Recently PS5Scene developer @DeathRGH released via Twitter a BOCW PS5 v1.26 ELF and custom PS5 ELF Loader for the Black Ops Cold War PlayStation 5 version 1.26 update working on both Zombies and Multiplayer for Exploited PS5 consoles.
Download: BOCW_0126_PS5.elf (72.7 KB) / BOCW 1.26 ELF PS5 GIT / 1.0.0.53.net6.0-windows.zip (157 KB) / BOCW PS5 ELF Loader GIT / DeathRGH's Hood Discord Channel / DeathRGH's Ko-fi Page
This comes proceeding his PS4 Tool Box 2.2.1.140 revision,
PS4 Frame4 AFR (Application File Redirector) Guide, the PS5 BD-JB ELF Loader updates and recent PS5Debug_Elf_Injection App / PS5-CleanELF releases with further details below.
From the BOCW-1.26-ELF-PS5 README.md: Black Ops Cold War PS5 ELF
This is the example project for the custom elf loader built for Black Ops Cold War on PlayStation5.
You can find the loader here: BOCW-PS5-ELF-Loader
Contributions of any kind are welcome! Go make cool stuff
Compilation
The project makes use of the Post-Build-Event in Visual Studio.
Make sure you have the linux sub system for windows (wsl) installed.
If you have issues compiling with older version of visual studio (pre 2022) try to replace the path in the Post-Build-Event with the following:
Take a look at this for details.
Credits
This is a custom elf loader built for Black Ops Cold War on PlayStation5.Currently supporting update version 1.26 of the game which runs on a PS5 with firmware 4.03 or higher.
For a example project to load, take a look at: BOCW-1.26-ELF-PS5
How It Works
As the current elf loader implementation in ps5debug simply doesn't work or turns your game into a potato I decided to port my elf loader from the really early ps4 days. It doesn't work in the classic sense where you would hook game functions. It injects the raw bytes of the elf into a leftover debug drawing function.
The leftover function is executed once per frame on the render thread of the game. This gives us access to write memory in the text section, render anything with engine rendering and even make a basic aimbot.
In order for the game to let us write to the text section we need to change the protection to Read-Write-Execute (7). This is done with ps5debug which writes the protection level to the virtual memory map in the kernel data section.
After all the setup is done we can load and unload a elf as many times as we want without restarting the game.
The tool does the following steps when you connect:
Download: BOCW_0126_PS5.elf (72.7 KB) / BOCW 1.26 ELF PS5 GIT / 1.0.0.53.net6.0-windows.zip (157 KB) / BOCW PS5 ELF Loader GIT / DeathRGH's Hood Discord Channel / DeathRGH's Ko-fi Page
This comes proceeding his PS4 Tool Box 2.2.1.140 revision,
PS4 Frame4 AFR (Application File Redirector) Guide, the PS5 BD-JB ELF Loader updates and recent PS5Debug_Elf_Injection App / PS5-CleanELF releases with further details below.
From the BOCW-1.26-ELF-PS5 README.md: Black Ops Cold War PS5 ELF
This is the example project for the custom elf loader built for Black Ops Cold War on PlayStation5.
You can find the loader here: BOCW-PS5-ELF-Loader
Contributions of any kind are welcome! Go make cool stuff
Compilation
The project makes use of the Post-Build-Event in Visual Studio.
Make sure you have the linux sub system for windows (wsl) installed.
If you have issues compiling with older version of visual studio (pre 2022) try to replace the path in the Post-Build-Event with the following:
Code:
powershell.exe /c C:\Windows\sysnative\wsl.exe
Credits
- Alaix (Unlock All Patch)
This is a custom elf loader built for Black Ops Cold War on PlayStation5.Currently supporting update version 1.26 of the game which runs on a PS5 with firmware 4.03 or higher.
For a example project to load, take a look at: BOCW-1.26-ELF-PS5
How It Works
As the current elf loader implementation in ps5debug simply doesn't work or turns your game into a potato I decided to port my elf loader from the really early ps4 days. It doesn't work in the classic sense where you would hook game functions. It injects the raw bytes of the elf into a leftover debug drawing function.
The leftover function is executed once per frame on the render thread of the game. This gives us access to write memory in the text section, render anything with engine rendering and even make a basic aimbot.
In order for the game to let us write to the text section we need to change the protection to Read-Write-Execute (7). This is done with ps5debug which writes the protection level to the virtual memory map in the kernel data section.
After all the setup is done we can load and unload a elf as many times as we want without restarting the game.
The tool does the following steps when you connect:
- Connect to PS5.
- Find the process "eboot.bin".
- Get the virtual memory map of the process to find the base address.
- Protect the text section of the eboot with prot 7.
- Reading a unique string from the games text section to verify we are on the correct update version.
- We need to grab the bytes of the elfs text section that we want to load. We do this by searching for the string "/lib64/ld-linux-x86-64" which marks the end of all the data we need.The start can be found by simply reading the start address of the text section from the elf header.
- To stop the original function from executing while we write our injected bytes we add a return at the start of the function.
- After injecting the elf bytes we patch the injected elf to call the entry instead of jumping to it and a few other patches (see code for details).
- As the last step we remove our return at the start of the function by replacing it with a nop. This will now execute our elf.
- SiSTRo (ps5debug)