PS4 Linux on 3.50 via Blu-ray Drive with BDLive Bug by 00001234

Recently we reported on the PS4 3.50 Webkit Crash avenue to exploit the PlayStation 4 browser, and thanks to @toni1988, @Chaos Kid and @mcmrc1 in the Shoutbox comes news of PS4 Linux also running on 3.50 OFW using the PlayStation 4 Blu-ray drive as the loader through a BDLive bug from 00001234.

To quote, roughly translated: So great is the vulnerability hardly, it is unencrypted and the code is freely available. Funny that's, this is on the 3.50. Thus one can save anything on the PS4 and also run! So you can even boot Linux.

What do you need:

1. Windows or Linux system
2. Charles web debugging proxy or burpsuite
3. A film with BDLive (in my test it was by Universal Pictures) others will surely go well. Can you really test yourself.
4. Connect to best PS4 with Lan.

It is described for Charles... Insert and start now to film, short wait at Charles appears Universal Pictures after about 1 minute a bootloader file.

Looks like this:

XML source

<?xml version="1.0" encoding="utf-8"?>
<update version="1" targetTitle="89">
  <statusCodes>
    <statusCode id="100" type="Information">Successful</statusCode>
  </statusCodes>
  <resources>
    <resourceFile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/boot.bin" fileSizeInBytes="1234" localStorage="common/boot.bin">
    </Resource file>
    <resourceFile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/boot.xml" fileSizeInBytes="1234" localStorage="common/boot.xml">
    </Resource file>
    <resourceFile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/v3.zip" fileSizeInBytes="1234" localStorage="v1.zip">
    </Resource file>
  </Resources>
  <bumf>
    <bumfFile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/bumf.bmf" fileSizeInBytes="17013" localStorage="bumf.bmf">
  </bumfFile>
  </bumf>
  <busf>
    <busfFile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/bumf.bsf" fileSizeInBytes="132" localStorage="bumf.bsf">
    </busfFile>
  </busf>
</update>

This copy or save as txt (very important as txt save on the PC)

Change the first line

<resourcefile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/boot.bin" fileSizeInBytes = "1234" localStorage = "common / boot.bin">

eg change in

<resourcefile uri = " releases.ubuntu.com/14.04/ubuntu-14.04.4-desktop-amd64.iso " fileSizeInBytes = "1234" localStorage = "common / boot.bin">

with map local ... Change the txt file.

Now wait are the download is completed. You have to add a little code in the next line so that the boots or executes before that. Thus, almost all run on the PS4, because it is indeed stored internally. One has the storage path.

In the next emergency update when PlayStation it will probably initially be no BDLive needs indeed no man

Wishes to test you much fun in

Who finds spelling mistakes may keep them.

 

[CnCore]

Does this now make staying on fw1.76 pointless?

No not yet.

 

[PLAYER 1]

Here is SKFU 3.0.3 if is helpful: https://mega.nz/#!CRZlWJhD!1B2WeVgBNSr1T5j3a-GyaCHHhsllMSbrEXigzfcEFeU

And a guide for its use: http://www.ps4news.com/playstation-4-ps4-news/skfu-pr0xy-how-to-use-a-proxy-server-with-your-ps4-to-sniff-psn-traffic/

I dont have any BD now, just a couple of old games.

 

[Chaos Kid]

According to the info on this we only need small change to actual linux the distro is around 52.8GB then you are looking at another 20 for the toolchain and as there is some changes we will find a new update to the system quite shortly

 

[tonybologna]

This is some interesting stuff to read. More & more stuff keeps popping up every week or even days it seems for the PS4 scene. Thanks for posting guys.

 

[Ensight]

Perhaps, this method will gave a chance to run bin-file from Flatz to enable debug settings on 3.XX. Who can check this?

 

[Chaos Kid]

Perhaps, this method will gave a chance to run bin-file from Flatz to enable debug settings on 3.XX. Who can check this?

I'm trying to get this to work myself I have a good # of films with bdlive1.1 n 2.0. The bin has to be somekinda loader internal from disk or from usb which is possible by pointing to path.
The biggest problem I see is guys are using arm v7 n I'm not I'm using systems actual native linux OS
Quote

This copy or save as txt (very important as txt save to PC)
The first line change <resourcefile fileSizeInBytes = "1234" localStorage = "common / boot.bin">
eg change in <resourcefile uri = " releases.ubuntu.com/14.04/ubuntu-14.04.4-desktop-amd64.iso " fileSizeInBytes = "1234" localStorage = "common / boot.bin">
with map local ... change the txt file

now have to wait until the download is completed. You have to add a little code in the next line so that the boots or executes before that. Thus, almost all run on the PS4, because it is indeed stored internally. One has the storage path. In the next emergency update at the playstation, it will probably initially be no BDLive no man needs so desires fun you much at test who finds spelling errors may keep them.

The end of this file is directing at a boot.bin file for loading procedure it's a actual network loader I've stated some time ago it shod be in the correct iso file I will dig thro it for confirmation later
It needs to be mounted so the other lines can be changed for mounting n path if done correct you can autoload

Confirmed autoload boot file is there just change path

repodata/xml is also needed here as its part of the path

linux /ppc/ppc64/vmlinuz  rescue ro
      initrd /ppc/ppc64/initrd.img
}

submenu 'Other options...' {
  menuentry 'Reboot' {
    reboot
  }

  menuentry 'Exit to Open Firmware' {
    exit
  }
}

releases.ubuntu.com/14.04/ubuntu-14.04.4-desktop-amd64.iso needs to be changed to path of iso dir not actual iso

Boot.bin also needs to be changed to actual boot file either cfg or elf loader itself which comes with linux

 

[Lan]

From what i understand ps4 got hacked also on 3.50? Can we run anything we want?

I ask this because i was thinking of updating from 3.11.

 

[Chaos Kid]

From what i understand ps4 got hacked also on 3.50? Can we run anything we want?

I ask this because i was thinking of updating from 3.11.

I am working with 3.11 myself and no its not hacked it's just a way of installing linux within the system using the bd drive as the loader to obtain netboot

 

[kombat75]

Just upgrade to 3.50 and everything will be smooth.

Trust me.. CFW 3.50 is coming on JUNE 6

It my birthday wish hehehe..

 

[Chaos Kid]

Just upgrade to 3.50 and everything will be smooth.

Trust me.. CFW 3.50 is coming on JUNE 6

It my birthday wish hehehe..

Good luck. Lol.
I'm staying on 3.11 base