Category PS Vita Jailbreaking       Thread starter PSXHAX       Start date Aug 21, 2016 at 10:37 PM       7,689       3            
Previously we reported on the PlayStation Vita developer leak of Adventure Time: The Secret of the Nameless Kingdom which ran in HENkaku via VitaShell, and now Tokyo Xanadu is rumored to be the first decrypted PS Vita 3.60 Firmware VPK game backup! :geek:

Download: (2.28 GB) / PS Vita PKGs

To quote from Wololo: "A download link for the Japanese version of the game appeared on Chinese forums a few hours ago, and apparently the game runs on Hacked Vitas through HENkaku.

decrypted_elf.jpgThe file is big (more than 2GB), and according to the author of the release, VitaShell is not able to install it. However, manually unzipping the vpk file and copying the files at the right location on the memory card allows people to run the game, DRM free."

Also from 173210's Blog (GIT), to quote:

[PSP2] SceNpDrmPackage API: Decrypt PS Vita PKGs

I partially revealed some SceNpDrmPackage APIs. Those functions allow to decrypt PS Vita PKGs. I detail them here.
  "SceNpDrmPackage": {
        "modules": {
            "SceNpDrmPackage": {
                "functions": {
                    "_sceNpDrmPackageCheck": 2715321850,
                    "_sceNpDrmPackageDecrypt": 3606076108
                "kernel": false,
                "nid": 2287029682,
                "variables": {}
        "nid": WHATEVER_YOU_LIKE

#include <psp2/types.h>

/** Options for _sceNpDrmPackageDecrypt */
typedef struct {
	/** The offset in encrypted data */
	SceOff offset;

	 * The identifier specified for _sceNpDrmPackageCheck but NOT ORed
         * with (1 << 8)
	unsigned int identifier;
} _sceNpDrmPackageDecrypt_opt;

 * Read the header of PKG and initialize the context
 * @param buffer - The buffer containing the header of PKG.
 * @param size - The size of buffer. The minimum value confirmed is 0x8000.
 * @param zero - Unknown. Supposed to be set to 0.
 * @param identifier - arbitrary value [0, 6) ORed with (1 << 8) or 0.
 *                     If it is set to 0, the function just checks the header
 *                     and doesn't create the context.
int _sceNpDrmPackageCheck(const void *buffer, SceSize size, int zero,
                          unsigned int identifier);

 * Decrypt the PKG
 * @param buffer - The buffer containing the content of PKG.
 * @param size - The size of buffer. The minimum value confirmed is 0x20.
 * @param opt - The options.
int _sceNpDrmPackageDecrypt(void * restrict buffer, SceSize size,
                            _sceNpDrmPackageDecrypt_opt * restrict opt);
The source of function names: Vita NIDs - (found by devnoname120)

devnoname120 raised a question for prefix _. I think it is legitimate because they are intended for the internal use. Those functions are actually primitive and a userland static library gives more advanced functions. Probably they are expected to be called just by the library and users will use the library instead of calling them by themselves.


By the way, those functions are revealed with reversing fake_package_installer. Decrypting PKG is just a side of installing PKG, and fake_package_installer should have the other side; creating bubble with the unpacked PKG. Though xyzz provides some information for that in his mod of VitaShell, it doesn’t tell how to create PSP and PS1 bubbles. Figuring out that should be the next goal.

I tired of reversing, anyway. If you are going to reverse it rather than wait for me, please contact me. I’m willing to provide my code.

Thanks to @Ensight, @Fimo and @Chaos Kid in the PSXHAX Shoutbox for the news and download links ;)
Tokyo Xanadu.jpg
:idea: Reminder: Those without a Verified Badge yet on Discord to access the private areas we recommend Joining Us! Why? The waiting process takes a week for new Members, and there's a lot we're unable to share on public forums including the latest PS4 PKG Games. 🏴‍☠️



Senior Member
If files too big and mc already expensive not point rips the games.

Might as well rip it to external hdd so that we can store more gigs and more games.


well it's a start, i agree that if the games are too big size and the MC expensive it's not that great, but since you can transfer files from your pc to your MC it's not that bad, just like the psp but a little more expensive, though they usually find a way around it like compressing files and such
Recent Articles
Nanospeed Gamer 1.0 The Videogame PS4 PKG by LapyGames
The PlayStation 4 homebrew keeps flowing from scene developer @Lapy, and following Super Console Wars 1.0 comes Nanospeed Gamer 1.0 The Videogame PS4 PKG by LapyGames (PayPal for supporting his...
OrbisSWU: The PS4 Update Tool Developer Research by TheoryWrong
As mentioned previously, following Fail0verflow's Documentation, the PS4 NoBD Updating Method, his PS4 Updater Toolkit release and the PS4 RL78 Syscon implementation PlayStation 4 scene developer...
Sony CEO Jim Ryan States PS5 Price Won't be the Lowest, Reflects Value
With their official PS5 Gaming Showcase set to be unveiled next week, Sony Interactive Entertainment president and CEO Jim Ryan revealed in an interview that the PlayStation 5 Price won't be the...
PlayStation 5 Unveiling Next Thursday, Limited Backwards Compatibility?!
Although not likely to be as next-gen as this PS5 Concept Video for the DualSense PS5 Controller, today Sony finally announced their next-generation PlayStation 5 console unveiling will take place...