via http://wololo.net/2012/07/29/vita-fl...ulator-by-wth/

Wth(a.k.a. Yosh), who is known for his port of VHBL to the Everybodyís Tennis exploit earlier this year, and also for his nice yMenu for VHBL, just released a dump of the psp emulatorís flash on the Playstation Vita.

The released files contain a dump of the psp emu on Vita firmwares 1.61, 1.67, and 1.69. Wth got help from PSP scene veterans Virtuous Flame and Zer01ne in order to get a dump from each specific firmware.



The last time such a Flash dump was released, it had been done by an anonymous developer, who later became famous by running PS1 games on the vita through the psp emulator. Wth also credits him for this release.

This release doesnít mean much immediately from the end usersís point of view. It wonít magically hack your vita. But it means wth is in possession of a Kernel exploit inside the psp emulator, joining the expanding circle of people who have a full access to the psp emu inside the Vita. Somehow, this put us closer to a PSP CFW on the Vita. Also, for hackers and developers, this gives a more up-to-date dump of the flash to work with.

PSP Cipher

The release also includes an updated version of PSP Cipher. PSP Cipher is an alternative to PRXDecrypter, which supports potentially more files than PRX Decrypter. This tool is used, as the name implies, to decrypt PSP files, such as eboots, or files in the flash. wthís release includes some Vita specific keys. Quoting the readme:


PSPCipher by [email protected](aka hrimfaxi)

It can decrypt PRX type 5 (0x2e5e12f0) when prxdecrypter 2.4 etc failed to handle. Itís a completely reimplemention version as mesg_led_02g.prx and memlmd_02g.prx from FW 6.20. So if you are clever to find DRM decryption key you can decrypt DRMed module with it.


The sample decrypts host0:/enc/EBOOT.BIN and save to host0:/dec/EBOOT.BIN. kbridge dir contains decryption implemention. Please see pspcipher.h to use the code.

The source is covered by GPLv3 to fight aginst Sony NPDRM.