PSXHAX

Following his previous Nucleus PS3 / PS4 PC emulator project, PlayStation 4 developer @AlexAltea (Twitter) recently kicked off a virtualization-based PS4 emulator called Orbital on Github with help from some other scene devs.

Keep in mind it's currently in the early stages and not ready for end-users, but they do have future plans for the emulator outlined for those following its progress.

Download: orbital-master.zip / GIT

To quote from the README.md: Orbital

Virtualization-based PlayStation 4 emulator.

Status

The current state of Orbital at booting decrypted kernels can be followed in the issue tracker: both PS4 4.55 and PS4 5.00 have been tested. You can also get ocasional updates and news via Twitter. Support this project at Patreon.

Future plans for the emulator can be found at the Roadmap page.

FAQ

How does Orbital work without having SAMU keys?

Until keys are dumped, decryption with SAMU will be "emulated" by hashing encrypted input blobs and returning decrypted blobs previously obtained from the actual console.

My kernel dump crashes shortly after booting. Why?

Kernel ELFs generated from memory dumps will not work since writable segments might have been modified into a state where booting is not possible. Please generate proper binaries offline by decrypting ELF segments with SAMU on your actual console, not by dumping memory.

Where can I get Orbital?

This project is not ready for end users. No binaries are provided, so you must build each of the three components (BIOS, GRUB, QEMU) yourself. Furthermore, configuring the emulator to do something will be hard, as you will need to dump and decrypt the entire PS4 filesystem and sflash...

Following his recent progress, NoNpDrm v1.2 / Download Enabler v4 / Gamecard MicroSD v1.1 updates and 6.61 Adrenaline-6.1 PlayStation Vita developer TheFloW released a 3.65 HENkaku Enso Updater on Github for PS Vita Custom Firmware (CFW) today with details below alongside a v1.1 BugFix update via yifanlu.

Download: enso.vpk (v1.0) / enso.vpk (v1.1) (Fixes installer bricking in rare occasions when trying to uninstall. No changes made to the payload. Visit enso.henkaku.xyz for more information.)

From the README.md, to quote: 3.65 HENkaku Ensō Updater

This does not allow you to hack your console that is on a firmware past 3.60. You need to be on firmware 3.60 in order to use this software.

Custom Firmware 3.65 HENkaku Ensō is a port of henkaku to the latest possible firmware that does still have the bootloader vulnerability.

Pros and cons

Pros

• You will be able to access the PSN store, activate your device and download your purchased games again (only as long as Sony doesn't decide to release a new update that prevents you from doing that).
• You will be able to play all games that were released for firmwares 3.61-3.65.

Cons

• You will not be able to downgrade back to 3.60 if you find that this custom firmware doesn't suit you.
• You can lose the ability to run homebrews, if you modify the OS and end up in a semi-brick where you are forced to reinstall the firmware. This should however not happen to a regular user, but I'd rather not install applications that modify read-only...

This is covered in numerous topics already including the PS4 Holy Grail, 5.01 PS4 WebKit, 5.05 PS4 Breacher and 5.50 PS4 OFW discussion threads but for those who missed it PlayStation 4 developer Qwertyoruiop released a PS4 v5.50 Firmware re-write of the user-level exploit code available HERE (Mirror) which he states should be 100% reliable and that the old kexploit was fixed in 5.50.

Needless to say this is a 5.50 PS4 WebKit (Userland) exploit and not a Kernel-level exploit, meaning until a fully implemented 5.50 Kernel exploit is publicly available you won't be able to jailbreak PlayStation 4 consoles on v5.50 Firmware so don't update!

In related news, PS4 developer @Al Azif also confirmed on Twitter that he "Pushed qwertyoruiopz's webkit rewrite to the DNS server for 4.55, just mashed it together but it seems to work will take a closer look later" and updated to PS4 Exploit Host v0.4.1 alongside an update to Ps4_Serve2_v1_6.apk by stooged.

As usual the tweets can be found below alongside a demo video by @Andrew Marques for those interested.
...

Today MeTheKing let us know (thanks to mtnjustme for testing) of a few useful Python scripts recently released by n1ghty, specifically PKG_List which is a PKG list generator and also PKG_Rename which -as you guessed- is a PKG renamer for PS4 package files based on UnPKG by @flatz.

Download: pkg_list-v100-bin.zip (3.4 MB) / pkg_list-v101-bin.zip (3.4 MB) / PKG_List (Latest) / PKG_List GIT / pkg_rename-v100-bin.zip (3.1 MB) / PKG_Rename (Latest) / PKG_Rename GIT / PKG_Tools (Latest) / PKG_Tools GIT

From the README.md, to quote: pkg_list

PKG list generator for PS4 pkg files by n1ghty

This file is based on

• UnPKG rev 0x00000008 (public edition), (c) flatz
• Python SFO Parser by: Chris Kreager a.k.a LanThief

This tool parses all pkg files in the specified directory/directories recursively and then generates an excel sheet from the parsed infos.

Usage

python pkg_list.py <paths to pkg directories>

e.g.: python pkg_list.py "D:\PS4_pkgs" or python pkg_list.py "D:\PS4_pkgs" "E:\second_pkg_directory" "C:\third_pkg_directory" or for current directory: python pkg_list.py.

pkg_list v1.01 Changelog:

• added recursive directory parsing
• fixed file ending case sensitivity

And from the other README.md, to quote: pkg_rename

PKG renamer for PS4...

Since the PS4 EBOOT / ELF FW Patcher Barthen Method and recent Free PS4 SaveData Decrypting Tools in development, CarlosCorcoles (aka Barthen) let us know on Twitter that he's added some information about keystone files to the PS4 developer wiki today!

Add Keystone GUI for PS4 FPKG Files by RoosterTeethForLife

To quote from the PSDevWiki page: Keystone

This file is generated on app package generation based on the passcode provided. It is then included in every savegame created by the app. It is used to prevent apps from mounting savedata of other apps, as you need to know at least the fingerprint to do it.

Passcode

The passcode is a 32 character string used on package generation to create the keystone file.

Structure

Size is always 96 (0x60) bytes for both PS4 and PSVita.

Offset	Size	Description	Example
0x0	0x20	MAGIC ("keystone") and some constant bytes	6b 65 79 73 74 6f 6e 65 02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x20	0x20	HMAC-SHA256 (32 bytes) of the bytes of the passcode using keystone_passcode_secret as key	-
0x40	0x20	HMAC-SHA256 (32 bytes) of the previous two sections using keystone_ks_secret as key	-

Sample keystone file generation

CSharp