Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
In PS5 Scene news following the initial Custom BGM & Themes PS4 PKGs, PS4 Theme Sample & Base Template, BD-JB PS5 ELF Loader v1.2 and PS5 System Partition Read / Write (R/W) Payload comes some demonstration videos of the first Custom PS5 Themes including Background Music (BGM) of Hyperdimension Neptunia Theme v0.9 Beta from Ifaicompa (NepuStation3322's YouTube Channel) alongside a PS5 Just Do It Theme (PS5 BGM Change) from @yyoossk (Twitter / Yyoossk7821's YouTube Channel), a PS5 Elden Ring Custom Theme with PS5 Partition Mount (PS5PM) ELFs from @ifcompass (aka Ifaicompa), demo and Custom PS5 Theme Tools below from @master s9 via Twitter. 🧑‍🎨

Also below is a NMount PS5 System RW Source from Decompiler via @zecoxao on Twitter for those interested in source code examination of the recent PS5 system/system_ex R/W mounting. :geek:


From Pastebin.com: nmount PS5 system rw source from decompiler
Code:
__int64 __fastcall _payload_base(_QWORD *arrayPointer, unsigned int *lengthPointer, __int64 string1, __int64 string2)
{
  __int64 functionResult; // rax
  _QWORD *str1Ptr; // rbx
  __int64 strdupStr2; // rax
  __int64 strlenStr2; // rax
  int v10; // [rsp+2Ch] [rbp-14h]
  int v11; // [rsp+2Ch] [rbp-14h]

  functionResult = *lengthPointer;
  if ( (int)functionResult >= 0 )
  {
    v10 = *lengthPointer;
    *arrayPointer = realloc(*arrayPointer, 16LL * (int)(*lengthPointer + 2));
    if ( *arrayPointer )
    {
      str1Ptr = (_QWORD *)(*arrayPointer + 16LL * v10);
      *str1Ptr = strdup(string1);
      *(_QWORD *)(*arrayPointer + 16LL * v10 + 8) = strlen(string1) + 1;
      v11 = v10 + 1;
      if ( string2 )
        strdupStr2 = strdup(string2);
      else
        strdupStr2 = 0LL;
      *(_QWORD *)(*arrayPointer + 16LL * v11) = strdupStr2;
      if ( string2 )
        strlenStr2 = strlen(string2) + 1;
      else
        strlenStr2 = 0LL;
      *(_QWORD *)(*arrayPointer + 16LL * v11 + 8) = strlenStr2;
      functionResult = (__int64)lengthPointer;
      *lengthPointer = v11 + 1;
    }
    else
    {
      *lengthPointer = -1;
      return perror("realloc");
    }
  }
  return functionResult;
}

int __cdecl main(int argc, const char **argv, const char **envp)
{
  unsigned int v4; // [rsp+4h] [rbp-Ch] BYREF
  __int64 v5; // [rsp+8h] [rbp-8h] BYREF

  v5 = 0LL;
  v4 = 0;
  _payload_base(&v5, &v4, (__int64)"fstype", (__int64)"exfatfs");
  _payload_base(&v5, &v4, (__int64)"fspath", (__int64)"/system");
  _payload_base(&v5, &v4, (__int64)"from", (__int64)"/dev/ssd0.system");
  _payload_base(&v5, &v4, (__int64)"large", (__int64)"yes");
  _payload_base(&v5, &v4, (__int64)"timezone", (__int64)"static");
  _payload_base(&v5, &v4, (__int64)"async", 0LL);
  _payload_base(&v5, &v4, (__int64)"ignoreacl", 0LL);
  if ( !(unsigned int)nmount(v5, v4, 0x10000LL) )
    return 0;
  perror("nmount");
  return 1;
}
The first custom theme for PS5

PS5 Partition mount (PS5PM) [The first PS5 custom theme]
This payload will mount /preinst /system /system_data /system_ex /system_tmp /update partition directory as R/W
  • ELF & Theme Downloads: PS5 partition mount & custom theme (PS5 partition mount & custom theme.zip (108 MB) - includes PS5 Single Partition Mount Payloads: preinst.elf, system.elf, system_ex.elf and update.elf with PS5PM_v1.1.elf alongside Theme files PS5 Hyperdimension Neptunia Theme v1.0.zip and PS5 Hyperdimension Neptunia Theme v1.1.zip)
  • Source code from: John Tornblom <3
PS5 BGM Mod
PS5 Just Do It Theme
PS5 ELDEN RING Custom Theme via @nepustation3322
  • PS5 partition mount & custom theme.zip (185 MB - includes getpid.elf, mntinfo.elf, PS5 BD-JB ELF Loader v1.2.iso, remount.elf, preinst.elf, system.elf, system_ex.elf, update.elf, PS5PM_v1.1.elf, PS5 ELDEN RING Theme v1.1.zip, PS5 Hyperdimension Neptunia Theme v1.0.zip and PS5 Hyperdimension Neptunia Theme v1.1.zip)
  • Theme file can be directly overwritten into the corresponding directory to take effect (y)
PS5 Chainsaw Man Makima Custom Theme via @yyoossk (@yyoossk7821's YouTube Channel)
PS5 Payload Loader
  • Payload⭐.zip (3.1 MB - includes preinst.elf, PS5PM_v1.1.elf, system.elf, system_ex.elf, update.elf, hardware_information.elf, list_all_files.elf, list_logs.elf, pipe_pirate.elf and process_view.elf)
PS5 Theme Cyberpunk 2077
PS5 Theme God of War Ragnarok - Raiden
PS5 Theme God of War - BurningRage
Download: PS5ThemesTools (Latest Version) / PS5.ThemesTools_Cyberpunk2077_V1.04.7z (225 MB) / PS5Themes_GodofWarRagnarok+Font_V1.0.5.7z (394 MB) / GIT
PS5 Partition Mount v1.2 (PS5PM v1.2)
When checking a partial /dev/ssd0 dump with 7zip (the main ssd BGA from PS5) you can see all 13 partitions on it. There is just one issue: when attempting to read the whole ssd blob, the dumping crashes exactly 0 bytes before the start of two partitions we don't know what they do
you can't also access those partitions from the /dev/ system, only the other 11 ones. So, which partitions are these 2? Needs more research...
it is theorized that the coreos is present inside the ssd, so maybe these two partitions have something to do with it...
For users who do not use Telegram:
lol, the reason why mounting the system partitions is only possible in bd-jb (and also in the ps4 ps2 emulator, if a kernel exploit eventually shows for ps5 on 6.50+) is because both of these systems use libkernel_sys, which supports nmount. neither _web nor regular libkernel do
goes without saying to those who purchased a digital ps5: you won't have any fun making permanent changes on your console :)
nobody bought the exploitable game at that time (cturt had not revealed it yet)
you will, you just won't be able to do perma mods until there is a hv exploit
it doesn't work without privs
Permanent PS5 Themes
PS5 Boot Logo Edit
First Custom PS5 Themes with Background Music (BGM) Demos.jpg
 

Comments

Status
Not open for further replies.
Back
Top