Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.

PS4 4.05 Payload WIP for Game Modding, UART Enabler and RandTool

PS4 CFW and Hacks       Thread starter PSXHAX       Start date Dec 30, 2017 at 12:38 AM       13      
Status
Not open for further replies.
Continuing in the holiday rush since the 4.05 PS4 Kernel Exploit release, we've now seen a 4.05 Kernel Dump and Rizzo Signatures for 4.05 surface alongside some code (below) that scene developers can use for a payload to kick off PS4 4.05 game modding from Skillsofcape (aka @01cedric) following his work on the WEBRTM Game Mod Project. :veryhappy:

Next up, since the PS4 Fat, Slim and Pro Serial / Flash Pinouts were documented PlayStation 4 scene developer VVildCard777 turned up the heat after his PS4 Debug Settings Demo by sharing some UART Enabler 4.05 payload code (below) for developers interested in making use of the PS4 UART for further research. :ninja:

The PS4 PUP Unpacker also continues getting updated from Zer0xFF, while PlayStation 4 developer @zecoxao announced on Twitter that Zer0Tolerance discovered the method Sony uses for generating "metadata" in lv1 fselfs. :-D

4.05 Kernel
Code: 
proc_rwmem > 0xFFFFFFFF9F0B3BB0
Enjoy Game Modding on 4.05 (-: <3
proc_rwmem on 4.05 (for payload usage) (-:
Code: 
#define KERN_PROC_RWMEM 0x0ABBB0 int(*proc_rwmem)(int addr, int len) = NULL; proc_rwmem = (void *)&ptrKernel[KERN_PROC_RWMEM];
Happy Modding <3
kern_ptrace on 4.05 (for payload usage) (-:
Code: 
#define KERN_PTRACE 0x0AC230 int(*ptrace)(int req, int pid, void *argsAddr, int data) = NULL; ptrace = (void *)&ptrKernel[KERN_PTRACE];
Happy Modding <3
Disable Process ASLR 4.05 (Not tested):
Code: 
*(uint16_t *)0xFFFFFFFF9F28E202 = 0x63EB; #define DISBL_PROC_ASLR 0x286202
Kernel patch to disable process ASLR on 4.05
Code: 
*(uint16_t*)(kernelBase + 0x2862D6) = 0x9090;
DSa4cvUX4AIm4I3.jpg

uart enabler for 4.05 (-:
Code: 
uint16_t *securityFlags = (uint64_t *)(kernel_base+0x2001516); *securityFlags = *securityFlags & ~(1 << 15); *(char *)(kernel_base + 0x186b0a0) = 0;
right, i only solder 1 wire (tx on ps4) and attach gnd wire to hdd cage, then using like 5$ uart to usb i listen on arduino (serial montor). very simple.
Zer0Tolerance found the method Sony uses for generating the "metadata" in lv1 fselfs. Documentation Soon
fun fact: they use a random generator
Download: randtool-master.zip / GIT

From the README.md file: randtool

Implementation of the algo used to generate lv1 fselfs "metadata"
Thanks to @DarkElementPL, @FabOne, @raedoob, @Trojaner and @Wultra for the news tips in the PSXHAX Shoutbox earlier today! :lovewins:
PS4 4.05 Payload WIP for Game Modding, UART Enabler and RandTool.jpg
 
Click to expand...
PSXHAX
PSXHAX
Live in Your World, HAX in Ours!
Hello World! I've been reporting on Sony PlayStation hacking news since 2000 and started PSXHAX in 2014 to cover PlayStation (PSX), PlayStation 2 (PS2), PlayStation 3 (PS3), PlayStation 4 (PS4), PlayStation Portable (PSP), PlayStation Vita (PS Vita), PlayStation TV (PS TV) and next-gen PlayStation 5 (PS5) platforms along with anything else of interest.

Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM.

If you enjoy gaming and would like to write (unpaid) for this site, Contact Us and we'll be happy to have ya join our Authors! :)

Comments

Only a douchebag would point something like that out, everyone else pretty much realizes running this entire site and forums is done through the continuous hard work and dedication of a 1-man show they're blessed to be a part of.
 
Fantastic what in shortest time after releasing a exploit the devs are releasing :) From 0 to 100 in a just a second.

Sad i must wait for 4.55 exploit :( But if one is released they seems to be many good things to use then. Keep up the good work devs !!!
 
Status
Not open for further replies.

PSXHAX Categories

PS4 Jailbreak Status
PS5 Jailbreak Status

Latest Forum Topics

Share This Page

Back
Top