Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date May 11, 2020 at 5:02 AM       77      
Status
Not open for further replies.
Proceeding the Orbis Lib Generator today the OpenOrbis Team released a PS4 homebrew platform known as Mira Project featuring a collection of PlayStation 4 homebrew tools for use with a Jailbroken PS4 Console. 😍

This comes following OpenOrbis Team's Mira Project initial announcement and the Project Mira v1.0 MiraFW developers release.

Download: MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_672.bin (Latest Compiled Build) / Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_672.elf (Latest Compiled Build) / MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.bin (Latest Compiled Build) / Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.elf (Latest Compiled Build) / mira-project-master.zip / GIT / Report Issues / Cryptogenic Fork / Mira-5.0X-1590179148.7z (128.02 KB) via _AlAzif / Mira-474.7z (110.99 KB) via _AlAzif / MIRA_5.05-20200718.7z (86.27 KB)

Spoiler: Depreciated

Those who don't have access to a PS4 jailbroken console can try to Find a 5.05 / 5.07 Jailbreakable PS4 Console or wait for a Future PS4 Jailbreak Exploit to be publicly released such as what TheFloW previously announced for 6.20 Firmware.

Below are some highlights on this latest PS4 scene release from the README.md, to quote: Mira Project - PlayStation 4 Homebrew Tools

The Mira Project is a set of tools (includes compiled Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.elf and MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.bin) that grants you more power and control over your jailbroken Playstation 4. It is the result of all the hard work by the OpenOrbis team.

It works differently to the custom firmware experience on PlayStation 3, where CFW would be installed on the system via modified PUP files (e.g. Rebug), however once the framework is installed and ran it gives users the same functionality they were previously used to.

Build Status

Firmware Version Passing
4.05 WIP
4.55 WIP
4.74
5.01
5.03
5.05
6.20 WIP
6.72
New Features!
  • Homebrew Enabler (HEN)
  • Emulated Registry (EmuReg)
  • Emulated NVS (EmuNVS)
  • Kernel Debugger
  • Remote GDB
  • System-level FUSE implementation (Experimental, WIP)
  • Load sprx modules + IAT + Function Hooking (Thanks theorywrong)
You can also:
  • Mount and decrypt local gamesaves (Thanks ChendoChap) (WIP)
  • Transfer files to and from the harddrive
  • Implement your own kernel plugins (RPC using protobuf)
  • Implement your own userland trainers (hooks included!)
  • Dump your HDD encryption keys
  • A bunch of other stuff
Contributors

This project would not be possible without these people (no particular order):
  • kiwidog - Lead developer
  • flatz - Developer (Code, writeups, non-stop help we <3 u flatz)
  • CrazyVoid - Developer (Loader/self/*** help, overall general help, OO moderator)
  • theorywrong - Developer (OverlayFS, general)
  • SiSTR0 - Developer (HEN support, general)
  • SocraticBliss - Developer (HEN support, general)
  • valentinbreiz - Developer (Mira Companion App v1)
  • Seremo - Developer (Mira Companion App v2, Log plugin)
  • Al-Azif - Developer (5.05 lead maintainer, general)
  • z80 - Developer (5.05 maintainer)
  • balika011 - Developer (Fixing userland elf loader entry point, general developer)
  • Zer0xFF - Developer (OverlayFS, general)
  • CelesteBlue - Developer (Bugfixes, plugins)
  • Joonie - Developer (Offsets porting 5.01/5.05)
  • AlexAltea - Low level and kernel help (go check out Orbital Emulator)
  • qwertyoruiop - Security (4.55-5.05 kernel exploits)
  • CTurt - Security (Initial payload PS4 *** and 1.76 kernel exploit)
  • m0rph3us1987 - Developer (Code examples, kernel ***, overall general help)
  • eeply - Developer (UART)
  • zecoxao - RE (4.74 Port)
  • aerosoul - Developer (Everything elf related, loaders, etc)
  • maxton - Developer (Everything pkg related, etc)
  • ChendoChap - RE (Bug hunting, general kernel help)
  • sugarleaf - Initial 4.55 private exploit, inital help with Mira dev (retired/left)
  • kozarovv - RE (4.05 offsets)
  • LM - RE (Research on System-Library-Loading), assembler and linker script help
  • TheFlow - RE
  • samsepi0l - Offset Porting
  • xvortex - Original VTX-Hen
  • 2much4u - Ptrace patches
  • golden - Ptrace patches, rpc ideas
Special Thanks
  • bigboss - liborbis with examples and orbisdev (and complaining a lot)
  • rogero - Original 5.01 testing
  • AbkarinoMHM - Original 5.01 testing
  • wildcard - General questions, and hardware help
  • frangarcj - orbisdev ***, musl, C++ support
  • masterzorag - orbisdev ***, musl, C++ support
  • fjtrujy - orbisdev ***, musl, C++ support
  • [Anon #1] - Developer (Code, Non-stop help, <3 thx bruv)
  • [Anon #2] - Developer (Code, Non-stop help, gl with job!)
  • [Anon #3] - Security (Future proofing design)
  • [Anon #4] - Developer (Ideas from Vita)
  • [Anon #5] - Security (Software and hardware)
Installation
Plugins

Mira provies a plugin framework that can run in kernel mode (userland is soon, thanks to TW!), it provies a stable framework for startup, shutdown, suspend, resume in order to ensure clean operation of Mira.

Plugin Directory
Debugger src/plugins/Debugger
(WIP) Emulated Registry src/plugins/EmuRegistry
Fake PKG src/plugins/FakePKG
Fake Self src/plugins/FakeSELF
File Manager src/plugins/FileManager
(WIP) Fuse src/plugins/FuseFS
Log Server src/plugins/LogServer
OverlayFS (OrbisAFR) src/plugins/OverlayFS
Development

Want to contribute? Great! There is no set limit on contributors and people wanting to help out in any way!

Join the OpenOrbis discord and have knowledge of C/C++ and FreeBSD or unix-like operating systems, web design and programming, rust-lang, content creator (youtube, twitch), or artist, or just want to find something to help out with like documentation, hosting, etc, kernel experience is a plus but not required by any means.

Building from source
Firmware porting guide

Lets say you are an eager developer, even a newbie that wants to try and contribute in some way or form to porting to a firmware that is not under active support. Here's the steps you would need to accomplish new builds from scratch. We will start by adding a non-existent firmware and work our way from that.

NOTE: This assumes you already have a kernel dump for your firmware, and things already labeled. If you need help with this step, you can ask in #help on the discord but you are pretty much on your own.*

:alert: WARNING: DO NOT SEND YOUR DUMPED KERNEL IN THE CHANNEL/DISCORD SERVER AS IT IS COPYRIGHTED MATERIALS AND YOU WILL BE WARNED/BANNED!!

Lets assume our firmware is 8.88 found in the PlayStation 4 System Software menu.
  1. Add your new firmware to src/Boot/Config.hpp you will see a bunch of defines already there, add your firmware in the correct version order a. #define MIRA_PLATFORM_ORBIS_BSD_888 888
  2. Fix any structure changes for the kernel in freebsd-headers. You should compare against what's already there and add fields that have been added via a. #if MIRA_PLATFORM==MIRA_PLATFORM_ORBIS_BSD_888 b. HINT: These are usually done in struct proc, struct thread, struct ucred if applicable, located in exernal/freebsd-headers/include.
  3. Add a new static function in src/Boot/Patches.hpp with your pre-boot patches, this will be called after MiraLoader finishes and before Mira runs a. static void install_prerunPatches_888();
  4. Add your firmwares version to the case within install_prePatches in src/Boot/Patches.cpp a. case MIRA_PLATFORM_ORBIS_BSD_888: install_prerunPatches_888(); break;
  5. Next create a new file named Patches888.cpp inside of src/Boot/Patches directory (or copy an existing one and rename it)
  6. You must follow the same format as all of the other patch files, this involves including the Patches.hpp and defining the install_prerunPatches_888() function with all needed patches a. As new features are added, this will need to be updated for any kernel patches required, so far a baseline is Enable UART, Verbose Kernel Panics, Enable RWX mappings, Enable MAP_SELF, Patching copy(in/out)(str) checks, patching memcpy checks, patching ptrace checks, patching setlogin (for autolaunch check), patch mprotect to allow RWX, patching pfs signature checking, patching to enable debug rifs, patch to enable all logs to console, (newer fws: disable sceverifier, delayed panics) b. All patches are required for full functionality, but to get up and running only the rwx patches, copy(in/out)(str), memcpy, mprotect patches are needed (I think, someone correct documentation + send PR if wrong).
  7. Add support to the MiraLoader by copying the newly finished src/Boot/Patches.cpp to loader/src/Boot/Patches.cpp and the new src/Boot/Patches/Patches888.cpp to loader/src/Boot/Patches/Patches888.cpp
  8. Next would be to create a new kernel symbol file in src/Utils/Kdlsym/Orbis888.hpp or copy one from a supported platform (more offsets than what's probably needed)
  9. Add support by modifying src/Utils/Kdlsym.hpp and adding either within #if defined(MIRA_UNSUPPORTED_PLATFORMS) before the #endif a line for your firmware file (make sure these are in numeric order) #elif MIRA_PLATFORM==MIRA_PLATFORM_ORBIS_BSD_888 #include "Kdlsym/Orbis888.hpp"
  10. The next step would be finding all of the functions that Mira/MiraLoader use in the kernel... This is the most time consuming portion of this and will need to be verified before upstreamed. The easiest way to handle this is to try building (using the build instructions provided) you will get a massive ton of errors around kdlsym and it not being able to find errors. One of such errors are shown as such:
Code:
src/External/protobuf-c.c: In function ‘protobuf_c_message_unpack’:
src/Utils/Kdlsym.hpp:49:52: error: ‘kdlsym_addr_printf’ undeclared (first use in this function)
#define kdlsym(x) ((void*)((uint8_t *)&gKernelBase[kdlsym_addr_ ## x]))

10. (continued) This means if you break it down, that printf was undeclared, look in your kernel dump with a dissassembler of choice (Ghidra/IDA Preferred, untested with others such as Binary Ninja, Relyze) and get the offset from the start of the loading address for the function printf (Calculated by Function Address - Base Address of Kernel where it was dumped from) and add it to your src/Utils/Kdlsym/Orbis888.hpp with the line #define kdlsym_addr_printf 0x<offset address> and repeat for all other build errors.​
11. Once complete you should have a full port to a new firmware completed (unless I missed a step/something unclear, create issue or fix + PR please)​
TODOs
  • Clean kernel rebooting support
  • Web browser activation
  • Fake Online (spoof for LAN usage)
  • Game dumping and decryption
  • FakeDEX support
  • Linux loader
  • Embedded builds into loader
  • Remote registry
License

GPLv3

Free Software, Hell Yeah!

Spoiler: Related Tweets

PS4 Mira CFW Release (Overview + Tutorial)
Mira Project PlayStation 4 Homebrew Tools by the OpenOrbis Team.jpg
 

Comments

According to some private insights I read on a Spanish forum (reported by a guy supposedly in the know), Mira will support games up to 6.50 BUT only if they decide to backport them, as they won't release this publicly.

So basically they'd be using their private 6.50 kernel exploit to give us new games to play on 5.05, potentially.

And based on the above tweet this seems to be confirmed in the actual code as well.
 
Let's hope you are right and they will be kind enough to do that. Most of the devs don't seem to support backups so I'm not confident. I'm guessing people with legitimate copies won't be able to run them?
 
First of all , kudos to all the devs for their hard work.
Secondly , guys wait for stable builds as the devs say.
And finally be optimistic that we will get backported stuff.
 
They may have waited and released a stable release. We have been on 5.05 for a long time. A few more weeks would not have changed anything
 
Status
Not open for further replies.
Back
Top