How to Disassemble Vita Game Cartridges

A hacker named katsu recently released a method for dumping Vita games. As a developer, I am completely against piracy, but as a reverse engineer I can’t shy away from taking apart perfectly working devices. However, most pictures I see of Vita game carts taken apart show the game cart casing damaged beyond repair or completely destroyed. I managed to take apart a game cart and put it together with no obvious signs of damage, and I thought I would share my (simple) method here.

Photo Feb 16, 7 48 07 PM

 

If you take a look at the top right or left corner of the game cart, you can see a line of where the two halves of the plastic was glued together. Locate the upper left corner and, with a sharp knife, push the blade into the line on the corner until you have a small dent. Then, move the knife downwards and wiggle the knife until you loosen the glue for the entire left side of the cart. Then keep moving the knife down and when you hit the bottom of the cart, turn and lose about half the bottom edge of the cart. Now you can use your fingers to spread the two halves apart (but be careful not to use too much force and tear the glue from the other two edges), and you can either shake the memory chip out or use a pair of tweezers.

Photo Feb 16, 7 42 47 PM

 

If you were to follow katsu’s pinout, you need to solder to the copper pads. A trick for doing so is to first flux up the points and then melt a pea-sized blob of solder in middle of all the points. Then take your iron and spread the blob around until all the pads are soldered up. Then just make the the remaining blob is not on top of any copper and you can easily remove it.

Photo Feb 16, 8 29 57 PM

 

Then you can solder wires onto the points to your heart’s content. After you’re done with everything, you can easily put the memory chip back into the casing and there is enough glue to keep the two halves of the case together (along with the memory chip). You can then continue to play the game.

Pinout for Vita game cart. Credits to katsu.

If you were to follow the pinout, you can see that it appears to be a standard NAND pinout (not eMMC and not Memory Stick Duo). I have not tested this, but I believe this means you can use NANDWay¬†or any other NAND dumping technique (there’s lots for PS3 and Xbox 360) provided you attach to the right pins. I suspect that the Vita communicates with the game cart through the SD protocol with an additional line for a security interface, but that is just speculation. If that were the case, having one-to-one dumps would not allow you to create clone games. Regardless, I will not be looking too much into game carts because they are so closely tied with piracy.

18 thoughts on “How to Disassemble Vita Game Cartridges

  1. Yifan is it possible to use sd card instead of pro duo if possible can u send me the pinouts cuz i have already opened my uncharted game card plz.

  2. Pingback: How to Disassemble Vita Game Cartridges, by Yifan Lu · Wololo.net

  3. If you can copy game from eMMC as encrypted file to PC, so we need only a device to put this game into empty eMMC and we can play all Ps Vita games for free

  4. Hi yifan after reading wololo post(Do you need a new exploit release?) every one said developers should stop hacking psp and start ways to exploit ps vita(matter of fact i said that to in comments) and many people are asking for ps vita usermod exploit not a cfw.so why are u not releasing your uvloder it has been 2 years since the vita has been released.so plz answer me don’t get mad or annoyed at me ok thanks for reading this comment,

  5. Like I’ve said before, it’s useless to anyone without reversing skills. And those with the skills don’t need it (or they already know it). It will not help any users.

  6. Your a complete asshole. a person was asking about this and the pinout on the PS Vita game cards in another forum and you sit there and be a dick about it and giving smarts ass remarks. You lost yet another supporter and hope you learn how to really talk and help people without being a jackass. I’m talking for many other people that use to support you. I hope you think this over as an adult cause there are kids on here and you push them away with your smartass remarks. The more help the more likely we can succeed. But you have to give these younger kids some slack like seriously they’re just kids and they’re are just leaning.

  7. Hi yifan i know that you are not interested in KOALA’s work but i think it is possible to run homebrew with his work (trigger a exploit) OR install PKG files as it does not require PSN account (http://www.ps3news.com/psp-ps-vita-news/video-ps-vita-proof-of-concept-installing-pkg-games-apps-demo/) and some hackers found way to open PKG installer on vita i think with a little help from u koala can hack vita.I know you are looking to do things in different way (run unsigned code) but hay give it a short.Plz make a post about vita NAND decryption progress and hacking progress on vita.

Leave a Reply