Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/SKGleba/psp2hfw
Hybrid Firmware toolset for Playstation Vita
https://github.com/SKGleba/psp2hfw
Last synced: about 2 months ago
JSON representation
Hybrid Firmware toolset for Playstation Vita
- Host: GitHub
- URL: https://github.com/SKGleba/psp2hfw
- Owner: SKGleba
- Created: 2020-04-16T07:47:18.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-10-10T16:35:47.000Z (about 4 years ago)
- Last Synced: 2024-11-14T05:34:26.795Z (about 2 months ago)
- Language: C
- Size: 13.2 MB
- Stars: 33
- Watchers: 8
- Forks: 6
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- Awesome-PlayStation-Vita - psp2hfw - Hybrid Firmware toolset for Playstation Vita (Dual firmware) (⚙️ Basic Stuff / 🔓 Hacking)
README
# psp2hfw
# This repository is currently being updated to support enso_ex v4.5
The goal of this repository is to provide tools and instructions for running a hybrid firmware (HFW) on the Playstation Vita console
- in this case a different firmware/software version than the bootloaders version(s).
# Preparation
0) Make sure that you have the latest version of enso_ex ( https://github.com/SKGleba/enso_ex ) installed and running
- also make sure that your GC-SD adapter is fully functional in case of recovery
1) Download the correct 0syscall6 bootmgr version for from https://github.com/SKGleba/enso_ex/tree/master/sdrecovery/BOOTMGR/0syscall6 and put in ux0:eex/data/ as bootmgr.e2xp
2) Download 0syscall6 HFW version from https://github.com/SKGleba/0syscall6 , put it in ur0:tai/ and add to taiHEN config.txt
3) Download the correct firmware version fix from https://github.com/SKGleba/enso_ex/tree/master/sdrecovery/PATCH/fw_spoof and put in ux0:eex/payloads/
4) Download the correct sector redirect script from https://github.com/SKGleba/psp2hfw/tree/master/scripts/sector_redir and put in ux0:eex/payloads/
- This is optional for non-dualfw users but highly recommended for recovery purposes
5) Copy os0:sm/update_service_sm.self to ux0:eex/data/ as zss_ussm.self; if you have a decrypted kprxauth sm - put it in there as zss_ka.elf
6) Open the enso_ex installer and sync scripts; after reboot make sure that 0syscall6 is working correctly, do it before vita goes to sleep
- In os0 you should have the following files: bootmgr.e2xp, patches.e2xd, and zss_ussm.self.
## Additional steps for dual-fw users
Dual FW lets you run the second firmware from a SD card in a GC-SD adapter; it is experimental and expected to be less stable (but safer) than having a single fw.0) Make sure that you have your GC-SD adapter inserted and detected by the system; use either YAMT or mount as uma0 using another tool
1) Download and run the emmcfw->gcsd clone tool from https://github.com/SKGleba/psp2hfw/tree/master/tools/clone_int2ext ; it will clone firmware/software sectors to GCSD
- It is recommended to use xerpi's plugin loader for that ( https://bitbucket.org/xerpi/vita_plugin_loader )
- If the load fails it means that the SD card was not detected; also cloning will take some time
- After the clone finishes uninstall your GC-SD driver unless you are using sony's (internal manufacturing mode or yamt)
2) Connect your vita to a power supply and boot holding START, if it boots - emunand works
- You can make sure by deleting/adding a file in tm0 and rebooting normally; if the change is not present - emunand works
- Sony's built-in GC-SD driver is very strict in terms of compatibility, not all sd cards will work
- For the rest of this guide use the emunand instead of the internal emmc, HFW will be installed to the emunand.
# Usage## Compatibility
Currently not all firmwares can be installed on top of current base bootloaders [3.60 | 3.65]
- Check out the issues tab to know what needs to be done to increase compatibility
- Please note that not all homebrew apps/plugins are compatible with all firmwares; HenKaku and TaiHen may be incompatible too.### Base: 3.60
- 3.61 everything works fine.
### Base: 3.65
- 3.67 - 3.73 everything works fine.
## Installation
1) Download and install the HFW installer (HFWI.vpk); make sure that you have unsafe homebrew enabled in henkaku settings
2) Download the desired firmware PUP and extract os0/vs0 fs images from it, you may use https://github.com/TeamMolecule/sceutils for that
- psst, if you don't have the required keys use this fork: https://github.com/zecoxao/sceutils
3) Put them in ux0:data/hfw/ as os0.bin and vs0.bin; if you are using dualfw put os0:patches.e2xd in ux0:data/hfw/patches.e2xd
4) Open the installer and press [start] to flash, it may take some time; after the flash completes it will show you the current HFW info and ask to reboot
- if the vita does not reboot follow the steps in the recovery section
5) Open the enso_ex installer and sync scripts.
## Uninstallation
1) Download your original firmware PUP and extract the vs0 fs image from it
2) Put it in ux0:data/hfw/ as vs0_r.bin; if you want to go back to a pristine os0 put it as os0_r.bin
3) Open the installer and press [start] to restore, it may take some time; after the restore completes it will ask you to reboot
- if the vita does not reboot follow the steps in the recovery section.
## Recovery
With enso_ex you should be able to recover from all possible HFW related soft/"hard" bricks.
- If you corrupt boot_config.txt or suspect that it causes a bootloop hold VOLUP at boot.
### Bootloop
0) If you synced incompatible patches follow the [Bootloop - broken patches] section; skip this step if you already did it
1) Download the correct sdrestore image from https://github.com/SKGleba/psp2hfw/tree/master/recovery , its version should match the current bootloaders version
2) Flash this image to an SD card and put it in the GC-SD adapter into the PS Vita GC slot
3) Connect the console to a power source and hold [select] and [power] for 20-30s, then keep holding select; it will restore the previous os0.
- If the vita does not show the logo, hold power for 30s afterwards and see if it works
- If the vita shows the bootlogo - go into safe mode and reinstall the firmware, do not follow the next steps
4) Dump the first 0x200 bytes from the SD card (using [read] in win32dimg or dd) and open using a hex editor
- if the first 4 bytes are BE BA FE CA (0xcafebabe) - payload did not run (either faulty GC-SD/slot or incorrect image; or just held select for too short); retry from step 1
- if the first 4 bytes are EF BE AD DE (0xdeadbeef) - should not happen, weird, retry from step 1
- if the first 4 bytes are EF BE FE CA (0xcafebeef) - payload finished, if the vita does not boot up then the inactive/recovery os0 is broken; follow the next steps
- if the bytes 12-20 are not 00 - the flash or read failed, make sure its a correct image and retry from step 1; if it still fails create an issue here on github
5) Download the correct sdosflash image from https://github.com/SKGleba/psp2hfw/tree/master/recovery , its version should match the current bootloaders version
6) Flash this image to an SD card and put it in the GC-SD adapter into the PS Vita GC slot
7) Connect the console to a power source and hold [select] and [power] for 20-30s, then keep holding select; it will flash a clean os0.
- If the vita does not show the logo, hold power for 30s afterwards and see if it works; if it still does not - create an issue here on github
- If the vita shows the bootlogo - go into safe mode and reinstall the firmware.
### Bootloop - broken patches
0) You can not just hold VOLDOWN to skip patches since bootmgr is required for HFW to boot.
1) Download the correct cleanboot image from https://github.com/SKGleba/psp2hfw/tree/master/recovery , its version should match the current bootloaders version
2) Flash this image to an SD card and put it in the GC-SD adapter into the PS Vita GC slot
3) Connect the console to a power source and hold [select] and [power] for 20-30s, then keep holding select; it will skip all custom patches.
- If the vita does not boot, follow the [Bootloop] section
# Notes
- While psp2hfw is in beta it should be considered a PoC for advanced users; A 1-click method will come with the next firmware update.
- My base testing firmware is 3.65 and i recommend it for using this toolset with, it assures full compatibility and ease of debugging.
- You can find some pre-extracted filesystem images here: https://mega.nz/folder/v45lhYBR#t2TSvnynd50e76B5OTR2XA
# Credits
- Team Molecule for henkaku, taihen, enso and the update_sm 0x50002 write primitive.
- TheFlow for help with the sleep/resume stuff.