Live in Your World, HAX in Ours!
Hello World! I've been reporting on Sony PlayStation hacking news since 2000 and started PSXHAX in 2014 to cover PlayStation (PSX), PlayStation 2 (PS2), PlayStation 3 (PS3), PlayStation 4 (PS4), PlayStation Portable (PSP), PlayStation Vita (PS Vita), PlayStation TV (PS TV) and next-gen PlayStation 5 (PS5) platforms along with anything else of interest.
Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM!
Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM!
Bad_Hoist PS4 Toolchain Porting Guide for Unsupported Firmware by Sleirsgoevy
Proceeding his PS4 ROP 8CC Port, Bad_Hoist 6.72 PS4 Webkit Exploit Port and preliminary Checklist to Port the Toolchain, today PlayStation 4 developer sleirsgoevy updated his Github repository with a Bad_Hoist PS4 Toolchain Porting Guide for Unsupported Firmware for those interested in learning how it's done. 
In addition, Peeter (aka PaulJenkin) has also forked the Github repository with a more 'noob friendly' Bad_Hoist GIT Fork and Porting Guide as well! 
From the PORTING.md, to quote: Porting guide
This document will guide you through the process of getting this toolchain up and running on an unsupported firmware. The only implicit assumption made here is that the core exploit (exploit.js) does run on the target firmware. It shouldn't be too difficult to swap that for another userland exploit, but it's not discussed here.
This is more-or-less what I did for 6.51 (I didn't have any userspace dumps back then). 6.72 happened to be "compatible enough", so no more porting was required.
1. Find GOT offset
Dump WebKit using python3 bad_hoist/memserver/dump_module.py -1 (this should never fail). Then disassemble the dumped binary, extract all CALL imm32 instructions, and sort by the target address:
You'll see something like this in the dump:
In addition, Peeter (aka PaulJenkin) has also forked the Github repository with a more 'noob friendly' Bad_Hoist GIT Fork and Porting Guide as well! From the PORTING.md, to quote: Porting guide
This document will guide you through the process of getting this toolchain up and running on an unsupported firmware. The only implicit assumption made here is that the core exploit (exploit.js) does run on the target firmware. It shouldn't be too difficult to swap that for another userland exploit, but it's not discussed here.
This is more-or-less what I did for 6.51 (I didn't have any userspace dumps back then). 6.72 happened to be "compatible enough", so no more porting was required.
1. Find GOT offset
Dump WebKit using python3 bad_hoist/memserver/dump_module.py -1 (this should never fail). Then disassemble the dumped binary, extract all CALL imm32 instructions, and sort by the target address:
Code:
objdump -D bad_hoist/dumps/webkit.elf | grep 'call[^%]*$' | cut -d "$(printf '\t')" -f 3- | sort | uniq | less
Code:
callq ffffffffff0b9c41 <__bss_start+0xfffffffffd7aec41>
callq ffffffffff2bf176 <__bss_start+0xfffffffffd9b4176>...
PS4GDB Ring 0: GDB Stub to Debug PS4 Kernel by M0rph3us1987
Last month he shared a GDB Stub PS4 Port to Debug Userland Apps, and today PlayStation 4 developer m0rph3us1987 returns with a gdbstub_ring0.bin payload which is a PS4GDB Ring 0 GDB Stub for PS4 Kernel Debugging used mainly by scene devs. 
Download: ps4gdb_ring0_672.7z (11 KB)
Here's more details from the included readme.txt:
1) Send the gdbstub_ring0.bin to your PS4. The payload will overwrite the exception handlers 0x01 and 0x03 with the gdbstub and should be ready to go.
2) To trigger the debugger you need to execute an int 0x01 or int 0x03 opcode while in kernel mode. (You can see in klog that PS4 is waiting for a connection).
3) Connect to PS4 using gdb. For convenience i have attached a source file you can use in gdb (source ps4.source), just dont forget to replace the ip with your PS4 ip address.
To avoid kernel panics, always send the quit command before you finish.
Happy debugging,
m0rph3us1987
Download: ps4gdb_ring0_672.7z (11 KB)
Here's more details from the included readme.txt:
1) Send the gdbstub_ring0.bin to your PS4. The payload will overwrite the exception handlers 0x01 and 0x03 with the gdbstub and should be ready to go.
2) To trigger the debugger you need to execute an int 0x01 or int 0x03 opcode while in kernel mode. (You can see in klog that PS4 is waiting for a connection).
3) Connect to PS4 using gdb. For convenience i have attached a source file you can use in gdb (source ps4.source), just dont forget to replace the ip with your PS4 ip address.
To avoid kernel panics, always send the quit command before you finish.
Happy debugging,
m0rph3us1987
Sony Announces DualShock 4 (DS4) Controller Colors Are Returning
We've seen Translucent Crystal, Midnight Blue & Steel Black, Berry Blue, Sunset Orange, Blue Camo & Copper, Alpine Green and Electric Purple, Red Camouflage, Titanium Blue & Rose Gold DualShock 4 Controller colors, and today Sony announced that select DualShock 4 (DS4) Controller Colors are returning this month. 
Here's more straight from PS VR and Peripherals Product Marketing Senior Manager Steve Schwartz, to quote:
The DualShock 4 wireless controller family has continued to grow since its launch almost seven years ago. We’ve introduced more than 25 colors in total globally, ranging from the classic Jet Black and Wave Blue to the eclectic Sunset Orange and Red Crystal.
Today, we’re happy to announce that we’re bringing back some of the more recent stylish designs this August at participating retailers globally, including Berry Blue, Red Camouflage, Rose Gold, and Steel Black. Check with your local retailers for availability and price.
Alongside the returning styles, check out the full range of DualShock 4 colors that are currently available right here.
Personally I'd go for the Steel Black if the standard Jet Black wasn't available... let us know which color is your favorite in the comments below!
DUALSHOCK 4 Wireless Controller - Unleash Your Color | PS4
Here's more straight from PS VR and Peripherals Product Marketing Senior Manager Steve Schwartz, to quote:
The DualShock 4 wireless controller family has continued to grow since its launch almost seven years ago. We’ve introduced more than 25 colors in total globally, ranging from the classic Jet Black and Wave Blue to the eclectic Sunset Orange and Red Crystal.
Today, we’re happy to announce that we’re bringing back some of the more recent stylish designs this August at participating retailers globally, including Berry Blue, Red Camouflage, Rose Gold, and Steel Black. Check with your local retailers for availability and price.
Alongside the returning styles, check out the full range of DualShock 4 colors that are currently available right here.
Personally I'd go for the Steel Black if the standard Jet Black wasn't available... let us know which color is your favorite in the comments below!
DUALSHOCK 4 Wireless Controller - Unleash Your Color | PS4
Ghostwire: Tokyo - Pet the Dog and Deathloop Dev Update PS5 Videos
Sony's latest State of Play August 2020 may be done, but here's a few more PlayStation 5 videos headlining this weekend's PS5 News to enjoy while eagerly awaiting the next-generation console's official release during the holiday season. 
Ghostwire: Tokyo - Pet the Dog | PS5
According to the video description, with 99% of Tokyo's population gone it's up to you to pet all the dogs... but WHAT ABOUT THE CATS?!
Deathloop - Developer Update | PS5
Feel free to drop by the PlayStation 5 Forums to share your thoughts on them.
Ghostwire: Tokyo - Pet the Dog | PS5
According to the video description, with 99% of Tokyo's population gone it's up to you to pet all the dogs... but WHAT ABOUT THE CATS?!
Deathloop - Developer Update | PS5
Feel free to drop by the PlayStation 5 Forums to share your thoughts on them.
PS4HEN 2.1.3 with 7.51 FW Version Spoof 6.72 Port via Joonie86 / SiSTR0
Following PS4HEN v2.1.3, the PS4HEN v2.1.4 Fork, ESP8266 Xploit Host 2.84g, the PS4 6.72 Jailbreak Exploit Menu v6 updates and PS4 Cheater 1.4.8 with 6.72 support by GiantPluto, today PlayStation scene developers @Joonie (Joonie86) and SiSTR0 made available a PS4HEN 2.1.3 with 7.51 FW Version Spoof 6.72 Port for PS4JB 6.72 users that includes the following features listed below: 
Download: ps4-hen-vtx_6.72_v2.1.3_SiSTRo.7z / GIT / Live Demo Page via @zecoxao / 672_Self_Host_v5_with HEN.rar (7.2 MB - Live Demo Page v5) / PS4JB 6.72 Github Fork with HEN via Peeter / PS4 HEN 2.1.3 with Joonie86's PR (ESP8266XploitHost Folder) by c0d3m4st4 / PS4HEN 2.1.3 Port to 6.02 Firmware / hen_2.1.3b.bin (fixes blank trophy date issue) via leeful74 /...
Download: ps4-hen-vtx_6.72_v2.1.3_SiSTRo.7z / GIT / Live Demo Page via @zecoxao / 672_Self_Host_v5_with HEN.rar (7.2 MB - Live Demo Page v5) / PS4JB 6.72 Github Fork with HEN via Peeter / PS4 HEN 2.1.3 with Joonie86's PR (ESP8266XploitHost Folder) by c0d3m4st4 / PS4HEN 2.1.3 Port to 6.02 Firmware / hen_2.1.3b.bin (fixes blank trophy date issue) via leeful74 /...