Nine times out of ten, this error means one thing: you're trying to open a save that came off a console, and it's still locked up the way the console left it. Gibbed isn't broken and your save probably isn't either — it just can't read an encrypted file. There's a real process to get console saves in and out safely, and a quick fix for the tenth case where it's actually a PC save. Let me cover both.
- Console save? It's encrypted. Decrypt it with your platform's tool before Gibbed, re-encrypt after.
- PC save? Check the platform dropdown in the bottom-right of the Open dialog — wrong platform throws a false SHA1 error.
- Never skip the re-encrypt step. That's how console saves get bricked.
What "invalid SHA1 hash" actually means
A SHA1 hash is a fingerprint. Consoles sign their save files with one so the system can tell a save hasn't been tampered with. When Gibbed opens a file, it checks that fingerprint. If the save is still in its console-native, encrypted-and-signed state, the hash won't validate the way Gibbed expects — so it stops and tells you the hash is invalid.
In plain terms: "this file is still locked the way your console locked it, and I can't read it like this." PC saves from Steam and Epic aren't wrapped up this way, which is why you basically only ever see this error with console saves — or with a PC save you told Gibbed to treat as the wrong platform.
The two reasons you're seeing it
- A console save you never decrypted. You pulled a save off a PS3/PS4/Vita/Xbox/Switch and pointed Gibbed straight at it. This is most cases — and it needs the full process below.
- A PC save opened as the wrong platform. Less common, 10-second fix, so let's knock it out first.
The 10-second fix (if it's a PC save)
When you open a save in Gibbed, there's a little platform dropdown in the bottom-right corner of the file browser. If that's set wrong — say it's on a console platform while you're opening a Steam save — you can get a spurious SHA1 complaint. Set it to PC for a Steam or Epic save and try again. People solve "unfixable" SHA1 errors this way all the time without realizing the dropdown was the culprit.
If your save lives in Documents\My Games\Borderlands 2\WillowGame\SaveData, it's a PC save — set the dropdown to PC. If you copied it off a console, the dropdown won't save you; you need to decrypt it first.
The golden rule for console saves
There's one sequence, and the order is everything:
Decrypt the save with a platform-specific tool so Gibbed can read it. Make your edits. Then re-encrypt and re-sign it with the same tool before you put it back on the console. Miss that last step and the console rejects the save — or worse, corrupts it. More on that below, because it's the single most common way people wreck a console save.
The decrypt tool for your platform
Gibbed itself doesn't decrypt anything — it edits an already-decrypted file. The decrypt/re-encrypt job belongs to a separate tool, and which one depends on your console:
| Platform | Tool | Notes |
|---|---|---|
| PS3 | Bruteforce Save Data | Free. Needs a couple of Microsoft runtime files installed first. |
| PS4 / PS5 | Save Wizard | Paid. The common community route; some forks exist. |
| PS Vita | Vita Save Manager | Issue #17 on the repo is literally a Vita SHA1 case. |
| Xbox 360 | Horizon or Modio | Inject the save back the same way you pulled it. |
| Switch | Homebrew dump + community fork | Needs a homebrew-capable console to get the save off. |
Per-platform walkthroughs are rolling out as their own pages — the PS4/PS5 guide is up. The PS3 example below shows the shape of the whole thing — every platform follows the same rhythm.
A full PS3 run-through
This is the flow from a PS3 tutorial I went through, and it's representative of every console — only the decrypt tool changes:
Get the save off the console
Copy your Borderlands 2 save from the PS3 to a USB flash drive, then plug the USB into your PC.
Install Bruteforce Save Data (and its dependencies)
Bruteforce is the PS3 decrypt/re-encrypt tool. It needs a couple of Microsoft runtime files installed first — install those as administrator, then the Bruteforce installer itself. Extract everything with WinRAR or 7-Zip.
Pull the save folder onto your desktop
From the USB, dig into PS3 → SAVEDATA, find your Borderlands 2 save folder, and drag it to the desktop where the tools can reach it.
Decrypt it in Bruteforce
Point Bruteforce at the save folder and decrypt. Now you have a file Gibbed can actually read.
Edit in Gibbed
Open the decrypted save, make your changes, save. Pick the right platform in that bottom-right dropdown.
Re-encrypt and put it back
Back in Bruteforce, re-encrypt/re-sign the edited save, copy it to the USB, and move it back onto the PS3. This step is mandatory.
The step everyone forgets — and regrets
The number one way people brick a console save is editing the decrypted file, then copying that decrypted file straight back to the console without re-signing it. The console expects a valid signature; hand it an unsigned file and it rejects or corrupts the save. Always run the edited save back through your decrypt tool's re-encrypt/resign step before it goes near the console. Back the original up first, too.
When it really is unfixable
Honesty time: a few SHA1 cases just don't resolve. If a save was already corrupted before you touched it, or there's a genuine platform/version mismatch nothing lines up for, no amount of decrypting will fix it. It's rare, but if you've matched the right tool to the right platform, decrypted cleanly, and Gibbed still won't open it, you may be looking at a save that's simply damaged. A backup or an older copy is your only way back at that point.
Quick answers
Does Gibbed decrypt console saves itself?
I'm on Steam and still got this error.
Can I get banned for re-injecting a console save?
GitHub issues #150, #17 (Vita), #172 (plus #79/#129/#142/#92/#186); the Se7enSins SHA1 thread; a GameFAQs thread on genuinely unfixable cases; and DemonAsylum's PS3 walkthrough for the step-by-step. The companion PS3 video (Rleeson85) had no captions to pull from. Checked June 2026.