Decrypting and Dumping PS4 Games (EBOOT & SPRX) Guide by Zecoxao

Hello PSXHAX, today PlayStation 4 Developer Zecoxao has conveyed a new tutorial on how to decrypt and dump PS4 games (EBOOT, PRX, SPRX).

Previously, he made a tutorial on How to Dump and Decrypt Usermodules, which is a continuation on this topic he brings today.

There was a mistake on the tutorial, but @zecoxao had got it fixed, so everything should be okay now. Lets jump straight into this tutorial.

To roughly quote Zecoxao's Tutorial: [Tutorial] How to Decrypt and Dump Games (EBOOT, PRX and SPRX)

Requirements:

• ****** precompiled
• elf loader precompiled or extreme-modding's elf loader.
• the payload source
• 1.76 console
• usb pendrive or external hdd (fat32 or exfat, exfat recommended)
• A preactivated online game or a purchased disc game
• The TITLE ID of the disc

Steps:

1. Compile the payload with the correct commands. Specifically for The Playroom (CUSA00001):

decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/eboot.bin", "/mnt/usb0/eboot.bin");
decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/sce_module/libc.prx", "/mnt/usb0/libc.prx");
decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/sce_module/libSceFios2.prx", "/mnt/usb0/libSceFios2.prx");
decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/sce_sys/about/right.sprx", "/mnt/usb0/right.sprx");

2. Start the game.
3. Minimize the game (PS Button)
4. Access elf loader
5. Let it load all the way until stage 5 and stabilize
6. Plug the usb stick or hdd on the rightmost port, near PS4 logo
7. Load the payload:

#listener
socat - TCP:my.ps4.ip:5052
#sender
socat -u FILE:path/to/DumpFile TCP:my.ps4.ip:5053

8. when it finishes loading (user return 0) unplug the stick or hdd and check inside. you should have the files in elf format on the root

PS: This is a continuation to the previous tutorial "dump and decrypt usermodules"
PSS: Do not forget that the games decryption require ABSOLUTE PATH due to rif management.
Backing up Retail Games to Fake Pkg's (6.72 or Lower)

Finally, from zecoxao comes a brief guide on How to Validate Your ELFs Decrypted Using MMAP Trick

To quote: Special Thanks to Anonymous for helping me with this, and to softstar for providing the ELFs.

You'll need:

• An FTP Payload with CUSTOM DECRYPT command (you can compile it from scene-collective github repo)
• A target file (I've chosen 5.05's SceShellCore for this) in both encrypted and decrypted state.
• Filezilla
• Hashing tool (I use WSL with sha256sum tool)

Step 1: Send FTP Payload
Step 2: Grab the encrypted SceShellCore (at /system/vsh/)
Step 3: Use custom DECRYPT command (in filezilla, this can be found in Server->Indicate personalized command...)
Step 4: Grab decrypted SceShellCore (same location but now DECRYPT is toggled ON)
Step 5: Hash the decrypted elf (sha256sum SceShellCore.elf)
Step 6: Compare it with the FIRST 0x20 bytes that look like random data. If they match, your elf is OK, if they don't match, retry to download the elf with DECRYPT toggled on until it matches.

This concludes the tutorial. Some pics:

 

[PSXHAX]

Thanks for sharing the guide here my pink flamingo... aka @HydrogenNGU

PS: Your vCard that appears below all articles you submit can be edited to include an author image, your hobbies, links to NGU, whatever you'd like to share about yourself with the viewers here.

 

[juansbeck]

@zecoxao ... thanks I would like to share with you my findings in the ps4 sysconf via hybridcomputers

 

[B7U3 C50SS]

Very nice re-post! I thoroughly enjoyed the read! And it helps!

 

[oneman123]

if you use /data or other writeable dir instead of /mnt/usb0 it is much faster and you can copy back via ftp

 

[D3M1]

YoHuuuu, Hi Hydrogen

 

[spotanjo3]

Congratulations to 1.76 users! By the way, sighing.. We are waiting for 3.50-4.05.

 

[alzaabi]

It seems developers are interested in hacking ps4. It sounds good

 

[raedoob]

hi my friend your videos very interesting

 

[AlexxLopaztico]

And IT begins