Category PS4 CFW and Hacks       Thread starter PSXHAX       Start date May 2, 2019 at 5:47 AM       9,039       31            
Following fail0verflow's PS4 Crashdumps / Kernel Dumping and PS4 Aux Hax Documentation alongside his recent PS4 Sflash0 Pack Tool, PlayStation 4 developer @SocraticBliss made available a PS4 Crash Dump Decryptor Python Script for scene devs on Twitter today.


From the Tweets below, here's what he had to say on it: "Still tweaking this somewhat, but decided to take a swing at fail0verflow's PS4 Crash Dump Decryptor script (since at this point its fairly outdated), enjoy!

Thanks goes out to notzecoxao, CelesteBlue123, and most of all fail0verflow! :)"
#!/usr/bin/env python

Crash Dump Decryptor by SocraticBliss (R)

Thanks to...
# Team FailOverflow
# CelesteBlue
# zecoxao

1) Replace  AES KEY # with the actual key
2) Replace HMAC KEY # with the actual key
3) Have orbiscore-systemcrash.orbisstate in the same directory
4) python


from binascii import unhexlify as uhx, hexlify as hx
from Crypto.Cipher import AES
from Crypto.Hash import HMAC, SHA256
import struct
import sys

class Header:
    def __init__(self, f):
        __slots__ = ('VERSION', 'OPEN_PSID', 'PADDING_1', 'PADDING_2',
                     'UNKNOWN', 'STATE', 'DATA_LEN', 'PADDING_3', 'DATA_HMAC')

        # Secure Header
        self.VERSION   = struct.unpack('<I',[0]
        self.PSID_ENC  = struct.unpack('<16s',[0]
        self.PADDING_1 = struct.unpack('<I13Q',[0]
        # Padding
        self.PADDING_2 = struct.unpack('<4Q',[0]
        # Final Header
        self.UNKNOWN   = struct.unpack('<2Q',[0]
        self.STATE     = struct.unpack('<Q',[0]
        self.DATA_LEN  = struct.unpack('<Q',[0]
        self.PADDING_3 = struct.unpack('<2Q',[0]
        self.DATA_HMAC = struct.unpack('<4Q',[0]

KEYS = [
    ['AES KEY 1','HMAC KEY 1'], # 1.01
    ['AES KEY 2','HMAC KEY 2'], # 3.55
    ['AES KEY 3','HMAC KEY 3'], # 4.05
    ['AES KEY 4','HMAC KEY 4'], # 4.07

def aes_ecb_encrypt(key, data):
    return, AES.MODE_ECB).encrypt(data)

def aes_ecb_decrypt(key, data):
    return, AES.MODE_ECB).decrypt(data)

def hmac_sha256(key, data):
    return, msg = data, digestmod = SHA256).digest()

def main (argc, argv):

    # 1) Read the Header
    with open('orbiscore-systemcrash.orbisstate', 'rb') as f:
        ps = Header(f)
        KD = KEYS[ps.VERSION][0]
        KC = KEYS[ps.VERSION][1]
        print('\nEncrypted PSID: %s' % hx(ps.PSID_ENC).upper())
        PSID_DEC = aes_ecb_decrypt(KD, ps.PSID_ENC)
        print('\nPSID: %s' % hx(PSID_DEC).upper())
        # HMAC DIGEST
        DIGEST = hmac_sha256(KC, ps.PSID_ENC)
        print('HASH: %s' % hx(DIGEST).upper())
        KD = DIGEST[0x10:]
        KC = DIGEST[:0x10]
        print('\nAES : %s' % hx(KC).upper())
        print('HMAC: %s' % hx(KD).upper())
        # 2) Dump Starts Here
        DATA_ENC =

    # 3) Utilize the proper key set to decrypt the data
    IV = '0000000000000000'
    DATA =, AES.MODE_CBC, IV).decrypt(DATA_ENC)

    # 4) Save the decrypted data
    with open('debug.bin', 'wb') as f:
    print('\nSaved to debug.bin')

if __name__=='__main__':
    sys.exit(main(len(sys.argv), sys.argv))
Crash Dump KeySeed
kd, kc
KEYS = [
    [b'8F86DDEDCBF24A44EB6C30607AA26F76', b'4125715AAB8B78E569F512E65CA62DD3'], # 1.01-3.15
    [b'63AEF79DC49969FD8997B2F60DB65F81', b'1800A5DE2D0F0652FA5602FFADD440AA'], # 3.50-3.70
    [b'05205507B7A154E08A7A38B1897563FB', b'AD334D142EAF8B9438DB00D1D0BFF357'], # 4.00-4.05
    [b'04C1A0961BBB0CB2140361B0956AAABA', b'052D2FF3014FB38CAAF6898CB899982A'], # 4.06-4.07 (to test)
Sealed Key Values

Keyset 1

Key = B5DAEFFF39E6D90ECA7DC5B029A8153E

Hash = 8707960A53468D6C843B3DC9624E22AF

Keyset 2
Key = EC0D347E2A7657471F1FC33E9E916FD4

Hash = A6D6583D3217E87D9BE9BCFC4436BE4F

Keyset 3
Key = 51D8BFB4E387FB4120F081FE33E4BE9A

Hash = FFF9BDEA803B14824C61850EBB084EE9

Keyset 4
Key = 346B5D231332AC428A44A708B1138F6D

Hash = 5DC6B8D1A3A0741852A7D44268714824

Dumped with getSealedKeySecret on 5.05

PS4 Crash Dump Decryptor Python Script via SocraticBliss.jpg



Senior Member
@Czesio8094 it is sad but it is true, this scene is dead and isnt because of us... the guys that can do something prefer to do the baiting job... they just did something in the past to earn prestigious on this world so and now talk about that they dont like backups, hum hum true crap... "you did backup since 10 years and now your consciousness wake up?" we actually dont have to try to do something.

guys that are on 5.05, will you be in 2022 and still have to much to play? gl to you i prefer to update and pay 20 dollars for a Spider Man game.
Recent Articles
Samurai Shodown Joins New PS4 Game Releases Next Week
Thirteen beloved fighters return alongside three new ones to do battle in the legendary stage of Samurai Shodown on PS4 next week, featuring updated graphics, gameplay and a revolutionary new...
Marvel's Spider-Man PS4 Skeletal Models & Textures Tool by ID-Daemon
We've seen PS4 Game Texture Converters, a PS4 Game Model Data & Textures Extraction Guide, a PS4 Game Animations to Havok Files Converter and a PS4 Meshes / Textures Preview GUI with the latest...
Latest PlayStation Store Flash Sale Offers PSN Deals Under $10
It's been awhile since the last PS Store Flash Sale, and today Sony announced their latest PSN Flash Sale features deals under $10 with savings of up to 75% on select PlayStation Store titles...
Sony Introduces New Summer Additions to PlayStation Hits Lineup
Since their update last fall, today Sony announced the new summer 2019 additions to their PlayStation Hits videogame lineup. 🎇🧨🎆 Featured titles include Horizon Zero Dawn: Complete Edition, God...