PS4 CFW and Hacks       Thread starter PSXHAX       680       0
Not open for further replies.


Staff Member
Many are aware Sony's PlayStation 4 video gaming console uses FreeBSD Open Source Software as outlined on Sony's site HERE, and today Software Engineer Don Olmstead briefly discusses WebGL / HTML5 and the PS4 while PS3 hacker kakarotoks confirms PS4 is running Webkit alongside preliminary PS4 Save Encryption from flynhigh09 as detailed below.

From Don Olmstead, to quote: "Now that the #PS4 has been released I can finally start talking about my piece of the puzzle.

When you login to your PS4 you are running #WebGL code. The PlayStation Store, the Music and Video Applications, as well as a good chunk of UX are all rendered within the browser.

I spent a good amount of time tuning our WebGL rendering engine, and I will be speaking at +SFHTML5 about how to optimize WebGL usage within the context of that work. There will be plenty of great tips on how you can speed up your own WebGL applications so get your slot now. And for those of you can't make it in person it will be live streamed on Google Developers Live."

From kakarotoks (via IRC):

[kakarotok] Saw this and thought I'd share before i forgot:
[mysis] heh i already guessed that the new ui could be html5 based :D
[kakarotok] I never thought of it but i should have guessed!
[kakarotok] Anyways that's good info for the wiki and means if we ever get jailbreak, should make things easy to modify
[mysis] its way faster etc. than using the xml xmb crap..
[kakarotok] Html... Javascript... Beurk
[mysis] but nice to seem someone confirming it
[mysis] *see
[kakarotok] Well, you know me :p
[kakarotok] If it's not C, then i disapprove..
[mysis] :)
[kakarotok] Yeah
[kakarotok] So... Ps4 ux is running webkit...
[kakarotok] *list all the webkit exploits*
[defyboy] wow nice

From flynhigh09: PS4 Save Format Research hey guys, today i'm starting this thread to Research the ps4 fileformat together...

We take the ps4 save of Assassin's Creed Black Flag (Save By CloudStrife - 10.28 MB)

PS4 Save Format
  • Save key File
  • Save BlockTable
Addional Info: I'm not sure yet how the structure is like, but it seems like they are using different blocks/Files, they might be using FilePackaging. Each block/file Is encrypted, encryption is not known yet, but it might be AES-CBC with IV and File Key...research will tell. The Encrypted Blocks start at 0x8000. The Key file might contain the keys we need to decrypt the fileblocks, but even the keyfile.bin might be encrypted.

Another possibility would be that the blocks are Encrypted with another Algorithm and uses the key/hash at the blocktable... time will tell. Please feel free to share your thoughts/research here, i will keep this thread updated whenever new information is available.

While I think we really need to examine a different game as well before we go defining whats what I concur about the blocks, the changes between two saves are rather uniform suggesting it's not a case of just shrouding the entire thing in encryption.

Taking into account what we already know about AC4 and it's save structure, unless the ps4 uses mandatory compression (doubtful) on saves I dobut there's any at work here because it doesn't show up on the xbox360 which if I remember also had some ps4 code in the xex suggesting they were probably brewed from very similar source. We'll know exactly what the actual gamesave looks like when we see it, until then it's just a case of dissection. The keyfile is going to be a pain no matter how involved it is, the fact it even exists is cause to complain, talk about over the top, typical Sony.

I'm pretty sure we're looking at the equivalent of a CON package, I seem to have already forgotten but doesn't the AC series also use multiple save files? Clearly there is some digging to be done. Does the ps3 bruteforcer have any possible application here? I never did check how that actually worked, didn't really care at the time, was just happy it existed.

Simply put: leet skillz+ ps4 *** leak+ eboot(?) examination = pwned. It's all a waiting game , I can tell I'm not going to be much help at the intial stages but I should be useful when it comes to designing a framework for editors.

But we really need more games to examine, what the hells the holdup? Theres at least 2 games out!

Files on the PS4 (via

[B]mountpoint / size / remarks[/B]

/dev/sdc17     1 GiB   
/dev/sdc31     16 GiB   
/dev/sdc27     420.12 GiB   
/dev/sdc13     8 GiB   
/dev/sdc9     1 GiB   
/dev/sdc10     1 GiB   
/dev/sdc11     1 GiB   
/dev/sdc12     1 GiB   
/dev/sdc19     8 GiB   
/dev/sdc1     512 MiB   
/dev/sdc3     1 GiB   
/dev/sdc5     16 MiB   
/dev/sdc7     128 MiB   
/dev/sdc29     1 GiB   
/dev/sdc25     6 GiB
Mountpoints - Hostdevices
BD content

├ ─ PS4
│ └ ─ UPDATE
├ ─ App
│ └ ─ CUSA00190
│ app.pkg
├ ─ bd
└ ─ license
Package Files

Download: UP2102-CUSA00042_00-BLACKLIGHT2ORBIS-A0101-V0102.pkg

Save Games

location: (USB:)\PS4\SAVEDATA\(xxxxxxxxxxxxxxxx)\CUSA00190 (in this case KillZone Shadow Fall)

Finally, from EussNL: Yes, the hub-chip flash of usb and sata has been dumped and shared on wiki here:

Download: usb-bridge.rar / usb-hub.rar

The main flash is not being documented yet as no one has one shared one yet (because it will be perconsole specific I can understand why people are less willing to share those)

With the current stability issues some people seem to experience (blue blinking light, black screen etc) I can understand people are less willing to open up their console and void warranty, however I would greatly welcome more closeup images of both sides of the board. In fact, images basically from everything, not just one source like ifixit.

Slight amendment is needed over here: If you look at the bottom, there is Save Games

location: \PS4\SAVEDATA\32c2a51736b44a00\CUSA00190

I think there should be a USB:\PS4\SAVEDATA\32c2a51736b44a00\CUSA00190 in front of the path.

I am sure save directory on the PS4 itself will look different. We can't know it until we have root access.

PS: Based on the structure, we can see that 32c2a51736b44a00 is properly either user ID or PSN ID.
Not open for further replies.
Recent Articles
Sony Reveals PS5 Details on Compatible PS4 Peripherals and Accessories
In PS5 News today, Sony revealed details on compatible PS4 peripherals and accessories with their upcoming PlayStation 5 console launch that is just months away now. After unveiling the PS5...
PS4 IPv6 UAF 6.70-6.72 Kernel Exploit with Patches, Maybe More Stable!
Since his PS4 Save Mounter Utility release, the PS4 6.20 ROP Execution Method, PS4 Webkit Bad_Hoist Exploit, 7.02 PS4 KEX, PS4 Webkit Exploit 6.72 Port, PS4 6.72 Jailbreak Exploit, Backporting PS4...
PS4 JSON-2-SHA1 Python Script for Game PKG Files by Hosamn
Following the JSON Format details, PS4 PKGs via SEN and the JSON Entitlement Grabber Add-on this weekend developer hosamn made available a PS4-JSON-2-SHA1 Python Script for use in checking the...
PKGDT: PS4 PKG Downgrade Tools GUI for Backporting Games by Gerfra
There's no shortage of options when seeking a Windows utility for PS4 Backporting games from 6.72 to 5.05 Firmware, with the latest being PKGDT which is a suite of PS4 PKG Downgrade Tools...