Category PS4 CFW and Hacks       Thread starter PSXHAX       Start date Mar 17, 2019 at 1:40 AM       25,620       67            
Following the PS4REN Remote Play Enabler and Nintendo Switch Loader for NSA's software reverse engineering (SRE) suite of tools known as Ghidra (Ghidra Cheat Sheet), PlayStation 4 developer @g991 (aka goldfitzgerald) updated his Github repository with a module to support loading PlayStation 4 ELF files called GhidraPS4Loader, a PS4FlashTool and added structures and definitions to @AlexAltea's (Twitter) PS4 K*** Kernel Software Development Kit for PlayStation 4. :love:

He recently dropped by the forums, and for those who aren't familiar with all his past work (including Emulated PS2 PS4 PKGs, JKPatch, PS4 Trainer Utility and PS4Debug with Updates) Shiningami reminds us "this dude made all this game modding possible" so YES this is a BIG deal and we're ecstatic to see him back on the PS4 scene! :notworthy:

Be sure to bookmark his blog at JohnFitz.me, read about his other projects, subscribe to his YouTube Channel, follow him on Twitter and even Hire Him (serious inquiries only, please). (y)

Download: GhidraPS4Loader-master.zip / GhidraPS4Loader GIT / ps4flashtool-master.zip / PS4FlashTool GIT / ps4-k***-master.zip / K*** GIT / ghidra_9.0_PUBLIC_20190317_GhidraPS4Loader.zip (294 KB - Compiled via Z80 aka @oneman123) / ghidra_9.0_PUBLIC_20190319_GhidraPS4Loader.zip (294.14 KB - Fixed Version Compiled via Z80 aka @oneman123) / Mirror

To quote from the GhidraPS4Loader README.md: Ghidra PS4 Loader by golden

This is a simple module for Ghidra to support loading PlayStation 4 ELF files. I will post a released extension when more work is done on this.

Installation
  1. Build with gradle, find the zip file in dist folder
  2. Extract the zip file to Ghidra/Extensions
  3. Start Ghidra
  4. Drag and drop PlayStation 4 binary into Ghidra (such as a game eboot)
  5. Select PlayStation 4 ELF in the Format field
  6. Press OK
  7. ??
  8. Profit.
Common Issues

~ If you are missing the ps4database.xml file, then the option to load a PlayStation 4 ELF will not show up.
~ Make sure your ELF is decrypted.
~ Make sure your ELF does not have the Sony header that is in encrypted ELF files.

TODO

~ I want to add a lot of features. Want to help? Please open an issue with an idea or submit a pull request!
~ Use StructConverter and show Sony and ELF header structures
~ Change region name from RAM to something else?
~ Make it so that imports are valid code, so it doesn't mess with decompiler

Credits

Major credits to xerpi for his Vita script, aerosoul94 for his dynlib project and database format, and Adubbz for his Switch loader. I was lazy to learn everything about Ghidra from scratch!

:arrow: From the PS4FlashTool README.md: PlayStation 4 Flash Tool by golden
Code:
~ PlayStation 4 flash tool v1.0 | by golden ~

Usage: flashtool [option(s)]

Examples:
       flashtool --extract dumps -i flashdump.bin
       flashtool --emcipl patchedipl.bin -k CXD44G.keys --input flashdump.bin --output flashout.bin
       flashtool --eapkbl patchedkbl.bin -k cec_h4x_sram_dmp_CXD36G.keys --input flashdump.bin --output flashout.bin
       flashtool -k CXD42G.keys -v -n --input flashdump.bin
       flashtool --extract dumps -n --input flashdump.bin
       flashtool --eapkern eapkern_hdd_enc.bin,eapkern_hdd_dec.bin
Options:
       -h, --help                                                show this help message
       -v, --verbose                                                     verbose output
       -i [flash], --input [flash]                                     flash file input
       -o [flash], --output [flash]                                   flash file output
       -n, --noverify                                do not verify the flash signatures
       -k, --keyfile                                      override the default key file
       --extract [dir]                                       extract files to directory
       --emcipl [emcipl]                       replace EMC IPL (initial program loader)
       --eapkbl [eapkbl]                           replace EAP KBL (kernel boot loader)
       --eapkern [input,output]                                  decrypt the EAP kernel
Everything you can replace in the flash is resigned when you replace it. Also, when the extract option is enabled, the files will be extracted after the replacement/resigning.

!! This tool will never overwrite your existing flash dump file! You must specify an output. !!

This release includes no keys and I will never release keys.

You must create your own keyfile if you have keys. Look at keymgr.h for the format. Look at the fail0verflow article if you want to try and derive the keys yourself. There may be some bugs with this release.

Shoutout to Team Molecule for ARZL decompress, zecoxao for some NVS information on the wiki, SKFU and iqd for SLB2, and many anonymous contributors!

:arrow: And from the PS4 K*** README.md: This is an *** for PlayStation 4 kernels! Support for 5.05 only right now! Created by Alexandro Sanchez Bach and maintained by golden. Check out Alex's project Oribital.

If you have some code you want to commit, just message me, open an issue, or make a pull request. I can add it or you can.

GhidraPS4Loader PS4 ELF Loader, PS4FlashTool & More by Jogolden!.jpg
 

Comments

Recent Articles
Deadpool 60 FPS Mod PS4 Package (PKG) by Wastelander121
Last week he made available a Dishonored: Definitive Edition 60 FPS Mod PS4 PKG, and today @Wastelander121 returns bringing a Deadpool 60 FPS Mod PS4 PKG (CUSA-03528) via Twitter with a...
Wolfenstein: Cyberpilot & Wolfenstein: Youngblood Join Latest PS4 Games
PlayStation VR fans can expect to see Wolfenstein: Cyberpilot arrive on PS VR while Wolfenstein: Youngblood hits PS4... both on July 26th: :) Wolfenstein: Cyberpilot puts you in the action on...
IG Tools: Insomniac Games Reversing and Modding PS4 Tools
Following recent Spiderman PS4 Decryption and PS4 Remote Play Protocol Reverse-Engineering development comes IG Tools this weekend by doesthisusername, which are a collection of Kaitai Struct /...
FFVII Dreamake: Final Fantasy 7 Remake in Dreams by Sosetsuken5360
Last month we saw a Metal Gear Solid HD Remake playable in Dreams on PS4, and this weekend another noteworthy creation dubbed FFVII Dreamake (a fan-made Final Fantasy 7 Remake) by Sosetsuken5360...
Top