via http://wololo.net/wagic/2012/04/08/s...rking-on-vhbl/


Hey everyone, long time no blog!

I’ve been busy recently, trying to help many people porting their PSP Game exploits to VHBL. As I worked on this for the past weeks, it has become a bit clear to me that Motorstorm Arctic Edge and Everybody’s Tennis were both games with “ideal” conditions for porting HBL.



HBL Requires a subset of functions of the PSP SDK in order to run, and if the exploited game does not import these functions, it is difficult for HBL to even start. These functions are required to clean up the ram, start/stop threads, etc… In theory, most games should have these functions, but practically, I’ve seen over the past weeks that many games are missing one or 2 functions that are essential for HBL, and it seems Motorstorm and Everybody’s Tennis were some kind of exceptions.

These problems did not exist prior to Firmware 6.60, as we were able to access all functions, even those that were not imported by the game, provided we were able to estimate the syscalls attached to them. Estimating syscalls was easy to do up to firmware 6.20, but the logic was slightly changed after that, although we always found workarounds. For firmware 6.60, which has techniques against both perfect syscalls, and use non imported functions, it didn’t matter too much as we could sign homebrews (and JJS did create a 6.60 version of HBL, which bypassed the limitations of firmware 6.60 simply by having the loader – a signed homebrew which we used as the “game” to be exploited – import as many functions as possible).

Of course, signing PSP homebrews is not useful on the Vita, so we couldn’t use this trick for VHBL, and we’ve just been lucky that Motorstorm and Everybody’s Tennis import so many functions.

That being said, I have improved HBL recently in order to be a bit more “resilient” in such a hostile environment (many thanks to JJS, as often, for his great suggestions). If you’ve found an exploit in a game, and have been stuck porting VHBL to it because your game was missing some functions, please update your VHBL repository, and give it a try again, starting by regenerating your config files with the tool gen_exploit_config.rb. You might get lucky…and if not, you should feel free to contact me to see if I can help more.