Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKGs.
Category PS4 Jailbreaking       Thread starter PSXHAX       Start date May 11, 2020 at 5:02 AM       35,984       77            
Proceeding the Orbis Lib Generator today the OpenOrbis Team released a PS4 homebrew platform known as Mira Project featuring a collection of PlayStation 4 homebrew tools for use with a Jailbroken PS4 Console. 😍

This comes following OpenOrbis Team's Mira Project initial announcement and the Project Mira v1.0 MiraFW developers release.

Download: MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_672.bin (Latest Compiled Build) / Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_672.elf (Latest Compiled Build) / MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.bin (Latest Compiled Build) / Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.elf (Latest Compiled Build) / mira-project-master.zip / GIT / Report Issues / Cryptogenic Fork / Mira-5.0X-1590179148.7z (128.02 KB) via _AlAzif / Mira-474.7z (110.99 KB) via _AlAzif / MIRA_5.05-20200718.7z (86.27 KB)

Spoiler: Depreciated

Those who don't have access to a PS4 jailbroken console can try to Find a 5.05 / 5.07 Jailbreakable PS4 Console or wait for a Future PS4 Jailbreak Exploit to be publicly released such as what TheFloW previously announced for 6.20 Firmware.

Below are some highlights on this latest PS4 scene release from the README.md, to quote: Mira Project - PlayStation 4 Homebrew Tools

The Mira Project is a set of tools (includes compiled Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.elf and MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.bin) that grants you more power and control over your jailbroken Playstation 4. It is the result of all the hard work by the OpenOrbis team.

It works differently to the custom firmware experience on PlayStation 3, where CFW would be installed on the system via modified PUP files (e.g. Rebug), however once the framework is installed and ran it gives users the same functionality they were previously used to.

Build Status

Firmware Version Passing
4.05 WIP
4.55 WIP
4.74
5.01
5.03
5.05
6.20 WIP
6.72
New Features!
  • Homebrew Enabler (HEN)
  • Emulated Registry (EmuReg)
  • Emulated NVS (EmuNVS)
  • Kernel Debugger
  • Remote GDB
  • System-level FUSE implementation (Experimental, WIP)
  • Load sprx modules + IAT + Function Hooking (Thanks theorywrong)
You can also:
  • Mount and decrypt local gamesaves (Thanks ChendoChap) (WIP)
  • Transfer files to and from the harddrive
  • Implement your own kernel plugins (RPC using protobuf)
  • Implement your own userland trainers (hooks included!)
  • Dump your HDD encryption keys
  • A bunch of other stuff
Contributors

This project would not be possible without these people (no particular order):
  • kiwidog - Lead developer
  • flatz - Developer (Code, writeups, non-stop help we <3 u flatz)
  • CrazyVoid - Developer (Loader/self/*** help, overall general help, OO moderator)
  • theorywrong - Developer (OverlayFS, general)
  • SiSTR0 - Developer (HEN support, general)
  • SocraticBliss - Developer (HEN support, general)
  • valentinbreiz - Developer (Mira Companion App v1)
  • Seremo - Developer (Mira Companion App v2, Log plugin)
  • Al-Azif - Developer (5.05 lead maintainer, general)
  • z80 - Developer (5.05 maintainer)
  • balika011 - Developer (Fixing userland elf loader entry point, general developer)
  • Zer0xFF - Developer (OverlayFS, general)
  • CelesteBlue - Developer (Bugfixes, plugins)
  • Joonie - Developer (Offsets porting 5.01/5.05)
  • AlexAltea - Low level and kernel help (go check out Orbital Emulator)
  • qwertyoruiop - Security (4.55-5.05 kernel exploits)
  • CTurt - Security (Initial payload PS4 *** and 1.76 kernel exploit)
  • m0rph3us1987 - Developer (Code examples, kernel ***, overall general help)
  • eeply - Developer (UART)
  • zecoxao - RE (4.74 Port)
  • aerosoul - Developer (Everything elf related, loaders, etc)
  • maxton - Developer (Everything pkg related, etc)
  • ChendoChap - RE (Bug hunting, general kernel help)
  • sugarleaf - Initial 4.55 private exploit, inital help with Mira dev (retired/left)
  • kozarovv - RE (4.05 offsets)
  • LM - RE (Research on System-Library-Loading), assembler and linker script help
  • TheFlow - RE
  • samsepi0l - Offset Porting
  • xvortex - Original VTX-Hen
  • 2much4u - Ptrace patches
  • golden - Ptrace patches, rpc ideas
Special Thanks
  • bigboss - liborbis with examples and orbisdev (and complaining a lot)
  • rogero - Original 5.01 testing
  • AbkarinoMHM - Original 5.01 testing
  • wildcard - General questions, and hardware help
  • frangarcj - orbisdev ***, musl, C++ support
  • masterzorag - orbisdev ***, musl, C++ support
  • fjtrujy - orbisdev ***, musl, C++ support
  • [Anon #1] - Developer (Code, Non-stop help, <3 thx bruv)
  • [Anon #2] - Developer (Code, Non-stop help, gl with job!)
  • [Anon #3] - Security (Future proofing design)
  • [Anon #4] - Developer (Ideas from Vita)
  • [Anon #5] - Security (Software and hardware)
Installation
Plugins

Mira provies a plugin framework that can run in kernel mode (userland is soon, thanks to TW!), it provies a stable framework for startup, shutdown, suspend, resume in order to ensure clean operation of Mira.

Plugin Directory
Debugger src/plugins/Debugger
(WIP) Emulated Registry src/plugins/EmuRegistry
Fake PKG src/plugins/FakePKG
Fake Self src/plugins/FakeSELF
File Manager src/plugins/FileManager
(WIP) Fuse src/plugins/FuseFS
Log Server src/plugins/LogServer
OverlayFS (OrbisAFR) src/plugins/OverlayFS
Development

Want to contribute? Great! There is no set limit on contributors and people wanting to help out in any way!

Join the OpenOrbis discord and have knowledge of C/C++ and FreeBSD or unix-like operating systems, web design and programming, rust-lang, content creator (youtube, twitch), or artist, or just want to find something to help out with like documentation, hosting, etc, kernel experience is a plus but not required by any means.

Building from source
Firmware porting guide

Lets say you are an eager developer, even a newbie that wants to try and contribute in some way or form to porting to a firmware that is not under active support. Here's the steps you would need to accomplish new builds from scratch. We will start by adding a non-existent firmware and work our way from that.

NOTE: This assumes you already have a kernel dump for your firmware, and things already labeled. If you need help with this step, you can ask in #help on the discord but you are pretty much on your own.*

:alert: WARNING: DO NOT SEND YOUR DUMPED KERNEL IN THE CHANNEL/DISCORD SERVER AS IT IS COPYRIGHTED MATERIALS AND YOU WILL BE WARNED/BANNED!!

Lets assume our firmware is 8.88 found in the PlayStation 4 System Software menu.
  1. Add your new firmware to src/Boot/Config.hpp you will see a bunch of defines already there, add your firmware in the correct version order a. #define MIRA_PLATFORM_ORBIS_BSD_888 888
  2. Fix any structure changes for the kernel in freebsd-headers. You should compare against what's already there and add fields that have been added via a. #if MIRA_PLATFORM==MIRA_PLATFORM_ORBIS_BSD_888 b. HINT: These are usually done in struct proc, struct thread, struct ucred if applicable, located in exernal/freebsd-headers/include.
  3. Add a new static function in src/Boot/Patches.hpp with your pre-boot patches, this will be called after MiraLoader finishes and before Mira runs a. static void install_prerunPatches_888();
  4. Add your firmwares version to the case within install_prePatches in src/Boot/Patches.cpp a. case MIRA_PLATFORM_ORBIS_BSD_888: install_prerunPatches_888(); break;
  5. Next create a new file named Patches888.cpp inside of src/Boot/Patches directory (or copy an existing one and rename it)
  6. You must follow the same format as all of the other patch files, this involves including the Patches.hpp and defining the install_prerunPatches_888() function with all needed patches a. As new features are added, this will need to be updated for any kernel patches required, so far a baseline is Enable UART, Verbose Kernel Panics, Enable RWX mappings, Enable MAP_SELF, Patching copy(in/out)(str) checks, patching memcpy checks, patching ptrace checks, patching setlogin (for autolaunch check), patch mprotect to allow RWX, patching pfs signature checking, patching to enable debug rifs, patch to enable all logs to console, (newer fws: disable sceverifier, delayed panics) b. All patches are required for full functionality, but to get up and running only the rwx patches, copy(in/out)(str), memcpy, mprotect patches are needed (I think, someone correct documentation + send PR if wrong).
  7. Add support to the MiraLoader by copying the newly finished src/Boot/Patches.cpp to loader/src/Boot/Patches.cpp and the new src/Boot/Patches/Patches888.cpp to loader/src/Boot/Patches/Patches888.cpp
  8. Next would be to create a new kernel symbol file in src/Utils/Kdlsym/Orbis888.hpp or copy one from a supported platform (more offsets than what's probably needed)
  9. Add support by modifying src/Utils/Kdlsym.hpp and adding either within #if defined(MIRA_UNSUPPORTED_PLATFORMS) before the #endif a line for your firmware file (make sure these are in numeric order) #elif MIRA_PLATFORM==MIRA_PLATFORM_ORBIS_BSD_888 #include "Kdlsym/Orbis888.hpp"
  10. The next step would be finding all of the functions that Mira/MiraLoader use in the kernel... This is the most time consuming portion of this and will need to be verified before upstreamed. The easiest way to handle this is to try building (using the build instructions provided) you will get a massive ton of errors around kdlsym and it not being able to find errors. One of such errors are shown as such:
Code:
src/External/protobuf-c.c: In function ‘protobuf_c_message_unpack’:
src/Utils/Kdlsym.hpp:49:52: error: ‘kdlsym_addr_printf’ undeclared (first use in this function)
#define kdlsym(x) ((void*)((uint8_t *)&gKernelBase[kdlsym_addr_ ## x]))
10. (continued) This means if you break it down, that printf was undeclared, look in your kernel dump with a dissassembler of choice (Ghidra/IDA Preferred, untested with others such as Binary Ninja, Relyze) and get the offset from the start of the loading address for the function printf (Calculated by Function Address - Base Address of Kernel where it was dumped from) and add it to your src/Utils/Kdlsym/Orbis888.hpp with the line #define kdlsym_addr_printf 0x<offset address> and repeat for all other build errors.​
11. Once complete you should have a full port to a new firmware completed (unless I missed a step/something unclear, create issue or fix + PR please)​
TODOs
  • Clean kernel rebooting support
  • Web browser activation
  • Fake Online (spoof for LAN usage)
  • Game dumping and decryption
  • FakeDEX support
  • Linux loader
  • Embedded builds into loader
  • Remote registry
License

GPLv3

Free Software, Hell Yeah!

Spoiler: Related Tweets

PS4 Mira CFW Release (Overview + Tutorial)
Mira Project PlayStation 4 Homebrew Tools by the OpenOrbis Team.jpg
 

Comments

WuEpE

Developer
Member
Contributor
Verified
New release compiled this morning, (fixed compiled other fw)

Download: mira_20200515.zip (680.51 KB)

Compatible FW: 4.05 4.55 4.74 5.01 and 5.05

@Leeful
Now on my tests. I disable two plugins in the compilation, the LogServer and EmuRegistry and now it seems stable. No panic kernel for my.

Download test: Mira_Orbis_BSD_505_without_plugins_Logger_and_EmuRegistry.zip (136 KB)
 

Leeful

Developer
Senior Member
Contributor
Verified
@WuEpE Thanks, I tested this build out and played GTA V for a good 25 minutes with out any issues. :)

I tested other things out and all the bugs I mentioned before still exist but it does seem more stable when just using it to play regular fake pkg games.

What did you change to disable the plugins? did you edit the makefile or the PluginManager?
 

WuEpE

Developer
Member
Contributor
Verified
My first full release gave me a panic kernel within 2min of activating it.

With which I have removed two plugins, I have tried ps2 games, they stay in loop logo, but it does not give kernel panic, I close it without problem, and fpkg without kernel panic for more than 1 hour.

I have tried removing only the looger console plugin, and fpkg for 50 minutes, no kernel panic. And then I have tried the complete compilation, and it has not given me any panic kernel for 50 min, but ps2 game did give me panic kernel.

Emu Retroarch, goes black, popup load psrx message appears in developer mode.

PD:
For PS2 game, exist new GUI, it may be necessary to repackage the ps2 games with the new GUI.

Edited file src/Plugins /PluginManager.cpp, in the main load comment lines referring to the plugins.
 
Recent Articles
DualSense Charging Station for PlayStation 5 and PS5 Accessory Pricing
We've seen some PS5 Game Box Art, the PlayStation 5 Console Packaging and now pricing is available for Sony's wireless DualSense with Updatable Controller Software and other PlayStation 5...
PlayStation Store Big in Japan Sale Offers Up to Half Off PSN Games
Starting this Wednesday, Sony's latest PlayStation Store Big in Japan Sale offers discounts of up to 50% off select PSN games including Capcom's survival horror remake Resident Evil 3, Bandai...
Mira 7.00-7.02 PS4 WIP Ports by Al Azif & MACROSS (Retail) 7.02 ELF Collection
Proceeding the 7.02 PS4 Kernel Exploit (KEX), previous Mira Project Updates and Payloads, potential New WebKit Exploit discovery and 702_MACROSS_COLLECTION_FOR_SLEIRSGOEVY.rar (7.02 PS4 Decrypted...
GTA V Native Caller PS4 Port to GTA 1.32 WIP Pack by 2much4u
Earlier this month @2much4u (Twitter) shared a GTA V Native Caller PS4 Port to GTA 1.32 WIP Pack via @Andrew Marques (Twitter), and today he extended the invitation to anyone else interested in...
Top