanoSpeedGamer "Spanish YouTuber" on a PCH-1000 Series OLED with 3.72
    8. atreyu187
      atreyu187
      Yeah seen a few that have this working just fine on 3.72. There is a few Russian folks that have this working just fine. Give it a few days and everyone will have it working again.
    9. Naked_Snake1995
      Naked_Snake1995
      True, but i just hope TheFl0w reworks Modoru for the 3.71 due to Bricking, i really want to revert it back to the glorious 3.60 Enso, Adrenaline doesn´t work,and the Exploit has a 25% success rate, but its better than nothing.
      atreyu187 likes this.
    10. atreyu187
      atreyu187

      It is better then nothing. I may give it a go checking a few games but it won't be for a few days. Anyone curious can follow these simple instructions found HERE and the list of DRM-Free games can be found HERE but it's not limited to DRM games/demos but they are the most useful.


      Edit

      And once you get the activated just don't power off the system. It's how we all had to do with original HENkaku but admittedly Enso is so much nicer. Got spoiled after that myself. Not such a huge deal for the Vita unless you were away from internet. But then we got the offline enablers and finally Enso. Going to get a Vita again soon but till then I'm happy with my PSTV. Our devs have made it just as functional as the Vita with plugins.
    11. Naked_Snake1995
      Naked_Snake1995
      Well i got spolied myself when my VITA was on 3.60 Enso, just 3 days before the Exploit, a sibling on mine "accidentaly" update it to 3.71, just because he wanted to play Minecraft,and i didnt have the cartridge with me, so he updated it to go to the PS Store to get the Trial Version, and he didnt even asked if he could, so he didnt even squeal after the damage was done, but thanks to TheFl0w he saved my VITA from being a dust-magnet on 3.71, but i would want,like many other users at least to get to 3.60 Enso again, to a more reliable exploit, i just hope he updates Modoru as a final Hoorah for the scene.
    12. Naked_Snake1995
      Naked_Snake1995
      Update: 3.72 didn´t patch any Exploit Chain or the BitterSmile DEMO, TheFl0w has updated H-Encore² binaries to match and be compatible with 3.72, making 3.72 officially exploitable, just re-do and reinstall H-Encore² with the newest files from GitHub repository.

      Sem Título.png
      atreyu187 and vr6cer like this.
    13. atreyu187
      atreyu187

      Wonder if Sony is going to push a new update now? Oh well we should be safe for a bit anyhow.
    14. pinky
      pinky
      looks like -x is the command I was looking for. I haven't tried it yet, but normally extracting a vita pkg results in all files being in a folder without being in a title id folder. also, I guess drm free content doesn't have a zrif, because that's how you normally extract them. each content's is a different key.
      Last edited: Aug 27, 2019
    15. dhahin
      dhahin
      i have henkaku enso and i'm pretty satisfied. should i move from enso to h-encore²?
    16. pinky
      pinky
      no
    17. Roxanne
      Roxanne
      For those who have problems with Downgrading the PlayStation Vita, the News got updated above in addition with an method to Downgrade on System Firmware 3.71 or 3.72.
      Last edited: Sep 1, 2019
    18. pinky
      pinky
      poor sony. spent months trying to patch up exploits only to see their efforts dashed within a matter of days.

Share This Page