Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 CFW and Hacks       Thread starter PSXHAX       Start date Mar 17, 2019 at 1:40 AM       68      
Status
Not open for further replies.
Following the PS4REN Remote Play Enabler and Nintendo Switch Loader for NSA's software reverse engineering (SRE) suite of tools known as Ghidra (Ghidra Cheat Sheet), PlayStation 4 developer @g991 (aka goldfitzgerald) updated his Github repository with a module to support loading PlayStation 4 ELF files called GhidraPS4Loader, a PS4FlashTool and added structures and definitions to @AlexAltea's (Twitter) PS4 KSDK Kernel Software Development Kit for PlayStation 4. :love:

He recently dropped by the forums, and for those who aren't familiar with all his past work (including Emulated PS2 PS4 PKGs, JKPatch, PS4 Trainer Utility and PS4Debug with Updates) Shiningami reminds us "this dude made all this game modding possible" so YES this is a BIG deal and we're ecstatic to see him back on the PS4 scene! :notworthy:

Be sure to bookmark his blog at JohnFitz.me, read about his other projects, subscribe to his YouTube Channel, follow him on Twitter and even Hire Him (serious inquiries only, please). (y)

Download: GhidraPS4Loader-master.zip / GhidraPS4Loader GIT / ps4flashtool-master.zip / PS4FlashTool GIT / ps4-ksdk-master.zip / KSDK GIT / ghidra_9.0_PUBLIC_20190317_GhidraPS4Loader.zip (294 KB - Compiled via Z80 aka @oneman123) / ghidra_9.0_PUBLIC_20190319_GhidraPS4Loader.zip (294.14 KB - Fixed Version Compiled via Z80 aka @oneman123) / Mirror / Burgos1337 GIT / 900_port.zip (PS4 KSDK 9.00 fork by kmeps4) / GIT

To quote from the GhidraPS4Loader README.md: Ghidra PS4 Loader by golden

This is a simple module for Ghidra to support loading PlayStation 4 ELF files. I will post a released extension when more work is done on this.

Installation
  1. Build with gradle, find the zip file in dist folder
  2. Extract the zip file to Ghidra/Extensions
  3. Start Ghidra
  4. Drag and drop PlayStation 4 binary into Ghidra (such as a game eboot)
  5. Select PlayStation 4 ELF in the Format field
  6. Press OK
  7. ??
  8. Profit.
Common Issues

~ If you are missing the ps4database.xml file, then the option to load a PlayStation 4 ELF will not show up.
~ Make sure your ELF is decrypted.
~ Make sure your ELF does not have the Sony header that is in encrypted ELF files.

TODO

~ I want to add a lot of features. Want to help? Please open an issue with an idea or submit a pull request!
~ Use StructConverter and show Sony and ELF header structures
~ Change region name from RAM to something else?
~ Make it so that imports are valid code, so it doesn't mess with decompiler

Credits

Major credits to xerpi for his Vita script, aerosoul94 for his dynlib project and database format, and Adubbz for his Switch loader. I was lazy to learn everything about Ghidra from scratch!

:arrow: From the PS4FlashTool README.md: PlayStation 4 Flash Tool by golden
Code:
~ PlayStation 4 flash tool v1.0 | by golden ~

Usage: flashtool [option(s)]

Examples:
       flashtool --extract dumps -i flashdump.bin
       flashtool --emcipl patchedipl.bin -k CXD44G.keys --input flashdump.bin --output flashout.bin
       flashtool --eapkbl patchedkbl.bin -k cec_h4x_sram_dmp_CXD36G.keys --input flashdump.bin --output flashout.bin
       flashtool -k CXD42G.keys -v -n --input flashdump.bin
       flashtool --extract dumps -n --input flashdump.bin
       flashtool --eapkern eapkern_hdd_enc.bin,eapkern_hdd_dec.bin
Options:
       -h, --help                                                show this help message
       -v, --verbose                                                     verbose output
       -i [flash], --input [flash]                                     flash file input
       -o [flash], --output [flash]                                   flash file output
       -n, --noverify                                do not verify the flash signatures
       -k, --keyfile                                      override the default key file
       --extract [dir]                                       extract files to directory
       --emcipl [emcipl]                       replace EMC IPL (initial program loader)
       --eapkbl [eapkbl]                           replace EAP KBL (kernel boot loader)
       --eapkern [input,output]                                  decrypt the EAP kernel
Everything you can replace in the flash is resigned when you replace it. Also, when the extract option is enabled, the files will be extracted after the replacement/resigning.

!! This tool will never overwrite your existing flash dump file! You must specify an output. !!

This release includes no keys and I will never release keys.

You must create your own keyfile if you have keys. Look at keymgr.h for the format. Look at the fail0verflow article if you want to try and derive the keys yourself. There may be some bugs with this release.

Shoutout to Team Molecule for ARZL decompress, zecoxao for some NVS information on the wiki, SKFU and iqd for SLB2, and many anonymous contributors!

:arrow: And from the PS4 KSDK README.md: This is an *** for PlayStation 4 kernels! Support for 5.05 only right now! Created by Alexandro Sanchez Bach and maintained by golden. Check out Alex's project Oribital.

If you have some code you want to commit, just message me, open an issue, or make a pull request. I can add it or you can.

GhidraPS4Loader PS4 ELF Loader, PS4FlashTool & More by Jogolden!.jpg
 

Comments

If your familiar with ProDG From the PS3 Days and IDA Pro then this should be a real treat to you. Ghidra is truly potential and Hell its Free ! Comparing to IDA lol

So lets all just be grateful for this an besides updating games cheats

We all may just get lucky and get a could boot from this and Much more other things
 
As far as I know there was another dev who had cfw from the looks of the video running linux commandline showing the internal structure of linux onboard the system
 
@g991 I think you two could pull off a hit for the PS4 scene. Now that ghidra is boosting the progress and in my perspective making things a little easier for the devs, the PS4 can be jailbroken further
 
a lot of people do not understand we do not have peek/poke style patches for reading/writing memory
like back on the ps3 if someone feels up to it those patches can already be embedded for use
with own kern dev kit.
 
dont keep up as much because the community is toxic.
but its nice to see webkit wont be needed eventually
tho with js, you just bind to a object and log that crap out.
lol. great to see u on board however
 
@Aer0S0ul95
the ONLY reason why the ps4 mod scene is "toxic" is because of ONE reason only...no current hack. period.

lots of ungrateful people who are angry because they can't pirate current games. the ps3 scene, the switch scene ...etc are not as bad because they are and have been up to date. but stop making current cfw/hacks in those scenes especially the switch... and watch how quick it will turn on itself.

Its sad really and borderline pathetic, the people who download "backups" will spend $25 - $100 without blinking an eye to buy ^*&%$ mod menus to cheat online but won't donate .01 cent to devs who cracked the system and or make the cfw/apps/homebrews etc and they won't buy games because money is "tight" however magically they can find funds with no problems to buy menus for cheating.

Over the years devs have saved these people hundreds and thousands of $$$ from having to buy the games... but none of that matters to them if they can't have a current hack. I think ALL future hacks/homebrews/apps/kexploits...etc of current , past and future systems should ALL be funded on go fund me or something. Just don't announce what it is keep it vague so as not to get into legal trouble.

Like a go fund me for: "the deep and thorough analytical and scientific study of the technical workings and construct of the ps4" - but really it's just kexploit ;)
 
correct ppl are greedy but those ppl cant be bothered to do anything for themselves neither. very few are grateful and all ppl think about is me me me. but those ppl will open their mouths anyway so its their beer mainly
 
Status
Not open for further replies.
Back
Top