Category PS4 CFW and Hacks       Thread starter LightningMods       Start date Jan 30, 2017 at 7:50 PM       21,855       30            
We've seen PS4 UserModules Decryption, PS4 Game PKG Decryption and a PS4 Trophies Resigning Tutorial and now PlayStation 4 developer IDC (reminiscent of IDC scripts used to automate IDA's Interactive Disassembler) made available PUP_Decrypt and PUP_Unpack homebrew utilities to decrypt and unpack Sony's PS4 PUP file updates! :D

Download: ps4-pup_decrypt-master.zip / PUP_Decrypt GIT / PS4 PUP_Decrypt GIT (zecoxao fork) / ps4-pup_unpack-master.zip / PUP_Unpack GIT / ps4libdoc-master.zip / PS4LibDoc GIT

Previously PlayStation 4 developers @flatz made available a Python script to extract embedded PUPs from the PS4 container, @xerpi shared a PS4PUPExtractor and @Hykem followed up with a PS4 PUP Unpacker for those keeping track... with a PS4 System Dump analysis done also. ;)

According to notzecoxao, with IDC's latest contributions PS4 developers can decrypt any usermode ELFs from 1.00 to 3.55/3.70 because Sony forgot to change keyset and could be useful in further porting the PS4 Webkit Exploit too! (y)

From the pup_decrypt README.md, to quote: pup_decrypt

A utility to invoke the PS4 kernel to decrypt the contents of an update file. The default (hardcoded) operation is to decrypt /mnt/usb0/PS4UPDATE.PUP.

This will output a number of files (depending if a normal or a recovery update):
  • /mnt/usb0/PS4UPDATE1.PUP.dec
  • /mnt/usb0/PS4UPDATE2.PUP.dec
  • /mnt/usb0/PS4UPDATE3.PUP.dec
  • /mnt/usb0/PS4UPDATE4.PUP.dec
These decrypted updates can then be further unpacked using a tool capable of doing so.

Note

The PS4 will refuse to decrypt updates in some cases:
  • Versions older than the installed version (for the most part, there's exceptions for things like beta versions).
  • Versions for a different product code (retail cannot decrypt test or debug updates).
A list of updates decrypted on a 1.76 retail system.
Code:
The following RETAIL versions have been tested on a retail 1.76 system and decrypt properly.

U=update, R=recovery.

Versions

    VERS T MD5
    1.75 U 401f1307e43d7fbb60c20dc8ad3497e4
    1.76 U a5234c6e8d37a57b374e24171173fbdd
    2.00 U 765695ae57b467be031b1310703bf19d
    2.01 U ac34b68627648d4000e4f7f31f5f9797
    2.02 U bc9092058dfb67376c56f1b768ee9493
    2.03 U eac5e76be085221159ecbbe21e5022c5
    2.04 U 402013820a65029ea44d97655e550ffb
    2.50 U 5c6e09a82250e1dde602521ab1faf715
    2.51 U e63273cb3762eec5ae50b2bd877024aa
    2.55 U 4f1c6d8597242ff346612773ffbc10ad
    2.57 U 67c94f173d3cff0668430669b1ef4ddf
    3.00 U d60d15db9a489ff73736ecc2e803c0d3
    3.10 U 66001b712670e9d804a642a46cf4225a
    3.11 U eb94028b3df04862c95f0c525c91ed73
    3.15 U 516f3ad9b1505a369f9aa86b4825cf55
    3.50 U 0aa1a7e346aaba18483a106f1a887a6f
    3.55 U 48e1adf0e9a598930a984babb1f9547c
    3.55 R aa2fa6b948373c6b670613d1bf794806
    4.00 U b67e17446b0ce4a9773aaee3e8ee5573
    4.01 U 8b4ef90dc5994ba89028558030e31180
    4.05 U 203c76c97f7be5b881dd0c77c8edf385
    4.06 U 659190bc39c174350b6c322af0f0ded5
    4.07 U 908b5f52e82c36536707844df67961d8
From the pup_unpack README.md, to quote: pup_unpack

A utility to unpack PS4 update blobs that have been previously decrypted using pup_decrypt.

Note

This utility will not unpack the contents of nested filesystems. The filesystem images in updates are FAT32, exFAT, etc images and can be mounted or unpacked with other tools.

From the PS4LibDoc README.md, to quote: PS4LibDoc

PS4 library documentation.

JSON Format

Documentation is split across a file for each executable, to improve diffs.
Code:
{
  "shared_object_name": "<name if is a shared library>",
  "shared_object_names": [
    "<imported shared object name>"
  ],
  "libraries": [
    {
      "name": "<library name>",
      "modules": [
        {
          "name": "<module name>",
          "is_export": false,
          "symbols": [
            {
              "id": 9819116604689812748,
              "hex_id": "884482872EAD0D0C",
              "encoded_id": "iESChy6tDQw",
              "name": "<symbol name>"
            }
          ]
        }
      ]
    }
  ]
}
is_export indicates if that module is exported, if false, it is imported.

name is either not present or is null when the name for the symbol is unknown. hex_id and encoded_id are included for human convenience and are not used.
Thanks to @zecoxao for the heads-up on Twitter and @Nesterwork, @Plankton, @simobuoncuo and @SockNastez for sharing the news in the PSXHAX Shoutbox! :cool:
PS4 PUP_Decrypt And PUP_Unpack to Decrypt And Unpack PS4 Updates by IDC.jpg
 

Comments

Recent Articles
Sony PS4 Remote Play: Now on More Devices Latest Promo Video
Proceeding the PSPlay Free Trial of the unofficial Android app and yesterday's Google Stadia release that includes 22 Stadia Launch Titles, today Sony unleashed their latest PS4 Remote Play - Now...
Baikal Support Added to PlayStation 4 Linux Loader by Valeery
Since the PSXITArch Linux v2 Guide, Spine PS4 Emulator for Linux Demo, CECPS4 Linux Scripts and PS4 Gentoo Linux development updates support for the Baikal chip was recently added to the...
PS5 DualShock 5 (DS5) Controller Images Surface in Japanese Patent
Following Sony's New Controller Patent, PS5 Devkit Prototype Leak and recent PS5 Transition Update in preparation for the PlayStation 5 2020 Launch today some PS5 DualShock 5 (DS5) Controller...
PlayStation Black Friday & Cyber Monday 2019 Deals Revealed!
We've seen the 2019 Black Friday Ad Scans featuring a $199 PS4 Bundle with 3 Games or PSVR Bundle with 5 Games and today Sony revealed their official PlayStation Black Friday & Cyber Monday 2019...
Top