Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Nov 22, 2016 at 10:41 PM       11,571       18            
Last week we saw a PS4 API Demo from them, and today PlayStation 4 developers @kurt2467 and @BadChoicesZ are back with some more PS4 GTA V hax with full natives working... meaning any hacks that were possible on PS3 are now possible on Sony's PlayStation 4 console! :thumbup:

Here's the latest Grand Theft Auto V PS4 video demo from kurt2467's YouTube channel with the caption below, to quote: [PS4] Some More GTA V Hax

I finally got all of the natives to work! This means that anything that was possible on PS3, is possible on PS4 :D

PlayStation 4 GTAV Modding C# Code by Kurt2467 (Remote Procedure Calls)
From Pastebin.com: [PS4] GTA V RPC
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace PS4_GTA
{
    public class RPC
    {
		private uint nativeArgBase = 0;
        private uint hookAddress = 0;
        private uint rpcCodeAddress = 0;
        private List<uint> nativeFuncList = new List<uint>();
        private List<UInt64> nativeHashList = new List<UInt64>();

        public RPC()
        {
            nativeArgBase = 0x2DCD820;
            hookAddress = 0xD8F480;
            rpcCodeAddress = 0x5046D0;
        }

        public void InitRPC()
        {
            WriteU64(nativeArgBase, 0);
            byte[] hook = new byte[] {
                0x55, //push rbp
                0xE8, 	0x4A, 	0x52, 	0x77, 	0xFF, //call 0x5046D0
                0x5D, //pop rbp
                0xC3, //retn
            };
            byte[] asmx86 = new byte[] { 
                0x55, //push rbp
                0x41, 	0x52, //push r10
                0x53, //push rbx
                0x49, 	0xC7, 	0xC2, 	0x20, 	0xD8, 	0xDC, 	0x02, //mov r10, 0x2DCD820
                0x49, 	0x8B, 	0x1A, //mov rbx, [r10]
                0x48, 	0x85, 	0xDB, //test rbx, rbx
                0x74, 	0x1A, //jz 0x5046FB
                0x48, 	0xC7, 	0xC7, 	0x30, 	0xD8, 	0xDC, 	0x02, //mov rdi, 0x2DCD830
                0xFF, 	0xD3, //call rbx
                0x49, 	0xC7, 	0xC2, 	0x20, 	0xD8, 	0xDC, 	0x02, //mov r10, 0x2DCD820
                0x48, 	0xC7, 	0xC3, 	0x00, 	0x00, 	0x00, 	0x00, //mov rbx, 0
                0x49, 	0x89, 	0x1A, //mov [r10], rbx
                0x5B, //pop rbx
                0x41, 	0x5A, //pop r10
                0x5D, //pop rbp
                0xC3, //retn
            };
            SetMemory(rpcCodeAddress, asmx86);
            SetMemory(hookAddress, hook);
            WriteU64(nativeArgBase + 0x10, nativeArgBase + 0x50);
            WriteU64(nativeArgBase + 0x20, nativeArgBase + 0x70);
        }

        public uint GetNativeAddress(UInt64 nativeHash)
        {
            uint nativeTable, index;
            UInt64 nativeAddy;
            nativeTable = 0x3644A28;
            index = (uint)nativeHash & 0xFF;
            nativeAddy = ReadU64(nativeTable + (index * 8));
            while (nativeAddy != 0)
            {
                uint count = ReadU32(nativeAddy + 0x40);
                for (uint i = 0; i < count; i++)
                {
                    UInt64 hash = ReadU64(nativeAddy + 0x48 + (i * 8));
                    if (hash == nativeHash)
                    {
                        return ReadU32(nativeAddy + 0x8 + (i * 8));
                    }
                }
                nativeAddy = ReadU64(nativeAddy);
            }
            return 0;
        }

        public T CallRaw<T>(UInt64 address, params object[] args)
        {
            byte[] argBytes = new byte[0xA0];
            ArrayBuilder ab = new ArrayBuilder(argBytes);
            uint argStart = nativeArgBase + 0x70;
            uint strStart = nativeArgBase + 0x120;
            uint strCount = 0;
            uint nativeArgCount = 0;
            for (int i = 0; i < args.Length; i++)
            {
                if (args[i] is float)
                {
                    ab.Write.SetFloat((int)nativeArgCount * 8, (float)args[i], ArrayBuilder.ArrayWriter.EndianType.LittleEndian);
                    nativeArgCount++;
                }
                else if (args[i] is string)
                {
                    uint strPtr = (uint)strStart + (strCount * 0x20);
                    WriteString(strPtr, (string)args[i]);
                    ab.Write.SetUInt32((int)nativeArgCount * 8, strPtr, ArrayBuilder.ArrayWriter.EndianType.LittleEndian);
                    strCount++;
                    nativeArgCount++;
                }
                else if (args[i] is int)
                {
                    ab.Write.SetInt32((int)nativeArgCount * 8, (int)args[i], ArrayBuilder.ArrayWriter.EndianType.LittleEndian);
                    nativeArgCount++;
                }
                else
                {
                    UInt64 tmp = Convert.ToUInt64(args[i]);
                    ab.Write.SetUInt64((int)nativeArgCount * 8, tmp, ArrayBuilder.ArrayWriter.EndianType.LittleEndian);
                    nativeArgCount++;
                }
            }
            SetMemory(argStart, argBytes);
            System.Threading.Thread.Sleep(10);
            WriteU64(nativeArgBase, (UInt64)address);
            System.Threading.Thread.Sleep(30);
            object ret = 0;
            if (typeof(T).ToString() == "System.Int32")
            {
                ret = ReadI32(nativeArgBase + 0x50);
                ret = (T)Convert.ChangeType(ret, typeof(T));
            }
            if (typeof(T).ToString() == "System.Int64")
            {
                ret = ReadI64(nativeArgBase + 0x50);
                ret = (T)Convert.ChangeType(ret, typeof(T));
            }
            if (typeof(T).ToString() == "System.UInt32")
            {
                ret = ReadU32(nativeArgBase + 0x50);
                ret = (T)Convert.ChangeType(ret, typeof(T));
            }
            if (typeof(T).ToString() == "System.UInt64")
            {
                ret = ReadU64(nativeArgBase + 0x50);
                ret = (T)Convert.ChangeType(ret, typeof(T));
            }
            if (typeof(T).ToString() == "System.Single")
            {
                ret = ReadFloat(nativeArgBase + 0x50);
                ret = (T)Convert.ChangeType(ret, typeof(T));
            }
            if (typeof(T).ToString() == "System.Single[]")
            {
                float[] fRet = new float[3];
                fRet[0] = ReadFloat(nativeArgBase + 0x50);
                fRet[1] = ReadFloat(nativeArgBase + 0x58);
                fRet[2] = ReadFloat(nativeArgBase + 0x60);
                ret = (T)Convert.ChangeType(fRet, typeof(T));
            }
            return (T)ret;
        }

        public T CallFunc<T>(UInt64 nativeAddress, params object[] args)
        {
            return CallRaw<T>(nativeAddress, args);
        }

        public T CallHash<T>(UInt64 nativeHash, params object[] args)
        {
            uint func;
            if (nativeHashList.Contains((UInt64)nativeHash))
                func = nativeFuncList[nativeHashList.IndexOf((UInt64)nativeHash)];
            else
                func = GetNativeAddress((UInt64)nativeHash);
            if (func != 0)
            {
                nativeHashList.Add((UInt64)nativeHash);
                nativeFuncList.Add(func);
                return CallRaw<T>(func, args);
            }
            return (T)Convert.ChangeType(0, typeof(T));
        }
	}
}
From Pastebin.com: ArrayBuilder.cs
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace PS4_GTA
{
    public class ArrayBuilder
    {
        private byte[] buffer;
        private int size;

        public ArrayWriter Write
        {
            get
            {
                return new ArrayWriter(this.buffer);
            }
        }
        public ArrayBuilder(byte[] bytes)
        {
            this.buffer = bytes;
            this.size = bytes.Length;
        }
        public class ArrayWriter
        {
            private byte[] buffer;
            private int size;

            public enum EndianType
            {
                LittleEndian,
                BigEndian
            };

            public ArrayWriter(byte[] bytes)
            {
                this.buffer = bytes;
                this.size = bytes.Length;
            }

            public void SetByte(int pos, byte value)
            {
                this.buffer[pos] = value;
            }
            public void SetInt32(int pos, int value, EndianType Type = EndianType.BigEndian)
            {
                byte[] bytes = BitConverter.GetBytes(value);
                if (Type == EndianType.BigEndian)
                    Array.Reverse(bytes, 0, 4);
                for (int i = 0; i < 4; i++)
                    this.buffer[i + pos] = bytes[i];
            }
            public void SetInt64(int pos, Int64 value, EndianType Type = EndianType.BigEndian)
            {
                byte[] bytes = BitConverter.GetBytes(value);
                if (Type == EndianType.BigEndian)
                    Array.Reverse(bytes, 0, 8);
                for (int i = 0; i < 8; i++)
                    this.buffer[i + pos] = bytes[i];
            }
            public void SetUInt32(int pos, uint value, EndianType Type = EndianType.BigEndian)
            {
                byte[] bytes = BitConverter.GetBytes(value);
                if (Type == EndianType.BigEndian)
                    Array.Reverse(bytes, 0, 4);
                for (int i = 0; i < 4; i++)
                    this.buffer[i + pos] = bytes[i];
            }
            public void SetUInt64(int pos, UInt64 value, EndianType Type = EndianType.BigEndian)
            {
                byte[] bytes = BitConverter.GetBytes(value);
                if (Type == EndianType.BigEndian)
                    Array.Reverse(bytes, 0, 8);
                for (int i = 0; i < 8; i++)
                    this.buffer[i + pos] = bytes[i];
            }
            public void SetBytes(int pos, byte[] value)
            {
                for (int i = 0; i < value.Length; i++)
                    this.buffer[i + pos] = value[i];
            }
            public void SetString(int pos, string str)
            {
                byte[] bytes = Encoding.UTF8.GetBytes(str + '\0');
                for (int i = 0; i < bytes.Length; i++)
                    this.buffer[i + pos] = bytes[i];
            }
            public void SetFloat(int pos, float value, EndianType Type = EndianType.BigEndian)
            {
                byte[] bytes = BitConverter.GetBytes(value);
                if (Type == EndianType.BigEndian)
                    Array.Reverse(bytes, 0, 4);
                for (int i = 0; i < 4; i++)
                    this.buffer[i + pos] = bytes[i];
            }
        }
    }
}
Thanks @raedoob and @GrimDoe for sharing the news in the PSXHAX Shoutbox! <3
PS4 GTA V Hax Demo Anything on PS3 Now Possible on PlayStation 4.jpg
 

Comments

R0rke

Super Power
Senior Member
Contributor
good , this tool will be available on any firmware ? i mean latest. and also can we use for GTA ONLINE Too ?
 

HydrogenNGU

Element
Senior Member
Contributor
Want more top-notch news for today? Well some of my buddies on NextGenUpdate; best coders that create insane mod menus have already got there hands on a 1.76 PS4 Console ready to create things. Not stating any names, but many stated they have no point of interest unless they find a way to go online, then that's when it's officially over for Rockstar. #YaDoneFukdUpSony
 

Thisismrnameles

Developer
Senior Member
Contributor
That's awesome! What firmware does this work on? Is it only for offline games or GTA online?
Fw 1.76
And it would work for online, but they would need a way to spoof to 4.06 for it to work
good , this tool will be available on any firmware ? i mean latest. and also can we use for GTA ONLINE Too ?
I believe it is only for 1.76
And for it to work only they would need to spoof to the lastest fw (4.06) :)
 
Recent Articles
PS5 DualSense: New Wireless PlayStation 5 Game Controller Unveiled!
We've seen PS5 developer pictures of DualShock 5 (DS5) Controllers followed by the PS5 Hardware Specs, and today Sony officially unveiled images of the PS5 DualSense new wireless PlayStation 5...
Call of Duty: Modern Warfare Season 3 PS4 Exclusive Content and Trailer
Since their CoD: MW2 PS4 Campaign Remastered publisher Activision in conjunction with developer Infinity Ward announced details on the exclusive PlayStation 4 content in Modern Warfare Season 3...
Sony Reveals New PlayStation Now Games for April 2020
Joining the ranks of the latest PlayStation Now games for April 2020 are Marvel's Spider-Man, Just Cause 4 and The Golf Club 2019 for PS Now members. :cool: Below you'll find additional details...
Indie PlayStation 5 Game Soulborn Alpha Trailer by Pixelmad Studios
Proceeding the Godfall PS5 and Outriders PS5 trailers, Indie game Publisher Pixelmad Studios made available a Soulborn Alpha Trailer video of their upcoming PlayStation 5 openworld RPG adventure...
Top