Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 CFW and Hacks       Thread starter PSXHAX       Start date Jul 24, 2017 at 5:03 AM       7      
Status
Not open for further replies.
Following the PS4 PUP_Decrypt / PUP_Unpack releases and PS4 Jailbreak v1.01 Exploit, Linux guru masterzorag shared a comparison difference between 4.07 and 4.55 inner PUP files encrypted data and SceEapCore.elf from 1.01 via a jailbroken PS4 1.76 console with developers. :veryhappy:

Here are the details from his Blog Post this past May that we missed until now, to quote: PS4 PUP

Just curious about this updating system images:
PS4 Inner PUP Files of PS4UPDATE System Comparison by Masterzorag 2.jpg

PS4 Inner PUP Files of PS4UPDATE System Comparison by Masterzorag 3.jpg

Diff between 4.07 and 4.55 PUP files inside PS4UPDATE system, encrypted data.

Some slices of data are the same, even if encrypted. First eight bytes remains the same.

SceEapCore.elf

As seen in 1.01:
Code:
SceEapCore.elf: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, for FreeBSD 9.0 (900044), not stripped, with debug_info

ELF Header:

  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF32
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           ARM
  Version:                           0x1
  Entry point address:               0x8148
  Start of program headers:          52 (bytes into file)
  Start of section headers:          3029100 (bytes into file)
  Flags:                             0x5000002, Version5 EABI, <unknown>
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         7
  Size of section headers:           40 (bytes)
  Number of section headers:         20
  Section header string table index: 17

There are 20 section headers, starting at offset 0x2e386c:
Section Headers:

  [Nr] Name
       Type            Addr     Off    Size   ES   Lk Inf Al
       Flags
  [ 0]
       NULL            00000000 000000 000000 00   0   0  0
       [00000000]:
  [ 1] .note.ABI-tag
       NOTE            00008114 000114 000018 00   0   0  4
       [00000002]: ALLOC
  [ 2] .init
       PROGBITS        00008130 000130 000018 00   0   0 16
       [00000006]: ALLOC, EXEC
  [ 3] .text
       PROGBITS        00008148 000148 25818c 00   0   0  8
       [00000006]: ALLOC, EXEC
  [ 4] .fini
       PROGBITS        002602e0 2582e0 000018 00   0   0 16
       [00000006]: ALLOC, EXEC
  [ 5] .rodata
       PROGBITS        00261000 259000 021574 00   0   0 256
       [00000002]: ALLOC
  [ 6] .ARM.extab
       PROGBITS        00282574 27a574 0528c4 00   0   0  4
       [00000002]: ALLOC
  [ 7] .ARM.exidx
       ARM_EXIDX       002d4e38 2cce38 012268 00   3   0  4
       [00000082]: ALLOC, LINK ORDER
  [ 8] .eh_frame
       PROGBITS        002e70a0 2df0a0 000004 00   0   0  4
       [00000002]: ALLOC
  [ 9] .tbss
       NOBITS          002e8000 2e0000 000004 00   0   0  4
       [00000403]: WRITE, ALLOC, TLS
  [10] .init_array
       INIT_ARRAY      002e8000 2e0000 000268 00   0   0  4
       [00000003]: WRITE, ALLOC
  [11] .fini_array
       FINI_ARRAY      002e8268 2e0268 000010 00   0   0  4
       [00000003]: WRITE, ALLOC
  [12] .got
       PROGBITS        002e8278 2e0278 000010 04   0   0  4
       [00000003]: WRITE, ALLOC
  [13] .data
       PROGBITS        002e8290 2e0290 001f14 00   0   0 16
       [00000003]: WRITE, ALLOC
  [14] .bss
       NOBITS          002ea1c0 2e21a4 04ca4c 00   0   0 64
       [00000003]: WRITE, ALLOC
  [15] .comment
       PROGBITS        00000000 2e21a4 0015df 01   0   0  1
       [00000030]: MERGE, STRINGS
  [16] .ARM.attributes
       ARM_ATTRIBUTES  00000000 2e3783 00003d 00   0   0  1
       [00000000]:
  [17] .shstrtab
       STRTAB          00000000 2e37c0 0000aa 00   0   0  1
       [00000000]:
  [18] .symtab
       SYMTAB          00000000 2e3b8c 0747b0 10  19 17940  4
       [00000000]:
  [19] .strtab
       STRTAB          00000000 35833c 09c41c 00   0   0  1
       [00000000]:

Displaying notes found in: .note.ABI-tag
  Owner                 Data size       Description
  FreeBSD              0x00000004       NT_VERSION (version)
   description data: ffffffcc ffffffbb 0d 00
Cheers to @Bultra, @defense and @xxmcvapourxx for sharing their feedback on this topic in the PSXHAX Shoutbox! :beer:
PS4 Inner PUP Files of PS4UPDATE System Comparison by Masterzorag.jpg
 

Comments

I think that it's crypted with some of public-key cryptosystems, and every update contains public-key for future update. It doesn't give us to skip update and add additional security. Then we need to decrypt updates one-by-one from first decrypted to get last update files.
 
Status
Not open for further replies.
Back
Top