Following the PS4REN Remote Play Enabler and Nintendo Switch Loader for NSA's software reverse engineering (SRE) suite of tools known as Ghidra (Ghidra Cheat Sheet), PlayStation 4 developer @g991 (aka goldfitzgerald) updated his Github repository with a module to support loading PlayStation 4 ELF files called GhidraPS4Loader, a PS4FlashTool and added structures and definitions to @AlexAltea's (Twitter) PS4 KSDK Kernel Software Development Kit for PlayStation 4.
He recently dropped by the forums, and for those who aren't familiar with all his past work (including Emulated PS2 PS4 PKGs, JKPatch, PS4 Trainer Utility and PS4Debug with Updates) Shiningami reminds us "this dude made all this game modding possible" so YES this is a BIG deal and we're ecstatic to see him back on the PS4 scene!
Be sure to bookmark his blog at JohnFitz.me, read about his other projects, subscribe to his YouTube Channel, follow him on Twitter and even Hire Him (serious inquiries only, please).
Download: GhidraPS4Loader-master.zip / GhidraPS4Loader GIT / ps4flashtool-master.zip / PS4FlashTool GIT / ps4-ksdk-master.zip / KSDK GIT /ghidra_9.0_PUBLIC_20190317_GhidraPS4Loader.zip (294 KB - Compiled via Z80 aka @oneman123) / ghidra_9.0_PUBLIC_20190319_GhidraPS4Loader.zip (294.14 KB - Fixed Version Compiled via Z80 aka @oneman123) / Mirror / Burgos1337 GIT / 900_port.zip (PS4 KSDK 9.00 fork by kmeps4) / GIT
To quote from the GhidraPS4Loader README.md: Ghidra PS4 Loader by golden
This is a simple module for Ghidra to support loading PlayStation 4 ELF files. I will post a released extension when more work is done on this.
Installation
~ If you are missing the ps4database.xml file, then the option to load a PlayStation 4 ELF will not show up.
~ Make sure your ELF is decrypted.
~ Make sure your ELF does not have the Sony header that is in encrypted ELF files.
TODO
~ I want to add a lot of features. Want to help? Please open an issue with an idea or submit a pull request!
~ Use StructConverter and show Sony and ELF header structures
~ Change region name from RAM to something else?
~ Make it so that imports are valid code, so it doesn't mess with decompiler
Credits
Major credits to xerpi for his Vita script, aerosoul94 for his dynlib project and database format, and Adubbz for his Switch loader. I was lazy to learn everything about Ghidra from scratch!
From the PS4FlashTool README.md: PlayStation 4 Flash Tool by golden
Everything you can replace in the flash is resigned when you replace it. Also, when the extract option is enabled, the files will be extracted after the replacement/resigning.
!! This tool will never overwrite your existing flash dump file! You must specify an output. !!
This release includes no keys and I will never release keys.
You must create your own keyfile if you have keys. Look at keymgr.h for the format. Look at the fail0verflow article if you want to try and derive the keys yourself. There may be some bugs with this release.
Shoutout to Team Molecule for ARZL decompress, zecoxao for some NVS information on the wiki, SKFU and iqd for SLB2, and many anonymous contributors!
And from the PS4 KSDK README.md: This is an *** for PlayStation 4 kernels! Support for 5.05 only right now! Created by Alexandro Sanchez Bach and maintained by golden. Check out Alex's project Oribital.
If you have some code you want to commit, just message me, open an issue, or make a pull request. I can add it or you can.
He recently dropped by the forums, and for those who aren't familiar with all his past work (including Emulated PS2 PS4 PKGs, JKPatch, PS4 Trainer Utility and PS4Debug with Updates) Shiningami reminds us "this dude made all this game modding possible" so YES this is a BIG deal and we're ecstatic to see him back on the PS4 scene!
Be sure to bookmark his blog at JohnFitz.me, read about his other projects, subscribe to his YouTube Channel, follow him on Twitter and even Hire Him (serious inquiries only, please).
Download: GhidraPS4Loader-master.zip / GhidraPS4Loader GIT / ps4flashtool-master.zip / PS4FlashTool GIT / ps4-ksdk-master.zip / KSDK GIT /
To quote from the GhidraPS4Loader README.md: Ghidra PS4 Loader by golden
This is a simple module for Ghidra to support loading PlayStation 4 ELF files. I will post a released extension when more work is done on this.
Installation
- Build with gradle, find the zip file in dist folder
- Extract the zip file to Ghidra/Extensions
- Start Ghidra
- Drag and drop PlayStation 4 binary into Ghidra (such as a game eboot)
- Select PlayStation 4 ELF in the Format field
- Press OK
- ??
- Profit.
~ If you are missing the ps4database.xml file, then the option to load a PlayStation 4 ELF will not show up.
~ Make sure your ELF is decrypted.
~ Make sure your ELF does not have the Sony header that is in encrypted ELF files.
TODO
~ I want to add a lot of features. Want to help? Please open an issue with an idea or submit a pull request!
~ Use StructConverter and show Sony and ELF header structures
~ Change region name from RAM to something else?
~ Make it so that imports are valid code, so it doesn't mess with decompiler
Credits
Major credits to xerpi for his Vita script, aerosoul94 for his dynlib project and database format, and Adubbz for his Switch loader. I was lazy to learn everything about Ghidra from scratch!
From the PS4FlashTool README.md: PlayStation 4 Flash Tool by golden
Code:
~ PlayStation 4 flash tool v1.0 | by golden ~
Usage: flashtool [option(s)]
Examples:
flashtool --extract dumps -i flashdump.bin
flashtool --emcipl patchedipl.bin -k CXD44G.keys --input flashdump.bin --output flashout.bin
flashtool --eapkbl patchedkbl.bin -k cec_h4x_sram_dmp_CXD36G.keys --input flashdump.bin --output flashout.bin
flashtool -k CXD42G.keys -v -n --input flashdump.bin
flashtool --extract dumps -n --input flashdump.bin
flashtool --eapkern eapkern_hdd_enc.bin,eapkern_hdd_dec.bin
Options:
-h, --help show this help message
-v, --verbose verbose output
-i [flash], --input [flash] flash file input
-o [flash], --output [flash] flash file output
-n, --noverify do not verify the flash signatures
-k, --keyfile override the default key file
--extract [dir] extract files to directory
--emcipl [emcipl] replace EMC IPL (initial program loader)
--eapkbl [eapkbl] replace EAP KBL (kernel boot loader)
--eapkern [input,output] decrypt the EAP kernel
!! This tool will never overwrite your existing flash dump file! You must specify an output. !!
This release includes no keys and I will never release keys.
You must create your own keyfile if you have keys. Look at keymgr.h for the format. Look at the fail0verflow article if you want to try and derive the keys yourself. There may be some bugs with this release.
Shoutout to Team Molecule for ARZL decompress, zecoxao for some NVS information on the wiki, SKFU and iqd for SLB2, and many anonymous contributors!
And from the PS4 KSDK README.md: This is an *** for PlayStation 4 kernels! Support for 5.05 only right now! Created by Alexandro Sanchez Bach and maintained by golden. Check out Alex's project Oribital.
If you have some code you want to commit, just message me, open an issue, or make a pull request. I can add it or you can.