Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.

PS4 EAP Kernel Dumps & Standalone PS4 Exploit Host RPi Installer

PS4 Jailbreaking       Thread starter PSXHAX       Start date Feb 5, 2018 at 2:28 AM       99      
Status
Not open for further replies.
Following the PS4 Rest Mode REcon Demo and Slideshow PDF of Volodymyr Pikhur's presentation comes some PS4 EAP Kernels from 1.01, 1.76 and 4.05 OFW via notzecoxao for developers alongside a Standalone RPi installer for PS4 Exploit Host (no router, no switch) by @Al Azif who's currently working on improving it further with wifi and by eliminating the PS4 to change settings. :geek:

Download: eap_kernel_101.bin / eap_kernel_176.bin / EAP Kernels.zip (8.31 MB - Mirror) / EAP Kernels.zip (Mirror #2) / RPi Installer for 4.55 / PiXploitHost GIT / PS4-EAP-KEY-DUMPER-672.bin (6.6 KB)

Below are some related Tweets including a PS2Reality MediaPlayer (PS2 Emulation) PS4 demo video from BigBoss, and to quote from the README.md: Standalone RPi installer for ps4-exploit-host (No router, no switch)

  1. Have a fresh install of Raspiban Lite on your RPi
  2. Connect you RPi to a network with internet access
  3. Run this command on you RPi:
    Code: 
    `curl -L https://goo.gl/4bvW9P | sudo bash -s`
  4. Your device will restart automatically
  5. Run an ethernet cord directly between RPi and PS4
  6. On the PS4 setup the network as follows:
    • Set Up Internet Connection
    • Use a LAN Cable
    • Custom
    • Manual
      • IP Address: 7.7.7.8
      • Subnet Mask: 255.255.255.0
      • Default Gateway: 7.7.7.7
      • Primary DNS: 7.7.7.7
      • Secondary DNS: 7.7.7.7
    • Automatic
    • Do Not Use
  7. Load the User's Manual
Github: https://github.com/c0d3m4st4/PiXploitHost / Spanish Guide

PS4 EAP Kernel Dumps & Standalone PS4 Exploit Host RPi Installer 2.jpg
PS4 EAP Kernel Dumps & Standalone PS4 Exploit Host RPi Installer 3.jpg

EAP Internal Partition Key is at kernel_base + 0x258CCD0 on 4.55 kernel
Cheers to both @oneman123 and @SSShowmik for the heads-up in the PSXHAX Shoutbox earlier today! :beer::beer:
PS4 EAP Kernel Dumps & Standalone PS4 Exploit Host RPi Installer.jpg
 
Click to expand...
PSXHAX
PSXHAX
Live in Your World, HAX in Ours!
Hello World! I've been reporting on Sony PlayStation hacking news since 2000 and started PSXHAX in 2014 to cover PlayStation (PSX), PlayStation 2 (PS2), PlayStation 3 (PS3), PlayStation 4 (PS4), PlayStation Portable (PSP), PlayStation Vita (PS Vita), PlayStation TV (PS TV) and next-gen PlayStation 5 (PS5) platforms along with anything else of interest.

Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM.

If you enjoy gaming and would like to write (unpaid) for this site, Contact Us and we'll be happy to have ya join our Authors! :)

Comments

OK @Al Azif here is the first SD image build of a working PiFi on PI Zero W.

Spoiler

Image can be burned to SD using Etcher.

Once done, plug card into Pi, then turn it on and wait for a couple of minutes. You should see a WiFi network called PiPS4Fi. Connect to it with password PiFi4PS4

To safely shut it down, download JuiceSSH from the Android App store and connect to the same WiFi network (or connect your laptop to it). Launch JuiceSSH on your phone or Putty on your laptop, then type

sudo poweroff

will eventually add PI power-off PHP to web frontend
 
I assume you would need to add drivers for this WiFi dongle, this image was created for PI Zero W which has WiFi built in, and as it is set as an AP without internet connection you may be doing this manually.

I will ask the person who built this if they have time to look into what's needed for the PI Zero.
 
@Al Azif here is the script to setup the PI Zero W (and one to revert it)

Don't suppose you would be able to host this code?

Setup the RPi0W

Code: 
#!/bin/bash
apt-get update
apt-get -y upgrade

apt-get -y install dnsmasq hostapd apache2

cd ~
mkdir pifi
cd pifi
curl -L -o "#1.zip" "https://github.com/xvortex/{ps4-dumper,ps4-ftp-vtx,ps4-hen-vtx}/archive/master.zip"
unzip '*.zip'
rm *.zip


cp -R * /var/www/html/
cd ..
rm -r pifi

mv /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/000-default.conf.orig
cat << 'EOF' >> /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        ErrorDocument 404 /index.html
</VirtualHost>
EOF

mv /etc/default/hostapd /etc/default/hostapd.orig
cat << 'EOF' >> /etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"
DAEMON_OPTS=" -f /tmp/hostapd.log"
RUN_DAEMON="YES"
EOF

mv /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.orig
cat << 'EOF' >> /etc/hostapd/hostapd.conf
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
beacon_int=100
auth_algs=1
wpa_key_mgmt=WPA-PSK
ssid=PiPS4Fi
channel=1
hw_mode=g
wpa_passphrase=PiFi4PS4
interface=wlan0
wpa=1
wpa_pairwise=TKIP
country_code=GB
EOF

mv /etc/wpa_supplicant/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant.conf.orig
cat << 'EOF' >> /etc/wpa_supplicant/wpa_supplicant.conf
country=UK
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
#network={
#       ssid=""
#       psk=""
#}
EOF

mv /etc/dhcpcd.conf /etc/dhcpcd.conf.orig
cat << 'EOF' >> /etc/dhcpcd.conf
hostname
clientid
persistent
option rapid_commit
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
option ntp_servers
require dhcp_server_identifier
slaac private
nohook lookup-hostname

interface wlan0
static ip_address=7.7.7.7/24
static routers=7.7.7.7
static domain_name_server=7.7.7.7
EOF

mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
cat << 'EOF' >> /etc/dnsmasq.conf
domain-needed
addn-hosts=/etc/dnsmasq_static_hosts.conf
interface=wlan0
dhcp-range=7.7.7.10,7.7.7.20,255.255.255.0,24h
EOF

mv /etc/dnsmasq_static_hosts.conf /etc/dnsmasq_static_hosts.conf.orig
cat << 'EOF' >> /etc/dnsmasq_static_hosts.conf
7.7.7.7         manuals.playstation.net
EOF

mv /var/www/html/index.html /var/www/index.html.orig
cat << 'EOF' >> /var/www/html/index.html
<h1><strong>Welcome to PiFi</strong></h1>
<p><a href="http://manuals.playstation.net/ps4-hen-vtx-master/exploit/index.html">PS4 Homebrew Enabler</a></p>
<p>&nbsp;</p>
<p><a href="http://manuals.playstation.net/ps4-ftp-vtx-master/exploit/index.html">PS4 Vortex FTP Server</a></p>
<p>&nbsp;</p>
<p><a href="http://manuals.playstation.net/ps4-dumper-master/exploit/index.html">PS4 Dumper</a></p>
<p>&nbsp;</p>
<p>To safely shutdown the Pi, connect to the AP with SSH client, login as Pi, then type</p>
<p>sudo poweroff</p>
<p>(to-do: add PHP functionality to do this)</p>
<p>&nbsp;</p>
<p><strong>Dumper instructions:</strong></p>
<p>- Plug in exFAT formatted USB3.0 HDD.</p>
<p>- Launch exploit</p>
<p>- Launch game to start menu</p>
<p>- Wait for Dumper to finish and shut down PS4</p>
<p>- On PC, run&nbsp;gengp4.exe on dump file</p>
<p>- On PC, run orbis-pub-gen, open gp4 file and build package</p>
<p>&nbsp;</p>
<p>Thanks to Vortex, Spectre and others for the exploit</p>
EOF

reboot

Removal Script for RPi0W
Code: 
#!/bin/bash

rm /etc/default/hostapd
cp /etc/default/hostapd.orig /etc/default/hostapd

rm /etc/hostapd/hostapd.conf
cp /etc/hostapd/hostapd.conf.orig /etc/hostapd/hostapd.conf

rm /etc/wpa_supplicant/wpa_supplicant.conf
cp /etc/wpa_supplicant/wpa_supplicant.conf.orig /etc/wpa_supplicant/wpa_supplicant.conf

rm /etc/dhcpcd.conf
cp /etc/dhcpcd.conf.orig /etc/dhcpcd.conf

rm /etc/dnsmasq.conf
cp /etc/dnsmasq.conf.orig /etc/dnsmasq.conf

rm /etc/dnsmasq_static_hosts.conf
cp /etc/dnsmasq_static_hosts.conf.orig /etc/dnsmasq_static_hosts.conf

reboot
 
There was an error stopping this one, turned out to be trying to install something that was already there in the build.

BTW this one might work on RPi3
 
Status
Not open for further replies.

PSXHAX Categories

PS4 Jailbreak Status
PS5 Jailbreak Status

Latest Forum Topics

Share This Page

Back
Top