This guide will show you how to mod NoNpDRM rips and purchased games/cart games(mods such as undubs, uncensor or translation patches).

Mai dumps in comparison to NoNpDRM rips use decrypted files which made game modding on VITA relatively easy, but they had their flaws such as saving issue or other general problems with certain games. These issues were caused by dumping process itself - eboots were badly dumped from vita memory and then auto-modified(relocation, plugin hooks, DLC patches, DRM removal and so on).

NoNpDRM rips are basically 1:1 unmodified and encrypted files and thanks to that they run and play just as their legally purchased counterparts. Due to their encryption, it was speculated that game modding cannot be done anymore, and yet, just a few hours later I released first NoNpDRM mod - Persona 4 Golden Undub. As for now, 3 days have passed since plugin's release and I successfully applied 5 mods to NoNpDRM rips.

25.03.2018 - Due to a new breakthrough in plugin development, this tutorial has been updated to use /rePatch/ method. It's easier than previous /patch/ method and works on ALL hacked firmwares (3.60, 3.65, 3.68).

16.07.2018 - LetMaiDie Game Decrypter have been announced. It will allow you to mod nonpdrm or retail eboots without introducing any mai-related bugs. The tutorial will be updated shortly before the release of the decrypter.

01.08.2018 - All current eboot modding tools are released and now linked in tutorial :)

05.09.2018 - Updated Eboot modding tutorial with new, easier and open source workflow :D

• Vita with henkaku installed and running,
• RePatch Plugin by Dots.

1. There can be ONLY decrypted files in /rePatch/ directory,
2. Only two Livearea mods (/sce_sys/ directory) are currently supported: ChangeInfo and Manuals,
3. If mod requires a certain update, update the game to that version. The Game will not detect the rePatch directory as a valid official patch.
4. For optimal and most stable experience please stick to this scheme:

• /app/GAMEID - Fully encrypted
• /patch/GAMEID - If present, fully encrypted
• /rePatch/GAMEID - Only decrypted AND modded files. Avoid using decrypted and unmodded update files, use untouched and encrypted /patch/GAMEID instead
• /reAddcont/GAMEID/DLCID - Only decrypted and/or modded DLC files.

5. You can use either of these partitions to keep RePatch and reAddcont directories: "ux0:" "uma0:", "imc0:", "grw0:", "xmc0:"
   Note: it will only load files from one device PER GAME, and this is the priority order. So if ux0:rePatch/GAMEID is missing, it will load uma0:rePatch/GAMEID. A ux0:rePatch/GAMEID will prevent uma0:rePatch/GAMEID

1. Download latest RePatch plugin from >>> HERE <<<, transfer it to your vita and add it under *KERNEL section of your config.txt (ur0:tai/repatch.skprx or ux0:tai/repatch.skprx), then reboot your Console,
2. Make a new rePatch directory on your prefered device(listed in 5th point of Rules in Modding) for example ux0:/rePatch
3. In /rePatch/ make new directory with GAMEID of the game you want to mod,
4. In the directory you created (example: ux0:/rePatch/PCSE00120/) place decrypted and modded files, remember to exclude param.sfo file from sce_sys directory,
5. That should be it, now run your game and enjoy the mod you just installed!

1. Download latest RePatch plugin from >>> HERE <<<, transfer it to your vita and add it under *KERNEL section of your config.txt (ur0:tai/repatch.skprx or ux0:tai/repatch.skprx), then reboot your Console,
2. Make a new reAddcont directory on your prefered device(listed in 5th point of Rules in Modding) for example ux0:/reAddcont,
3. In /reAddcont/ make a new directory with GAMEID of a basegame. You should end up with something like ux0:/reAddcont/GAMEID/
4. Inside of that /GAMEID/ place your directories with decrypted/mai/vitamin/modded DLCs (full or just modded files) using this scheme: ux0:/reAddcont/GAMEID/DLCID/
5. That should be it, now run your game and enjoy the DLC mods/Decrypted mods you just installed!

NOTE: GAMES THAT HAS BEEN CONFIRMED TO SUPPORT CUSTOM DLCS ARE:

• Toukiden 2
• Hyperdimension Neptunia U - Action Unleashed
• Taiko no Tatsujin: V Version
• More to be added later on

If you tested the mod and it works without issues, make sure all modded files in /rePatch/GAMEID contain the same amount of data as the original (have similar or bigger file size to the files in /app/GAMEID or /patch/GAMEID). If they do (in case of undubs for example), simply remove files from ux0:/app/GAMEID and/or in ux0:/patch/GAMEID that have their counterparts in /rePatch/GAMEID. Vita will always load files in /rePatch/ instead of /app/ or /patch/ if they are present. This applies only to the files that have been modded.
Keep other files and directories like eboot.bin,/sce_modules/ and /sce_sys/ in /app/GAMEID/ and/or /patch/GAMEID/

Thanks to CelesteBlue and Dots_tb proper eboot modding is now possible! As a side effect of DRM decryption, a game becomes playable on all firmwares (ex. you can use decrypted files to play 3.68 game/patch on 3.60 firmware).
To mod an EBOOT you first need to decrypt it using FAG Dec (French-American Game Decrypter) or obtain already pre-made compatibility pack that was made using that tool by someone else.
Note 1: To use compatibility packs and/or modded eboots you need to use at least version 2.71 of Repatch (Marked as Pre-Release at this point)
Note 2: To decrypt an eboot and modules you need to be able to run the encrypted game (Retail or NoNpDRM), if you can't because of FW restrictions, you can use pre-made comp pack that is available on official Comp Pack repository

If you are using Pre-made compatibility pack you downloaded from the internet, you need to do step 1a). If you are decrypting eboot by yourself, do step 1b) instead

1. Decrypt or obtain game's eboot in SELF format:
   a) If you downloaded comp pack (.ppk) extract it somewhere using any archive tool (winrar, winzip, 7zip and so on).
   b) If you want to decrypt the eboot yourself, download FAG Dec from >>> HERE <<<, install the vpk on your vita using VITASHELL. Now run FAG Dec, select the desired game using X button and then press X button again on DECRYPT ALL(DONE). Press O to get back to main menu, select [START]Decrypt modules in list and then select START DECRYPT(SELF) to start decrypting.
   After it's done decrypting DRM encryption, you can exit the app and copy ux0:/FAGDec/ directory to your PC.
2. Find the proper eboot file in either /FAGDec/app/GAMEID/ or /FAGDec/patch/GAMEID/ (depending if you want to mod basegame only or certain patch(which is highly advised to do) and use vita-unmake-fself.exe >>> HERE <<< to create eboot.bin.elf file.
3. Mod the eboot.bin.elf using hex tool and/or IDA pro.
4. Use vita-elf-inject >>> HERE <<< to inject back modded eboot.bin.elf into original decrypted eboot.bin ( vita-elf-inject.exe eboot.bin eboot.bin.elf )
5. Copy files back to vita to /RePatch/GAMEID/ and test/play the game :)

1. Open VitaShell and update it to latest version possible.
2. Go to ux0:/app/ [or ux0:/patch/] folder, using dpad select the GAMEID directory of a chosen game you want to obtain assets from and press triangle -> Open decrypted.
3. Press SELECT to open FTP server (switch it under START key if you have USB connection chosen).
4. Using FTP client on PC, connect to vita, then guide to ux0:/app/GAMEID [or ux0:/patch/GAMEID] directory. Make sure you open this folder and download all its contents to PC.
5. (optional)After you are done downloading, check if files are indeed decrypted if hex of eboot.bin file, starts with SCE then you decrypted files correctly!

1. Download latest psvpfstools from >>> HERE <<< and unzip it somewhere on your pc,
2. Obtain encrypted game/patch/DLC or update [either from your cart/vita memory/microsd or extracted from pkg] and copy it somewhere on your pc,
3. Now run psvpfstools with those parameters: -i location_of_the_encrypted_files -o output_location_where_decrypted_files_will_be -z zRIF_string -f cma.henkaku.xyz
   Example (only proper zRIF is not provided because of obvious reasons): psvpfsparser.exe -i PCSE00120 -o PCSE00120_decrypted -z Actual_zRIF_string_here -f cma.henkaku.xyz
4. When process is finished you'll be left with new directory ( PCSE00120_decrypted in provided example ) with decrypted files from the game/DLC/update.

Sorry, but I don't want to get into that topic since every game requires different tools to extract/open/edit/repack its files depending on the compression or file type developers used. A good way to start is to google the extension and look through results, you might come across some tool that would allow you to edit that certain file(s). You might also look into paragraph below in case I already linked something useful for you.

• Kuriimu - A general purpose game translation toolkit for authors of fan translations.
• SonicAudioTools - for modifying cri audio files
• QuickBMS - generic files extractor and reimporter (needs custom scripts)
• The Binding of Isaac Rebirth: Mod Conversion Kit
  More to be added.

• Dots for his RePatch plugin, without it modding wouldn't be possible on 3.61+,
• CelesteBlue for his RE and Decrypter's kernel code,
• Whole Vita modding community,
• s1cp for the /patch/ trick he documented a long time ago.