Skip to content

Instantly share code, notes, and snippets.

View yifanlu's full-sized avatar

Yifan Lu yifanlu

View GitHub Profile
@yifanlu
yifanlu / Ghidra-OSX-Launcher-Script.scpt
Last active August 2, 2024 04:46
Ghidra.app launcher for OSX
@yifanlu
yifanlu / start.sh
Created December 6, 2018 06:15
PlayStation Classic root shell through UART serial
#!/bin/sh
# THIS IS NOT FOR REGULAR USERS!!!
# You need to solder to the UART port and short the two pads under the PCB near the charger.
# Baud rate: 921600
red_led () {
SLEEP=1
LOOP=1
if [ x"$1" != x ]; then LOOP=$1; fi

h-encore

h-encore, where h ⬆️👤 for hacks ➕ homebrews, is the 🥈 public jailbreak for the PS Vita™️ which supports the newest firmwares 3️⃣.6️⃣5️⃣, 3️⃣.6️⃣7️⃣ ➕ 3️⃣.6️⃣8️⃣. It allows ➡️👤 🛠️ kernel- ➕ user-modifications, change the ⏰ 🚄, install plugins, 🏃‍♂️ homebrews ➕ much more.

Requirements

  • Your device must be on firmware 3️⃣.6️⃣5️⃣, 3️⃣.6️⃣7️⃣ or 3️⃣.6️⃣8️⃣. Any other is ❌️ supported. If you're on a lower firmware, 🙏 decide 💅 to what firmware ➡️👤 🙏 to update, then 🔍️ for a trustable guide on /r/vitahacks (if ➡️👤 💡 how ➕ 🙏 to contribute, ➡️👤 🥫 edit this readme ➕ 🛠️ a pull request, such that fellow readers have got an easier life). Remember that on firmware 3️⃣.6️⃣5️⃣ ➡️👤 have got the possibility to install enso, the permanent hack, whereas on 3️⃣.6️⃣7️⃣ ➕ 3️⃣.6️⃣8️⃣ ➡️👤 ❌️.
  • If your device is a phat OLED model, ➡️👤 need a Memory ♠️ in order to install. There's no need for a Memory ♠️ on Slim/PS 📺️ mode
@yifanlu
yifanlu / vita-dumper-comparsion.md
Last active April 30, 2024 08:40
Vita Dumper Comparison
psvgamesd NoNpDrm Vitamin/MaiDumpTool
Dumps physical games
Dumps digital games, DLC, and updates
Compatible with legit DLC & updates
Saves usable on non-hacked Vitas
All original data untouched ❌❌
No problems saving after suspend ❌❌
Format can be converted to work with other tools
Installs physical games as bubbles
@yifanlu
yifanlu / E80558325.md
Last active October 13, 2023 14:04
Vita 3.65 activation investigation (E-80558325)

On 7/29/2017, all hacked Vitas on 3.60 spoofing the latest firmware (3.65) were blocked from console activation. This is particularly odd because the PSN passphrase did not change in 3.65. Additionally with the release of ensō added to the confusion of what happened. Here is the result of a preliminary investigation of the situation.

Upon game activation, the Vita displays an dialog that shows the error number E-80558325. This error number is used in SceNpKdc, which is found in vs0:external/np_kdc.suprx. The error code itself is created when the activation response is received:

v5 = v45 | 0x80558300;

Here, v5 is the return code and v45 is the string error code from the server converted to a number. The request made to Sony's server looks like the following

@yifanlu
yifanlu / extract_psp2swu.c
Last active May 21, 2017 19:32
Extract psp2swu.self from PUP
#include <kernel/iofilemgr.h>
#include <stdint.h>
int extract(const char *pup, const char *psp2swu) {
int inf, outf;
if ((inf = sceIoOpen(pup, SCE_O_RDONLY, 0)) < 0) {
return -1;
}
@yifanlu
yifanlu / jetson_tx1_arm7_attach.cmm
Last active April 8, 2017 22:23
Jetson TX1 BPMP-Lite JTAG attach for Lauterbach
; get to a determinstic state
SYSTEM.RESET
; set up JTAG
SYSTEM.CPU ARM7TDMI
; ARM 14-pin cable does not have RTCK
; If you have a newer cable you can use
; SYSTEM.JtagClock Rtck
SYSTEM.JtagClock 12.15MHz
@yifanlu
yifanlu / convert_key.c
Created April 3, 2017 00:31
SBG6580 3DES key conversion
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static int convert_key(unsigned char *src, unsigned char *dst) {
unsigned char v0, v1, a2, *v1x, a0x;
// convert 7-bit groups to 8-bits
v0 = src[0];
@yifanlu
yifanlu / spiway.patch
Created April 2, 2017 23:28
SPIway support for Spansion FL128SAIF00
diff --git a/SPIway.py b/SPIway.py
index f3a48b7..f79e52c 100644
--- a/SPIway.py
+++ b/SPIway.py
@@ -176,6 +176,22 @@ class SPIFlasher(TeensySerial):
print "Chip type: unknown (0x%02x)"%self.DEVICE_ID
self.close()
sys.exit(1)
+
+ if self.MF_ID == 0x01:
@yifanlu
yifanlu / taihen-b8-release.md
Last active December 24, 2016 06:08
taiHENkaku B8 Release Notes

大変革 Beta 8

"When is the actual release?!? Why is this still beta?" Good question. Here's a secret: I have been constantly pushing small updates every couple of days without changing the beta number. Think of these release notes as status reports rather then, well, release notes. The idea of beta.henkaku.xyz is that since molecule has very limited resources, we cannot test all the different configurations, homebrews, and use cases. However, when I push an update to the beta site, I know that if something breaks I would get notified through Twitter, reddit, IRC, etc (although the perferred way of reporting bugs has always been the issue tracker). So if you don't notice any problems, that's good! It means I was able to fix any major issues before you woke up. These problems are usually very surface level (a misconfiguration/typo on my part) and the underlying code has a lot less bugs than HENkaku R6. So do I recommend everyone use beta.henkaku.xyz? Yes.