Discussion of Theories for Newer PS4 Games on 4.05 Firmware

Following the recent PS4 Barthen Method for getting newer games running with PS4HEN, some forum members including @SkysTheLimit, @Goldenboy22 and @Picalo would like to open a discussion of theories on how newer PlayStation 4 game dumps can become playable on exploited 4.05 Firmware consoles.

We'll use this as an ongoing discussion thread for those who'd like to share their insight and research into getting newer PS4 games with Minimum Firmware Versions above 4.05 OFW dumped and running, which according to Mathieulh is currently the BEST PS4 Firmware to be on as 1.76 is now considered outdated since the 4.05 exploit chain from SpecterDev with popular 4.05 exploit forks and experiments by IDC alongside the PS4 Exploit Host by Al Azif.

Here are links to some current theories from the Barthen Method topic:

• From Goldenboy22
• From SkysTheLimit
• From Picalo
• Follow up by SkysTheLimit

Finally, below are some other PS4 MEME and Tweets making rounds on Twitter today:
Cheers to @B7U3 C50SS and @SSShowmik for tips in the PSXHAX Shoutbox!

 

[man1366]

Maybe this is just a bug with game (HZD) not firmware and couldn't be repeated for other games.

 

[73n1x69]

Too much inaccuracies in these comments, my friends.
There are tons of checks for the fw version:

The first check is during the installation, and should be only between the system version stored in the kernel and the one stored in param.sfo of the game. This is relatively easy to sidestep with the method suggested by the great Xvortex.

Then the problem is launching the game. These are the 2 obstacles:

- the keys stored in the SAMU: with 4.05 firmware we should have the keys for every <4.50 game...
>4.50 games should be impossible to launch in any case.

- the fw version check between the headers of encrypted sprx and eboot and fw version stored deep inside of the SAMU.

So, even owning the right keys (as supposed to be true for HZD because is 4.07 game), is nearly impossible to bypass the FW version check that happens inside the SAMU when trying to launch the game.

So, IMHO, this is only a great TROLLING by the Russian guys......
To quote a meme from discord........

​

 

[Goldenboy22]

@73n1x69 Have you seen this? What you think?

Maybe we should try a 4.07 game and see what happen now that we have a spoof (we we're not certain in what happen in SAMU i 've read different opinions).

For the rest i agree with you..i also think that 4.50 game TOO not work for the question of the key.

I DOESN'T HAVE a 4.07 GAME TO TRY...Someone can try the SPOOF and see what happens with an original 4.07 game?

 

[Chaos Kid]

of course there is checks before the game is installed. and 3 before playing these should be obvious but due to most people can't see anything without being told or have the knowledge of how things work.

there's nothing wrong with that in general but this should be about learning not just gaming and having fun. if you like your exploit that's fine learn how it works put time into understanding

it's not a spoofer read the picture and what @73n1x69 said. you can't decrypt 4.07 on a 4.05 system the key support is not there till updated

 

[tooretoo42]

@73n1x69 Thanks for this clarification !!! Is this an inaccuracy to say that this memory spoof may be used in some case to install updates in 4.05+ taking account the version ?

 

[SkysTheLimit]

@73n1x69 Nice somebody brings some new information.

Can you please let us know from where you know the following:

- the keys stored in the SAMU: with 4.05 firmware we should have the keys for every <4.50 game...
- the fw version check between the headers of encrypted sprx and eboot and fw version stored deep inside of the SAMU

Also I got some questions:

1. When updating a PS4 - there is a certain Point where the SAMU gets a new Firmware. Is anything know about how the Update Process talks to the SAMU to provide a new Firmware.
Since the SAMU is hidden, meaning that we just can communicate with SAMU with the API/Calls provided and even with OS-root we can´t access it´s memory and contents, there must be an API to give it the SAMU the Firmware Update/Keys and it updates itself.
2. Did somebody find the SAMU Firmware inside the PUPs?
3. If yes, are the SAMU Firmwares encrypted and the SAMU decrypts them with it´s secrets keys?

@Chaos Kid

@73n1x69 mentioned that the 4.05 FW should have the keys up to 4.50, in my understanding it is because S0NY did not update the keys until 4.50 again.

Here the part:
- the keys stored in the SAMU: with 4.05 firmware we should have the keys for every <4.50 game...
>4.50 games should be impossible to launch in any case.

 

[Chaos Kid]

just cause the keys were the same the point of the headers will not be so it still will not work and will require an update or people would have bin able to dump 4.50 games on 4.05 see the point here.

 

[73n1x69]

I think it's crazy how fast Stooged has been! That is a real spoof, someone already installed games >4.05 with that ! Not running them, obviously.

According to the voices circulating, the key should change every major release of the dev kit... So 4.07 games should have the same key ...
The remaining problem is only the FW version in the headers of encrypted files...

Probably this spoof doesn't change anything about updates..
At 90% the update change some encrypted files, so this memory spoof isn't able to make us run games with 4.05+ updated applied.
The update will probably install, but the games won't run anymore.
Just conjecture, by the way

The information are grabbed in dozen of hours spent on discord, reading the messages of skilled people like kiwidog and similar

@SkysTheLimit Sorry, can't answer none of your questions my friend

 

[Macneil]

what about this news? A 4.07 kernel Exploit??

 

[tooretoo42]

@73n1x69 Thank you for taking time to reply

@Macneil it's related to this news