Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 CFW and Hacks       Thread starter PSXHAX       Start date Mar 17, 2019 at 1:40 AM       68      
Status
Not open for further replies.
Following the PS4REN Remote Play Enabler and Nintendo Switch Loader for NSA's software reverse engineering (SRE) suite of tools known as Ghidra (Ghidra Cheat Sheet), PlayStation 4 developer @g991 (aka goldfitzgerald) updated his Github repository with a module to support loading PlayStation 4 ELF files called GhidraPS4Loader, a PS4FlashTool and added structures and definitions to @AlexAltea's (Twitter) PS4 KSDK Kernel Software Development Kit for PlayStation 4. :love:

He recently dropped by the forums, and for those who aren't familiar with all his past work (including Emulated PS2 PS4 PKGs, JKPatch, PS4 Trainer Utility and PS4Debug with Updates) Shiningami reminds us "this dude made all this game modding possible" so YES this is a BIG deal and we're ecstatic to see him back on the PS4 scene! :notworthy:

Be sure to bookmark his blog at JohnFitz.me, read about his other projects, subscribe to his YouTube Channel, follow him on Twitter and even Hire Him (serious inquiries only, please). (y)

Download: GhidraPS4Loader-master.zip / GhidraPS4Loader GIT / ps4flashtool-master.zip / PS4FlashTool GIT / ps4-ksdk-master.zip / KSDK GIT / ghidra_9.0_PUBLIC_20190317_GhidraPS4Loader.zip (294 KB - Compiled via Z80 aka @oneman123) / ghidra_9.0_PUBLIC_20190319_GhidraPS4Loader.zip (294.14 KB - Fixed Version Compiled via Z80 aka @oneman123) / Mirror / Burgos1337 GIT / 900_port.zip (PS4 KSDK 9.00 fork by kmeps4) / GIT

To quote from the GhidraPS4Loader README.md: Ghidra PS4 Loader by golden

This is a simple module for Ghidra to support loading PlayStation 4 ELF files. I will post a released extension when more work is done on this.

Installation
  1. Build with gradle, find the zip file in dist folder
  2. Extract the zip file to Ghidra/Extensions
  3. Start Ghidra
  4. Drag and drop PlayStation 4 binary into Ghidra (such as a game eboot)
  5. Select PlayStation 4 ELF in the Format field
  6. Press OK
  7. ??
  8. Profit.
Common Issues

~ If you are missing the ps4database.xml file, then the option to load a PlayStation 4 ELF will not show up.
~ Make sure your ELF is decrypted.
~ Make sure your ELF does not have the Sony header that is in encrypted ELF files.

TODO

~ I want to add a lot of features. Want to help? Please open an issue with an idea or submit a pull request!
~ Use StructConverter and show Sony and ELF header structures
~ Change region name from RAM to something else?
~ Make it so that imports are valid code, so it doesn't mess with decompiler

Credits

Major credits to xerpi for his Vita script, aerosoul94 for his dynlib project and database format, and Adubbz for his Switch loader. I was lazy to learn everything about Ghidra from scratch!

:arrow: From the PS4FlashTool README.md: PlayStation 4 Flash Tool by golden
Code:
~ PlayStation 4 flash tool v1.0 | by golden ~

Usage: flashtool [option(s)]

Examples:
       flashtool --extract dumps -i flashdump.bin
       flashtool --emcipl patchedipl.bin -k CXD44G.keys --input flashdump.bin --output flashout.bin
       flashtool --eapkbl patchedkbl.bin -k cec_h4x_sram_dmp_CXD36G.keys --input flashdump.bin --output flashout.bin
       flashtool -k CXD42G.keys -v -n --input flashdump.bin
       flashtool --extract dumps -n --input flashdump.bin
       flashtool --eapkern eapkern_hdd_enc.bin,eapkern_hdd_dec.bin
Options:
       -h, --help                                                show this help message
       -v, --verbose                                                     verbose output
       -i [flash], --input [flash]                                     flash file input
       -o [flash], --output [flash]                                   flash file output
       -n, --noverify                                do not verify the flash signatures
       -k, --keyfile                                      override the default key file
       --extract [dir]                                       extract files to directory
       --emcipl [emcipl]                       replace EMC IPL (initial program loader)
       --eapkbl [eapkbl]                           replace EAP KBL (kernel boot loader)
       --eapkern [input,output]                                  decrypt the EAP kernel
Everything you can replace in the flash is resigned when you replace it. Also, when the extract option is enabled, the files will be extracted after the replacement/resigning.

!! This tool will never overwrite your existing flash dump file! You must specify an output. !!

This release includes no keys and I will never release keys.

You must create your own keyfile if you have keys. Look at keymgr.h for the format. Look at the fail0verflow article if you want to try and derive the keys yourself. There may be some bugs with this release.

Shoutout to Team Molecule for ARZL decompress, zecoxao for some NVS information on the wiki, SKFU and iqd for SLB2, and many anonymous contributors!

:arrow: And from the PS4 KSDK README.md: This is an *** for PlayStation 4 kernels! Support for 5.05 only right now! Created by Alexandro Sanchez Bach and maintained by golden. Check out Alex's project Oribital.

If you have some code you want to commit, just message me, open an issue, or make a pull request. I can add it or you can.

GhidraPS4Loader PS4 ELF Loader, PS4FlashTool & More by Jogolden!.jpg
 

Comments

The PS4 scene is toxic because no one can work together, no one listens to people that know what they are talking about, and no one can be trusted. Same situation with how the Mafia broke up... lol
 
@Zoilus you are right. I already said similar opinion few years ago: if someone trustfull person in scene or website started to accept donations for working exploit or cfw im sure devs would release kexploits or cfw for 20-40k.
 
@g991 sony loves using kvm lmao.
especially as a last resort lol

@Zoilus but there needs to be middle ground between ppl trying to learn those that can help
and ppl who like to mix things up
only way ppl can progress moving foward
 
If you want a hack, then go out and learn to do it yourself. The ps4 scene and devs don't owe us anything. They will release it when/if the current exploit method is patched by Sony (unlikely they will patch it on purpose due to the fact that they already know how the exploit is done.

They bought a jailbroken system off Ebay from an absolute idiot that was advertising it as backups. Look it up) so unless they find a new exploit in the security code or a hardware mod is created, dont hold your breath.
 
Devs do as they wish they release when they want its always on there time never end users time this should be obvious to people whom pay attention to what's going on.

Most devs aren't fame seekers they release for others as they wish and of there time as it was there hard work and time put into what is released.
 
@Aer0S0ul95 there is no middle ground to anything. Something gets done or it doesn't. there is no such thing as try. Saying "people who like to mix things up" is vague and doesn't mean anything. Drug dealers like to mix things up. The scene moving forward is strictly up to developers, period. Like @Chaos Kid said... they do as they wish, they release what they want when they want, they owe nothing to nobody.

And to PROGRESS forward is another vague statement... in this case they have already progressed forward, a kernel dump for 6.5 was already done, right after the update meaning the hole has not been patched. They are still not sharing it and they don't have to.

If you want it to progress forward, don't wait on somebody else YOU learn and YOU do it. Doing something that nobody else does and not waiting for somebody else... now thats progress!
 
@Zoilus dude what the bloody hell are you saying. We have been saying for years that we would love to contribute buy supporting the devs with patroeon and money as much as we can. Please don't portray us as the sole evildoers of the scene.

In other scenes, aside from the fact the hacks are updated, the devs are also constantly in touch with the end users of the scenes and always keeping them in the loop. If we even politely ask for something, we are shoved this toxic line at our faces "why don't you go make it yourself" I am honestly sick of that line.

So please, don't hurt us more than we already are. We have a few respectful devs like specterdev and would love to support him if he ever opens a patreon.
 
after the last few posts, i strongly believe 90% of these epeens do nothing for the public 'devs' should quit, or just release 6.20, or both
 
Status
Not open for further replies.
Back
Top