jvyden
commented
1 year ago I think it's best to leave installing rePatch/0syscall6 to the user, but we should definitely warn about it if they aren't installed if we can.
Can the state of the plugins be determined over FTP? Oops, it would help if I could read.
I've not done much research into exactly why it helps or if it's even exactly needed here, but I'll include it here for good measure.
I would imagine it's required to circumvent miscellaneous checks on encryption/hashes. That library seems to handle such checks according to the GitHub repository's README.
Edit: Thinking about it, given the fact that we don't apply the game layer of encryption, it's possible that this library skips checking for this layer of encryption.
turecross321
Yoti
Beyley
Patching the EBOOT
A PS Vita EBOOT can be found in two places. It can both be found in
ux0:app/<title-id>/, but it can also be found inux0:patch/<title-id>/. The EBOOT that can be found inux0:app/<title-id>/will always be the 1.00 EBOOT, whereas theux0:patch/<title-id>/EBOOT will always be the EBOOT from the last installed update. Refresher should always use the patch EBOOT if it's available, and I think it wouldn't hurt for it to also inform the user of which one it is grabbing.PS Vita EBOOTs are under two layers of encryption. First there's the game-wide encryption, and then there's the EBOOT encryption. Luckily there are already open source programs that have reverse engineered both the encryption layers.
The game wide encryption is typically decrypted right now with a PSVita application called
FAGDec. The source code toFAGDeccan be found here: https://github.com/CelesteBlue-dev/PSVita-RE-tools/tree/master/FAGDec/srcThe second layer, the EBOOT specific encryption, can be decrypted with a program called
vita-unmake-fself. Source code: https://github.com/CelesteBlue-dev/PSVita-RE-tools/tree/master/vita-unmake-fselfRefresher should now have an ELF EBOOT and be able to perform a patch like with any other EBOOT.
After the ELF has been patched, Refresher should encrypt it back to an EBOOT.bin, and this is what
vita-elf-injectorcan do. Source code can be found here: https://github.com/CelesteBlue-dev/PSVita-RE-tools/tree/master/elf_injector/srcrePatch
rePatch is a PS Vita plugin, and it's required to mod PS Vita games. rePatch essentially makes a second
ux0:patchfolder, with the only difference being that the files here should not have the game-wide encryption, and Refresher should, in my opinion, warn the user if rePatch isn't installed since the patched EBOOT won't work if it isn't.I believe that finding the user's installed plugins should be a simple matter of checking the plugin config file at either
ux0:tai/config.txtorur0:tai/config.txt, but because I'm not fully sure, you can check out the following PS Vita homebrew source code which has the ability to list the user's installed plugins: https://github.com/ONElua/AutoPlugin2Refresher should put the patched EBOOT in
ux0:rePatch/<title-id>/There are multiple versions and forks of rePatch available, but all of them work just fine for the purposes of this tool in my experience. https://github.com/SonicMastr/rePatch-reLoaded
0syscall6
0syscall6 is a plugin that is sometimes mandatory to be able to boot a modified EBOOT. I've not done much research into exactly why it helps or if it's even exactly needed here, but I'll include it here for good measure. https://github.com/SKGleba/0syscall6
Fetching installed games
Fetching all the games on a PS Vita can be done in multiple places, but I believe that fetching them from
ux0:appmetais the best way.ux0:appmetacontains a folder for every game, which contain the game icon, game title and version number (as well as other less relevant data). The contents of these folders are encrypted, and while I've not been able to find a small program where its only purpose is to decrypt these files, VitaShell does support decrypting these, and its source code can be found here: https://github.com/TheOfficialFloW/VitaShell