Recently
cheburek3000 made available
Meme_Dumper, a
Meme Dumper for
PS5 Scene developers to access
PlayStation 5 memory via physical address which is mapped
without any protection instead of through virtual address.
Download:
meme_dumper-main.zip /
GIT
Here's more from the
README.md, as follows:
Meme dumper
Summary
Why access memory through virtual address when you can access it through physical address, which is mapped without any protection?
With this idea in mind, this tool will run a server, which will dump you almost
any memory, which would normally be protected from user/kernel.
How to use
- Download and build PS5SDK and set environment variable PS5SDK to folder with ***.
- Run something on your PC to serve a logger, like ncat -k -l 5655
- Replace PC_IP and PC_PORT macros on lines 10-11 with your logger server's IP/port.
- This tool is firmware-dependent and will only work on firmwares supported by the *** for kernel hacking. See PS5SDK README.md for this information.
- Set PS5SDK_FW to the correct target before building. For example, to target 4.03, PS5SDK_FW should be set to 0x403.
- Run ./build.sh.
- Deploy bin/meme_dumper.elf to ELF loader.
- Send your command to a target, for example echo -n 'dump_paddr 0x21784000 0x1000' | nc $PS5_HOST 9081 > dump.bin
Commands
- dump_vaddr 0x{vaddr} 0x{size} - resolve virtual address to physical and ask kernel to dump {size} bytes from physical memory.
- dump_paddr 0x{paddr} 0x{size} - dump {size} bytes from physical memory from physical address.
- dump_ranges - dump all mapping from virtual memory to physical in human readable format.
- stop - stop the server, for example, to deploy another ELF.
Not so useful commands
- dump_abs 0x{absolute address} 0x{size} - ask kernel to dump {size} bytes from specified address. Not very useful, since all page protections will apply to this query.
- dump_base 0x{offset from kernel data base} 0x{size} - ask...