PS4 Decrypted Game Dumps Surface via Knights of the Fallen (KOTF)

Since the recent guides, tutorials and payloads to run PlayStation 4 game backups on 1.76 jailbroken consoles surfaced many have been waiting for ready-made decrypted dumps from PS4 scene release groups to appear... and today thanks to Knights of the Fallen (KOTF) they have!!

Thus far, we've seen Grand.Theft.Auto.V.READNFO.PS4-KOTF, Far.Cry.4.READNFO.MULTi7.PS4-KOTF and Assassins.Creed.IV.Black.Flag.READNFO.MULTi8.PS4-KOTF with the related PS4 NFO's available HERE, HERE and HERE (we'll add them below as we run across text versions).

• Grand.Theft.Auto.V.READNFO.PS4-KOTF - 42750 MB in 90 Files
• Far.Cry.4.READNFO.MULTi7.PS4-KOTF - 25327 MB in 54 Files
• Assassins.Creed.IV.Black.Flag.READNFO.MULTi8.PS4-KOTF - 20155 MB in 85 Files

+----------------------------------------------------------------------------+
¦¦¦¦¦ Installation Help ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦----------------------------------------------------------------------------¦
¦                                                                            ¦
¦ Current Requirements:                                                      ¦
¦                                                                            ¦
¦ 1.76fw PS4, socat, elf loader, terminal, ftp client, ftp payload, netcat   ¦
¦ decrypted game modules per game, extracted game and kernel hooks patch.    ¦
¦ if a kernal exploit is released for current firmwares, these dumps will    ¦
¦ work fine there also.                                                      ¦
¦                                                                            ¦
¦ Replace the files in CUSA?????-app0 with the files in CUSA?????-Crack      ¦
¦ Boot PS4, Enable FTP Payload, Navigate to Data and make the directory      ¦
¦ CUSA?????, FTP the contents of CUSA?????-app0 from this relase into the    ¦
¦ CUSA????? folder you just created. Reboot your PS4. Load the elf loader    ¦
¦ on your PC, open command prompt in, or cd to your "socat" directory.       ¦
¦ Launch the PS4 Browser and go to "elf loader", Once you have got to stage  ¦
¦ 5, execute this socat command. "socat -u FILE:kernel_hooks TCP:pS4ip:5054" ¦
¦ after it executes run, "netcat nc PS4ip 5088" when you see the message     ¦
¦ "Started Sucessfully" appear, press the PS button and launch Playroom to   ¦
¦ start the game.                                                            ¦
¦                                                                            ¦
+----------------------------------------------------------------------------+

+----------------------------------------------------------------------------+
¦¦¦¦¦¦¦¦ READNFO ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦----------------------------------------------------------------------------¦
¦ These dumps now work, All previous releases do not.                        ¦
¦                                                                            ¦
+----------------------------------------------------------------------------+

Cheers to both @Bassabov and @MadMan467 for passing along the GREAT news this morning in the PSXHAX Shoutbox, and here's looking forward to more games playable on 1.76 until a newer exploit surfaces publicly for higher PS4 Firmware versions!

 

[tERBO]

I've got CE-34878-0 error when launching Far Cry 4 from USB... Anybody knows how to fix it?

 

[wfire]

I've got CE-34878-0 error when launching Far Cry 4 from USB... Anybody knows how to fix it?

you put the right file name?
/ mnt / usb0 / XXXXX

KERNEL_HOOKS FOR STICK USB
https://www.sendspace.com/file/8xpycc

have you put the crack folder files? in place of the originals

 

[tERBO]

Yeap, files is in the right place. Last messages from nc:

what is the mapped page?... fffffe00482cf560 -> fffffe00482cf560
self_load_shared_object returning: 8
sys_dynlib_load_prx loading lib /app0/sce_module/libSceFios2.prx
ERROR: sys_dynlib_load_prx ret: 8
======================================
hook execve called
executing prog: /system/sys/coredump.elf
executing /system/sys/coredump.elf
argc 6
ffffff8046e00000  2f 73 79 73 74 65 6d 2f  73 79 73 2f 63 6f 72 65  |/system/sys/core|
ffffff8046e00010  64 75 6d 70 2e 65 6c 66  00 63 6f 72 65 64 75 6d  |dump.elf.coredum|
ffffff8046e00020  70 00 35 35 00 31 30 30  35 35 39 00 2d 31 36 31  |p.55.100559.-161|
td[38] = fffffe002a41bc00:
fffffe002a41bc58  07 00 00 00 00 00 00 38  00 00 00 00 00 1c 00 40  |.......8.......@|
fffffe002a41bc68  00 ff 00 00 00 00 00 80  00 00 00 00 00 00 00 00  |................|
fffffe002a41bc78  00 00 00 00 00 00 00 00  00 00 00 80 00 40 00 40  |.............@.@|
fffffe002a41bc88  00 00 00 00 00 00 00 80  00 00 00 00 00 00 00 08  |................|
fffffe002a41bc98  00 40 ff ff 00 00 00 f0  00 00 00 00 00 00 00 00  |.@..............|
fffffe002a41bca8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
fffffe002a41bcb8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
fffffe002a41bcc8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
fffffe002a41bcd8  00 00 00 00 00 00 00 00                           |................|
has hito payload? 0
header 120101001d3d154f
forwarding to exec_self_imgact
self_load_shared_object(fffffe003b504aa0,/system/common/lib/libkernel.sprx,fffffe00481f4600,0)
self_load_shared_object returning: 0
self_load_shared_object(fffffe003b504aa0,/system/common/lib/libSceLibcInternal.sprx,fffffe00481f8000,0)
self_load_shared_object returning: 0
exec_self_imgact: 0
entry point: 80e3bbd58
self_imgact_img[0xf0]
fffffe002a3744f0  06 00 00 00 00 00 00 38  00 00 00 00 00 1c 00 40  |.......8.......@|
fffffe002a374500  00 ff 00 00 00 00 00 80  00 00 00 00 00 00 00 00  |................|
fffffe002a374510  00 00 00 00 00 00 00 00  00 00 00 80 00 40 00 40  |.............@.@|
fffffe002a374520  00 00 00 00 00 00 00 80  00 00 00 00 00 00 00 08  |................|
fffffe002a374530  00 40 ff ff 00 00 00 f0  00 00 00 00 00 00 00 00  |.@..............|
fffffe002a374540  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
fffffe002a374550  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
fffffe002a374560  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
fffffe002a374570  00 00 00 00 00 00 00 00                           |................|
setting regs for /system/sys/coredump.elf rip(should be libkernel->start): 80e3bbd58
kernel entry
ffffff800241ac70  48 31 ed 48 83 ec 18 48  c7 c0 57 02 00 00 0f 05  |H1.H...H..W.....|
ffffff800241ac80  72 1f 48 c7 c0 57 02 00  00 49 89 fc 48 89 e6 48  |r.H..W...I..H..H|

stack_base 7efa52d30:
found? 0
execve: going back to usermode
self_load_shared_object(fffffe003b504aa0,/system/common/lib/libSceSysmodule.sprx,fffffe003b686400,0)
self_load_shared_object returning: 0
sys_dynlib_load_prx loading lib libSceSysmodule.sprx
self_load_shared_object(fffffe003b504aa0,/system/common/lib/libSceIpmi.sprx,fffffe00481f6200,0)
self_load_shared_object returning: 0
sys_dynlib_load_prx loading lib libSceIpmi.sprx
self_load_shared_object(fffffe003b504aa0,/system/common/lib/libSceRegMgr.sprx,fffffe003b686c00,0)
self_load_shared_object returning: 0
sys_dynlib_load_prx loading lib libSceRegMgr.sprx
self_load_shared_object(fffffe003b504aa0,/system/common/lib/libSceSysCore.sprx,fffffe00481f6800,0)
self_load_shared_object returning: 0
sys_dynlib_load_prx loading lib libSceSysCore.sprx
self_load_shared_object(fffffe003b504aa0,/system/priv/lib/libSceDipsw.sprx,fffffe00481f6c00,0)
self_load_shared_object returning: 0
sys_dynlib_load_prx loading lib libSceDipsw.sprx
self_load_shared_object(fffffe003b504aa0,/system/priv/lib/libmdbg_syscore.sprx,fffffe003b687000,0)
self_load_shared_object returning: 0
sys_dynlib_load_prx loading lib /system/priv/lib/libmdbg_syscore.sprx
sys_dynlib_load_prx loading lib libSceIpmi.sprx
self_load_shared_object(fffffe003b504aa0,/system/priv/lib/libmdbg_deci.sprx,fffffe00481f7600,0)
self_load_shared_object returning: 0
sys_dynlib_load_prx loading lib /system/priv/lib/libmdbg_deci.sprx

 

[Vituz85]

How did you manage to skip the coop screen at startup? When it started the game it always jumps to the coop start screen...

Have you started it through omsk or playroom? internal or external HDD?

 

[ash721]

F1_2017_EUR_PS4-TCD NFO
Madden_NFL_18_EUR_PS4-TCD NFO

Staff Note:
Spoiler

 

[Konsolenzocker]

I have a ps4 slim with 4.73 FW

There is nothing public yet for 4.73.
Best option is to stay as low as possible with your fw.
I bought last year a PS4 Pro because of the 4.0x exploit rumors, but nothing happened yet. Never updated this console.

OMSK is the only installable pkg on retail consoles yet (still 1.76) and has been found on kiosk consoles (those playable in the shops)
Now it is used to mount 2 games at the same time (one through OMSK, one through playroom)

 

[D3NN15]

Can anyone here help me out a bit with elf loader? Every site I've tried gives me the memory error and I am just unable to compile it on Ubuntu - I've been trying all day. If you could send me a compiled download or instructions on getting it to work, I'd be really grateful.

 

[sma74]

P.T. and GTA is working well
FarCry inst working , freeze on loading screen
can see a lot of "ERROR: sys_dynlib_load_prx ret: 2"
then ps4 crashing after few minutes

Can anyone here help me out a bit with elf loader? Every site I've tried gives me the memory error and I am just unable to compile it on Ubuntu - I've been trying all day. If you could send me a compiled download or instructions on getting it to work, I'd be really grateful.

Use docker, it's very easy

 

[D3NN15]

Use docker, it's very easy

I'm not that accustomed with Linux, so not sure if I'm doing this right. So, now what? What should I enter in the PS4 browser?

​

 

[sma74]

No need to compile:

docker run -p 5350:5350 --rm ps4dev/elf-loader&
from ps4 on browser type  <your_linux_ip>:5350
#after stabilizing on level 5 execute your elf:
socat -u FILE:./Downloads/kernel_hooks.elf TCP:<Your PS4 IP>5054
#then watch logs:
socat - TCP:<Your PS4 IP>:5088