We've seen PS4 UserModules Decryption, PS4 Game PKG Decryption and a PS4 Trophies Resigning Tutorial and now PlayStation 4 developer IDC (reminiscent of IDC scripts used to automate IDA's Interactive Disassembler) made available PUP_Decrypt and PUP_Unpack homebrew utilities to decrypt and unpack Sony's PS4 PUP file updates!
Download: ps4-pup_decrypt-master.zip / PUP_Decrypt GIT / PS4 PUP_Decrypt GIT (zecoxao fork) / ps4-pup_unpack-master.zip / PUP_Unpack GIT / ps4libdoc-master.zip / PS4LibDoc GIT / ps4-update-decryptor-main.zip / GIT port by ultimaweapon
Previously PlayStation 4 developers @flatz made available a Python script to extract embedded PUPs from the PS4 container, @xerpi shared a PS4PUPExtractor and @Hykem followed up with a PS4 PUP Unpacker for those keeping track... with a PS4 System Dump analysis done also.
According to notzecoxao, with IDC's latest contributions PS4 developers can decrypt any usermode ELFs from 1.00 to 3.55/3.70 because Sony forgot to change keyset and could be useful in further porting the PS4 Webkit Exploit too!
From the pup_decrypt README.md, to quote: pup_decrypt
A utility to invoke the PS4 kernel to decrypt the contents of an update file. The default (hardcoded) operation is to decrypt /mnt/usb0/PS4UPDATE.PUP.
This will output a number of files (depending if a normal or a recovery update):
Note
The PS4 will refuse to decrypt updates in some cases:
From the pup_unpack README.md, to quote: pup_unpack
A utility to unpack PS4 update blobs that have been previously decrypted using pup_decrypt.
Note
This utility will not unpack the contents of nested filesystems. The filesystem images in updates are FAT32, exFAT, etc images and can be mounted or unpacked with other tools.
From the PS4LibDoc README.md, to quote: PS4LibDoc
PS4 library documentation.
JSON Format
Documentation is split across a file for each executable, to improve diffs.
is_export indicates if that module is exported, if false, it is imported.
name is either not present or is null when the name for the symbol is unknown. hex_id and encoded_id are included for human convenience and are not used.
Thanks to @zecoxao for the heads-up on Twitter and @Nesterwork, @Plankton, @simobuoncuo and @SockNastez for sharing the news in the PSXHAX Shoutbox!
Download: ps4-pup_decrypt-master.zip / PUP_Decrypt GIT / PS4 PUP_Decrypt GIT (zecoxao fork) / ps4-pup_unpack-master.zip / PUP_Unpack GIT / ps4libdoc-master.zip / PS4LibDoc GIT / ps4-update-decryptor-main.zip / GIT port by ultimaweapon
Previously PlayStation 4 developers @flatz made available a Python script to extract embedded PUPs from the PS4 container, @xerpi shared a PS4PUPExtractor and @Hykem followed up with a PS4 PUP Unpacker for those keeping track... with a PS4 System Dump analysis done also.
According to notzecoxao, with IDC's latest contributions PS4 developers can decrypt any usermode ELFs from 1.00 to 3.55/3.70 because Sony forgot to change keyset and could be useful in further porting the PS4 Webkit Exploit too!
From the pup_decrypt README.md, to quote: pup_decrypt
A utility to invoke the PS4 kernel to decrypt the contents of an update file. The default (hardcoded) operation is to decrypt /mnt/usb0/PS4UPDATE.PUP.
This will output a number of files (depending if a normal or a recovery update):
- /mnt/usb0/PS4UPDATE1.PUP.dec
- /mnt/usb0/PS4UPDATE2.PUP.dec
- /mnt/usb0/PS4UPDATE3.PUP.dec
- /mnt/usb0/PS4UPDATE4.PUP.dec
Note
The PS4 will refuse to decrypt updates in some cases:
- Versions older than the installed version (for the most part, there's exceptions for things like beta versions).
- Versions for a different product code (retail cannot decrypt test or debug updates).
Code:
The following RETAIL versions have been tested on a retail 1.76 system and decrypt properly.
U=update, R=recovery.
Versions
VERS T MD5
1.75 U 401f1307e43d7fbb60c20dc8ad3497e4
1.76 U a5234c6e8d37a57b374e24171173fbdd
2.00 U 765695ae57b467be031b1310703bf19d
2.01 U ac34b68627648d4000e4f7f31f5f9797
2.02 U bc9092058dfb67376c56f1b768ee9493
2.03 U eac5e76be085221159ecbbe21e5022c5
2.04 U 402013820a65029ea44d97655e550ffb
2.50 U 5c6e09a82250e1dde602521ab1faf715
2.51 U e63273cb3762eec5ae50b2bd877024aa
2.55 U 4f1c6d8597242ff346612773ffbc10ad
2.57 U 67c94f173d3cff0668430669b1ef4ddf
3.00 U d60d15db9a489ff73736ecc2e803c0d3
3.10 U 66001b712670e9d804a642a46cf4225a
3.11 U eb94028b3df04862c95f0c525c91ed73
3.15 U 516f3ad9b1505a369f9aa86b4825cf55
3.50 U 0aa1a7e346aaba18483a106f1a887a6f
3.55 U 48e1adf0e9a598930a984babb1f9547c
3.55 R aa2fa6b948373c6b670613d1bf794806
4.00 U b67e17446b0ce4a9773aaee3e8ee5573
4.01 U 8b4ef90dc5994ba89028558030e31180
4.05 U 203c76c97f7be5b881dd0c77c8edf385
4.06 U 659190bc39c174350b6c322af0f0ded5
4.07 U 908b5f52e82c36536707844df67961d8
A utility to unpack PS4 update blobs that have been previously decrypted using pup_decrypt.
Note
This utility will not unpack the contents of nested filesystems. The filesystem images in updates are FAT32, exFAT, etc images and can be mounted or unpacked with other tools.
From the PS4LibDoc README.md, to quote: PS4LibDoc
PS4 library documentation.
JSON Format
Documentation is split across a file for each executable, to improve diffs.
Code:
{
"shared_object_name": "<name if is a shared library>",
"shared_object_names": [
"<imported shared object name>"
],
"libraries": [
{
"name": "<library name>",
"modules": [
{
"name": "<module name>",
"is_export": false,
"symbols": [
{
"id": 9819116604689812748,
"hex_id": "884482872EAD0D0C",
"encoded_id": "iESChy6tDQw",
"name": "<symbol name>"
}
]
}
]
}
]
}
name is either not present or is null when the name for the symbol is unknown. hex_id and encoded_id are included for human convenience and are not used.
Thanks to @zecoxao for the heads-up on Twitter and @Nesterwork, @Plankton, @simobuoncuo and @SockNastez for sharing the news in the PSXHAX Shoutbox!