Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 CFW and Hacks       Thread starter PSXHAX       Start date Mar 17, 2019 at 1:40 AM       68      
Status
Not open for further replies.
Following the PS4REN Remote Play Enabler and Nintendo Switch Loader for NSA's software reverse engineering (SRE) suite of tools known as Ghidra (Ghidra Cheat Sheet), PlayStation 4 developer @g991 (aka goldfitzgerald) updated his Github repository with a module to support loading PlayStation 4 ELF files called GhidraPS4Loader, a PS4FlashTool and added structures and definitions to @AlexAltea's (Twitter) PS4 KSDK Kernel Software Development Kit for PlayStation 4. :love:

He recently dropped by the forums, and for those who aren't familiar with all his past work (including Emulated PS2 PS4 PKGs, JKPatch, PS4 Trainer Utility and PS4Debug with Updates) Shiningami reminds us "this dude made all this game modding possible" so YES this is a BIG deal and we're ecstatic to see him back on the PS4 scene! :notworthy:

Be sure to bookmark his blog at JohnFitz.me, read about his other projects, subscribe to his YouTube Channel, follow him on Twitter and even Hire Him (serious inquiries only, please). (y)

Download: GhidraPS4Loader-master.zip / GhidraPS4Loader GIT / ps4flashtool-master.zip / PS4FlashTool GIT / ps4-ksdk-master.zip / KSDK GIT / ghidra_9.0_PUBLIC_20190317_GhidraPS4Loader.zip (294 KB - Compiled via Z80 aka @oneman123) / ghidra_9.0_PUBLIC_20190319_GhidraPS4Loader.zip (294.14 KB - Fixed Version Compiled via Z80 aka @oneman123) / Mirror / Burgos1337 GIT / 900_port.zip (PS4 KSDK 9.00 fork by kmeps4) / GIT

To quote from the GhidraPS4Loader README.md: Ghidra PS4 Loader by golden

This is a simple module for Ghidra to support loading PlayStation 4 ELF files. I will post a released extension when more work is done on this.

Installation
  1. Build with gradle, find the zip file in dist folder
  2. Extract the zip file to Ghidra/Extensions
  3. Start Ghidra
  4. Drag and drop PlayStation 4 binary into Ghidra (such as a game eboot)
  5. Select PlayStation 4 ELF in the Format field
  6. Press OK
  7. ??
  8. Profit.
Common Issues

~ If you are missing the ps4database.xml file, then the option to load a PlayStation 4 ELF will not show up.
~ Make sure your ELF is decrypted.
~ Make sure your ELF does not have the Sony header that is in encrypted ELF files.

TODO

~ I want to add a lot of features. Want to help? Please open an issue with an idea or submit a pull request!
~ Use StructConverter and show Sony and ELF header structures
~ Change region name from RAM to something else?
~ Make it so that imports are valid code, so it doesn't mess with decompiler

Credits

Major credits to xerpi for his Vita script, aerosoul94 for his dynlib project and database format, and Adubbz for his Switch loader. I was lazy to learn everything about Ghidra from scratch!

:arrow: From the PS4FlashTool README.md: PlayStation 4 Flash Tool by golden
Code:
~ PlayStation 4 flash tool v1.0 | by golden ~

Usage: flashtool [option(s)]

Examples:
       flashtool --extract dumps -i flashdump.bin
       flashtool --emcipl patchedipl.bin -k CXD44G.keys --input flashdump.bin --output flashout.bin
       flashtool --eapkbl patchedkbl.bin -k cec_h4x_sram_dmp_CXD36G.keys --input flashdump.bin --output flashout.bin
       flashtool -k CXD42G.keys -v -n --input flashdump.bin
       flashtool --extract dumps -n --input flashdump.bin
       flashtool --eapkern eapkern_hdd_enc.bin,eapkern_hdd_dec.bin
Options:
       -h, --help                                                show this help message
       -v, --verbose                                                     verbose output
       -i [flash], --input [flash]                                     flash file input
       -o [flash], --output [flash]                                   flash file output
       -n, --noverify                                do not verify the flash signatures
       -k, --keyfile                                      override the default key file
       --extract [dir]                                       extract files to directory
       --emcipl [emcipl]                       replace EMC IPL (initial program loader)
       --eapkbl [eapkbl]                           replace EAP KBL (kernel boot loader)
       --eapkern [input,output]                                  decrypt the EAP kernel
Everything you can replace in the flash is resigned when you replace it. Also, when the extract option is enabled, the files will be extracted after the replacement/resigning.

!! This tool will never overwrite your existing flash dump file! You must specify an output. !!

This release includes no keys and I will never release keys.

You must create your own keyfile if you have keys. Look at keymgr.h for the format. Look at the fail0verflow article if you want to try and derive the keys yourself. There may be some bugs with this release.

Shoutout to Team Molecule for ARZL decompress, zecoxao for some NVS information on the wiki, SKFU and iqd for SLB2, and many anonymous contributors!

:arrow: And from the PS4 KSDK README.md: This is an *** for PlayStation 4 kernels! Support for 5.05 only right now! Created by Alexandro Sanchez Bach and maintained by golden. Check out Alex's project Oribital.

If you have some code you want to commit, just message me, open an issue, or make a pull request. I can add it or you can.

GhidraPS4Loader PS4 ELF Loader, PS4FlashTool & More by Jogolden!.jpg
 

Comments

I firmly believe people with the sheer ignorance to insult devs and people cause it don't suit there needs should have there head bashed in as there attitude is so much Holly then tho but hey sieze the say if that's what does it for you
 
@SSShowmik 100% false. Devs have for a looooong time put up emails so people can donate to their paypals, they've put up the KOFI thing where you can donate there... rebug who has been around forever ... have had a donation tab, when you download the zip and get the link from the txt inside of it, it has always said how nobody really donates.... and its been like that for YEARS and YEARS .... talk is one thing which is what you are doing ACTION is what matters and the community has clearly shown they don't support.

I've made put together a couple of things here and there, I put email links to paypal , all of my stuff combined has been downloaded over 100,000 times and do you know how much in donations I've gotten for my hours of work? for the hours and hours of tutorials videos I've made..... $26!! so don't gimme that sad puppy speech, words mean nothing... the actions or lack there of.... have said everything.

and yes you better believe those other scenes will turn more toxic in a heartbeat! Switch 7.x cfw took like 2 months to come out... more or less and I already saw people getting antsy!! big time. I don't know what world you live in, but mine is one of facts and proof and when team rebug, habib, DeanK... etc and many others have given up on waiting for people to make donations.... thats not made up, its real its fact.
 
i go by the premise if you can think of it ...its prob already been done... ofc they are people out there with jailbroken ps4s online playing the latest games.. if they gave that to everyone psn would be a mess i think they learned there lesson with the ps3
 
@Zoilus maybe your right and absolutely makes sense. But I have not seen any of that from the PS4 scene. Maybe back in the PS3 scene they may have asked and no one gave a damn. But I am talking about the PS4 scene and from my memory I haven't seen anything.

I've only seen Alexalteas patreon for the orbital emulator. Maybe you're right man, you've been in these scenes longer than us. But Im just trying to say that portraying all the end users as villains is not cool.

@bonusb4ll we don't even need the latest one, we will be happy with a jailbreak prior to the latest. Doing this will have ensured that there are more ppl in the community and also protecting PSN in the process.
 
@SSShowmik if you have not seen anything about donations on the ps4 scene ...its clearly because you're not looking. KiiWii who made the X-project for ps4 which is seriously one of if not the most amazing and popular exploit/playgrounds has a donation link literally right on the main page/post of his project, where all the instructions and downloads are.

And if by chance you do see less its only because we all gave up since nobody donated. Also, you don't need a like to tell you to donate, common sense and courtesy dictates that you can just pm the dev and say hey, I want to donate/contribute!

Portraying all the end users as villians is not cool , your right, but MANY end users portray all devs as villians and A-holes when the devs don't give them what they want....so whats your point lol. Also when people mention those things, regardless of what it is they obviously don't mean 100% of those people.

If I said "women are terrible drivers" (I might get in trouble for that :) - - that doesn't mean that ALL women are bad drivers, it's a general term that just means the majority of them are. So are all end users villians.... no of course not... I'll let you determine what percentage you think are ...and we'll leave it at that.

And of course you'll be happy with a jailbreak prior to the latest... and there is my whole entire point, which is YOU'RE NOT HAPPY UNTIL YOU GET WHAT YOU WANT. You just strengthened everything I've been mentioning in these posts on this thread, thanks.

But you can't get a hack for the firmware prior to the latest one because its still the same vulnerability! Its the same hole/weakness that was in 5.5x all the way up to 6.5x! they STILL haven't patched it. Releasing the kexploit for 6.2 will mean that they will immediately patch it and come out with 6.55 or 6.6 or whatever and the vulnerability won't exist anymore. Then a year from now you all will be angry and crying and saying "its been a year, how come no new kexploit? Devs suck! just give us the previous one, we'll be happy"

and just so you know ... a kernel does not have infinite weaknesses ... they have found a few already and they have all been patched! this one could be the last one that exists which is why they are holding on to it and not releasing it! You need to learn how things work, which is another problem many end users have.
 
Welp, I haven't been exactly arguing with you, but fair point sir. Guess I'll go check out the link in the xproject. Thank you for opening my eyes
 
Sorry if its a dumb question but how exactly do i build with gradle, can i get step by step instructions? thanks in advance

So i managed to get a build going but got errors?

z3483vD.png

Got the zip file but another error

aoLScDf.png

 
Status
Not open for further replies.
Back
Top