Live in Your World, HAX in Ours!
Hello World! I've been reporting on Sony PlayStation hacking news since 2000 and started PSXHAX in 2014 to cover PlayStation (PSX), PlayStation 2 (PS2), PlayStation 3 (PS3), PlayStation 4 (PS4), PlayStation Portable (PSP), PlayStation Vita (PS Vita), PlayStation TV (PS TV) and next-gen PlayStation 5 (PS5) platforms along with anything else of interest.
Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM!
Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM!
First PS4 Pro Box Images Surface, Consoles Shipping to Retailers
Remember November 10th is the magic date for the PlayStation 4 Pro 4K console release, and today Perrilloux shared the first PS4 Pro retail box images reportedly from a Walmart store! 
To quote from ThisGenGaming.com on the news: "Sony is gearing up to release the PlayStation 4 Pro in just a couple more weeks on November 10 and today we have some of the first images of the retail box.
The PS4 Pro is on it’s way to retailers and you can see the size of the box as well as some of the details found on the back in the pictures below."
Is anyone here planning to get a PlayStation 4 Pro on launch day? 
Thanks to @Winchest for the news in the PSXHAX Shoutbox!
To quote from ThisGenGaming.com on the news: "Sony is gearing up to release the PlayStation 4 Pro in just a couple more weeks on November 10 and today we have some of the first images of the retail box.
The PS4 Pro is on it’s way to retailers and you can see the size of the box as well as some of the details found on the back in the pictures below."
Thanks to @Winchest for the news in the PSXHAX Shoutbox!
PS4 GTA V Modded with Native Code via 1.76 Playground Demo Rumor?
A few weeks back we posted on the GTA 5 Redux Grand Theft Auto V (GTA V) Mod for PC gamers, and recently ChoicesZ Bad (aka @BadChoicesZ) with the help of @kurt2467 (aka DexmodderFTW) shared a demo video of what they label as PS4 GTAV Modded with native code rumored to be called via the PS4 1.76 Playground. 
From the video's description, to quote:
Sample of GTAV Modding on PS4 1.76 FW (Spoofed to 4.06)
This is created by BadChoicesZ, and Kurt (DexmodderFTW)
Huge thanks to Kurt for his assistance/code.
Here's a snippet from the Shoutbox on the video demo:
As @VultraAID and @HYTR mentioned they may be using GTA V cheats, while @PS4HELPER123 points out the spoof'd native code is done via the 1.76 Playground.
If anyone has more information on this holla in the comments below, or it may end up the same as the rumored PS4 Jailbreak 4.05 did being 'fake' according to @B7U3 C50SS.
Finally, below is what appears to be another PS4 GTA5 Mod via @PS4HELPER123 as well to examine- enjoy all!
From the video's description, to quote:
Sample of GTAV Modding on PS4 1.76 FW (Spoofed to 4.06)
This is created by BadChoicesZ, and Kurt (DexmodderFTW)
Huge thanks to Kurt for his assistance/code.
Here's a snippet from the Shoutbox on the video demo:
As @VultraAID and @HYTR mentioned they may be using GTA V cheats, while @PS4HELPER123 points out the spoof'd native code is done via the 1.76 Playground.
If anyone has more information on this holla in the comments below, or it may end up the same as the rumored PS4 Jailbreak 4.05 did being 'fake' according to @B7U3 C50SS.
Finally, below is what appears to be another PS4 GTA5 Mod via @PS4HELPER123 as well to examine- enjoy all!
PS4 Game Backup Runs on PlayStation 4 DevKit PoC by Jose Coixao!
Lately there's been a lot of news on the PS4 TestKit, and for those keeping track the PS3 Debug / Reference Tool and PS Vita DevKit could play copies and now José Coixão shared a video demo of a PS4 DevKit running a Minecraft PlayStation 4 Edition game backup too!
From the PS4 Backup DevKit PoC video's caption, to quote:
From the PS4 Backup DevKit PoC video's caption, to quote:
- also works on testkit
- doesn't work on retail (yet)
- trophies will not work
Kaslr 3.55, 4.00 & 4.01 by 5lipper in Fail0verflow PS4 Kexec GIT
Following the Chaitin Tech PS4 ROP Tool, 5lipper recently added PlayStation 4 Kaslr (Kernel Address Space Layout Randomization) 3.55, 4.00 and 4.01 Firmware support in fail0verflow's PS4 Kexec GIT.
While that was done a few days ago and mentioned by @Fimo among others in the Shoutbox and on Twitter (below), today @RazorMC shared some additional details from the GIT via Hydrogen at NGU, to quote:
Hello NextGenUpdate, yesterday, a user named 5lipper, has now added extra support for kaslr on PS4 for firmwares: 3.55, 4.00, and 4.01. If you find it interesting, and useful. They have added it onto fail0verflow's PS4 Kexec GitHub.
To find it and use it, click here: Fail0verflow's PS4 Kexec GitHub
--Makefile--
--README.md--
While that was done a few days ago and mentioned by @Fimo among others in the Shoutbox and on Twitter (below), today @RazorMC shared some additional details from the GIT via Hydrogen at NGU, to quote:
Hello NextGenUpdate, yesterday, a user named 5lipper, has now added extra support for kaslr on PS4 for firmwares: 3.55, 4.00, and 4.01. If you find it interesting, and useful. They have added it onto fail0verflow's PS4 Kexec GitHub.
To find it and use it, click here: Fail0verflow's PS4 Kexec GitHub
--Makefile--
Code:
@@ -1,11 +1,8 @@
-ifdef DDO_NOT_REMAP_RWX
-DO_NOT_REMAP_RWX := -DDO_NOT_REMAP_RWX
-endif
-
-CFLAGS := -march=btver2 -masm=intel -std=gnu11 -ffreestanding -fno-common \
+CFLAGS=$(CFLAG)
+CFLAGS += -march=btver2 -masm=intel -std=gnu11 -ffreestanding -fno-common \
-fPIC -fomit-frame-pointer -nostdlib -nostdinc \
-fno-asynchronous-unwind-tables \
- -Os -Wall -Werror -Wl,--build-id=none,-T,kexec.ld,--nmagic $(DO_NOT_REMAP_RWX)
+ -Os -Wall -Werror -Wl,--build-id=none,-T,kexec.ld,--nmagic
SOURCES := kernel.c kexec.c linux_boot.c linux_thunk.S uart.c firmware.c
Code:
@@ -34,6 +34,14 @@ You may pass something other than NULL as `early_printf`. In that case, that
function will be used for debug output during early symbol resolution, before
printf is available.
+Since PS4 3.55(?), KASLR(Kernel Address Space Layout Randomization) is
+enabled by default, symtab also disappears in newer kernel, we have to
+hardcode offsets for some symbols. Currently we use the `early_printf`
+given by user to caculate the base address of kernel, then relocate all the
+symbols from the kernel base. You could enable this feature like...
Decrypting and Dumping PlayStation 4 UserModules Guide by Zecoxao
PlayStation 4 developer zecoxao shared a guide today on how to decrypt and dump PS4 usermodules with help from skeu.
To recap for those new, the first decrypted PlayStation 4 game was done by PS4 scene release group EPEEN, and scene group TRSi also sent out a call for decryption testers recently.
Read all about it below, to quote: Tutorial: How to decrypt and dump usermodules
First of all I'd like to say thank you to the person who has allowed me to post this tutorial. His English isn't perfect so he asked me to make this tutorial on his behalf. Thanks, grass skeu
So for this, you'll need:
1- Fire up elf loader on your 1.76 console
2- Let it load all the way up to stage 5 without memory errors!
3- Compile the payload source. You can specify in between:
and
which module(s) you want to decrypt. if you want, you can even decrypt all modules from 1.76 Dump released a while ago! This includes elf, self, prx, sprx, sexe, sdll and eboot.bin.
However, take into notice that you can only decrypt usermodules from disc or psn apps when you have loaded them and minimize them (by pressing ps button), and only from absolute path! (due to npdrm management)
I have left an example:
To recap for those new, the first decrypted PlayStation 4 game was done by PS4 scene release group EPEEN, and scene group TRSi also sent out a call for decryption testers recently.
Read all about it below, to quote: Tutorial: How to decrypt and dump usermodules
First of all I'd like to say thank you to the person who has allowed me to post this tutorial. His English isn't perfect so he asked me to make this tutorial on his behalf. Thanks, grass skeu
So for this, you'll need:
- ps4sdk precompiled
- elf-loader precompiled OR alternatively extreme-modding.de's elf loader (found here)
- the payload source (DumpFile.zip)
- 1.76 console
- fat32 usb pendrive
1- Fire up elf loader on your 1.76 console
2- Let it load all the way up to stage 5 without memory errors!
3- Compile the payload source. You can specify in between:
Code:
ps4KernelExecute((void*)path_self_mmap_check_function, NULL, &ret, NULL);
Code:
ps4KernelExecute((void*)unpath_self_mmap_check_function, NULL, &ret, NULL);However, take into notice that you can only decrypt usermodules from disc or psn apps when you have loaded them and minimize them (by pressing ps button), and only from absolute path! (due to npdrm management)
I have left an example:
Code:
...