We've seen some leaks of Sony's PS4 DevKit *** alongside recent developments with the homebrew PS4SDK, and today PlayStation 4 developer vapour (aka @xxmcvapourxx) shared several handy PS4 tools including WebMAF's make_package_file to create PS4 PKG files with the included passcode which he states (if you have the correct files inside) will get an nice exploit running! 
Download: WebMAF_SDK_PS4.zip (96.4 MB) / Trilithium-PS4-SDK-1.0.4.zip (41.5 MB) / PublishingTools_for_NonGame-0_85_0_1548.msi (4.1 MB) / resolver-demo.jpg (Mirror - 134.3 MB) via B7U3 C50SS / Mirrors from jimbo11 / PS4_SDK_Tools.rar (134 MB - Mirror) / PlayStation 5 Suitest - Suitest supports a PlayStation 5 TestKit or DevKit. After setting up your PlayStation 5 console you will be able to run automated tests on HTML based applications (WebMAF and Media ***).
Here's the log from IRC, as follows:
[vapour] guess cturt gone off the scene oh damn
[HelsAngel] what do you mean
[vapour] well i've messaged him on twitter few times but not reply i have something for him...i gave him a few goodies a while back..
[HelsAngel] ah maybe hes taking a small break
[ZiL0G80] give me kernel exploit i have code exec too
[fearface_] On another note, I have two broken SAA-001, whoever pays for the shipping can have them
[vapour] why would you need a kernal i gave him a key already that will help him out...
[droogie] I'll take them both
[vapour] it's all in the documents i gave him
[fearface_] \?
[droogie] fearface_: I'll take them off your hands
[droogie] vapour: mind sharing?
[vapour] no sorry only people i know...
[vapour] i trust
[vapour] and if you want sharing ask cturt
[fearface_] droogie: Can you arrange shipping from Zurich, I can give you the pick up address and you organise DHL/FedEx or whatever is the chepeast.
[vapour] HelsAngel can you do me a favour when he comes on ask him to reply to my email on twitter ive sent him a new link..
[HelsAngel] i could say yes but chances of me forgetting are high
[vapour] its fine thanks
[vapour] i'll give it to zecoxao and he can give it to others
[HelsAngel] i bet he will be back though and reply to you
[vapour] im sure he will.thanks
[vapour] so here is the pkg passcode to protect files : 2GHPoQlC60u2fknmepZ2W7K5fPPK_eC if you want the bat files to decrypt and encrypt pkg it's a 32bit ascii
[vapour] WebMAF_SDK_PS4.zip
[vapour] i think it's useless i dont need them anymore..
[vapour] but you can find a exploit from this.
[ZiL0G80] nice
[HelsAngel] oh nice one
[vapour] you might as well have the passcode fingerprint key for the ps4 bd rom 91751ddbdf9606c618a1ede59138bab486d03556fae858f1cbd678ff633273fd
[vapour] seCpgdgr8cEyESHKRmcRNnVo8R-UTSuz
[vapour] Trilithium-PS4-SDK-1.0.4.zip
[droogie] do you have the key for the encrypted flash ?
[vapour] PublishingTools_for_NonGame-0_85_0_1548.msi
[vapour] that's the only key's ive got so far sorry i dont.
[fearface_] Thanks for sharing!
[HelsAngel] yeah thanks alot
[vapour] no worries i dont need them any more.
[vapour] with the publishing tool that will help you out alot.
[HelsAngel] i bet all the stuff will in the right hands
[HelsAngel] which arent mine
[vapour] lol
[vapour] the make_package_file bat in webmaf will help you create pkg on retail/production/debug with the passcode if you have the correct files inside you will get an nice exploit when running
[HelsAngel] but how can you install a made pkg on a retail ps3 as it stands now
[HelsAngel] proxy install?
[ZiL0G80] yeeh thanks
[vapour] yes proxy or get a spare bd rom use the publishing tool and create that way
[vapour] it will generate a passcode and key
[HelsAngel] wouldnt know how to use bd rom i bet burning a bdr wont work with that but proxy yeah thats very nice
[HelsAngel] hopefully see movian on ps4 thanks to this
[vapour] yeah it be great to have movian on ps4 so i dont have to use plex all the time...
[HelsAngel] yeah
[HelsAngel] how does the br rom method work if you can share that
[vapour] you would need to create a package in the publishing tool,create a passcode under package 1 let it verify on the disc then it will burn automatic it will create a passcode and key for the bdrom.retail/production/debug
[HelsAngel] ah so a normal bdr would work?
[vapour] yes
[HelsAngel] oh wow thats convenient
[vapour] it's like ps3 building a pkg the publishing tool does it all,sfo,trophy
[vapour] all you need to do is use the key above to encrypt the eboot.
[HelsAngel] yeah but ps3 wouldnt boot a bdr i think
[vapour] put it all in publishing tool let it do it bussiness once burned insert and launch.
[vapour] no it wont just using it as an example
[vapour] building pkg
[HelsAngel] so whats stopping games from being done like this
[HelsAngel] im guessing disc encryption
[droogie] vapour: neat, so you've been essentially able to create pkg's, sign them, and execute the pkg on the ps4 ?
[droogie] are you limited to an older firmware or anything ?
[vapour] yes if you look in webmaf folder you will see cryptsettings.exe
[vapour] the only firmware i tried was on 2.00 not above cause i havent had time to update
[droogie] how are you installing the pkg's ?
[HelsAngel] proxy install he said earlier
[droogie] ah
[droogie] will have to re-read backlog, gotta go catch a flight
[droogie] will have to toy with this later once i get home
[droogie] thanks vapour
[HelsAngel] yeah this seems promising
[fearface_] have a good flight, droogie
[vapour] make sure you use cryptsettings with encrypt.bat file
[vapour] all the good stuff and documentation all in that file.
[vapour] im off to bed now i'll be back in the afternoon.
[ZiL0G80] gn
[vapour] night
[Ezio] proxy install doesn't work anymore on ps4 since 2.00
[droogie] and I'm assuming since older consoles can't get onto PSN to initiate a pkg download, it's no longer possible at all?
[Ezio] yeah
[droogie] ah ok, oh well
[HelsAngel] and if you fake the pup?
[HelsAngel] since thats the only thing that still downloads
[Tyrant-] hasta la
[ZiL0G80] btw: passcode mentioned by vapour is wrong (2GHPoQlC60u2fknmepZ2W7K5fPPK_eC) it is 2GHPo-QlC60u2fknmepZ2W7K5fPPK_eC viz. files\conf_ini.gp4
[ZiL0G80] btw2 i cant install EP9009-CUSA00061_00-WEBMAF000DEFAULT_INI.pkg by proxy on fw 1.76
[SonyUSA] i have fw 1.71
[SonyUSA] what does that pkg do?
[SonyUSA] im willing to try
[ZiL0G80] btw3 nptitle.dat is missing you can compile only debug package and eboot.bin and .prx files are corrupted
[ZiL0G80] btw4 NPTitleID=CUSA00061_00
[ZiL0G80] wil be probaly banned in next fw
[SonyUSA] why what is that title id?
[ZiL0G80] WebMAF_SDK
[SonyUSA] sorry im new the ps4 stuff
[SonyUSA] the webmaf *** has to be installed?
[SonyUSA] to run custom pkg?
[ZiL0G80] you cant install webmafsdk by proxy you cant compile working .pkg - useless
[SonyUSA] can you author a bdrom with the tools like he said with the webmafsdk?
[ZiL0G80] idont have blueray writer
[SonyUSA] yeah me either lol
[SonyUSA] how did you trigger a pkg download?
[SonyUSA] with no psn access?
[ZiL0G80] update
[SonyUSA] oh by the pup?
[ZiL0G80] no game pinball
[SonyUSA] oh i see, is there a way to flush updates? i have both of those free pinball games
[ZiL0G80] dont know try backup to usb then delete something then restore
[ZiL0G80] it work on vite
[ZiL0G80] vita
[SonyUSA] they are probably out of date anyway im sure
[SonyUSA] where did you get that webmaf *** pkg from?
[SonyUSA] and you used pr0xy 3.3?
[ZiL0G80] from WebMAF_SDK_PS4.zip
[ZiL0G80] yoused charles
[SonyUSA] oh duh i see it, 63MB
[SonyUSA] the patch has to be larger than the pkg doesnt it?
[ZiL0G80] btw this .pkg is packed with different passcode you cant unpack by sony tools
[SonyUSA] whats the point of loading the *** pkg though?
[ZiL0G80] i have faked update .json then size doesnt matter
[ZiL0G80] no point just try
[SonyUSA] what does the pkg do
[SonyUSA] is it like debugger?
[SonyUSA] when you run it?
[ZiL0G80] dont know
[SonyUSA] oh lol
[SonyUSA] oh but look
[SonyUSA] if you open the make full w/ ini bat
[SonyUSA] it says it wont work for production
[SonyUSA] you probably gotta make a non default.ini pkg
[SonyUSA] ya that worked
[SonyUSA] but i dont know how to proxy load it
[SonyUSA] it puts it in /packages/ps4/full/
[Fimo] SonyUSA: you have to use skfu skfu.xxx
[SonyUSA] i have that tool, does ps4 auto-fw update?
[SonyUSA] i just downloaded it like 30 seconds ago lol
[SonyUSA] is there a writeup for the proxy install trick?
[Fimo] yes you have some videos on youtube
[SonyUSA] ok, do you know how to spoof the json for the update size?
[Fimo] when you see a .pkg on the PSN, you have to route it on your own webserver I think
[SonyUSA] ohh wait, you're right nptitle.dat is missing
[SonyUSA] it didnt compile it after all
[ZiL0G80] SonyUSA: yeh you can make only one .pkg but if you decrypt it with sony tools there is not valid eboot.bin -] probably dont work on ps4
[SonyUSA] you mean the pkg included in the zip?
[SonyUSA] this document says nptitle.dat is only needed if you require PSN services
[ZiL0G80] make_package_full_ini_ps4.bat compile other no
[SonyUSA] yeah but
[SonyUSA] can you edit the makefile to exclude nptitle.dat?
[ZiL0G80] webmafsdk probably dont work without
Download: WebMAF_SDK_PS4.zip (96.4 MB) / Trilithium-PS4-SDK-1.0.4.zip (41.5 MB) / PublishingTools_for_NonGame-0_85_0_1548.msi (4.1 MB) / resolver-demo.jpg (Mirror - 134.3 MB) via B7U3 C50SS / Mirrors from jimbo11 / PS4_SDK_Tools.rar (134 MB - Mirror) / PlayStation 5 Suitest - Suitest supports a PlayStation 5 TestKit or DevKit. After setting up your PlayStation 5 console you will be able to run automated tests on HTML based applications (WebMAF and Media ***).
Here's the log from IRC, as follows:
[vapour] guess cturt gone off the scene oh damn
[HelsAngel] what do you mean
[vapour] well i've messaged him on twitter few times but not reply i have something for him...i gave him a few goodies a while back..
[HelsAngel] ah maybe hes taking a small break
[ZiL0G80] give me kernel exploit i have code exec too
[fearface_] On another note, I have two broken SAA-001, whoever pays for the shipping can have them
[vapour] why would you need a kernal i gave him a key already that will help him out...
[droogie] I'll take them both
[vapour] it's all in the documents i gave him
[fearface_] \?
[droogie] fearface_: I'll take them off your hands
[droogie] vapour: mind sharing?
[vapour] no sorry only people i know...
[vapour] i trust
[vapour] and if you want sharing ask cturt
[fearface_] droogie: Can you arrange shipping from Zurich, I can give you the pick up address and you organise DHL/FedEx or whatever is the chepeast.
[vapour] HelsAngel can you do me a favour when he comes on ask him to reply to my email on twitter ive sent him a new link..
[HelsAngel] i could say yes but chances of me forgetting are high
[vapour] its fine thanks
[vapour] i'll give it to zecoxao and he can give it to others
[HelsAngel] i bet he will be back though and reply to you
[vapour] im sure he will.thanks
[vapour] so here is the pkg passcode to protect files : 2GHPoQlC60u2fknmepZ2W7K5fPPK_eC if you want the bat files to decrypt and encrypt pkg it's a 32bit ascii
[vapour] WebMAF_SDK_PS4.zip
[vapour] i think it's useless i dont need them anymore..
[vapour] but you can find a exploit from this.
[ZiL0G80] nice
[HelsAngel] oh nice one
[vapour] you might as well have the passcode fingerprint key for the ps4 bd rom 91751ddbdf9606c618a1ede59138bab486d03556fae858f1cbd678ff633273fd
[vapour] seCpgdgr8cEyESHKRmcRNnVo8R-UTSuz
[vapour] Trilithium-PS4-SDK-1.0.4.zip
[droogie] do you have the key for the encrypted flash ?
[vapour] PublishingTools_for_NonGame-0_85_0_1548.msi
[vapour] that's the only key's ive got so far sorry i dont.
[fearface_] Thanks for sharing!
[HelsAngel] yeah thanks alot
[vapour] no worries i dont need them any more.
[vapour] with the publishing tool that will help you out alot.
[HelsAngel] i bet all the stuff will in the right hands
[HelsAngel] which arent mine
[vapour] lol
[vapour] the make_package_file bat in webmaf will help you create pkg on retail/production/debug with the passcode if you have the correct files inside you will get an nice exploit when running
[HelsAngel] but how can you install a made pkg on a retail ps3 as it stands now
[HelsAngel] proxy install?
[ZiL0G80] yeeh thanks
[vapour] yes proxy or get a spare bd rom use the publishing tool and create that way
[vapour] it will generate a passcode and key
[HelsAngel] wouldnt know how to use bd rom i bet burning a bdr wont work with that but proxy yeah thats very nice
[HelsAngel] hopefully see movian on ps4 thanks to this
[vapour] yeah it be great to have movian on ps4 so i dont have to use plex all the time...
[HelsAngel] yeah
[HelsAngel] how does the br rom method work if you can share that
[vapour] you would need to create a package in the publishing tool,create a passcode under package 1 let it verify on the disc then it will burn automatic it will create a passcode and key for the bdrom.retail/production/debug
[HelsAngel] ah so a normal bdr would work?
[vapour] yes
[HelsAngel] oh wow thats convenient
[vapour] it's like ps3 building a pkg the publishing tool does it all,sfo,trophy
[vapour] all you need to do is use the key above to encrypt the eboot.
[HelsAngel] yeah but ps3 wouldnt boot a bdr i think
[vapour] put it all in publishing tool let it do it bussiness once burned insert and launch.
[vapour] no it wont just using it as an example
[vapour] building pkg
[HelsAngel] so whats stopping games from being done like this
[HelsAngel] im guessing disc encryption
[droogie] vapour: neat, so you've been essentially able to create pkg's, sign them, and execute the pkg on the ps4 ?
[droogie] are you limited to an older firmware or anything ?
[vapour] yes if you look in webmaf folder you will see cryptsettings.exe
[vapour] the only firmware i tried was on 2.00 not above cause i havent had time to update
[droogie] how are you installing the pkg's ?
[HelsAngel] proxy install he said earlier
[droogie] ah
[droogie] will have to re-read backlog, gotta go catch a flight
[droogie] will have to toy with this later once i get home
[droogie] thanks vapour
[HelsAngel] yeah this seems promising
[fearface_] have a good flight, droogie
[vapour] make sure you use cryptsettings with encrypt.bat file
[vapour] all the good stuff and documentation all in that file.
[vapour] im off to bed now i'll be back in the afternoon.
[ZiL0G80] gn
[vapour] night
[Ezio] proxy install doesn't work anymore on ps4 since 2.00
[droogie] and I'm assuming since older consoles can't get onto PSN to initiate a pkg download, it's no longer possible at all?
[Ezio] yeah
[droogie] ah ok, oh well
[HelsAngel] and if you fake the pup?
[HelsAngel] since thats the only thing that still downloads
[Tyrant-] hasta la
[ZiL0G80] btw: passcode mentioned by vapour is wrong (2GHPoQlC60u2fknmepZ2W7K5fPPK_eC) it is 2GHPo-QlC60u2fknmepZ2W7K5fPPK_eC viz. files\conf_ini.gp4
[ZiL0G80] btw2 i cant install EP9009-CUSA00061_00-WEBMAF000DEFAULT_INI.pkg by proxy on fw 1.76
[SonyUSA] i have fw 1.71
[SonyUSA] what does that pkg do?
[SonyUSA] im willing to try
[ZiL0G80] btw3 nptitle.dat is missing you can compile only debug package and eboot.bin and .prx files are corrupted
[ZiL0G80] btw4 NPTitleID=CUSA00061_00
[ZiL0G80] wil be probaly banned in next fw
[SonyUSA] why what is that title id?
[ZiL0G80] WebMAF_SDK
[SonyUSA] sorry im new the ps4 stuff
[SonyUSA] the webmaf *** has to be installed?
[SonyUSA] to run custom pkg?
[ZiL0G80] you cant install webmafsdk by proxy you cant compile working .pkg - useless
[SonyUSA] can you author a bdrom with the tools like he said with the webmafsdk?
[ZiL0G80] idont have blueray writer
[SonyUSA] yeah me either lol
[SonyUSA] how did you trigger a pkg download?
[SonyUSA] with no psn access?
[ZiL0G80] update
[SonyUSA] oh by the pup?
[ZiL0G80] no game pinball
[SonyUSA] oh i see, is there a way to flush updates? i have both of those free pinball games
[ZiL0G80] dont know try backup to usb then delete something then restore
[ZiL0G80] it work on vite
[ZiL0G80] vita
[SonyUSA] they are probably out of date anyway im sure
[SonyUSA] where did you get that webmaf *** pkg from?
[SonyUSA] and you used pr0xy 3.3?
[ZiL0G80] from WebMAF_SDK_PS4.zip
[ZiL0G80] yoused charles
[SonyUSA] oh duh i see it, 63MB
[SonyUSA] the patch has to be larger than the pkg doesnt it?
[ZiL0G80] btw this .pkg is packed with different passcode you cant unpack by sony tools
[SonyUSA] whats the point of loading the *** pkg though?
[ZiL0G80] i have faked update .json then size doesnt matter
[ZiL0G80] no point just try
[SonyUSA] what does the pkg do
[SonyUSA] is it like debugger?
[SonyUSA] when you run it?
[ZiL0G80] dont know
[SonyUSA] oh lol
[SonyUSA] oh but look
[SonyUSA] if you open the make full w/ ini bat
[SonyUSA] it says it wont work for production
[SonyUSA] you probably gotta make a non default.ini pkg
[SonyUSA] ya that worked
[SonyUSA] but i dont know how to proxy load it
[SonyUSA] it puts it in /packages/ps4/full/
[Fimo] SonyUSA: you have to use skfu skfu.xxx
[SonyUSA] i have that tool, does ps4 auto-fw update?
[SonyUSA] i just downloaded it like 30 seconds ago lol
[SonyUSA] is there a writeup for the proxy install trick?
[Fimo] yes you have some videos on youtube
[SonyUSA] ok, do you know how to spoof the json for the update size?
[Fimo] when you see a .pkg on the PSN, you have to route it on your own webserver I think
[SonyUSA] ohh wait, you're right nptitle.dat is missing
[SonyUSA] it didnt compile it after all
[ZiL0G80] SonyUSA: yeh you can make only one .pkg but if you decrypt it with sony tools there is not valid eboot.bin -] probably dont work on ps4
[SonyUSA] you mean the pkg included in the zip?
[SonyUSA] this document says nptitle.dat is only needed if you require PSN services
[ZiL0G80] make_package_full_ini_ps4.bat compile other no
[SonyUSA] yeah but
[SonyUSA] can you edit the makefile to exclude nptitle.dat?
[ZiL0G80] webmafsdk probably dont work without
