Hello PSXHAX, today PlayStation 4 Developer Zecoxao has conveyed a new tutorial on how to decrypt and dump PS4 games (EBOOT, PRX, SPRX).
Previously, he made a tutorial on How to Dump and Decrypt Usermodules, which is a continuation on this topic he brings today.
There was a mistake on the tutorial, but @zecoxao had got it fixed, so everything should be okay now. Lets jump straight into this tutorial.
To roughly quote Zecoxao's Tutorial: [Tutorial] How to Decrypt and Dump Games (EBOOT, PRX and SPRX)
Requirements:
1. Compile the payload with the correct commands. Specifically for The Playroom (CUSA00001):
2. Start the game.
3. Minimize the game (PS Button)
4. Access elf loader
5. Let it load all the way until stage 5 and stabilize
6. Plug the usb stick or hdd on the rightmost port, near PS4 logo
7. Load the payload:
8. when it finishes loading (user return 0) unplug the stick or hdd and check inside. you should have the files in elf format on the root
PS: This is a continuation to the previous tutorial "dump and decrypt usermodules"
PSS: Do not forget that the games decryption require ABSOLUTE PATH due to rif management.
Backing up Retail Games to Fake Pkg's (6.72 or Lower)
Finally, from zecoxao comes a brief guide on How to Validate Your ELFs Decrypted Using MMAP Trick
To quote: Special Thanks to Anonymous for helping me with this, and to softstar for providing the ELFs.
You'll need:
Step 2: Grab the encrypted SceShellCore (at /system/vsh/)
Step 3: Use custom DECRYPT command (in filezilla, this can be found in Server->Indicate personalized command...)
Step 4: Grab decrypted SceShellCore (same location but now DECRYPT is toggled ON)
Step 5: Hash the decrypted elf (sha256sum SceShellCore.elf)
Step 6: Compare it with the FIRST 0x20 bytes that look like random data. If they match, your elf is OK, if they don't match, retry to download the elf with DECRYPT toggled on until it matches.
This concludes the tutorial. Some pics:
Previously, he made a tutorial on How to Dump and Decrypt Usermodules, which is a continuation on this topic he brings today.
There was a mistake on the tutorial, but @zecoxao had got it fixed, so everything should be okay now. Lets jump straight into this tutorial.
To roughly quote Zecoxao's Tutorial: [Tutorial] How to Decrypt and Dump Games (EBOOT, PRX and SPRX)
Requirements:
- ps4sdk precompiled
- elf loader precompiled or extreme-modding's elf loader.
- the payload source
- 1.76 console
- usb pendrive or external hdd (fat32 or exfat, exfat recommended)
- A preactivated online game or a purchased disc game
- The TITLE ID of the disc
1. Compile the payload with the correct commands. Specifically for The Playroom (CUSA00001):
Code:
decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/eboot.bin", "/mnt/usb0/eboot.bin");
decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/sce_module/libc.prx", "/mnt/usb0/libc.prx");
decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/sce_module/libSceFios2.prx", "/mnt/usb0/libSceFios2.prx");
decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/sce_sys/about/right.sprx", "/mnt/usb0/right.sprx");
3. Minimize the game (PS Button)
4. Access elf loader
5. Let it load all the way until stage 5 and stabilize
6. Plug the usb stick or hdd on the rightmost port, near PS4 logo
7. Load the payload:
Code:
#listener
socat - TCP:my.ps4.ip:5052
#sender
socat -u FILE:path/to/DumpFile TCP:my.ps4.ip:5053
PS: This is a continuation to the previous tutorial "dump and decrypt usermodules"
PSS: Do not forget that the games decryption require ABSOLUTE PATH due to rif management.
Backing up Retail Games to Fake Pkg's (6.72 or Lower)
Finally, from zecoxao comes a brief guide on How to Validate Your ELFs Decrypted Using MMAP Trick
To quote: Special Thanks to Anonymous for helping me with this, and to softstar for providing the ELFs.
You'll need:
- An FTP Payload with CUSTOM DECRYPT command (you can compile it from scene-collective github repo)
- A target file (I've chosen 5.05's SceShellCore for this) in both encrypted and decrypted state.
- Filezilla
- Hashing tool (I use WSL with sha256sum tool)
Step 2: Grab the encrypted SceShellCore (at /system/vsh/)
Step 3: Use custom DECRYPT command (in filezilla, this can be found in Server->Indicate personalized command...)
Step 4: Grab decrypted SceShellCore (same location but now DECRYPT is toggled ON)
Step 5: Hash the decrypted elf (sha256sum SceShellCore.elf)
Step 6: Compare it with the FIRST 0x20 bytes that look like random data. If they match, your elf is OK, if they don't match, retry to download the elf with DECRYPT toggled on until it matches.
This concludes the tutorial. Some pics: