PS4 EBOOT / ELF FW Patcher Barthen Method, Playable Scene Group

To kick things off on this Valentine's Day hot on the heels of recent PS4 scene group MarvTM comes news via Malatya of another known as Playable, who is also doing PS4 4.05 PKG releases including The_Last_of_US_Remastered_EUR_FW_405_PS4-Playable... and even DUPLEX is now doing 4.05-friendly PS4 releases including Uncharted.4.A.Thiefs.End.PS4-DUPLEX.

Next up, @CelesteBlue passed along a Pastebin guide via Twitter from Barthen on how to lower the firmware requirement in ELF and PRX files which can be found below.

Following that method and the Free PS2 Pub Gen / Fake PKG Tools releases, PlayStation 4 developer @cfwprophet shared some updates on Twitter including Fake_PKG_Tools_v1.3.rar and an ELF FW Patcher v1.0 which patches the Firmware Version hex number of one or more PS4 ELF files for those working on getting newer titles running on 4.05 OFW.

From Barthen: How to lower the firmware requirement in ELF and PRX files

Example of lowering the firmware required for files compiled with the leaked 4.50 *** (tested on 4.05) hex editing some bytes:

1. In the ELF section called "sce_process_param" we patch the reversed *** version (there should only be one instance of the pattern): search for "01 81 50 04" and replace with "31 80 50 03"

2. In the ELF section called "sceversion" we patch the *** version (multiple instances of the pattern will be found): search for "04 50 81 01" and replace with "03 50 80 31"

3. Resign it with flatz's make_fself.py or add it to a PKG with cfwprophet's Fake_PKG_Generator

4. Profit

5. A side effect of this is that if someone is able to dump games on higher firmwares (ex. 5.05) it SHOULD be possible to play those games in lower firmwares (ex 4.05) with this method, unless the games uses functionality added on newer ***s

From the ReadMe.txt: ELF FW Patcher v1.

• Select one or more Files or a Folder to patch.
• Enter FW version hex numbers into the to Lookup Text Field.
• Enter FW version hex numbers into the to Patch Text Field.
• Click Patch FW Button.

Status Strip is currently broken......need to invoke it. I'll ix that later.

Patch Method by Barthen

Have Fun -cfwprpht-

Here's a video via @toni1988 from Cyb3r on YouTube, with a rough translation as follows:

We already have the clear sign that there is something forceful in PS4 firmware 5.05 where it looks like can massively launch games from a USB external storage disk. Still better than in 4.05. Everyone's question is when will the release be? We will not be able to prove it but if it comes out we will have to update.

Finally, @Bassabov shared a Horizon Zero Dawn Russian Video Demo (a translation would be great) alongside another via @GritNGrind from kbarticle for those interested.

Thanks to @bonusball, @kizabg, @Orgad, @sdlc, @spyro2670 and @ziobleed for the news tips in the PSXHAX Shoutbox today, and enjoy your Valentine's Day everyone!

 

[boybergamo76]

because it's private, but at 99% i know the procedure used and how it would work, i talked with a guy and his "hints" helped me to guess the procedure!

Spoofing does not give you the valid decryption keys.

This is the point, there is no new keys needed, sony change key set every major release. So games for 4.07 can run on 4.05 once patched, first spoof to make the retail run, dump and patch eboot and sprx to create a fake pkg.

 

[SSShowmik]

Hints you say?

 

[showmethehax]

This gives me the horn!

 

[73n1x69]

The obstacles are 2:

• the decryption keys
• the version of hardcoded in ELF and PRX files (the subject of this news)

Admitted and not granted that the game "ABC" that we want has been encrypted with the same keys of the 4.05 firmware (because released on 4.07 firmware, that is only a minor release compared to 4.05), the point is always that the installation of the legit game made by the dumper, would not work.

In the phase of installation (even from the legit disk and before we can patch anything) the console will compare its own fw version with the fw version hardcoded in ELF and PRX files and the system will prevent you from finishing the installation.

So the problem is always the same: to dump a >4.05 game, you need a >4.05 kexploit. Or at most, always admitting that the keys of encryption are the same, we could take a 4.05 kexploited console and spoof the firmware from the console side , and not from game side like described in this news.

But, as what i know, noone has still managed to do something like this.. Correct me if i'm wrong, my friend!

 

[cabronez]

If someone gives us the needed payload to change system version on kernel, if changing version is enough, if keys from 4.05 up to 4.07 hadn't been changed so we'll be able to dump any game released before March 9th, 2017 maybe some ones weeks after that.

 

[DouglasteR]

Anyway, we know that our "qualified" friends are really into it. So one can concur that it's only a matter of time.

 

[gasso]

Exactly this is the way

I tried with a console 1.76 where there is a public payload of spoof at 5.00, I installed a cd of a game for 4.73 and using ftp for 1.76, because with ps4-ftp-vtx gives me limited access I managed to extract everything except that which serves in sandbox, where no CUSA appears to me

So definitely with a payload of 4.05 spoof to higher firmware and solving the problem that once installed the game if you try to start it after the first screen gives you error, probably by modifying the files with this new system you can dump a superior game on 4.05

 

[teuira]

@llepo don't u have a HZD dump ?

 

[phaedrus]

We not understand why not possible extract key from newer fw, add to 4.05 exploited. 5.05 crypto key change keylength or algo? or just new key? possible add new key to replace old one often. Suggest this as vector as lack lab make experiment, ps4 hardware down

 

[73n1x69]

@phaedrus keys are in the SAMU....
And for now, and maybe long future, we don't have any access to the SAMU.