Category PS4 CFW and Hacks       Thread starter PSXHAX       Start date Mar 17, 2019 at 1:40 AM       26,206       67            
Following the PS4REN Remote Play Enabler and Nintendo Switch Loader for NSA's software reverse engineering (SRE) suite of tools known as Ghidra (Ghidra Cheat Sheet), PlayStation 4 developer @g991 (aka goldfitzgerald) updated his Github repository with a module to support loading PlayStation 4 ELF files called GhidraPS4Loader, a PS4FlashTool and added structures and definitions to @AlexAltea's (Twitter) PS4 K*** Kernel Software Development Kit for PlayStation 4. :love:

He recently dropped by the forums, and for those who aren't familiar with all his past work (including Emulated PS2 PS4 PKGs, JKPatch, PS4 Trainer Utility and PS4Debug with Updates) Shiningami reminds us "this dude made all this game modding possible" so YES this is a BIG deal and we're ecstatic to see him back on the PS4 scene! :notworthy:

Be sure to bookmark his blog at JohnFitz.me, read about his other projects, subscribe to his YouTube Channel, follow him on Twitter and even Hire Him (serious inquiries only, please). (y)

Download: GhidraPS4Loader-master.zip / GhidraPS4Loader GIT / ps4flashtool-master.zip / PS4FlashTool GIT / ps4-k***-master.zip / K*** GIT / ghidra_9.0_PUBLIC_20190317_GhidraPS4Loader.zip (294 KB - Compiled via Z80 aka @oneman123) / ghidra_9.0_PUBLIC_20190319_GhidraPS4Loader.zip (294.14 KB - Fixed Version Compiled via Z80 aka @oneman123) / Mirror

To quote from the GhidraPS4Loader README.md: Ghidra PS4 Loader by golden

This is a simple module for Ghidra to support loading PlayStation 4 ELF files. I will post a released extension when more work is done on this.

Installation
  1. Build with gradle, find the zip file in dist folder
  2. Extract the zip file to Ghidra/Extensions
  3. Start Ghidra
  4. Drag and drop PlayStation 4 binary into Ghidra (such as a game eboot)
  5. Select PlayStation 4 ELF in the Format field
  6. Press OK
  7. ??
  8. Profit.
Common Issues

~ If you are missing the ps4database.xml file, then the option to load a PlayStation 4 ELF will not show up.
~ Make sure your ELF is decrypted.
~ Make sure your ELF does not have the Sony header that is in encrypted ELF files.

TODO

~ I want to add a lot of features. Want to help? Please open an issue with an idea or submit a pull request!
~ Use StructConverter and show Sony and ELF header structures
~ Change region name from RAM to something else?
~ Make it so that imports are valid code, so it doesn't mess with decompiler

Credits

Major credits to xerpi for his Vita script, aerosoul94 for his dynlib project and database format, and Adubbz for his Switch loader. I was lazy to learn everything about Ghidra from scratch!

:arrow: From the PS4FlashTool README.md: PlayStation 4 Flash Tool by golden
Code:
~ PlayStation 4 flash tool v1.0 | by golden ~

Usage: flashtool [option(s)]

Examples:
       flashtool --extract dumps -i flashdump.bin
       flashtool --emcipl patchedipl.bin -k CXD44G.keys --input flashdump.bin --output flashout.bin
       flashtool --eapkbl patchedkbl.bin -k cec_h4x_sram_dmp_CXD36G.keys --input flashdump.bin --output flashout.bin
       flashtool -k CXD42G.keys -v -n --input flashdump.bin
       flashtool --extract dumps -n --input flashdump.bin
       flashtool --eapkern eapkern_hdd_enc.bin,eapkern_hdd_dec.bin
Options:
       -h, --help                                                show this help message
       -v, --verbose                                                     verbose output
       -i [flash], --input [flash]                                     flash file input
       -o [flash], --output [flash]                                   flash file output
       -n, --noverify                                do not verify the flash signatures
       -k, --keyfile                                      override the default key file
       --extract [dir]                                       extract files to directory
       --emcipl [emcipl]                       replace EMC IPL (initial program loader)
       --eapkbl [eapkbl]                           replace EAP KBL (kernel boot loader)
       --eapkern [input,output]                                  decrypt the EAP kernel
Everything you can replace in the flash is resigned when you replace it. Also, when the extract option is enabled, the files will be extracted after the replacement/resigning.

!! This tool will never overwrite your existing flash dump file! You must specify an output. !!

This release includes no keys and I will never release keys.

You must create your own keyfile if you have keys. Look at keymgr.h for the format. Look at the fail0verflow article if you want to try and derive the keys yourself. There may be some bugs with this release.

Shoutout to Team Molecule for ARZL decompress, zecoxao for some NVS information on the wiki, SKFU and iqd for SLB2, and many anonymous contributors!

:arrow: And from the PS4 K*** README.md: This is an *** for PlayStation 4 kernels! Support for 5.05 only right now! Created by Alexandro Sanchez Bach and maintained by golden. Check out Alex's project Oribital.

If you have some code you want to commit, just message me, open an issue, or make a pull request. I can add it or you can.

GhidraPS4Loader PS4 ELF Loader, PS4FlashTool & More by Jogolden!.jpg
 

Comments

g991

Developer
Senior Member
Contributor
Verified
The PS4 scene is toxic because no one can work together, no one listens to people that know what they are talking about, and no one can be trusted. Same situation with how the Mafia broke up... lol
 

HackYourPS4

Senior Member
Contributor
Verified
@Zoilus you are right. I already said similar opinion few years ago: if someone trustfull person in scene or website started to accept donations for working exploit or cfw im sure devs would release kexploits or cfw for 20-40k.
 

Aer0S0ul95

Senior Member
Contributor
@g991 sony loves using kvm lmao.
especially as a last resort lol

@Zoilus but there needs to be middle ground between ppl trying to learn those that can help
and ppl who like to mix things up
only way ppl can progress moving foward
 

Gwyn

Member
Contributor
Verified
If you want a hack, then go out and learn to do it yourself. The ps4 scene and devs don't owe us anything. They will release it when/if the current exploit method is patched by Sony (unlikely they will patch it on purpose due to the fact that they already know how the exploit is done.

They bought a jailbroken system off Ebay from an absolute idiot that was advertising it as backups. Look it up) so unless they find a new exploit in the security code or a hardware mod is created, dont hold your breath.
 

Chaos Kid

Developer
Senior Member
Contributor
Devs do as they wish they release when they want its always on there time never end users time this should be obvious to people whom pay attention to what's going on.

Most devs aren't fame seekers they release for others as they wish and of there time as it was there hard work and time put into what is released.
 

Zoilus

Developer
Senior Member
Contributor
Verified
@Aer0S0ul95 there is no middle ground to anything. Something gets done or it doesn't. there is no such thing as try. Saying "people who like to mix things up" is vague and doesn't mean anything. Drug dealers like to mix things up. The scene moving forward is strictly up to developers, period. Like @Chaos Kid said... they do as they wish, they release what they want when they want, they owe nothing to nobody.

And to PROGRESS forward is another vague statement... in this case they have already progressed forward, a kernel dump for 6.5 was already done, right after the update meaning the hole has not been patched. They are still not sharing it and they don't have to.

If you want it to progress forward, don't wait on somebody else YOU learn and YOU do it. Doing something that nobody else does and not waiting for somebody else... now thats progress!
 

SSShowmik

Senior Member
Contributor
@Zoilus dude what the bloody hell are you saying. We have been saying for years that we would love to contribute buy supporting the devs with patroeon and money as much as we can. Please don't portray us as the sole evildoers of the scene.

In other scenes, aside from the fact the hacks are updated, the devs are also constantly in touch with the end users of the scenes and always keeping them in the loop. If we even politely ask for something, we are shoved this toxic line at our faces "why don't you go make it yourself" I am honestly sick of that line.

So please, don't hurt us more than we already are. We have a few respectful devs like specterdev and would love to support him if he ever opens a patreon.
 

Deepsht

Senior Member
Contributor
Verified
after the last few posts, i strongly believe 90% of these epeens do nothing for the public 'devs' should quit, or just release 6.20, or both
 
Recent Articles
CoD: Modern Warfare 2v2 Alpha Gamescom 2019 PS4 Trailer and Tips
The public Gamescom 2019 event runs from August 21st through the 24th, and during the weekend of August 23rd through the 25th gamers will be able to pay the Call of Duty: Modern Warfare 2v2 Alpha...
Ninja Shodown PS4 Homebrew Game in Development, Demo by Markus95
Since the PCSX-R Emulator PS4 PKG release, PlayStation 4 developer @Markus95 (aka @Kus00095) shared a demonstration video of a new homebrew game in development for PS4, PS Vita and Nintendo Switch...
Red Dead Redemption 2 Modding Demos by RDR2 Modder JediJosh920
Following the Spider-Man PS4 Models & Textures Tool and IG PS4 Modding Tools, this weekend RDR2 modder @jedijosh920 (Web site / Twitter) shared on his YouTube Channel some demonstration videos of...
Action-RPG Oninaki Joins New PlayStation 4 Games Next Week
Next week Tokyo RPG Factory's latest action-RPG Oninaki hits PlayStation 4 on August 22nd casting you as a Watcher, tasked with helping usher the souls of the departed into their next life. đź—Ľ...
Top