Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Jul 30, 2018 at 1:30 AM       29,793       47            
Status
Not open for further replies.
It's been awhile since we last heard from Fail0verflow on PS4 Crashdumps and Kernel Dumping, but today they've made available a new trio of PlayStation 4 hacking documentation dubbed PS4 Aux Hax covering hacking the Aeolia (Southbridge), Syscon (System Controller) and DS4 (DualShock 4 Controller) for other developers to learn from! :notworthy:

The PlayStation 4 research can be found on their blog at Fail0verflow.com in the following pages for those who'd like to read through all the juicy details:
They also credit Volodymyr Pikhur for EAP / EMC work done including side-channel analysis, glitching and ROM recovery in his PS4 IPL AES + HMAC Key Recovery project, the original exploit and Recon Brussels 2018 presentation and PlayStation 4 developer @flatz who aided with reversing, bug hunting and hinted earlier today at signing PS4 CFW (PS4 Custom Firmware) through this research... although @Abkarino of Team Rebug also reminds everyone that more hardware exploiting work is necessary. :fire:

PlayStation 4 developer @xxmcvapourxx announced on Discord earlier today the following update synopsis, to quote:

"We could see possible of downgrade of PS4. Dont ask eta. No one ask about if this leads to 5.55 exploits just read."

Similar to the PS3, if a PS4 downgrader is a possibility in the future then less emphasis may be placed on decrypting newer PS4 kernels (such as the 6.00.elf / 6.00.i64 in PS4 Beta Firmware 6.00) in search of exploits and vulnerabilities with more focus on other areas of PlayStation 4 homebrew development. <3

From Pastebin.com- PS4 SYSCON KEYS:
Code:
FW_AES

5301C28824B57137A819C042FC119E3F

FW_CMAC

8F215691AC7EF6510239DD32CC6A2394

PTCH_AES

EF90B21B31452379068E3041AAD8281E

PTCH_CMAC

95B1AAF20C16D46FC816DF32551DE032

RL78_ID

3A4E6F743A557365643A
PS4 FW AES Key SHA 256 Hash: a8e7c33718e3b5a83e0fee1092b1b8cdc851115c94a381816295e22752893ce0
From kiwidog: Slow your roll there, this is just for the ARM chip, just like with the 5.01 EAP hack that was shown before, you will have NOTHING more than that, which is useless for 99.9% of people. Older firmwares didn't even have encryption NOR signing, just compile a elf and replace it and it booted. This has 0 affect on SAMU nor x64 and will not lead to downgrading or a hack (without a replay)

NEEDS KEY FROM SAMU WHICH WONT LEAK. THIS IS ALSO SPECIFICALLY FOR THE ARM CHIP NOT SAMU OR X64.

Also from kiwidog: It is something just not for end users. After discussing with shuffle and getting a bit more clarification. If you were to backup this communication you could replay it with hardware to downgrade, but ONLY TO FIRMWARES WHERE YOU CAPTURED THIS COMMUNICATION. Meaning everyone already on a non-hackable (to roll back to) firmware is out of luck.

Idea being, you were on 1.01, updated and captured when you went to 1.76, then you updated to 5.55, you could use your previously captured communication to downgrade back to 1.76 (allegedly/may be more information needed, but I have 0 reason to doubt shuffle/f0f). For everyone else, it's pretty much useless.

But I could see possibly if a modchip was designed around this principal, you could go online, grab your activation and rifs, downgrade back to a hackable firmware. You wouldn't be able to USE anything on the latest FW that you installed/customized, but when you roll back it should work (if the new games/apps don't require that latest fw).
From Pastebin.com- PS4 Keys:
Code:
Sha512:
20C0A6CEF170E27F050F4F5B269268C36EA5AC75591C957A7241FD1B1BBDF04ECD1C0594CCBA0CB5A6559F279A2FB71A3DF7CB80AC669AD27919228CC344C14F

0E8ED174506F6920907653782DB245B3AD5037235CD2AB0CE9E23DFB3D8B6A676913C63955CAA226820CA2BF0FBD407E101FF5714BB1CAE08BA0CA487B45B6EA

70761E4DD06961EE8662343D517B6C6381AD2C83103C289B0CDE466B13D8F802C41A14090E962F8D524D03D2C9D5FD05911CF78DF9005F8174CC5EE02EDEE04B

88D3C4A2D6878550553D6CE51390B08AC343FA626A55694FD43847CE9C9A69B1E12415C0CBE4BFD4C3F00C61B8F6B10A55388EED9606582C12364C4C2B2925C3

BB884CCD9219DD7DFA7FCDECCADFBFCF2265722DB769DCEA4C23AA032E0B385BE996D4EB237C62AE2C8A1AF1C50126885C47D89D258ED50E0102C443B80F881D

1B9DFC6132900667819F04EC3158EBA094766E4FFA8ECEED8D9046980FCF19CD29C575F6D750A48363DA00BD4D38830AA7686FA0821EE1BC14D71B62451E2EB3

678D7C92365F752E592F4C6851349E3FC52947907E34C11434573C2248DCB7739A6CA7A49A117EF17DB12CA976E57B97319B2F1D0A605C6B55713398301F4871

79E2DACFD89B04D680066E78EAE13BEE76171E54C5B842A123CB88E84602ADFDD709E66AC35FCD8FD8A749A112403DE432E8DFC6B2A1B9C7C6691CC49AB2BDAB

F082BBC7FC008210260ABCEB280733998CA17092A85E696A00D31697D8FB1DD044FB66353EE0164EC3F0ECF0E77F2FDEF0624134620A08CD9F5C5F32E500D7CC

78E748DD48EF5B6AA1A12D978F40CE998C97B71872D2D60C34892415E5E77F8CAE3D44F095763A462D64E865636B77627599CD96D986A8E1022E5030C2627ED7
To quote: Small update to Aux Hax: Nearly same methods are working against devices on recent PS4 Pro board NVB-003: Syscon A05-C0L2 (R5F101LL) Belize southbridge (CXD90046GG) Belize has ROM readout protection and clears stack... they're learning ;)

PS4 Aux Hax Hacking Aeolia, Syscon and DS4 by Fail0verflow!.jpg
 

Comments

Status
Not open for further replies.

PSXHAX

Staff Member
Moderator
Contributor
Verified
Aww.. why thanks @PLAYER 1! :kitty:

As I was posting this pandemonium struck when a bat went at one of my kitties so I separated them... hopefully it didn't have rabies, although I don't think it had a chance to bite. :slap:
 
Status
Not open for further replies.
Recent Articles
Stickman Zombie Attack PS4 Homebrew Game PKG by Med33
After a lot of work, I'm announcing Stickman Zombie Attack homebrew game PKG made with Unity for the PS4. 🧟‍♂️🧟‍♀️ Thanks to all the beta testers @jwooh, @DEFAULTDNB and @FFTHEWINNER they helped...
Free-to-Play Action RPG Dauntless Slashes Onto PS4 Tomorrow
Reminiscent of Fortnite, the Behemoth-slaying co-op action RPG Dauntless slashes onto PS4 tomorrow, is free-to-play and offers exclusive cosmetic gear for PS Plus members. 😀 Here's more on...
PS4Modding.net: PS4 Cheats and Modding Platform Trainers with Tools
Since the release of PS4 Reaper (debugger and trainer maker) the goal was to gather modders and gamers around one passion. Today we've come along way: 3 Universal Trainers (PC, Android, iOS)...
Orbis MSX Super Laydock: Mission Striker PS4 Homebrew PKG
Proceeding the MSXORBIS MSX Core from BigBoss and recent Resident Evil CODE: Vita PS4 homebrew game in development by @Markus95, this weekend @oneman123 shared on Twitter a shoot 'em up Orbis MSX...
Top