PS4 4.05 Patches and Hooks to Enable FSELF / FPKG Loading by IDC

Since @flatz shared on Twitter his awesome PS4 Fake PKGs & SELF / FSELF Write-up, and following the PS4 SELF_Info.exe release and recent 4.05 Experiments PlayStation 4 developer IDC made available some PS4 4.05 patches and hooks on Github to enable FSELF / FPKG loading with ShellCore patches (for fake PKG support) implementation yet to come.

Download: ps4-fake-405-master.zip / PS4Fake405 (Simplified payload makefile independent of libPS4) / GIT

To quote from the README.md: PS4 Fake 4.05

Patches and hooks to enable fself/fpkg loading for 4.05, as described by flatz in his writeup.


ShellCore patches (for fake PKG support) not yet implemented.

• fake_installer - Add payload and installer. (Compiled fake_installer.bin by akenateb and midos2010 with a compiled FSELF.zip working download link from DomyGX)
• fake_payload - Fix fake_payload.x for normal builds. (Compiled fake_payload.bin by akenateb and midos2010 with a compiled FSELF.zip working download link from DomyGX)

VVildCard777 lets us know "this is just step 1 fself loading, read the readme, shellcore patches still to come" as @zecoxao also notes on Twitter while you can "compile, run, and replace a system app eboot.bin with an fself, then try to boot the app. it'll run your homebrew instead" he reminds us "it's be better to wait for fpkg support."

Finally, if you haven't checked it out yet recently m0rph3us1987 added some PS4 5.01 kernel slides to fail0verflow's PS4 kexec repo.

 

[poolshark021]

Can compile fake_payload.bin only.

If we open payload_data.inc it only has one line of code:

#error "convert fake_payload.bin to byte array"

and if we see in main.c how this line is called:

const uint8_t payload_data_const[] =
{
#include "payload_data.inc"
};

It seems there is something missing there or I am missing something.

Maybe take the raw hex data from fake_payload.bin and put it in payload_data.inc and remove the #error line? I can't try until tonight

 

[Orgad]

Can someone upload the other payload please?

 

[akenateb]

Dunno if it is ok, but deleting this line it has compiled.

Maybe take the raw hex data from fake_payload.bin and put it in payload_data.inc and remove the #error line? I can't try until tonight

I tried this but it didnt work 4me.

 

[stripnwild]

So nice, you rock, you are the best.. Keep it like this and thank you alot.

Guys, the devs are giving their best to make this public and let us load pkg. At least say some good words and give them a bit of respect and motivation.

EXACTLY! we wouldn't have anything if it wasn't for Devs. When it comes it comes...if it doesn't then so be it. They have given a lot in the past so we wouldn't have had the great ps3 era right?! Thanks Devs! appreciate everything you do!

 

[irefuse]

Maybe take the raw hex data from fake_payload.bin and put it in payload_data.inc and remove the #error line? I can't try until tonight

in terminal: xxd --include fake_payload.bin > bytearray.txt
after copy hexcodes beetwen "{}" from bytearray.txt to
payload_data.inc, and try compile it.

 

[akenateb]

You can export Hex Text as well using any hex editor. Anyway it works I have not inserted "{}". Trying to figure out what´s next.

 

[Orgad]

Can you upload the two complied files please?

 

[akenateb]

of course.

• fake_installer.bin (4.35 KB)
• fake_payload.bin (2.32 KB)

R3g4rd$

 

[DomyGX]

build/main.o: in function "_main":

main.c:(.text+0x46a): reference not defined a "kexec"
collect2: error: ld returned 1 exit status
Makefile:25: set of instructions for the goal "fake_installer.bin" failed
make: *** [fake_installer.bin] Error 1

 

[poolshark021]

Did you have to do anything special to get fake_payload to build? I keep getting a linker error that boils down to "cannot find /tmp/cctTonXM.o" Which doesn't make any sense to me because I don't see it referenced anywhere in the source

Did you update and build the new ps4-payload-*** from idc's git? He updated it to include the new kexec syscall.