Category PS4 CFW and Hacks       Thread starter PSXHAX       Start date May 2, 2019 at 5:47 AM       8,967       31            
Following fail0verflow's PS4 Crashdumps / Kernel Dumping and PS4 Aux Hax Documentation alongside his recent PS4 Sflash0 Pack Tool, PlayStation 4 developer @SocraticBliss made available a PS4 Crash Dump Decryptor Python Script for scene devs on Twitter today.


From the Tweets below, here's what he had to say on it: "Still tweaking this somewhat, but decided to take a swing at fail0verflow's PS4 Crash Dump Decryptor script (since at this point its fairly outdated), enjoy!

Thanks goes out to notzecoxao, CelesteBlue123, and most of all fail0verflow! :)"
#!/usr/bin/env python

Crash Dump Decryptor by SocraticBliss (R)

Thanks to...
# Team FailOverflow
# CelesteBlue
# zecoxao

1) Replace  AES KEY # with the actual key
2) Replace HMAC KEY # with the actual key
3) Have orbiscore-systemcrash.orbisstate in the same directory
4) python


from binascii import unhexlify as uhx, hexlify as hx
from Crypto.Cipher import AES
from Crypto.Hash import HMAC, SHA256
import struct
import sys

class Header:
    def __init__(self, f):
        __slots__ = ('VERSION', 'OPEN_PSID', 'PADDING_1', 'PADDING_2',
                     'UNKNOWN', 'STATE', 'DATA_LEN', 'PADDING_3', 'DATA_HMAC')

        # Secure Header
        self.VERSION   = struct.unpack('<I',[0]
        self.PSID_ENC  = struct.unpack('<16s',[0]
        self.PADDING_1 = struct.unpack('<I13Q',[0]
        # Padding
        self.PADDING_2 = struct.unpack('<4Q',[0]
        # Final Header
        self.UNKNOWN   = struct.unpack('<2Q',[0]
        self.STATE     = struct.unpack('<Q',[0]
        self.DATA_LEN  = struct.unpack('<Q',[0]
        self.PADDING_3 = struct.unpack('<2Q',[0]
        self.DATA_HMAC = struct.unpack('<4Q',[0]

KEYS = [
    ['AES KEY 1','HMAC KEY 1'], # 1.01
    ['AES KEY 2','HMAC KEY 2'], # 3.55
    ['AES KEY 3','HMAC KEY 3'], # 4.05
    ['AES KEY 4','HMAC KEY 4'], # 4.07

def aes_ecb_encrypt(key, data):
    return, AES.MODE_ECB).encrypt(data)

def aes_ecb_decrypt(key, data):
    return, AES.MODE_ECB).decrypt(data)

def hmac_sha256(key, data):
    return, msg = data, digestmod = SHA256).digest()

def main (argc, argv):

    # 1) Read the Header
    with open('orbiscore-systemcrash.orbisstate', 'rb') as f:
        ps = Header(f)
        KD = KEYS[ps.VERSION][0]
        KC = KEYS[ps.VERSION][1]
        print('\nEncrypted PSID: %s' % hx(ps.PSID_ENC).upper())
        PSID_DEC = aes_ecb_decrypt(KD, ps.PSID_ENC)
        print('\nPSID: %s' % hx(PSID_DEC).upper())
        # HMAC DIGEST
        DIGEST = hmac_sha256(KC, ps.PSID_ENC)
        print('HASH: %s' % hx(DIGEST).upper())
        KD = DIGEST[0x10:]
        KC = DIGEST[:0x10]
        print('\nAES : %s' % hx(KC).upper())
        print('HMAC: %s' % hx(KD).upper())
        # 2) Dump Starts Here
        DATA_ENC =

    # 3) Utilize the proper key set to decrypt the data
    IV = '0000000000000000'
    DATA =, AES.MODE_CBC, IV).decrypt(DATA_ENC)

    # 4) Save the decrypted data
    with open('debug.bin', 'wb') as f:
    print('\nSaved to debug.bin')

if __name__=='__main__':
    sys.exit(main(len(sys.argv), sys.argv))
Crash Dump KeySeed
kd, kc
KEYS = [
    [b'8F86DDEDCBF24A44EB6C30607AA26F76', b'4125715AAB8B78E569F512E65CA62DD3'], # 1.01-3.15
    [b'63AEF79DC49969FD8997B2F60DB65F81', b'1800A5DE2D0F0652FA5602FFADD440AA'], # 3.50-3.70
    [b'05205507B7A154E08A7A38B1897563FB', b'AD334D142EAF8B9438DB00D1D0BFF357'], # 4.00-4.05
    [b'04C1A0961BBB0CB2140361B0956AAABA', b'052D2FF3014FB38CAAF6898CB899982A'], # 4.06-4.07 (to test)
Sealed Key Values

Keyset 1

Key = B5DAEFFF39E6D90ECA7DC5B029A8153E

Hash = 8707960A53468D6C843B3DC9624E22AF

Keyset 2
Key = EC0D347E2A7657471F1FC33E9E916FD4

Hash = A6D6583D3217E87D9BE9BCFC4436BE4F

Keyset 3
Key = 51D8BFB4E387FB4120F081FE33E4BE9A

Hash = FFF9BDEA803B14824C61850EBB084EE9

Keyset 4
Key = 346B5D231332AC428A44A708B1138F6D

Hash = 5DC6B8D1A3A0741852A7D44268714824

Dumped with getSealedKeySecret on 5.05

PS4 Crash Dump Decryptor Python Script via SocraticBliss.jpg



Senior Member
Those who are giving up and updating had already been late to to join the bandwagon as scene members constantly mentioned to stay on lowest firmware possible.

You know you who you are, you did listen to them when they told you to stop updating, and now you expect them to listen to your petty jailbreak requests. The scene isnt dead. You're not just a part of it.


I still got mine running on 5.0.5 and I actually thought about updating too because of some recent games that I'd love to play. Instead I bought some of my all-time-favs on disc an play them through again...
Certainly another kernel exploit will be released in this year ...


I don't know why some people still complain about "no new exploits"!!

You do understand that 5.05 or even lower exploited firmwares have all the tools for the homebrew scene. Higher than that is just about backups. I really don't know about those who earn money with backups (either with some hardware (like modchips) or just sells of modified systems/accounts/...) didn't paid yet some "high skill" folks to exploit the system for some 0day exploit lol... Maybe it can't be possible, or if it is just like they tried on PS3 days but failed, because it got released for everyone after.

The PS4 scene isn't dead for homebrew, but "dead" for backups (meaning newer games backs). They are different things.

Even if in some countries the games might cost a lot, i bet the users can save some money to buy, trade or whatever second hand games (or even share with a close friend/family member, like i do for PS4/X1 with my cousin, we buy all the digital purchases 50/50).

You don't need to buy a game right after its release you can wait a while. There's lots of F2P games you can play online (if you have a internet connection lol) for PS4, cause for those you don't need a PLUS sub., like you need on X1, cause you can't play any game, even F2P without a GOLD sub. with it.

This only for the people that are bored or don't like the available backups for the existing higher public exploit (thats 5.05) or even don't like to use a PS4 with linux or other homebrew stuff.

I think if a new exploit pops up it will be after the new PS is released (next year maybe!?). Till then, wait or update. Not being general of course, cause some do enjoy the current exploits.

Me, for example, i do have more than one PS4 (bought some second hand with hardware problem and fix some) so i do enjoy the public exploits and do use the other(s) for newer games and online. If no new exploit gets to public, i don't mind.

This is just my personal opinion on this subject.


Senior Member
I made cheap PC for AAA games, enjoying a lot on window 10
thanks to Codex & CPY !!

on other hand my ps4 is only for exclusive & enjoying online too;
NO more waiting or no more warning !!!

so keep waiting 5.05 users, God knows when will u get kexploit for your system ?


The scene for PS4 and future consoles are dead I think too and devs will sell the exploits to Sony I think in future. It's hard to see but that's fact
Recent Articles
Some of the PlayStation 4 E3 2019 PS4 Trailer Videos!
We've seen a Watch Dogs: Legion PS4, Marvel Avengers: A-Day PS4 and some Final Fantasy VIII Remastered & Final Fantasy VII Remake PS4 videos from E3 2019, and below are several more PlayStation 4...
Crash Team Racing: Nitro-Fueled Races to PS4 Next Week
CTR racers on your mark, get set, go... as Crash Team Racing: Nitro-Fueled speeds onto PlayStation 4 next week. 🏎 🏁 Get ready to go fur-throttle in the fully-remastered and revved up to the max...
TurboGrafx-16 Mini, PC Engine Mini & PC Engine CoreGrafx Mini by Konami
A few months back we covered the Sega Genesis Mini reveal, and during E3 2019 Konami announced a TurboGrafx-16 Mini, PC Engine Mini and PC Engine CoreGrafx Mini on their official site for...
PS4 Firmware / System Software 6.80 Preview Program PUP and Features
As reported earlier this month, since their recent 6.71 PS4 OFW Update those enrolled in Sony's PlayStation Preview Program can now download and install the PS4 Firmware / System Software 6.80...