Category PS4 CFW and Hacks       Thread starter kizabg       Start date Sep 26, 2018 at 2:05 AM       16,865       23            
Proceeding his recent PS4 Debug Trophies ShellCore Patch, PlayStation 4 developer @flatz (Twitter) made available both an (f)SELF loader via server fPKG application and a PS4 Stub Library Maker (using OrbisLibGen generate stub files) on Github alongside a Windows compiled PKG version below by @zecoxao on Twitter to try fSELFs without installing the full Package file saving scene devs time testing changes. :notworthy:

Download: payload_ldr_with_POWER.pkg (7.88 MB - Compiled by notzecoxao) / payload_ldr_with_POWER_v2.pkg (7.88 MB - V2) / payload_ldr_v3.pkg (Payload LDR V3) / 505dev.tar.gz (587.59 KB) / 505dev.tar.gz (586.52 KB - Updated) / ps4-hen-vtx-master.tar.gz (80.78 KB - Adds Usermode Printf to Klog in HEN) / ps4_stub_lib_maker-master.zip / GIT / ps4_payload_ldr-master.zip / GIT

Also below is a brief demo video by Lil Xo of the PS4 Payload Loader launching before receiving a CE-34224-5 'Cannot start the application' error followed by a fixed version, and a screenshot of the ZLibTest.pkg being loaded ready to use.

:arrow: From the README, to quote: ps4_stub_lib_maker

Stub library maker (with sample library)

Prerequisites:
  • *** (oouch! need to move to open source *** in the future...)
  • Linux & Wine (I'm building it on trueOS but it could be backported to Windows)
:arrow: And from the other README, to quote: ps4_payload_ldr

(f)SELF loader via server (fPKG application)

Prerequisites:
Notices:
  • Jailbreaking/rooting requires custom syscall which does that (see jailbreak.c).
Code:
1st 0x117E0
2nd 0x63E24D
3rd 0x0x319A53
Small patch (5.01 offsets) to redirect userland printf into kernel's log (uart, etc) via Ybin.me:
Code:
DECLARE_FUNCTION(0xECB40, console_write, int, struct cdev* dev, struct uio* uio, int ioflag);
DECLARE_FUNCTION(0x49D640, deci_tty_write, int, struct cdev* dev, struct uio* uio, int ioflag);
DECLARE_FUNCTION(0x2A8010, cloneuio, struct uio*, struct uio* uiop);
DECLARE_VARIABLE(0x14B5E80, M_IOV, struct malloc_type*);

static int deci_tty_write__hook(struct cdev* dev, struct uio* uio, int ioflag) {
   struct uio* cloned_uio = NULL;
   int ret;

   cloned_uio = cloneuio(uio);

   ret = deci_tty_write(dev, uio, ioflag);

   if (cloned_uio) {
       if (*console_cdev)
           console_write(*console_cdev, cloned_uio, ioflag);
       free(cloned_uio, M_IOV);
   }

   return ret;
}

*(uint64_t*)(kernel_base + 0x19FC168) = (uint64_t)&deci_tty_write__hook;
Ops, forgot this:
Code:
DECLARE_VARIABLE(0x1AC5158, console_cdev, struct cdev**);
This my patch also enable kprintf for mira logger 5.05FW >
Code:
kmem = (uint8_t *)&gKernelBase[0x00436136];
kmem[0] = 0xEB;
kmem[1] = 0x1E;
And from zecoxao also comes a brief guide on testing your own PlayStation 4 homebrew, to quote:

Tools:
Step0: If needed for your homebrew, put ALL resources inside /data/ (specify the path in your homebrew as well)
Step1: Create a folder called self inside data folder (You can use ftp or orbisman for this)
Step2: Launch HEN 1.8
Step3: If needed, launch mira aswell(for logging your homebrew/game while it's being tested)
Step4: Install payload_ldr pkg
Step5: Launch payload ldr (the screen should hang at start)
Step6: Send the main eboot (it MUST be a self file)
Code:
sender.py --endpoint 192.168.1.4 eboot.bin
Other options are available but for now i'll only use this one

Step7: Your homebrew should now run and (if you have it) logs should be displayed on putty/some other Telnet/Serial logger
Cheers to @DEFAULTDNB and @Wultra for the PS4 scene news tips earlier today! :beer:
PS4 Payload fSELF Loader via Server & Stub Library Maker by Flatz.jpg
 
:idea: Reminder: Those without a Verified Badge yet on Discord to access the private areas we recommend Joining Us! Why? The waiting process takes a week for new Members, and there's a lot we're unable to share on public forums including the latest PS4 PKG Games. 🏴‍☠️

Comments

Recent Articles
PS4 Webkit Bad_Hoist 6.72 Exploit Port WIP by Sleirsgoevy & 6.72 Dumps
Proceeding his PS4 ROP 8CC Port and the 7.02 PS4 Kernel Exploit (KEX) release, PlayStation 4 scene developer sleirsgoevy added a work-in-progress (WIP) port of the PS4 Webkit Bad_Hoist 6.XX...
DiRT 5, Vampire: The Masquerade & Werewolf: The Apocalypse PS5 Trailers
Following the PS5 hacking-themed Recompile Gameplay footage, today we have some new PlayStation 5 video game trailers for off-roader DiRT 5, Vampire: The Masquerade - Swansong and Werewolf: The...
Sony Reveals PlayStation Now Games for July, 2020
Today Sony revealed the latest additions to their PlayStation Now video game streaming service for the month of July, featuring Watch Dogs 2, Street Fighter V and Hello Neighbor. :cool: According...
PS4 Kernel Exploit (KEX) for 7.02 Firmware, Wait for Jailbreak Before Updating!
As promised last month, PlayStation 4 scene developer theflow0 just dropped the PS4 Kernel Exploit (KEX) for Firmware 7.02 and below which was patched by Sony in 7.50 PS4 OFW (Current OFW is 7.51)...
Top