Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

H-Encore Vita: Difference between revisions

From GameBrew
m (Text replacement - "GameBrew!" to "GameBrew")
 
(One intermediate revision by the same user not shown)
Line 14: Line 14:
|version=2.0
|version=2.0
|license=MIT
|license=MIT
|download=https://dlhb.gamebrew.org/vitahomebrews/hencorevita.7z
|website=https://github.com/TheOfficialFloW/h-encore
|website=
|source=https://github.com/TheOfficialFloW/h-encore
|source=https://github.com/TheOfficialFloW/h-encore
}}
}}
'''H-encore''' is a fully chained kernel exploit for the PS Vita on firmwares 3.65-3.68.
h-encore, where h stands for hacks and homebrews, is the second public jailbreak for the PS Vita™ which supports the newest firmwares 3.65, 3.67 and 3.68. It allows you to make kernel- and user-modifications, change the clock speed, install plugins, run homebrews and much more.


==What is h-encore?==
A technical explanation of the h-encore exploit chain is available [https://theofficialflow.github.io/2018/09/11/h-encore.html here].
''h-encore'', where ''h'' stands for hacks and homebrews, is the second public jailbreak for the ''PS Vita™'' which supports the newest firmwares 3.65, 3.67 and 3.68. It allows you to make kernel- and user-modifications, change the clock speed, install plugins, run homebrews and much more.


A technical explanation of the ''h-encore'' exploit chain is available [https://theofficialflow.github.io/2018/09/11/h-encore.html here].
==Installation==
Requirements:
*Your device must be on firmware 3.65, 3.67 or 3.68. Firmware 3.69 and higher are not supported. If you're on a lower firmware, please decide carefully to what firmware you want to update, then search for a trustable guide on /r/vitahacks.
*If your device is a phat OLED model, you need a Memory Card in order to install. There's no need for a Memory Card on Slim/PS TV models, since they already provide an Internal Storage. Make sure you have got at least 270 MB of free space.
*Your device must be linked to any PSN account (it doesn't need to be activated though). If it is not, then you must restore default settings in order to sign in.


== Requirements ==
See [https://github.com/TheOfficialFloW/h-encore#requirements here] for installation guide.
* Your device must be on firmware 3.65, 3.67 or 3.68. '''Firmware 3.69 and higher are not supported'''.
* If your device is a phat OLED model, you need a Memory Card in order to install. There's no need for a Memory Card on Slim/PS TV models, since they already provide an Internal Storage. Make sure you have got at least <code>270 MB</code> of free space.
* Your device must be linked to any PSN account (it doesn't need to be activated though). If it is not, then you must restore default settings in order to sign in.


== How To Install h-encore ==
==User guide==
Note that the following guide is for advanced users and a bit more complicated than the previous hack that only required you to visit a website. If you don't understand the guide below or how to use these tools, you should not file an issue here, but rather seek help on [https://www.reddit.com/r/vitahacks/comments/8v9vl7/biweekly_questions_thread_edition_23_hencore/ /r/vitahacks] (check for duplicated questions first!) or use the [[Final H-Encore Vita]] (which isn't maintained by me).
===FAQ===
'''Exploit'''


<ol>
"When I launch h-encore, it stays at a white screen." - Due to the nature of the kernel exploit, this can sometimes happen. If it stays white for more than 5 seconds, you can simply close the application which will result in a crash and your device will be rebooted or shutdown after 10 seconds. If it doesn't, hold the power button down for over 30 seconds to force a shutdown. Then try the exploit again. The success rate of the kernel exploit should be at 80%. If I find time I will eventually try to improve the success rate.
<li><p>Download [https://github.com/TheOfficialFloW/h-encore/releases/download/v2.0/h-encore.zip h-encore] and extract it on your computer.</p></li>
<li><p>Download and install [[Qcma Vita|qcma]], [[Psvimgtools By Yifanlu Vita|psvimgtools]] and [[Pkg2zip Vita|pkg2zip]] (check the releases section for the binaries).<br />
If you don't know where to put psvimgtools and pkg2zip binaries, just put them in the <code>h-encore</code> folder.</p></li>
<li><p>Download the vulnerable DRM-free demo of [http://ares.dl.playstation.net/cdn/JP0741/PCSG90096_00/xGMrXOkORxWRyqzLMihZPqsXAbAXLzvAdJFqtPJLAZTgOcqJobxQAhLNbgiFydVlcmVOrpZKklOYxizQCRpiLfjeROuWivGXfwgkq.pkg bitter smile] (yes, that's the user entry point).</p></li>
<li><p>Extract the demo using this command in terminal/cmd:</p>


<pre>pkg2zip -x PATH_OF_PKG</pre>
"When I launch h-encore, it flashes white quickly and then crashes." - Again, this is due to how the kernel exploit works.


<p>This will output the files to <code>app/PCSG90096</code>.</p></li>
"I get a C2-12828-1 error when launching h-encore" - This does sometimes (but very rarely) happen. Just retry the exploit.
<li><p>Copy the contents of the output <code>app/PCSG90096</code> to the folder <code>h-encore/app/ux0_temp_game_PCSG90096_app_PCSG90096</code> (such that the files <code>eboot.bin</code> and <code>VITA_PATH.TXT</code> are within the same folder).</p></li>
<li><p>Copy the license file <code>app/PCSG90096/sce_sys/package/temp.bin</code> to the folder<br />
<code>h-encore/license/ux0_temp_game_PCSG90096_license_app_PCSG90096</code> and rename the just pasted file <code>temp.bin</code> to <code> 6488b73b912a753a492e2714e9b38bc7.rif</code>. Be careful with the file extension, it should not be <code>.rif.bin</code>. Again, this file should be in the same folder as <code>VITA_PATH.TXT</code>.</p></li>
<li><p>Start qcma and within the qcma settings set the option <code>Use this version for updates</code> to <code>FW 0.00 (Always up-to-date)</code> to spoof the System Software check.</p></li>
<li><p>Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select <code>PC -&gt; PS Vita System</code>, and after that you select <code>Applications</code>. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn't solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to <code>212.47.229.76</code> to block updates. This should create a folder at <code>PS Vita/APP/xxxxxxxxxxxxxxxx</code> on your computer (see qcma settings where this folder is), where the folder <code>xxxxxxxxxxxxxxxx</code> represents the AID (account ID that is 16 characters long) that you need to insert [http://cma.henkaku.xyz/ here]. If the AID is valid, it will yield a key that you can now use to encrypt the demo.</p></li>
<li><p>Change directory to the <code>h-encore</code> folder in terminal/cmd and use the key to encrypt all folders using (make sure you don't confuse the key with the AID, the key is 64 characters long!):</p>
<div class="snippet-clipboard-content notranslate position-relative overflow-auto">


<pre>psvimg-create -n app -K YOUR_KEY app PCSG90096/app
"When I launch h-encore, it launches the bitter smile demo instead." - Your savedata is either corrupted or not installed correctly, please follow the installation guide above to reinstall it.
psvimg-create -n appmeta -K YOUR_KEY appmeta PCSG90096/appmeta
psvimg-create -n license -K YOUR_KEY license PCSG90096/license
psvimg-create -n savedata -K YOUR_KEY savedata PCSG90096/savedata</pre>


<p>The folder <code>h-encore/PCSG90096</code> should then contain <code>sce_sys</code> and all 4 folders from above, and within these folders you should find files called <code>X.psvimg</code> and <code>X.psvmd</code>, where <code>X</code> has the same name as the folder. Backup this folder, since if everything has been done correctly, you don't need to redo all the steps to install it onto another device with the same PSN account.</p></li>
"I have installed a bad plugin and launching h-encore doesn't work anymore, what should I do?" - You can either reset taiHEN config.txt or skip plugins loading by holding the L trigger while exiting the h-encore bootstrap menu.
<li><p>Copy the folder <code>h-encore/PCSG90096</code> to <code>PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG90096</code> and then select <code>Refresh database</code> in qcma.</p></li>
<li><p>The ''h-encore'' bubble with a size of around <code>243 MB</code> should now appear in the Content Manager and that's what you finally need to transfer to your PS Vita. If the size does not match or you get the error <code>C2-12858-4</code>, then it's because you did not do it correctly! Please re-read the instructions more carefully then. If you get the error <code>You can only copy applications that your account is the owner of</code>, then it's because you have used an AID that is not of your account, go back to step 8.</p></li>
<li><p>Launch ''h-encore'' to exploit your device (if a message about trophies appears, simply click yes). The screen should first flash white, then purple, and finally open a menu called ''h-encore bootstrap menu'' where you can download [[Vitashell Vita|VitaShell]] and install [[Henkaku Vita|HENkaku]]. If it prompts the error <code>Cannot start this application. C0-11136-2</code>, then it's because you did not do step 6. correctly.</p></li>
<li><p>Enjoy. Note that you have to relaunch the exploit everytime you reboot or shutdown your device. Of course if you only put your device into standby mode, you don't need to relaunch.</p></li></ol>


== Updating to h-encore 2.0 ==
'''HENkaku Settings'''
You can update ''h-encore'' by following the installation guide above, or following these steps (''h-encore'' must already be installed).


# Download [https://github.com/TheOfficialFloW/h-encore/releases/download/v2.0/system.dat h-encore's system.dat].
"I don't see all folders in VitaShell." - Launch the Settings application and select HENkaku Settings, then select Enable unsafe homebrews. This will grant you full permission in VitaShell.
# Enable <code>Unsafe Homebrews</code> under <code>HENkaku Settings</code> in the Settings application to grant VitaShell full permission.
# Launch VitaShell and navigate to <code>ux0:user/00/savedata/</code>.
# Press triangle on the folder <code>PCSG90096</code> and select <code>Open decrypted</code> (you should NOT see the folder <code>sce_pfs</code> within this folder when opened decrypted).
# Copy the downloaded <code>system.dat</code> to <code>ux0:user/00/savedata/PCSG90096/system.dat</code>.
# Launch ''h-encore'' while holding R and select <code>Install HENkaku</code> in the bootstrap menu.
# Done.


==Media==
"I can't find the HENkaku Settings." - Launch the exploit and reset taiHEN config.txt and reinstall HENkaku.
<youtube>3ewAA5ihXng</youtube>


==Screenshot==
'''enso/permanent hack'''
[[image:hencorevita.jpg|600px]]


== FAQ ==
"Can I install enso on 3.67 or 3.68?" - Not on these firmwares, but you can downgrade to firmware 3.65 using modoru and then install enso.
=== Exploit ===
* &quot;When I launch ''h-encore'', it stays at a white screen.&quot; - Due to the nature of the kernel exploit, this can sometimes happen. If it stays white for more than 5 seconds, you can simply close the application which will result in a crash and your device will be rebooted or shutdown after 10 seconds. If it doesn't, hold the power button down for over 30 seconds to force a shutdown. Then try the exploit again. The success rate of the kernel exploit should be at 80%. If I find time I will eventually try to improve the success rate.
* &quot;When I launch ''h-encore'', it flashes white quickly and then crashes.&quot; - Again, this is due to how the kernel exploit works.
* &quot;I get a C2-12828-1 error when launching ''h-encore''&quot; - This does sometimes (but very rarely) happen. Just retry the exploit.
* &quot;When I launch ''h-encore'', it launches the bitter smile demo instead.&quot; - Your savedata is either corrupted or not installed correctly, please follow the installation guide above to reinstall it.
* &quot;I have installed a bad plugin and launching ''h-encore'' doesn't work anymore, what should I do?&quot; - You can either reset taiHEN config.txt or skip plugins loading by holding the L trigger while exiting the ''h-encore bootstrap menu''.


=== HENkaku Settings ===
"Can I install enso on 3.65?" - Yes, you can use h-encore to hack your device and then install the permanent hack using this.
* &quot;I don't see all folders in VitaShell.&quot; - Launch the Settings application and select <code>HENkaku Settings</code>, then select <code>Enable unsafe homebrews</code>. This will grant you full permission in VitaShell.
* &quot;I can't find the HENkaku Settings.&quot; - Launch the exploit and reset taiHEN config.txt and reinstall HENkaku.


=== enso/permanent hack ===
'''Compatibility'''
* &quot;Can I install enso on 3.67 or 3.68?&quot; - Not on these firmwares, but you can downgrade to firmware 3.65 using [[Modoru Vita|modoru]] and then install enso.
* &quot;Can I install enso on 3.65?&quot; - Yes, you can use ''h-encore'' to hack your device and then install the permanent hack using [[Enso Ex Installer Vita|enso]].


=== Compatibility ===
"Are Adrenaline/NoNpDrm/Download Enabler supported on 3.65/3.67/3.68?" - Yes, check them in my repositories.
* &quot;Are [[Adrenaline Vita|Adrenaline]]/[[Nonpdrm Vita|NoNpDrm]]/[[Download Enabler Vita|Download Enabler]] supported on 3.65/3.67/3.68?&quot; - Yes, check them in my repositories.
* &quot;Can I use SD2VITA using this hack?&quot; - Yes, I have made a pull request on [[Gamesd Vita| gamecard-microsd]] that fixed the freeze when using it without enso. If you're using an other plugin and it freezes on exitting ''h-encore bootstrap menu'', then there's the trick where you can simply press the PS Button and return back to finish the boot process.
* &quot;Can I use psvsd using this hack?&quot; - Yes, people confirmed that it is working finely.
* &quot;Does this work, does that work? Is this compatible, is that compatible?&quot; - I don't know, and it is not my task to update these tools for you, so don't dare and file an issue here.


=== General ===
"Can I use SD2VITA using this hack?" - Yes, I have made a pull request on gamecard-microsd that fixed the freeze when using it without enso. If you're using an other plugin and it freezes on exitting h-encore bootstrap menu, then there's the trick where you can simply press the PS Button and return back to finish the boot process.
* &quot;Can I switch the PSN account after having ''h-encore'' installed?&quot; - Yes, since the demo is DRM-free it does not depend on your account.
 
* &quot;Are there any risks involved in using ''h-encore''?&quot; - No, since it does not modify the OS, but only insert temporary patches into the system.
"Can I use psvsd using this hack?" - Yes, people confirmed that it is working finely.
* &quot;Can I install it without USB connection?&quot; - You can also connect your PS Vita with your computer using Wi-Fi (there's an option in the Content Manager).
 
* &quot;How do I get into bootstrap menu?&quot; - launch h-encore while holding the R trigger.
"Does this work, does that work? Is this compatible, is that compatible?" - I don't know, and it is not my task to update these tools for you, so don't dare and file an issue here.
 
'''General'''
 
"Can I switch the PSN account after having h-encore installed?" - Yes, since the demo is DRM-free it does not depend on your account.
 
"Are there any risks involved in using h-encore?" - No, since it does not modify the OS, but only insert temporary patches into the system.
 
"Can I install it without USB connection?" - You can also connect your PS Vita with your computer using Wi-Fi (there's an option in the Content Manager).
 
"How do I get into bootstrap menu?" - launch h-encore while holding the R trigger.


==Changelog==
==Changelog==
'''(v.2.0)'''
'''2.0'''
*Added ability to auto-exit and bypass the bootstrap menu. You can force launching the bootstrap menu by holding R while launching h-encore).
*Added ability to auto-exit and bypass the bootstrap menu. You can force launching the bootstrap menu by holding R while launching h-encore).
*Added ability to personalize the savedata in order to get rid of the trophy warning.
*Added ability to personalize the savedata in order to get rid of the trophy warning.
Line 114: Line 82:
*Updated default spoof version to 3.70.
*Updated default spoof version to 3.70.
*Updated kernel ROP chain to use fewer and better gadgets.
*Updated kernel ROP chain to use fewer and better gadgets.
'''(v.1.0)'''
* First Release.
== Donation ==
If you like my work and want to support future projects, you can make a donation:
* via bitcoin <code>361jRJtjppd2iyaAhBGjf9GUCWnunxtZ49</code>
* via [https://www.paypal.me/flowsupport/20 paypal]
* via [https://www.patreon.com/TheOfficialFloW patreon]
Thank you!


== Credits ==
== Credits ==
* Thanks to Freakler for finding the crash in the demo and designing the ''h-encore'' icon.
* Thanks to Freakler for finding the crash in the demo and designing the h-encore icon.
* Thanks to molecule for their initial work on the PS Vita.
* Thanks to molecule for their initial work on the PS Vita.
* Thanks to xyz for giving me some tips on choosing an exploit target.
* Thanks to xyz for giving me some tips on choosing an exploit target.
Line 139: Line 95:


== External links ==
== External links ==
* Github - https://github.com/TheOfficialFloW/h-encore
* GitHub - https://github.com/TheOfficialFloW/h-encore

Latest revision as of 14:47, 6 February 2023

H-encore
Hencorevita.jpg
General
AuthorTheFloW
TypeExploits
Version2.0
LicenseMIT License
Last Updated2019/02/19
Links
Website
Source

h-encore, where h stands for hacks and homebrews, is the second public jailbreak for the PS Vita™ which supports the newest firmwares 3.65, 3.67 and 3.68. It allows you to make kernel- and user-modifications, change the clock speed, install plugins, run homebrews and much more.

A technical explanation of the h-encore exploit chain is available here.

Installation

Requirements:

  • Your device must be on firmware 3.65, 3.67 or 3.68. Firmware 3.69 and higher are not supported. If you're on a lower firmware, please decide carefully to what firmware you want to update, then search for a trustable guide on /r/vitahacks.
  • If your device is a phat OLED model, you need a Memory Card in order to install. There's no need for a Memory Card on Slim/PS TV models, since they already provide an Internal Storage. Make sure you have got at least 270 MB of free space.
  • Your device must be linked to any PSN account (it doesn't need to be activated though). If it is not, then you must restore default settings in order to sign in.

See here for installation guide.

User guide

FAQ

Exploit

"When I launch h-encore, it stays at a white screen." - Due to the nature of the kernel exploit, this can sometimes happen. If it stays white for more than 5 seconds, you can simply close the application which will result in a crash and your device will be rebooted or shutdown after 10 seconds. If it doesn't, hold the power button down for over 30 seconds to force a shutdown. Then try the exploit again. The success rate of the kernel exploit should be at 80%. If I find time I will eventually try to improve the success rate.

"When I launch h-encore, it flashes white quickly and then crashes." - Again, this is due to how the kernel exploit works.

"I get a C2-12828-1 error when launching h-encore" - This does sometimes (but very rarely) happen. Just retry the exploit.

"When I launch h-encore, it launches the bitter smile demo instead." - Your savedata is either corrupted or not installed correctly, please follow the installation guide above to reinstall it.

"I have installed a bad plugin and launching h-encore doesn't work anymore, what should I do?" - You can either reset taiHEN config.txt or skip plugins loading by holding the L trigger while exiting the h-encore bootstrap menu.

HENkaku Settings

"I don't see all folders in VitaShell." - Launch the Settings application and select HENkaku Settings, then select Enable unsafe homebrews. This will grant you full permission in VitaShell.

"I can't find the HENkaku Settings." - Launch the exploit and reset taiHEN config.txt and reinstall HENkaku.

enso/permanent hack

"Can I install enso on 3.67 or 3.68?" - Not on these firmwares, but you can downgrade to firmware 3.65 using modoru and then install enso.

"Can I install enso on 3.65?" - Yes, you can use h-encore to hack your device and then install the permanent hack using this.

Compatibility

"Are Adrenaline/NoNpDrm/Download Enabler supported on 3.65/3.67/3.68?" - Yes, check them in my repositories.

"Can I use SD2VITA using this hack?" - Yes, I have made a pull request on gamecard-microsd that fixed the freeze when using it without enso. If you're using an other plugin and it freezes on exitting h-encore bootstrap menu, then there's the trick where you can simply press the PS Button and return back to finish the boot process.

"Can I use psvsd using this hack?" - Yes, people confirmed that it is working finely.

"Does this work, does that work? Is this compatible, is that compatible?" - I don't know, and it is not my task to update these tools for you, so don't dare and file an issue here.

General

"Can I switch the PSN account after having h-encore installed?" - Yes, since the demo is DRM-free it does not depend on your account.

"Are there any risks involved in using h-encore?" - No, since it does not modify the OS, but only insert temporary patches into the system.

"Can I install it without USB connection?" - You can also connect your PS Vita with your computer using Wi-Fi (there's an option in the Content Manager).

"How do I get into bootstrap menu?" - launch h-encore while holding the R trigger.

Changelog

2.0

  • Added ability to auto-exit and bypass the bootstrap menu. You can force launching the bootstrap menu by holding R while launching h-encore).
  • Added ability to personalize the savedata in order to get rid of the trophy warning.
  • Added confirmation dialog for Reset taiHEN config.txt option.
  • Updated default spoof version to 3.70.
  • Updated kernel ROP chain to use fewer and better gadgets.

Credits

  • Thanks to Freakler for finding the crash in the demo and designing the h-encore icon.
  • Thanks to molecule for their initial work on the PS Vita.
  • Thanks to xyz for giving me some tips on choosing an exploit target.
  • Thanks to Davee and Proxima for http://cma.henkaku.xyz/.
  • Thanks to yifanlu for psvimgtools.
  • Thanks to codestation for qcma.
  • Thanks to mmozeiko for pkg2vita.
  • Thanks to the PS Vita hacking community.
  • Thanks to Sony for this awesome device.

External links

Advertising: