Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
This weekend PlayStation homebrew developer bigboss (aka psxdev) made available a Prospero App0 List and also shared via Twitter a Prospero BD-JB Reimplementation based on the PS4 BD-JB / PS5 BD-JB presentation (PDF Report) from TheFloW at HardWear 2022 and @sleirsgoevy's BD-JB Base Code alongside a PS4 9.03 / 9.04 Ret.bin Payload Test via @zecoxao on Twitter for those with a BD-JB Blu-ray (Pong / Doom / Blu-Play.com) that returns nothing except the text 'Hello World' after a black screen. :geek:

Download: Prospero App0 List / bd-jb-main.zip / GIT / ret.bin (0 MB) / bigboss.iso (6.44 MB) / sample.iso (6.44 MB) / FTPS4.7z (0.41 MB) / Notification.7z (0.37 MB) / FTPS4.7z (0.38 MB - Lists sandbox directory and fetches files) / FTPS4.7z (0.38 MB - Auto-resolves IP and sends notification) / payload.bin (0.02 MB - PS4 9.00 / 9.03 / 9.04 FTP payload with updated Makefile) / PS5 Rootvnode Listdir PoC iSO by Sleirsgoevy

For those joining the PlayStation 5 Scene recently this comes following the Prospero Directory Tree Listing & Dumping 4.03 PS5 Filesystem Script, PS5 4.03 Error Codes, 4.03 PS5 Registry Key Entries & Title IDs, IDA ELF Loader Plugin & PS5 Symbols and from gistfile1.txt:
Code:
[HOST] debugnet listener up
[HOST] ready to have a lot of fun!!!
[PROSPERO][INFO] UdpLogger initialized
[PROSPERO][INFO] [+] bd-jb by bigboss based on TheFlow and sleirsgoevy implementation
[PROSPERO][INFO] [+] Escaping Java Sandbox...
[PROSPERO][INFO] [+] first list in . ...
[PROSPERO][INFO] META-INF
[PROSPERO][INFO] org
[PROSPERO][INFO] [+] now try fakeIxcProxy . ...
[PROSPERO][INFO] [+] after FakeIxcProxy...
[PROSPERO][INFO] cdc
[PROSPERO][INFO] psm
[PROSPERO][INFO] sce_sys
[PROSPERO][INFO] BdmvPlayerCore.elf
[PROSPERO][INFO] BdvdPlayerCore.elf
[PROSPERO][INFO] CapFont_MARU.cbf.GZ
[PROSPERO][INFO] CapSound.pcm
[PROSPERO][INFO] TA_AACS.sbin
[PROSPERO][INFO] UHDBdPlayerCore.elf
[PROSPERO][INFO] eboot.bin
[PROSPERO][INFO] libAacs.sprx
[PROSPERO][INFO] libBdplus.sprx
[PROSPERO][INFO] libCprm.sprx
[PROSPERO][INFO] libCss.sprx
Also from the README.md: bd-jb

bd-jb is a BD-JB reimplementation for prospero based on TheFlow's report and sleirsgoevy base code

By now only implemented:
  • Vulnerability #2 to list /app0 content
  • Added udp logs you can get it in your pc change host variable on MyXlet.java and use something like this on your pc/mac:
Code:
socat udp-recv:18194 stdout
Logs on your host
Code:
[HOST] debugnet listener up
[HOST] ready to have a lot of fun!!!
[PROSPERO][INFO] [+] UdpLogger initialized...
[PROSPERO][INFO] [+] Receive udp log in 192.168.1.12 with: socat udp-recv:18194 stdout
[PROSPERO][INFO] [+] bd-jb by bigboss based on TheFlow and sleirsgoevy implementation
[PROSPERO][INFO] [+] Escaping Java Sandbox...
[PROSPERO][INFO] [+] Creating File object with path /app0
[PROSPERO][INFO] [+] Creating FakeIxcProxy object...
[PROSPERO][INFO] [+] FakeIxcProxy object created...
[PROSPERO][INFO] [+] Invoking list method with pInvokeMethod...
[PROSPERO][INFO] cdc
[PROSPERO][INFO] psm
[PROSPERO][INFO] sce_sys
[PROSPERO][INFO] BdmvPlayerCore.elf
[PROSPERO][INFO] BdvdPlayerCore.elf
[PROSPERO][INFO] CapFont_MARU.cbf.GZ
[PROSPERO][INFO] CapSound.pcm
[PROSPERO][INFO] TA_AACS.sbin
[PROSPERO][INFO] UHDBdPlayerCore.elf
[PROSPERO][INFO] eboot.bin
[PROSPERO][INFO] libAacs.sprx
[PROSPERO][INFO] libBdplus.sprx
[PROSPERO][INFO] libCprm.sprx
[PROSPERO][INFO] libCss.sprx
Screenshot

screenshot.png

Change log
  • 18/06/2022 Initial public release
Credits
Spoiler: Related Tweets & Videos

Prospero App0 List & BD-JB Reimplementation, PS4 9.03 9.04 Payload Test.png
 

Comments

I wonder if a small Java File Browser can be created and files pulled from a USB.. still early days but a lot has happened since this BD-JB has come about.
 
@cr7bfpe
It should work on 4.51 and below. But we are not developers, we need to be patient and do not update our consoles. let the Masters do their job, soon we will find out.
 
Status
Not open for further replies.
Back
Top