Home

This guide will show you how to mod NoNpDRM rips and purchased games/cart games(mods such as undubs, uncensor or translation patches).

Introduction

Mai dumps in comparison to NoNpDRM rips use decrypted files which made game modding on VITA relatively easy, but they had their flaws such as saving issue or other general problems with certain games. These issues were caused by dumping process itself - eboots were badly dumped from vita memory and then auto-modified(relocation, plugin hooks, DLC patches, DRM removal and so on).

NoNpDRM rips are basically 1:1 unmodified and encrypted files and thanks to that they run and play just as their legally purchased counterparts. Due to their encryption, it was speculated that game modding cannot be done anymore, and yet, just a few hours later I released first NoNpDRM mod - Persona 4 Golden Undub. As for now, 3 days have passed since plugin's release and I successfully applied 5 mods to NoNpDRM rips.

25.03.2018 - Due to a new breakthrough in plugin development, this tutorial has been updated to use /rePatch/ method. It's easier than previous /patch/ method and works on both hacked firmwares (3.60 and 3.65).

16.07.2018 - LetMaiDie Game Decrypter have been announced. It will allow you to mod nonpdrm or retail eboots without introducing any mai-related bugs. The tutorial will be updated shortly before the release of the decrypter.

Requirements

• Vita with henkaku or ENSO installed (3.60,3.65,3.68)
• RePatch Plugin by Dots.

Rules in modding

1. There can be ONLY decrypted files in /rePatch/ directory,
2. Livearea mods are currently not supported (/sce_sys/ directory),
3. If a file is not called by game, it won't be loaded (example: resources_modded_with_nipples.cpk) so use only original filenames,
4. If mod requires a certain update, update the game to that version. The Game will not detect the rePatch directory as a valid official patch.
5. For optimal and most stable experience please stick to this scheme:

• /app/GAMEID - Fully encrypted
• /patch/GAMEID - If present, fully encrypted
• /rePatch/GAMEID - Only decrypted AND modded files. Avoid using decrypted and unmodded update files, use untouched and encrypted /patch/GAMEID instead
• /reAddcont/GAMEID/DLCID - Only decrypted and/or modded DLC files.

Using RePatch plugin to mod encrypted games

1. Download latest RePatch plugin from >>> HERE <<<, transfer it to your vita and add it under *KERNEL section of your config.txt (ur0:tai/repatch.skprx or ux0:tai/repatch.skprx), then reboot your Console,
2. Make a new directory on your ux0: ux0:/rePatch
3. In ux0:/rePatch/ make new directory with GAMEID of the game you want to mod,
4. In the directory you created (example: ux0:/rePatch/PCSE00120/) place decrypted and modded files, remember to exclude sce_sys directory,
5. That should be it, now run your game and enjoy the mod you just installed!

Using RePatch plugin to use decrypted DLCs or mod encrypted DLCs

1. Download latest RePatch plugin from >>> HERE <<<, transfer it to your vita and add it under *KERNEL section of your config.txt (ur0:tai/repatch.skprx or ux0:tai/repatch.skprx), then reboot your Console,
2. Make a new directory on your ux0: ux0:/reAddcont,
3. In ux0:/reAddcont/ make a new directory with GAMEID of a basegame. You should end up with something like ux0:/reAddcont/GAMEID/
4. Inside of that /GAMEID/ place your directories with decrypted/mai/vitamin/modded DLCs (full or just modded files) using this scheme: ux0:/reAddcont/GAMEID/DLCID/
5. Now, depending what DLC mode you gonna use:

• ENCRYPTED ONLY: That means you have the retail/nonpdrm DLCs installed and you just want to mod them. You can run the game and enjoy modded NoNpDRM/retail DLCs.
• DECRYPTED ONLY: That means you don't have ANY nonpdrm or retail DLCs installed for this game. For this mode you need to make sure there is no ux0:/addcont/gameid/ and remove it if present. You can run the game and enjoy the DLCs.
• MIXED: That means you have both retail/nonpdrm DLCs installed AND mai/vitamin/decrypted DLCs. This DLC mode requires you to install and run rePatch Addcont Injection Deficiency Supplement homebrew by dots >>> DOWNLOAD HERE <<< with ux0:/reAddcont/GAMEID/DLCID directories already present in order to work.

NOTE: DECRYPTED ONLY AND MIXED DLC MODES ALLOW CUSTOM DLCS. THAT MEANS IF GAME DOESNT HAVE DLCIDS HARDCODED YOU SHOULD BE ABLE TO MAKE NEW DIRECTORY WITH A NEW NAME AND MAKE YOUR OWN CUSTOM DLC(s). GAMES THAT HAS BEEN CONFIRMED TO SUPPORT CUSTOM DLCS ARE:

• Toukiden 2
• Hyperdimension Neptunia U - Action Unleashed
• Taiko no Tatsujin: V Version
• More to be added later on

Saving memory space while using mods

If you tested the mod and it works without issues, make sure all modded files in ux0:/repatch/GAMEID contain the same amount of data as the original (have similar or bigger file size to the files in /app/GAMEID or /patch/GAMEID). If they do (in case of undubs for example), simply remove files from ux0:/app/GAMEID and/or in ux0:/patch/GAMEID that have their counterparts in ux0:/repatch/GAMEID. Vita will always load files in /repatch/ instead of /app/ or /patch/ if they are present. This applies only to the files that have been modded.
Keep other files and directories like eboot.bin,/sce_modules/ and /sce_sys/ in /app/GAMEID/ and/or /patch/GAMEID/

Eboot modding and/or running 3.65+ games on 3.60 and 3.65.

THIS PART OF THE TUTORIAL IS STILL BEING WRITTEN AND MIGHT CHANGE. LINKS WILL BE SUPPLIED AFTER ALL THE TOOLS ARE RELEASED TO THE PUBLIC. TOO DRUNK TO FINISH WRITING CURRENT DRAFT
Thanks to CelesteBlue and Dots_tb proper eboot modding is now possible! As a side effect of DRM decryption, game becomes playable on all firmwares (ex. you can use decrypted files to play 3.68 game/patch on 3.60 firmware).
To mod an EBOOT you first need to decrypt it using FAG Dec (French-American Game Decrypter) or obtain already pre-made compatibility pack that was made using that tool by someone else.
If you are using Pre-made compatibility pack you downloaded from the internet, you need to do step 1a). If you are decrypting eboot by yourself, do step 1b) instead

1. Decrypt or obtain game's eboot in ELF format:
   a) If you downloaded comp pack (.ppk) extract it somewhere using any archive tool (winrar, winzip, 7zip and so on) then use unself.exe ( >>> HERE <<< ) to create eboot.bin.elf file.
   b) If you want to decrypt the eboot yourself, download FAG Dec from >>> HERE <<<, install the vpk on your vita using VITASHELL. Now run FAG Dec, select the desired game using X button and then press X button again on DECRYPT ALL(DONE). Press O to get back to main menu and press START button and select START DECRYPT(ELF) to start decrypting.
   NOTE: If you don't plan to mod the eboot and just want to make the Compatibility Pack for this game or update, select START DECRYPT(SELF) instead.
   After it's done decrypting DRM encryption, you can exit the app and copy ux0:/FAGDec/ directory to your PC.
2. Mod the eboot using hex tool and/or IDA pro.
3. Compress modified eboot (and rest of the modules if you decrypted them yourself) using make_fself.exe ( >>> HERE <<< ).
   a) for eboot only: make_fself.exe -e -c eboot.bin.elf eboot.bin, then hex edit 'eboot.binwith auth fromself_auth.bin. Just paste the auth content into offset 0x80. b) for eboot + all modules use my easy python script [**>>> FSELF_all.py <<<**](). Copy or save it to the directory where eboot.bin.elfandsce_module` directory are and run it using python3.

Obtaining decrypted game assets from NoNpDRM rips THROUGH VITASHELL [decryption on console].

1. Open VitaShell and update it to latest version possible.
2. Go to ux0:/app/ [or ux0:/patch/] folder, using dpad select the GAMEID directory of a chosen game you want to obtain assets from and press triangle -> Open decrypted.
3. Press SELECT to open FTP server (switch it under START key if you have USB connection chosen).
4. Using FTP client on PC, connect to vita, then guide to ux0:/app/GAMEID [or ux0:/patch/GAMEID] directory. Make sure you open this folder and download all its contents to PC.
5. (optional)After you are done downloading, check if files are indeed decrypted if hex of eboot.bin file, starts with SCE then you decrypted files correctly!

Obtaining decrypted game assets from NoNpDRM rips THROUGH PSVPFSTOOLS [decryption on PC].

1. Download latest psvpfstools from >>> HERE <<< and unzip it somewhere on your pc,
2. Obtain encrypted game/patch/DLC or update [either from your cart/vita memory/microsd or extracted from pkg] and copy it somewhere on your pc,
3. Now run psvpfstools with those parameters: -i location_of_the_encrypted_files -o output_location_where_decrypted_files_will_be -z zRIF_string -f cma.henkaku.xyz
   Example (only proper zRIF is not provided because of obvious reasons): psvpfsparser.exe -i PCSE00120 -o PCSE00120_decrypted -z Actual_zRIF_string_here -f cma.henkaku.xyz
4. When process is finished you'll be left with new directory ( PCSE00120_decrypted in provided example ) with decrypted files from the game/DLC/update.

How to create your own mod?

Sorry, but I don't want to get into that topic since every game requires different tools to extract/open/edit/repack its files depending on the compression or file type developers used. A good way to start is to google the extension and look through results, you might come across some tool that would allow you to edit that certain file(s). You might also look into paragraph below in case I already linked something useful for you.

Useful tools

• Kuriimu - A general purpose game translation toolkit for authors of fan translations.
• SonicAudioTools - for modifying cri audio files
• QuickBMS - generic files extractor and reimporter (needs custom scripts)
• The Binding of Isaac Rebirth: Mod Conversion Kit
  More to be added.

Credits and thanks

• Dots for his RePatch plugin, without it modding wouldn't be possible on 3.61+,
• CelesteBlue for his RE and Decrypter's kernel code,
• Whole Vita modding community,
• s1cp for the /patch/ trick he documented a long time ago.