PSXHAX.COM website and domain for sale. Contact Us with your offer!
PS4ME (PS4 Memory Editor) PS4ME.dll & PS4METool Payload by J0lama
Last month we saw a PS4 Real Time Memory Editor for Linux from PlayStation 4 developer @j0lama, and today j0lama returns with PS4ME (PS4 Memory Editor) PS4ME.dll and PS4METool Payload with details below. :love:

Download: PS4METool.rar (23.4 KB) / Github

To quote from j0lama's WebSite, roughly translated: # PS4ME (PS4 Memory Editor)

Description

As I said in my previous post on RTM on PS4, my main goal is to develop a system similar to PS3TMAPI / PS3CCAPI but for PS4 that is simple to use and so developers can create their own tools. This project I want it to be a community project and that all people who want to collaborate to improve the system contact me and so I can create a team.

PS4ME.dll is a Windows library with all the necessary functions to be able to link to a PS4 (Version 1.76 for now) and to be able to read / write process memory. For now it only has the following functions:

SendPayload (string IP, string payloadPath) : Allows to send a payload to a certain IP through port 9023 so that it can be executed by the PS4 Playground of cTurt.
  • Connect (string ip) : Connects to the PS4 with the specified IP.
  • Disconnect () : Disconnects from the PS4.
  • string [] getProcesses () : Gets an array of processes that are currently running on the PS4.
  • string AttachProcess (string ProcessName) : Link to a given process returning an error message in case of failure.
  • byte [] dumpMemory (string Offset, string size) : Performs a memory dump of the specified size and starts in the memory address specified by the offset returning the byte array.
  • writeMemory (string Offset, string value) : Write in the memory address specified by Offset a byte specified by value.
  • string readMemory (String Offset) : Returns the read byte of the memory location specified by Offset.
As soon as I have time I will be adding more functions to get more data about the processes (size, addresses, permissions, etc).

I also include a Payload add-on to PS4ME.dll which is what will run on the PS4 allowing all PS4ME functions to be successful. It is recommended that a payload be executed before starting any game since it...
Brazilian PS4 Method for 4.50 Firmware Rumor by Cobra ODE Reseller
Recently we've heard PS4 4.50 injection rumors reminiscent of those on PS3, so I replied to a few private messages with essentially what you see posted in my reply HERE asking someone who knows more to come forward. :notworthyxf2:

Those who've been following the PS4 scene are already familiar with PlayStation 4 GameSharing and the Russian / Egyptian / Xmax Katsu hardware variants of it, but what we found out about today from @Bassabov in the PSXHAX Shoutbox is that official Team Cobra ODE Reseller MagicDevice.ru (see HERE as Cobra's fly-by-night domain is suspended at the time of writing) claims to have revived the Brazilian PS4 GameSharing Method for 4.50 Firmware... that's the current RUMOR anyway! :unsurexf2:

Here's what their page states, to quote roughly translated: "PS4: The Brazilian method is the return News - PS4 (10/04/2017 15:45)

Great news! Our team revived the "Brazilian method" of downloading games on the PS4 with the firmware 4.50.

And so, again the Brazilian method works!

1. Fast download of games to your PS4 (from 1 to 3 days)

2. Any firmware, including 4.50

3. Any model PS4 (Fat, Slim, PRO) and any region.

4. Download both to internal and external HDD

5. While ONLINE NO !!! (But we are working on this issue)

6. To download games by our method, the attachment is disassembled!

7. Guarantee from our SC!

A list of games in the PS4 section of our site. We...
Playable Teaser (P.T.) PS4 Decrypted Files and Resources Surface
Previously we reported of Playable Teaser Running on PS4 TestKits complete with PT PS4 Model Data & Textures Extraction, and today PlayStation 4 developer @zecoxao followed-up on Twitter with some Playable Teaser PS4 decrypted files and resources from Hideo Kojima's demonstration title for those interested! :biggrinxf2:

Spoiler

He notes that it's currently not playable yet on Retail 1.76 consoles, but suggests if the PS4 4.50 Kernel Exploit is released a method to run PlayStation 4 game backups won't be far behind... queue Umar bang!!! :thumbsupxf2:

pt.zip CUSA01127 contents:
  • eboot.bin
  • ext_info.dat
  • libc.prx
  • libSceFios2.prx
  • nptitle.dat
  • param.sfo
  • pfs_image.dat
  • right.sprx
If you're hungry for more in the meantime, check out GameArchives with PS4 PFS Support, some GameArchives Updates with the Latest Version on Github, Decrypted PS4 PKG Files and the MakePFS Utility to build PS4 PlayStation File System images.

Cheers to @Centrino for the video, @mcmrc1 and @raedoob for the Twitter notices and...
PS4 4.0x WebKit Userland Exploit Break Down by SpecterDev
Following his JailbreakMe PS4 3.5x/3.70/4.0x ports of the original JailbreakMe PS4 4.0x exploit, today with the help of qwertyoruiopz PlayStation 4 developer SpecterDev broke down the PS4 4.0x WebKit Userland Exploit documenting it under Exploit Writeups for other scene developers to examine and learn from. :notworthyxf2:

Great stuff @SpecterDev and here is the break down from the Update 4.0x WebKit Exploit Writeup.md, to quote: Breaking down qwertyoruiopz's 4.0x userland exploit

Edit: qwertyoruiopz tweeted at me helping me understand the bug better and I've corrected it.

Not too long ago qwertyoruiopz released a functional (and surprisingly stable) exploit for 4.0x firmwares. No - it's not the same as the Pegasus exploit which could have been used in ChaitinTech's jailbreak chain, but it uses some similar concepts. Unfortunately, the exploit is patched on 4.50 <= because after 4.07, Sony upgraded to a much newer WebKit version, which patched many potential (and possibly private) exploits, including this one.

Immediately after it was released I started studying the exploit and tried to figure out how it worked at all stages, including post-exploitation. Below I'll share what I found about how it works. I don't expect to be 100% right because I'm still pretty noob to exploitation and I know very little about the internals of webkit, but I'll give it my best shot. If you'd like to follow along/see where I got this process, you can find my exploit edit on GitHub where I heavily commented as I went through the exploit breaking it down. I'm going to skip past some things such as the int64 object and stuff as that's not relevant to the actual exploit, but is used by it for doing address operations.

Firstly, the exploit ensures the system is vulnerable before attempting to continue with exploitation. It quickly tests the bug before...
JailbreakMe PS4 3.5x / 3.70 / 4.0x Exploit Ports by SpecterDev
Since the initial release and PS4 4.50 Kernel R/W Access confirmation by qwertyoruiopz, PlayStation 4 developer @SpecterDev began work on porting it and today he announced on Twitter that the exploit is now ported to 3.50, 3.55, 3.70, 4.00, 4.06, and 4.07 Official Firmware (OFW)! :lovexf2:

JailbreakMe PS4 Exploit Links: JailbreakMe PS4 4.0x (Original) / JailbreakMe PS4 3.5x/3.70/4.0x (Port - Mirror by NerdyBitsUK) / JailbreakMe PS4 3.5x/3.70/4.0x (Mirrors by StandardBus) / PS4-4.0x-Code-Execution-PoC-master.zip / GIT

And from the Cryptogenic PS4 4.0x Code Execution PoC README.md, to quote:

PS4 4.0x Code Execution

This repo is my edit of the 4.0x webkit exploit released by qwertyoruiopz. The edit re-organizes, comments, and adds portability across 3.50 - 4.07 (3.50, 3.55, 3.70, 4.00, and of course 4.06/4.07).

The commenting and reorganization was mostly for my own learning experience, however hopefully others can find these comments helpful and build on them or even fix them if I've made mistakes. The exploit is much more stable than FireKaku and sets up the foundation for running basic ROP chains and returns to normal execution. Credit for the exploit goes completely to...
Back
Top