A hacker named katsu recently released a method for dumping Vita games. As a developer, I am completely against piracy, but as a reverse engineer I can’t shy away from taking apart perfectly working devices. However, most pictures I see of Vita game carts taken apart show the game cart casing damaged beyond repair or completely destroyed. I managed to take apart a game cart and put it together with no obvious signs of damage, and I thought I would share my (simple) method here.
If you take a look at the top right or left corner of the game cart, you can see a line of where the two halves of the plastic was glued together. Locate the upper left corner and, with a sharp knife, push the blade into the line on the corner until you have a small dent. Then, move the knife downwards and wiggle the knife until you loosen the glue for the entire left side of the cart. Then keep moving the knife down and when you hit the bottom of the cart, turn and lose about half the bottom edge of the cart. Now you can use your fingers to spread the two halves apart (but be careful not to use too much force and tear the glue from the other two edges), and you can either shake the memory chip out or use a pair of tweezers.
If you were to follow katsu’s pinout, you need to solder to the copper pads. A trick for doing so is to first flux up the points and then melt a pea-sized blob of solder in middle of all the points. Then take your iron and spread the blob around until all the pads are soldered up. Then just make the the remaining blob is not on top of any copper and you can easily remove it.
Then you can solder wires onto the points to your heart’s content. After you’re done with everything, you can easily put the memory chip back into the casing and there is enough glue to keep the two halves of the case together (along with the memory chip). You can then continue to play the game.
If you were to follow the pinout, you can see that it appears to be a standard NAND pinout (not eMMC and not Memory Stick Duo). I have not tested this, but I believe this means you can use NANDWay or any other NAND dumping technique (there’s lots for PS3 and Xbox 360) provided you attach to the right pins. I suspect that the Vita communicates with the game cart through the SD protocol with an additional line for a security interface, but that is just speculation. If that were the case, having one-to-one dumps would not allow you to create clone games. Regardless, I will not be looking too much into game carts because they are so closely tied with piracy.
Yifan is it possible to use sd card instead of pro duo if possible can u send me the pinouts cuz i have already opened my uncharted game card plz.
Yes, if you find an sd card that uses an exposed NAND chip.
Sorry to bother u again yifan can i use TSOP NAND chip flash pen drive to read the game card.
Sure if you get the pinouts right
Nice work ! You and Katsu are doing Amazing Work ! Keep Up Yifan Lu <3 :D !!!
[…] Source Yifan Lu […]
If you can copy game from eMMC as encrypted file to PC, so we need only a device to put this game into empty eMMC and we can play all Ps Vita games for free
No. Not even close
me help hacks
Hi yifan after reading wololo post(Do you need a new exploit release?) every one said developers should stop hacking psp and start ways to exploit ps vita(matter of fact i said that to in comments) and many people are asking for ps vita usermod exploit not a cfw.so why are u not releasing your uvloder it has been 2 years since the vita has been released.so plz answer me don’t get mad or annoyed at me ok thanks for reading this comment,
Like I’ve said before, it’s useless to anyone without reversing skills. And those with the skills don’t need it (or they already know it). It will not help any users.
Your a complete asshole. a person was asking about this and the pinout on the PS Vita game cards in another forum and you sit there and be a dick about it and giving smarts ass remarks. You lost yet another supporter and hope you learn how to really talk and help people without being a jackass. I’m talking for many other people that use to support you. I hope you think this over as an adult cause there are kids on here and you push them away with your smartass remarks. The more help the more likely we can succeed. But you have to give these younger kids some slack like seriously they’re just kids and they’re are just leaning.
Where was this? Can you provide context?
Hi yifan i know that you are not interested in KOALA’s work but i think it is possible to run homebrew with his work (trigger a exploit) OR install PKG files as it does not require PSN account (http://www.ps3news.com/psp-ps-vita-news/video-ps-vita-proof-of-concept-installing-pkg-games-apps-demo/) and some hackers found way to open PKG installer on vita i think with a little help from u koala can hack vita.I know you are looking to do things in different way (run unsigned code) but hay give it a short.Plz make a post about vita NAND decryption progress and hacking progress on vita.
just curious have any dead boards with working ports?
Can you give updates on the process of ps vita? Is it going well. or Still having troubles. Keep up the good work!!
He yifan , do you have some news? thanks
Hahhaha fucking BIGOT
so like…. my vita game doesnt work… idk how to do wat u guys do…. but i wanna get it to work….. so anyone up to helping me?
Short answer, they can’t hack Vita and the excuses like piracy is total BS.
PSPVITA is a Sony Android testing tool.
Hello Yifan and others, I was thinking about this : recently, I saw that the PSTV can use a regular USB drive as a memory card, thanks to VitaShell. (I think that the USB drive is mounted as ux0: ).
Do you think it would be interesting to investigate the communication made through the Game Card, so that one day, we could make an adapter PS Vita GameCard <==> Micro SD and there mount the micro-SD as ux0: ? I was thinking of this because you suspected that the GameCard uses standard SD protocol, plus there is plenty of room in a Vita GameCard to put a micro SD (much more room than in the memory card slot). The “logical brick” that was missing for me was the “mounting”, but if VitaShell can mount partitions as it wishes, would it be feasible (just your opinion) to mount a micro-SD from a gameCard to ux0: ?