Category PS4 CFW and Hacks       Thread starter PSXHAX       Start date Sep 13, 2016 at 11:27 PM       8,387       3            
Many moons ago the PS3 Controller EEPROM (Electrically Erasable Programmable Read-Only Memory) was dumped, and moving to the PlayStation 4 generation following zecoxao's recent PS4 SFlash Guide comes a PS4 EEPROM Dumper to (you guessed it :coffee:) dump the console's EEPROM Non-Volatile Storage data.

Download: eeprom.7z (5.39 KB) / eeprom.7z (Mirror)

Below are some related replies from totallynotzecoxao as Twitter tends to blow balls at times with partial embeds:
From Pastebin.com:
Code:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <inttypes.h>


#include <machine/_types.h>
#include <unistd.h>
#include <errno.h>
#include <assert.h>
#include "kmain.h"

#include <arpa/inet.h>
#include <netinet/in.h>

#include <signal.h>

#include <machine/cpufunc.h>

#include <sys/_stdint.h>
#include <sys/sysent.h>
#include <sys/_types.h>
#include <sys/syscall.h>
#include <sys/socket.h>
#include <sys/mman.h>
#include <sys/sysctl.h>
#include <sys/ptrace.h>
#include <sys/errno.h>
#include <sys/proc.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/user.h>
#include <sys/mutex.h>
#include <sys/lock.h>
#include <sys/sysproto.h>
#include <sys/uio.h>
#include <sys/wait.h>
#include <machine/reg.h>

#include <ps4/standard_io.h>
#include <ps4/kernel.h>
#include <ps4/register.h>
#include <ps4/socket.h>
#include <ps4/stream.h>
#include <ps4/type.h>

#include <sce/kernel.h>


#define IP(a, b, c, d) (((a) << 0) + ((b) << 8) + ((c) << 16) + ((d) << 24))
#define TCP_NODELAY 1



int main(int argc, char **argv)
{
    void *sceSblACMgrIsVideoplayerProcess;
    //char *sceSblRCMgrIsAllowDisablingAslr;
    char *mem;
    char *mem2;
 
    int64_t ret;
    int r;
    //char *dump;

    printf("uid: %zu\n", getuid());
    ps4KernelCall(ps4KernelPrivilegeEscalate);
    //ps4KernelCall(ps4KernelDebugEnable);  //causing uid 1 and crash
    printf("uid: %zu\n", getuid());

    sceSblACMgrIsVideoplayerProcess = (void *)ps4KernelCall(ps4KernelDlSym, "sceSblACMgrIsVideoplayerProcess");
    //sceSblRcMgrIsAllowDisablingAslr = (void *)ps4KernelCall(ps4KernelDlSym, "sceSblRcMgrIsAllowDisablingAslr");
 
    mem = malloc(64);
    memset(mem, 0x90, 64);
    strcpy(mem, "Hello World!");

    printf("mem: %p: %s\n", mem, mem);
    ps4StandardIoPrintHexDump(mem, 48);
    r = ps4KernelExecute((void *)kmain1, mem, &ret, NULL);
    printf("mem: %p: %s\n", mem, mem);
    ps4StandardIoPrintHexDump(mem, 48);
    printf("[K1] r: %i, ret: %"PRIxPTR"\n", r, ret);

    ps4KernelCall(ps4KernelMemoryCopy, sceSblACMgrIsVideoplayerProcess, mem, 32);
    ps4StandardIoPrintHexDump(mem, 48);

    r = ps4KernelExecute((void *)kmain2, mem, &ret, NULL);
    printf("[K2] r: %i, ret: %"PRIxPTR"\n", r, ret);

    ps4KernelCall(ps4KernelMemoryCopy, sceSblACMgrIsVideoplayerProcess, mem, 32);
    ps4StandardIoPrintHexDump(mem, 48);

    r = ps4KernelExecute((void *)kmain3, mem, &ret, NULL);
    printf("[K3] r: %i, ret: %"PRIxPTR"\n", r, ret);

    ps4KernelCall(ps4KernelMemoryCopy, sceSblACMgrIsVideoplayerProcess, mem, 32);
    ps4StandardIoPrintHexDump(mem, 48);

/* Create socket for TCP-Dump */

    struct sockaddr_in server;

    server.sin_len = sizeof(server);
    server.sin_family = AF_INET;
    server.sin_addr.s_addr = IP(192, 168, 1, 65);
    server.sin_port = htons(9023);
    memset(server.sin_zero, 0, sizeof(server.sin_zero));
    int sock = socket(AF_INET, SOCK_STREAM, 0);
    connect(sock, (struct sockaddr *)&server, sizeof(server));
 
    int flag = 1;
    setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (char *)&flag, sizeof(int));
 
/* Dump E^2prom with banks and blocks :) */

    int64_t (*icc_nvs_read) (uint64_t bank_id,uint64_t block_id,uint64_t offset,uint64_t size,uint8_t *data_ptr) = (void *) 0xFFFFFFFF82639CD0;

    uint8_t buffed[0x10];
    int bank;
    int block;
    int h = 0;
    int u;

    printf("    [+] Enter the bank id you wish to dump with:");
    scanf("%d",&bank);
    printf("         [+] Enter the block id you wish to dump with:");
    scanf("%d",&block);
 
    if(block == 0){
        u == 0x3000;
    }
    else if(block == 1){
        u = 0x1000;
    }
    else if(block == 2){
        u = 0x800;
    }
    else if(block == 3){
        u = 0x800;
    }
    else if(block == 4){
        u = 0x3000;
    }
    else if(block > 4 || block < 0){
        printf("invalid block id, try using 0-4\n");
    }
    if(bank > 1 || bank < 0){
        printf("invalid bank id, try using 0-1\n");
    }
    else if(bank <= 1 && bank >= 0 && block <= 4 && block >= 0){
        printf("        [+] Dumping via icc_nvs_read with bank id:%d and block id:%d\n", bank, block);
        for(h=0;h<u;h=h+0x10){
            int64_t retz = ps4KernelCall(icc_nvs_read,bank, block, h, 0x10, buffed);
            if(retz == -1)perror("icc_nvs_read");
            else if (retz == 0){
                send(sock,buffed,0x10,0);
            }
        }
    }

/* Close sockets and free the mapped memory */
close(sock);
free(mem);


return EXIT_SUCCESS;
Download: syscon_die.jpg (13.76 MB)
Download: ps4_syscon.tif (209 MB)
PS4 SysCon Renesas Image: PS4 SysCon Chip Optical EFD / EDF Stitch
To quote from @zecoxao in the Tweet above: It seems that ps4 syscon is a custom Renesas RL78/G13 (100 pin) and it looks like superslim is also one of those.
Thanks to both and @mcmrc1 and @toni1988 for the news tip in the PSXHAX Shoutbox!
PS4 EEPROM Dumper.jpg
 

Comments

Recent Articles
OrbisGl2 LibOrbis Graphic Backend Based on Raylib for PS4 Homebrew
Following the LibOrbisNfs PS4 Port earlier this year, PlayStation 4 scene developer BigBoss announced today that an OrbisGl2 LibOrbis Graphic Backend Library based on Raylib is now available...
Call of Duty: Modern Warfare 2 PS4 Campaign Remastered Arrives
Starting today the new Call of Duty: Modern Warfare 2 Campaign Remastered is available on PlayStation 4 allowing PS4 fans to relive the classic campaign and get the Underwater Demo Team Classic...
PS3 System Software 4.86 Update Live, Don't Update Your Firmware!
Proceeding their previous PS3 OFW revision and recent PS3 Partial Message Service Ending announcement, today Sony pushed live a new PS3 Firmware / System Software 4.86 Update for those who still...
Lapy's River Raid 1.0 PS4 PKG Homebrew Game by Lapy05575948
Following the River Raid PS4 PKG Preview and his recent Easy PKG Extractor, PlayStation 4 homebrew developer @Lapy released a River Raid 1.0 PS4 PKG today on Twitter for those with a Jailbroken...
Top