Following his previous updates, today PlayStation 4 developer @LightningMods made available a BETA release of his PS4 OrbisMAN homebrew application which handles tasks similar to what multiple PS4 Payloads do in an all-in-one PKG file for jailbroken 4.55 and 5.05 consoles.
Download:ORBISMAN_BETA.pkg (188 MB) / ORBISMAN_BETA.pkg (v2 - 94.7 MB) / ORBISMAN_BETA.pkg (With Flat_z HotFix - 94.8 MB) / payload505.bin (27.1 KB) / PS4 Syscall 9 GIT / PS4-EAP-KEY-DUMPER-672.bin (6.6 KB - dumps to /mnt/usb0/eap_key.bin)
Here's more on the OrbisMAN PlayStation 4 PKG release from LightningMods_, to quote: ORBISMAN 1.02-2 BETA
Changelog
+ Section 1
2. Try to download from the HB sandbox directory while its running
3. Try to download anything from /dev/
Homebrew EAP Key Dumping and Decrypting TuT by DarkEelement
Update: Below are the changes from LightningMods, to quote: ORBISMAN v2 BETA - 4.55 & 5.05 Supported (FW Auto-Detect)
New Features
+ Section 1
And from Berion comes a PS4 HDD reading configuration file for cryptmount, to quote:
In theory partition should be mounted read only, but without kernel flag set for rw, UFS2 it always be mounted with ro, even if in config is set rw. Please, let me know if this works (and for what exactly partitions).
Also from Berion, to quote: If you have Psxitarch Linux v2, loader will automatically dump EAP Key and put it to "/etc/cryptsetp/eap_hdd_key.bin". So it is enough to just copy it into pendrive or something - so no need for OrbisMAN.
OrbisMan Homebrew on PS4 (5.05 Jailbreak)
Spoiler: Demo Videos
Decided to create a repo that specializes in decryption of retail ps4 eap hdd partitions:
Note that if your ps4 is a phat 1000 or 1100 model, IVOFFSET will work as 0.
Spoiler
Download:
Here's more on the OrbisMAN PlayStation 4 PKG release from LightningMods_, to quote: ORBISMAN 1.02-2 BETA
- 4.55 & 5.05 Supported (FW Auto-Detect)
- 2much4u
- 3226:2143
- Abkarino
- AlAzif
- AlexAltea
- Anonymous
- bigboss
- Golden a.k.a Xemio
- CelesteBlue123
- CrazyVoid
- crypt0s
- CTurt
- droogie
- EvilSperm
- fail0verflow
- IDC
- Joonie86
- LightningMods
- m0rph3us1987
- masterzorag
- Mathieulh
- OpenOrbis
- qwertyoruiopz
- SKFU
- SiSTRo
- SpecterDev
- valentinbreiz
- Vortex
- xerpi
- xorloser
- XVortex
- zecoxao
- ZeraTron
- Flatz
- TheoryWrong
- SiSTRo
- Golden
- Znullptr
- X41
- _iggy4
- AlAzif
- Alzeric
- boogeyman
- CelesteBlue
- Darkmage1991
- GradSdk
- Klairm
- Kraken
- MADPYRO21
- Mogi_Codemasterv
- PotsAlott
- red-j
- retrogamer
- Shiro
- SiSTRo
- Znullptr
- Almighty
Changelog
- Build ORBISMAN V1.02-2 HOT-FIX BETA Testers Only
- Fixed broken things
- Added new names "eap_key_455.bin" and "eap_key_505.bin"
- Fixed the EAP Key dumper for 4.55
- Fixed pic0.png
- Removed XMB Info icon
- Removed XMB DKS_OS
- Removed Home from DKS_OS
- Added EAP Key 4.55 support
- Reversed EAP Key bytes
- Changed pic1 from "Homebrew" to "ORBISMAN"
- Fixed FS Dumper for recursive dumping with 5.05 and 4.55 Support
- Changed "Dump ALL System files" to "Dump FS (Reboot Required)"
- Added Dump FS Message boxes with reboot
- Added dump FS msg 1
- Added dump FS msg 2
- Linux Loader
- Tried a few things
- Dont know what to do next
- Changed all the text to white
- Added save support
- Added background FTP (no decrypt yet)
- Added a few dump and decrypt options like SceShellCore
- Added new Icons
- Added new Icon0 and Pic0 images
- Added HDD Key dumper (5.05 only)
- Audio button is now persistent
- Added load dump module into memory
- 4.55 FTP Support
- Added FTP
- Added Stub changes
- Added dump and decrypt note
- Added more functions
- More tech changes
- ALL Dumping options moved to this PRX
- Added Dump and decrypt support
- Stub Changes
- Added Credits option
- Added Credits open web page for Credits web page
- Deleted Debug settings options
- Added Dumper options (Partial IDPS, PSID (CID)
- Changed Hide Text to now 2 things
- Disabled Test Button and removed animation
- Added new Jailbreak Patches for 5.05 (including MMAP and others)
- Added Partial IDPS Dumper and write to file
- Added PSID Dumper and write to file
- Added PSID Dumped Notifcation
- Added Partial IDPS Dumped Notifcation
- Added loadrip function for loading PRX into memory
- Added more Unless & Top Secret crap
- Removed MSG Dialogs off the Backup ptions but kepts for Restore options
- Added Update Blocker LITE Install and Uninstaller Options
- Added auto-Load HomebrewWIPMSG.prx at app startup
- Added Msg Dislogs with wait timer for Recovery nnd System reboot options
- Added back Wipe Notifcations (i didnt know Unity didnt save)
- Made UB LITE Installer and Uninstaller in only 2 C# Scripts
- Added Credits
- Fixed DKS_OS (No one told me it was broken)
- Fixed Parent Control removel
- Added Recovery Mode and Reboot Dialogs
- Added Wait timers for Reboot
- Added Kill Syscall
- Added installer and Uninstaller UB Notifcations
- Fixed Remove Parent Control Kernel Panic
- Added Message dialog for backup and restore, app.db and shellcore
- Removed backup and restore ntoifcations on app.db
- Added the following 2 PRXS HomebrewWIPMsg.prx and (sysmodule) libSceMsgDialog.sprx
- Re-added some more things
- Took away the back circle from the bottom
- Kernel Dumper
- Wipe all notifications
- Complete Notifications (for each option)
- Resolving Patch applied to ALL Kernel Functions
- Reboot to recovery mode
- Remove Parental Controls
- Cleaner text (disappearing upon click and re-appearing upon Back)
- Disappearing columns (so people cant make videos where they open all at once) each column press closes the others
- Fixed Mute audio Settings
- Fixed Theme Hit Box
- Fixed some text that wasnt disappearing
- Removed unnecessary Jailbreaks (x7) (so the app wont break when switching to the filemanager)
- Fixed some Notifications and SYSTEM_ABNORMAL_TERMINATION_REQUEST
- Re-added Jailbreak to Reboot to Recovery
- Fixed Power Button iirc
- Enhanced Rooted DKS_OS (touch pad only)
- Browser
- XMB (toolbox)
- FTP Automatically On once XMB is started Up - See IP and FTP Port at the bottom of the screen
+ Section 1
- Enable and Disable Background Music (selection saved as a Gamesave)
- Credits
- Kernel Dumper
- Key dumping (PSID, Partial IDPS, EAP Key) - ALL will be written to USB0
- Spoof Target Id (Devkit, TestKit, Retail)
- Spoof FW (9.99, 5.55, Restore 5.05)
- UART (On, Off)
- USB0 ONLY!
- Backup and restore App.db
- Decrypt and Dump FS (Reboot Required to avoid System problems)
- Dump misc (notifcation.db, SceShellCore)
- System Partition R/W (On/Off)
- Linux Loader
- Reboot to Recovery
- Remove Parent Controls
- Update Blocker LITE (On/Off)
- Wipe notifications
- Lightbar changer (Green, Blue and Red)
- FTP and App will crash if you try to
2. Try to download from the HB sandbox directory while its running
3. Try to download anything from /dev/
- FTP Doesnt have Decrypt support
- Scrolling Fast/Past the end of the XMB will get the selector stuck
- Closing the App without rebooting after FS Dump will cause every app to fail to launch (VM_Map problem)
- Credits needs internet (its a webpage)
Homebrew EAP Key Dumping and Decrypting TuT by DarkEelement
Update: Below are the changes from LightningMods, to quote: ORBISMAN v2 BETA - 4.55 & 5.05 Supported (FW Auto-Detect)
New Features
- File Manager
- Syscall 9 (sys_unjail)
- JKPatch RPC Server
- Autoload settings
- Remote PKG installer server
- USB ELF Loader
- Remote Play Patches (no IDU yay)
- New Icons with White text
- For a full List of new features look at the changelog below
+ Section 1
- Enable and Disable Background Music (selection saved as a Gamesave)
- Enable/disabled JKPatch Autoload
- Enable/disabled FTP Autoload
- Credits
- Kernel Dumper
- Key dumping (PSID, Partial IDPS, EAP Key) - ALL will be written to USB0
- Spoof Target Id (Devkit, TestKit, Retail)
- Spoof FW (9.99, 5.55, Restore 5.05)
- UART (On, Off)
- Backup and restore App.db
- Remote Play Patches
- Decrypt and Dump FS (Reboot Required to avoid System problems)
- Dump misc (notifcation.db, SceShellCore)
- System Partition R/W (On/Off)
- Linux Loader
- Reboot to Recovery
- Remove Parent Controls
- Update Blocker LITE (On/Off)
- Wipe notifications
- Lightbar changer (Green, Blue and Red).
- PKG Server Start
- USB ELF Loader
And from Berion comes a PS4 HDD reading configuration file for cryptmount, to quote:
In theory partition should be mounted read only, but without kernel flag set for rw, UFS2 it always be mounted with ro, even if in config is set rw. Please, let me know if this works (and for what exactly partitions).
Code:
# Add to the configuration file "/ect/cryptmount/cmtab" below script.
# Use "cryptmount -m ps4hdd" for mounting and "cryptmount -u ps4hdd" for unmounting.
# Device will be mounted as "/dev/mapper/ps4hdd".
# Filesystem will be mounted in "/home/<user>/ps4/hdd/".
# For CUH-1xxx models remove ivoffset parram.
# For CUH-2xxx up to CUH-7xxx use "ivoffset=111669149696".
ps4hdd {
dev=/dev/sdd27
dir=/home/user/ps4/hdd/
flags=user,nofsck
fstype=ufs
mountoptions=ro,noatime,noexec,ufstype=ufs2
cipher=aes-xts-plain64
ivoffset=111669149696
keyfile=dir=/home/user/ps4/eap_key.bin
keyformat=raw
}
OrbisMan Homebrew on PS4 (5.05 Jailbreak)
Spoiler: Demo Videos
Decided to create a repo that specializes in decryption of retail ps4 eap hdd partitions:
- ps4encdec-master.zip / PS4EncDec GIT - encdec repository for ps4 eap hdd partitions
Note that if your ps4 is a phat 1000 or 1100 model, IVOFFSET will work as 0.
Spoiler