Category PS4 CFW and Hacks       Thread starter LightningMods       Start date Jan 30, 2017 at 7:50 PM       22,026       30            
We've seen PS4 UserModules Decryption, PS4 Game PKG Decryption and a PS4 Trophies Resigning Tutorial and now PlayStation 4 developer IDC (reminiscent of IDC scripts used to automate IDA's Interactive Disassembler) made available PUP_Decrypt and PUP_Unpack homebrew utilities to decrypt and unpack Sony's PS4 PUP file updates! :D

Download: ps4-pup_decrypt-master.zip / PUP_Decrypt GIT / PS4 PUP_Decrypt GIT (zecoxao fork) / ps4-pup_unpack-master.zip / PUP_Unpack GIT / ps4libdoc-master.zip / PS4LibDoc GIT

Previously PlayStation 4 developers @flatz made available a Python script to extract embedded PUPs from the PS4 container, @xerpi shared a PS4PUPExtractor and @Hykem followed up with a PS4 PUP Unpacker for those keeping track... with a PS4 System Dump analysis done also. ;)

According to notzecoxao, with IDC's latest contributions PS4 developers can decrypt any usermode ELFs from 1.00 to 3.55/3.70 because Sony forgot to change keyset and could be useful in further porting the PS4 Webkit Exploit too! (y)

From the pup_decrypt README.md, to quote: pup_decrypt

A utility to invoke the PS4 kernel to decrypt the contents of an update file. The default (hardcoded) operation is to decrypt /mnt/usb0/PS4UPDATE.PUP.

This will output a number of files (depending if a normal or a recovery update):
  • /mnt/usb0/PS4UPDATE1.PUP.dec
  • /mnt/usb0/PS4UPDATE2.PUP.dec
  • /mnt/usb0/PS4UPDATE3.PUP.dec
  • /mnt/usb0/PS4UPDATE4.PUP.dec
These decrypted updates can then be further unpacked using a tool capable of doing so.

Note

The PS4 will refuse to decrypt updates in some cases:
  • Versions older than the installed version (for the most part, there's exceptions for things like beta versions).
  • Versions for a different product code (retail cannot decrypt test or debug updates).
A list of updates decrypted on a 1.76 retail system.
Code:
The following RETAIL versions have been tested on a retail 1.76 system and decrypt properly.

U=update, R=recovery.

Versions

    VERS T MD5
    1.75 U 401f1307e43d7fbb60c20dc8ad3497e4
    1.76 U a5234c6e8d37a57b374e24171173fbdd
    2.00 U 765695ae57b467be031b1310703bf19d
    2.01 U ac34b68627648d4000e4f7f31f5f9797
    2.02 U bc9092058dfb67376c56f1b768ee9493
    2.03 U eac5e76be085221159ecbbe21e5022c5
    2.04 U 402013820a65029ea44d97655e550ffb
    2.50 U 5c6e09a82250e1dde602521ab1faf715
    2.51 U e63273cb3762eec5ae50b2bd877024aa
    2.55 U 4f1c6d8597242ff346612773ffbc10ad
    2.57 U 67c94f173d3cff0668430669b1ef4ddf
    3.00 U d60d15db9a489ff73736ecc2e803c0d3
    3.10 U 66001b712670e9d804a642a46cf4225a
    3.11 U eb94028b3df04862c95f0c525c91ed73
    3.15 U 516f3ad9b1505a369f9aa86b4825cf55
    3.50 U 0aa1a7e346aaba18483a106f1a887a6f
    3.55 U 48e1adf0e9a598930a984babb1f9547c
    3.55 R aa2fa6b948373c6b670613d1bf794806
    4.00 U b67e17446b0ce4a9773aaee3e8ee5573
    4.01 U 8b4ef90dc5994ba89028558030e31180
    4.05 U 203c76c97f7be5b881dd0c77c8edf385
    4.06 U 659190bc39c174350b6c322af0f0ded5
    4.07 U 908b5f52e82c36536707844df67961d8
From the pup_unpack README.md, to quote: pup_unpack

A utility to unpack PS4 update blobs that have been previously decrypted using pup_decrypt.

Note

This utility will not unpack the contents of nested filesystems. The filesystem images in updates are FAT32, exFAT, etc images and can be mounted or unpacked with other tools.

From the PS4LibDoc README.md, to quote: PS4LibDoc

PS4 library documentation.

JSON Format

Documentation is split across a file for each executable, to improve diffs.
Code:
{
  "shared_object_name": "<name if is a shared library>",
  "shared_object_names": [
    "<imported shared object name>"
  ],
  "libraries": [
    {
      "name": "<library name>",
      "modules": [
        {
          "name": "<module name>",
          "is_export": false,
          "symbols": [
            {
              "id": 9819116604689812748,
              "hex_id": "884482872EAD0D0C",
              "encoded_id": "iESChy6tDQw",
              "name": "<symbol name>"
            }
          ]
        }
      ]
    }
  ]
}
is_export indicates if that module is exported, if false, it is imported.

name is either not present or is null when the name for the symbol is unknown. hex_id and encoded_id are included for human convenience and are not used.
Thanks to @zecoxao for the heads-up on Twitter and @Nesterwork, @Plankton, @simobuoncuo and @SockNastez for sharing the news in the PSXHAX Shoutbox! :cool:
PS4 PUP_Decrypt And PUP_Unpack to Decrypt And Unpack PS4 Updates by IDC.jpg
 

Comments

Recent Articles
Mednafen PlayStation 4 Emulator v0.3 Config Mod Update via Markus95
Following the Mednafen PS4 2-Players Config Mod and his recent N64 PS2 on PS4 Port Demo, developer @Markus95 (aka @Kus00095) shared via Twitter a PS4 Mednafen v0.3 configuration update featuring...
Final PlayStation State of Play for 2019 Next Week, No PS5 News Planned
Today Sony announced their final 2019 PlayStation State of Play Conference will take place next Tuesday, December 10th at 6:00am Pacific Time / 9:00am Eastern Time. ❄ Their previous PS State of...
PS4 CEX2Semi-DEX: CEX Console with DEX Debug Settings via LightningMods
Following his previous release, PlayStation 4 developer @LightningMods shared a screenshot on Twitter of what he calls PS4 CEX2Semi-DEX geared towards those with a retail jailbreakable PS4 5.05...
PS4 IOCTL Nabber IDA 7.0-7.2 Script for IOCTL Requests by SocraticBliss
Proceeding his PS4 Module Dumper Payload and PS4 Kernel Fixup Script, PlayStation 4 developer @SocraticBliss (Twitter) added a PS4 IOCTL Nabber to his Github repository for use with the IDA...
Top