Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKG Games.
Category PS Vita Jailbreaking       Thread starter PSXHAX       Start date Aug 21, 2016 at 10:37 PM       7,750       3            
Previously we reported on the PlayStation Vita developer leak of Adventure Time: The Secret of the Nameless Kingdom which ran in HENkaku via VitaShell, and now Tokyo Xanadu is rumored to be the first decrypted PS Vita 3.60 Firmware VPK game backup! :geek:

Download: (2.28 GB) / PS Vita PKGs

To quote from Wololo: "A download link for the Japanese version of the game appeared on Chinese forums a few hours ago, and apparently the game runs on Hacked Vitas through HENkaku.

decrypted_elf.jpgThe file is big (more than 2GB), and according to the author of the release, VitaShell is not able to install it. However, manually unzipping the vpk file and copying the files at the right location on the memory card allows people to run the game, DRM free."

Also from 173210's Blog (GIT), to quote:

[PSP2] SceNpDrmPackage API: Decrypt PS Vita PKGs

I partially revealed some SceNpDrmPackage APIs. Those functions allow to decrypt PS Vita PKGs. I detail them here.
  "SceNpDrmPackage": {
        "modules": {
            "SceNpDrmPackage": {
                "functions": {
                    "_sceNpDrmPackageCheck": 2715321850,
                    "_sceNpDrmPackageDecrypt": 3606076108
                "kernel": false,
                "nid": 2287029682,
                "variables": {}
        "nid": WHATEVER_YOU_LIKE

#include <psp2/types.h>

/** Options for _sceNpDrmPackageDecrypt */
typedef struct {
	/** The offset in encrypted data */
	SceOff offset;

	 * The identifier specified for _sceNpDrmPackageCheck but NOT ORed
         * with (1 << 8)
	unsigned int identifier;
} _sceNpDrmPackageDecrypt_opt;

 * Read the header of PKG and initialize the context
 * @param buffer - The buffer containing the header of PKG.
 * @param size - The size of buffer. The minimum value confirmed is 0x8000.
 * @param zero - Unknown. Supposed to be set to 0.
 * @param identifier - arbitrary value [0, 6) ORed with (1 << 8) or 0.
 *                     If it is set to 0, the function just checks the header
 *                     and doesn't create the context.
int _sceNpDrmPackageCheck(const void *buffer, SceSize size, int zero,
                          unsigned int identifier);

 * Decrypt the PKG
 * @param buffer - The buffer containing the content of PKG.
 * @param size - The size of buffer. The minimum value confirmed is 0x20.
 * @param opt - The options.
int _sceNpDrmPackageDecrypt(void * restrict buffer, SceSize size,
                            _sceNpDrmPackageDecrypt_opt * restrict opt);
The source of function names: Vita NIDs - (found by devnoname120)

devnoname120 raised a question for prefix _. I think it is legitimate because they are intended for the internal use. Those functions are actually primitive and a userland static library gives more advanced functions. Probably they are expected to be called just by the library and users will use the library instead of calling them by themselves.


By the way, those functions are revealed with reversing fake_package_installer. Decrypting PKG is just a side of installing PKG, and fake_package_installer should have the other side; creating bubble with the unpacked PKG. Though xyzz provides some information for that in his mod of VitaShell, it doesn’t tell how to create PSP and PS1 bubbles. Figuring out that should be the next goal.

I tired of reversing, anyway. If you are going to reverse it rather than wait for me, please contact me. I’m willing to provide my code.

Thanks to @Ensight, @Fimo and @Chaos Kid in the PSXHAX Shoutbox for the news and download links ;)
Tokyo Xanadu.jpg



Senior Member
If files too big and mc already expensive not point rips the games.

Might as well rip it to external hdd so that we can store more gigs and more games.


well it's a start, i agree that if the games are too big size and the MC expensive it's not that great, but since you can transfer files from your pc to your MC it's not that bad, just like the psp but a little more expensive, though they usually find a way around it like compressing files and such
Recent Articles
PS4 SysGlitch Tool and SysCon Glitching Pinout by VVildCard777
Proceeding the PS4 EEPROM Dumper, PS4 Serial / Flash Pinouts, PS4 UART to DCSD Project, PS4 Aux Hax Parts 1-3, PS4 Aux Hax Part 4, PS4 Syscon System Controller Firmware Decrypter, recent PS4...
FRMCHK: Identify PS4 Games in Firmware Groups by DefaultDNB (KiiWii)
As the PlayStation 4 scene inches closer to a 6.72 full jailbreak since the 7.02 Kernel Exploit and 6.72 WebKit Port releases, today developer and homebrew tester extraordinaire @DEFAULTDNB shared...
PlayStation 5 Amazon Page Goes Live with PS5 Weight Listed
Each passing day draws us closer to the Holiday 2020 launch for Sony's next-gen PlayStation 5 video gaming console, and today online sales giant put live their PS5 page just days after...
Ubisoft Forward: Far Cry 6 World Premiere Trailer & More New Videos!
Those who missed the Ubisoft Forward event can check out the World Premiere Trailer video for Far Cry 6 which is slated to hit PS5 on February 18, 2021, over 30 minutes of actual gameplay from...