Since the old binary loader (which was used from the very early days) got patched with the Vita firmware update 3.30 on the 2nd of October 2014 all old tutorials are outdated and therefore not working on a Vita anymore. (If you 'just' want to run a hello world on your PSP the old binary Loader should still be working on 6.61. You can therefore still use wololo's tutorial from 2010 though!)
So maybe this might help some people still interested in the ePSP Vita..
1) Compiling the binary source code
At first you will need to set up your PSPSDK environment if you haven't already. Next up download qwikrazor's 3.30+ binary loader!
Open the load.s file and adjust the savegame name + postfix string, load address, and file name to your liking Compile it!
Code: Select all
psp-as load.s
psp-objcopy -O binary a.out load.bin
2) Injecting the code to the savegame
Just insert the code via any HEx editor from the load.bin into the savegame where our code execution begins. If you followed the first Tutorial you can simply use the Emulators already decrypted savegame. If not, you will need to decrypt the original PSP Savegame first. You can either use SED on the PSP itself or the SED program for PC. (Qwikrazor's SGKeyDumper Plugin is a big help here!) After that we now need to re-encrypt our savegame of course!
Now we can already test our Loader. If you still have the colorflasher source from the first tutorial, just use the h.bin and test it out! Note: If the loader shouldn't work correctly try playing around with the load address and try again.
3) Getting the function Imports of your Game
At first we will need to get a specific file from our game. The easiest way is to have the Game in iso format and open it with winrar for example. If you have an UMD you can select to use the UMD as USB device from VSH Menu for example.
Go into PSP_GAME/SYSDIR/ and extract the EBOOT.BIN file Next up we are going to need PRXDecrypter installed on the PSP. The EBOOT.BIN goes into the ms0:/enc or ms0:/dec folder depending on your setting. Decrypt the file from here: (The EBOOT.BIN will be overwritten and a little bit smaller afterwards)
And finally we are going to use PRXTool to extract the function information from it. So copy the decrypted EBOOT.BIN to this PRXTool noob package and run the run.bat to create the functions list.
4) Writing the Hello World
We are going to adapt the Hello World originally made for the PataponSDK which was adapted from the SpartaSDK. (If you want to use and compile more code samples check out the Sparta SDK)
Here is a basic download just for the Hello World sample code: Download
Add your functions.txt to the folder and run wololo's ruby script to parse the prxtool "functions imports" into a sdk.S file. (Or do it manually, which you don't really want to do)
Last thing to do is adjusting the linker.x load address if necessary, add your name inside the main.c file to grow your ego & compile everything! Now take the H.BIN, add it to the savegame and run the exploit! If everything did go right you should see the hello world flashing now
Closing Word
I know this is a VERY briefly tutorial and I know alot of questions might be left unanswered but there are so much things that can go wrong from wrong calculations, missing functions or the game just being a bitch. (Check out wololos already mentioned tutorial as he might have more of that covered) But let me put it this way, at least you got an idea of how it works and what work it takes. If you really are on something you WILL get help from alot of willing people in the scene! Thanks for your interest