PS VITA / PS TV Trinity Exploit for PS Vita System Firmwares 3.69 & 3.70 released by TheFloW!

Discussion in 'PS Vita News' started by kozarovv, May 5, 2019.

By kozarovv on May 5, 2019 at 2:13 PM
  1. 7,678

    kozarovv Developer

    Nov 8, 2014
    Likes Received:
    Trophy Points:
    Home Page:
    Following up after the Announcement from @TheFloW back at the End of March this year, today @TheFloW "let the cat out of the bag" by releasing his newest Jailbreak for the PlayStation Vita, which will allow you to jailbreak both your PlayStation Vita and PlayStation TV even on the newest System Firmwares 3.69 and 3.70 (which weren't able to jailbreak before). But not only that. While you can jailbreak your Devices on the specific System Firmwares mentioned before, you can also Downgrade your PlayStation Vita / TV to a lower Firmware to get the full potential of your Device like with the famous Hacks and Exploits on System Firmware 3.60 (such as HENkaku and modoru) and 3.65/3.67/3.68 (such as h-encore). So while you have been probably already prepared for this release back at the first announcement, together with the fact that @TheFloW was so kind to release his final Jailbreak even earlier as previous announced, we won't keep you on tenterhooks anymore. Here is everything you need to know.

    The Trinity Exploit while in use.

    • Trinity
      Trinity is the third public jailbreak for the PS Vita™, which supports the latest firmwares 3.69 and 3.70. The exploit chain consists of three stages: the MIPS Kernel Exploit, the PSP Emulator Escape and the ARM Kernel Exploit.

      If you like my work and want to support future projects, you can make a donation:
      • via bitcoin 361jRJtjppd2iyaAhBGjf9GUCWnunxtZ49
      • via paypal
      • via patreon
      Thank You!

      • Your device must be on firmware 3.69 or 3.70. If you're on a lower firmware, please use h-encore instead.
      • If your device is a phat OLED model, you need a Memory Card in order to install. There's no need for a Memory Card on Slim/PS TV models, since they already provide an Internal Storage.
      • Your device must be able to access the PlayStation Store.

    • If you have already done the preparation, you can skip this part and go to the Installation section.

      1. If you're on firmware 3.69, you have two options:
      • Either update to firmware 3.70 (go to Settings → System Update).
      • Or set DNS to (go to Settings → Network → Wi-Fi Settings → Your access point → Advanced Settings and set DNS Settings to Manual and Primary DNS to

      2. Register a PSN account if you don't have one yet (note that only 3 devices can be activated using the same account).

      3. Download and install any PSP/minis game (PS Vita or PS one Classics do not work). There are demos in most regions (if you know a title that is not listed here, please let me know):
      • EU/UK: Ape Quest
      • NA/SG: LocoRoco Midnight Carnival
      • JP: YS seven
      Unfortunately, if you can't find a demo in your region, you must either buy any PSP/minis game, or register a new PSN account in one of the regions listed above.

      4. Please make sure that your demo is a PSP/minis game. To verify, please launch the game and hold the PS button for a while. Then a quick menu should come up with the Settings option, where you can set bilinear filter, etc. If this option is not there, you've likely downloaded the wrong game. For help, please consider watching some youtube tutorials and see how a PSP game should look like.

    • 1. Download and install qcma and psvimgtools (check the releases section for the binaries).

      2. Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date) to spoof the System Software check.

      3. Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PS Vita System -> PC, and after that you select Applications. Finally select PSP™/Other and click on the game that you want to turn into the Trinity exploit. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn't solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to to block updates.

      4. Transfer the game over to your computer by clicking on Copy on your PS Vita. After copying, you go to the folder /Documents/PS Vita/PGAME/xxxxxxxxxxxxxxxx/YYYYZZZZZ on your computer, where xxxxxxxxxxxxxxxx is some string corresponding to your account ID and YYYYZZZZZ is the title id of the game that you've just copied over. You can look at the image at YYYYZZZZZ/sce_sys/icon0.png to verify that it is indeed your chosen game. Furthermore, the YYYYZZZZZ folder should contain these folders: game, license and sce_sys.

      5. Before you attempt to modify the backup, you should make a copy of it. Just copy YYYYZZZZZ somewhere else, such that if you fail to follow the instructions, you can copy it back and retry.

      6. Insert the xxxxxxxxxxxxxxxx string here. If the AID is valid, it will yield a key that you can now use to decrypt/re-encrypt your game.

      7. Decrypt the game backup as follows (if you haven't installed psvimgtools yet, then just place them in the YYYYZZZZZ folder):

      psvimg-extract -K YOUR_KEY game/game.psvimg game_dec
      If done correctly, you should see an output like this:

      creating file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/EBOOT.PBP (x bytes)...
      creating file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/__sce_ebootpbp (x bytes)...
      all done.
      8. Download Trinity and copy the PBOOT.PBP file to game_dec/ux0_pspemu_temp_game_PSP_GAME_YYYYZZZZZ/PBOOT.PBP (the files EBOOT.PBP, __sce_ebootpbp and VITA_PATH.txt should exist in this folder). If PBOOT.PBP does already exist there, just overwrite it.

      9. Now re-encrypt the backup similar to above:

      psvimg-create -n game -K YOUR_KEY game_dec game
      If done correctly, you should see an output like this:

      adding files for ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ
      packing file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/EBOOT.PBP (x bytes)...
      packing file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/PBOOT.PBP (x bytes)...
      packing file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/__sce_ebootpbp (x bytes)...
      created game/game.psvimg (size: x, content size: x)
      created game/game.psvmd
      10. Remove the game_dec folder and select Refresh database in qcma settings.

      11. Now you need to copy back the modified backup to your PS Vita: Launch Content Manager on your PS Vita and connect it to your computer (if it's already open, just go back to the first menu), where you then need to select PC -> PS Vita System, and after that you select Applications. Finally select PSP™/Other and click on the modified game. Perform the copy operation and exit Content Manager.

      12. In the livearea, the game should now have a different icon and should now be called Trinity. If not, please re-read the instructions more carefully and begin from fresh.

      13. Turn on Wi-Fi, then reboot your device and straightly launch Trinity. Do not do anything else, otherwise the exploit will be less reliable. It is very important that you do not have any running downloads in background.

      14. Enjoy the exploitation process and wait until it launches the Construct. If the exploit fails, simply rerun Trinity.

      15. Within the Construct, select Download VitaShell, then Install HENkaku and finally Exit.

      16. Congratulations, your device is now able to run homebrews. It is highly suggested that you downgrade your device to either firmware 3.60 or 3.65/3.67/3.68 using modoru. On 3.60, you can use HENkaku and on 3.65/3.67/3.68 you can use h-encore. If you don't downgrade your device now, you may lose the ability to launch Trinity later and therefore not be able to hack your device anymore.

    • Exploit
      • "I get the error [TURN ON WI-FI TO USE THIS EXPLOIT]." - Just hold the PS button and turn on Wi-Fi in the quickmenu.
      • "I get the error [EXPLOIT FAILED: 0x800200CB]." - This can sometimes happen. Just rerun the exploit.
      • "My device freezes/panics." - Be sure you do not have any downloads running in background. Also make sure that you do not launch anything else before Trinity. A fresh reboot is always recommended.
      • "Trinity crashes in the second run." - It is not recommended that you launch Trinity multiple times. Always reboot your device before launching Trinity.

      HENkaku Settings
      • "I don't see all folders in VitaShell." - Launch the Settings application and select HENkaku Settings, then select Enable unsafe homebrews. This will grant you full permission in VitaShell.
      • "I can't find the HENkaku Settings." - Launch the exploit and reset taiHEN config.txt and reinstall HENkaku.

      enso/permanent hack
      • "Can I install enso on 3.69 or 3.70?" - Not on these firmwares, but you can downgrade to firmware 3.60/3.65 using modoru and then install enso.

      • Thanks to qwikrazor87 for the PSP kernel exploit.
      • Thanks to Freakler for the Trinity icon.
      • Thanks to molecule for their initial work on the PS Vita.
      • Thanks to Davee and Proxima for
      • Thanks to yifanlu for psvimgtools.
      • Thanks to codestation for qcma.
      • Thanks to the PS Vita hacking community.
      • Thanks to Sony for this awesome device.

    Trinity Exploit for PS Vita

    Source: Twitter @theflow0
    Github: Trinity Exploit
    CMA Random Number Generator
    Patreon: TheOfficialFloW
    Last edited by a moderator: May 5, 2019
    Resk0r, ed89, MixeryMaxe and 14 others like this.


Discussion in 'PS Vita News' started by kozarovv, May 5, 2019.

    1. atreyu187
      Best news is XYZ still has one more exploit for the Vita's EOL just in case pulls another PSP 6.61 stunt like they did. This is amazing as we have a downgrader to get back to 3.60 for HENkaku for a permanent exploit then when with ReF00D we can run all our games with the full power of Enso!! Thanks for the heads up I was just coming to post about this as I just got home. I'm sure this will make a lot of folks very very happy.
    2. Naked_Snake1995
      The one last send off to this great console, shame Sony have ignored this system for all these years, until the machine was exploited, releasing the untapped potential! Not only it gets the love it deservers,but prices are skyrocketing, so if you didnt have the chance to pick it up at launch do yourself a favour and grab one!

      My most deep respect for Team XYZ and THE_FLOW for theyre hardwork, on keeping this awesome system alive, for theyre countless hours, for Henkaku and H-Encore and for giving this console a chance to be used the way its meant to be, and for the PSX-Place @STLcardsWS and @kozarovv for the theyre news updates!

      On behalf of the PSX-Place community Thank You for this great achievement!

      disyoko, Fuzion9, Vishera and 2 others like this.
    3. NiHuShu
      Sony must be pissed off. Now PS3 and then Vita :D
    4. kozarovv
      I just posted news tip, @Roxanne wrote that great news article. ;)
      DeViL303 likes this.
    5. Tech Exploit
    6. Naked_Snake1995
      Shoutout to @Roxanne as well :)
      hack psvita here tutorial trinity
    8. DigitalMorpheus
      Can this be used to escape PSP emulator on PS3 by adapting the exploit?
      emelin.2004 likes this.
    9. kaluas
      In the handheld PS Scene, we are very lucky to have TheFlow, since the early days he was total_noob. Everyone should consider supporting him with a donation.
      reapers2007 likes this.
    10. kaluas
      btw, yesterday i bought a second handed phat vita on 3.70 and i can confirm the hack works.
    11. Naked_Snake1995
      No, as i suspect the PSP_EMU its a LV2 GuestOS, not a integral part of the GameOS, same with the PS2Emu.self and PS1Emu.self.

      This its not my field for expertise, so ill leave up to more experienced developers to explain how the PSP_EMU.self works on a GameOS level.

      But in other words, its impossible, as if i am not mistaken this its an ARM level exploit, using the PSP Emu, although there its actual PSP Hardware inside the PSVITA.

      Sent from my G8341 using Tapatalk
    12. Kazama
      Big news is that "Flow has released the trinity exploit source code and he explained ROP chains and kernel level exploit for PS Vita. He is a great coder/hacker in the scene. Did a research for long time. We love you " Flow".
      DeViL303 likes this.
    13. Magnux
      No other ways to hack the model PCH-2009? Please tell me if there are
    14. kaluas
      PS Vita // PSTV hacking is firmware specific. You can use different ways in firmwares 3.60, 3.65 and 3.70.
    15. Naked_Snake1995
      You misunderstood, what he meant, the PCH-2009 its a China Only Variant PS VITA, its region locked to China Mainland, which means only PSN Chinese Accounts are acceptable, there is no way to log in with another region PSN, it wont accept it, this its to approve Chinese Government Regulations, so the console can be sold into Chinese Territory, this regualtion its so restrict, that even Hong Kong "Chinese Independent State" PSN Accounts aren´t acceptable.

      To make matters even worse, Chinese PSN doesn´t have any PlayStation Portable Content, only PS4 as far as ive seen, so Trinity its out of the question, only H-Encore will work, thats 3.65-3.68, due to the account doesnt need activation or any PlayStation Portable Demo, so the only solution remaining its a board swap, with a firmware from 3.68 or below, which if you live in China, its going to be a easy find, but if you imported the console, you are out of luck, as boards range from 50-100US$,depending on the firmware on them,which its almost the cost of a used unit itself.
      Magnux and kaluas like this.
    16. Vedita BR

Share This Page