Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter juansbeck       Start date Dec 29, 2016 at 3:50 PM       54      
Status
Not open for further replies.
Following the PS4 Linux 33c3 Demo and the start of a community-driven PS4Webkit Project, today I (@juansbeck on Twitter aka HybridComputers) am continuing from my UniversalFlash App work-in-progress bringing an update on the PlayStation 4 glitch pinout used by Marcan and the possibility to downgrade a PlayStation 4 Slim / PS4 Pro with details below. (-8

Rough translation: Failoverflow's Marcan made a 'glitch' attack TOOL0 combined other ports like RX and TX (rs232) to PS4 Southbridge (sysconf-hypervisor) to give read and write permissions to its devboard lattice ECP3 to intercept the signals and return them in a Payload as we showed CTurt in its extensive article, but how?

Anyone can give us the datasheet? Or if at PSDevWiki oops... the blessed datasheet is a farce. It's a troll from a dodgy blog... one has to be very stupid to believe that the r32c is the hypervisor to attack Marcan... not even the VSS nor the VCC agree >:-(

Never fool us, not all the other developers that have their functional CFW that the downgrade key or the way we can get to exploit versions 3.55, 4.01, 4.05 or whatever is in this simple sysconf :bananaman17: RL78G14 there are 100 pin and 64 and even less as it is ps4 pro the chip is from the company renesas company and although it cost us more 8 months without sleeping here I attach the datasheet, I can say that there is a pin the TOOOL0 credits (JaiCraB) which is the evolution of RX and TX.

For now the datasheet of sysconf and a small drawing for the devs who want to investigate meanwhile we do ours to keep this team that continues adding more than 8,000 euros a month I tell you why not everything is lost, :bananaman13: here we keep moving forward and something has to come out of this.

This can be used to find a way to downgrade to the minimum version of any PS4 (including PS4 Pro)

1. Correct hypervisor datasheet (ps3devwiki blunder this farce). This is the real 64 pin LQFP for ps4 slim and 1215A pages (18) and for PS4 fat page (21) PS4 Pro pending.

hypervisor final sony (sysconf).pdf

2. Correct way to program the hypervisor to create the glitch (sysconf)

forma correcta de programar hypervisor.pdf

3. Pinout glitch hypervisor PS4

https://drive.google.com/open?id=0B2cZly5GV8y-bDhFZWhKVFJtc3c
pinout attack glitch.jpg

4. PS4 Pro (unconfirmed) some ports on which Sony is based on its hypervisor (sysconf)

https://drive.google.com/open?id=0B2cZly5GV8y-RjA5dnJiQXRJUFE
algunos port rl78g13 del que se baso sony para su hypervisor sysconf.jpg

A greeting to all and wish you from Universal Team a Merry Christmas! :tree::santa:

Note

As if you are a handyman, those who try to do this and you are bundled in short layout of connections so that it is if you do not make the plate yourselves and you stay like this.

https://drive.google.com/open?id=0B2cZly5GV8y-SHJac05IUVUwUUU
SYCONFONLY.jpg

In the end will be something like this, we need your support in the kickstarter.

https://drive.google.com/open?id=0B2cZly5GV8y-MGF3Z0I4bS1ORk0
universal flasher.jpg

We based on that development board and we added reading and writing of XBox One, PS Vita, Wii U and we are working for iPhone reading :bananaman17:
Sony did not (and still does not) uses eFuses to prevent downgrading (they are dedicated to store per console settings at factory)
Downgrading is prevented using hashes in syscon's NVS, revocation lists (on ps4/ps vita) and stripping PUP header keys from existing modules
I can confirm that they do not burn e-fuses to prevent downgrading (or during updates) and instead rely on a "Secure Non Volatile Storage" (aka SNVS), which only SAMU modules access the (per console) keys to read and write data from.
which only SAMU modules can access the (per console) keys to read and write data from * (just fixed a typo)
Of course, this also means that in the unlikely event that you do get SAMU code execution on a specific console, you can then downgrade it (but if you can achieve that, why the hell would you need to downgrade anyway?)
 

Comments

Thanks @juansbeck, I moved this to a thread of it's own so it doesn't get lost in the other one and mainpaged it also now. (-:

From what I can gather out of the rough translation, there is either a lack of information or misinformation stemming from CTurt, Marcan and / or the PSDevWiki pages.

Whether this claim is inaccurate, or if righteous and the omissions are accidental or inadvertent it's refreshing nevertheless to see honest developers act as 'watchdogs' among those whose e-peens overshadow the scene philosophy of freely and openly sharing with each other for the greater good. <3
 
EDIT: What about the Fat PS4?
This is a generic aproach to the systems hardware, basically all models known today could be benefit of a hardware flasher/downgrader, so we are talking about to "reset" the system to its minimum factory fw version.

But even when all this sounds good, we have a long road ahead. As Juan said, it tooks months just to schematize the pinouts and their functions on the whole system.

This is not even close to a cfw, we dont even learn to walk. Dont know about the kickstarter Juan mentioned, but just to clarifie this: today seeing it all, just the hardware via could achieve the best results to open the system...again:today.
 
Status
Not open for further replies.
Back
Top