Today PlayStation 4 developer zecoxao shared a handy guide on how to create PS4 ELFs from PlayStation 4 process dumps.
Here is it for those interested, to quote: How to Create ELFs from Process Dumps
You'll need:
Go to your playground of choice (in this case my playground is extreme-modding.de one)
Step 2:
Grab your ELF or SELF that you want to make a forgery of (i'm going to use SysCore for this)
Step 3:
Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the ELF header must contain all of it's necessary bytes EXCEPT the last 32!
Step 4:
Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes.
Step 5:
If necessary restart PS4 so you can clean the payload's memory and then start PS4 file ninja.
Step 6:
Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process.
Step 7:
Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example:
Step 8:
Copy the first segment and add it after the end of the ELF forged header. Do the same for the other segments.
Step 9:
You have now a forged elf you can use in IDA for analysis.
Some Notes:
Here is it for those interested, to quote: How to Create ELFs from Process Dumps
You'll need:
- HX-D
- PS4 FileNinja v2.0 (the one with process dump support)
- Extreme-modding.de FTP payload (ps4_dev-dlclose_(FTP)_Kernel_Patch.bin (10 KB) / ps4_dev-dlclose_(FTP-Debug_Menu)_Kernel_Patch.bin (9 KB)) or you can use FileNinja but FileZilla is a better client for this purpose)
- a brain
Go to your playground of choice (in this case my playground is extreme-modding.de one)
Step 2:
Grab your ELF or SELF that you want to make a forgery of (i'm going to use SysCore for this)
Step 3:
Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the ELF header must contain all of it's necessary bytes EXCEPT the last 32!
Step 4:
Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes.
Step 5:
If necessary restart PS4 so you can clean the payload's memory and then start PS4 file ninja.
Step 6:
Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process.
Step 7:
Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example:
Step 8:
Copy the first segment and add it after the end of the ELF forged header. Do the same for the other segments.
Step 9:
You have now a forged elf you can use in IDA for analysis.
Some Notes:
- You can use readelf to check on how good your ELF looks.
- First section has libexec magic. Second section has ORBI magic.