Category PS4 CFW and Hacks       Thread starter LightningMods       Start date Jan 30, 2017 at 7:50 PM       21,777       30            
We've seen PS4 UserModules Decryption, PS4 Game PKG Decryption and a PS4 Trophies Resigning Tutorial and now PlayStation 4 developer IDC (reminiscent of IDC scripts used to automate IDA's Interactive Disassembler) made available PUP_Decrypt and PUP_Unpack homebrew utilities to decrypt and unpack Sony's PS4 PUP file updates! :D

Download: ps4-pup_decrypt-master.zip / PUP_Decrypt GIT / PS4 PUP_Decrypt GIT (zecoxao fork) / ps4-pup_unpack-master.zip / PUP_Unpack GIT / ps4libdoc-master.zip / PS4LibDoc GIT

Previously PlayStation 4 developers @flatz made available a Python script to extract embedded PUPs from the PS4 container, @xerpi shared a PS4PUPExtractor and @Hykem followed up with a PS4 PUP Unpacker for those keeping track... with a PS4 System Dump analysis done also. ;)

According to notzecoxao, with IDC's latest contributions PS4 developers can decrypt any usermode ELFs from 1.00 to 3.55/3.70 because Sony forgot to change keyset and could be useful in further porting the PS4 Webkit Exploit too! (y)

From the pup_decrypt README.md, to quote: pup_decrypt

A utility to invoke the PS4 kernel to decrypt the contents of an update file. The default (hardcoded) operation is to decrypt /mnt/usb0/PS4UPDATE.PUP.

This will output a number of files (depending if a normal or a recovery update):
  • /mnt/usb0/PS4UPDATE1.PUP.dec
  • /mnt/usb0/PS4UPDATE2.PUP.dec
  • /mnt/usb0/PS4UPDATE3.PUP.dec
  • /mnt/usb0/PS4UPDATE4.PUP.dec
These decrypted updates can then be further unpacked using a tool capable of doing so.

Note

The PS4 will refuse to decrypt updates in some cases:
  • Versions older than the installed version (for the most part, there's exceptions for things like beta versions).
  • Versions for a different product code (retail cannot decrypt test or debug updates).
A list of updates decrypted on a 1.76 retail system.
Code:
The following RETAIL versions have been tested on a retail 1.76 system and decrypt properly.

U=update, R=recovery.

Versions

    VERS T MD5
    1.75 U 401f1307e43d7fbb60c20dc8ad3497e4
    1.76 U a5234c6e8d37a57b374e24171173fbdd
    2.00 U 765695ae57b467be031b1310703bf19d
    2.01 U ac34b68627648d4000e4f7f31f5f9797
    2.02 U bc9092058dfb67376c56f1b768ee9493
    2.03 U eac5e76be085221159ecbbe21e5022c5
    2.04 U 402013820a65029ea44d97655e550ffb
    2.50 U 5c6e09a82250e1dde602521ab1faf715
    2.51 U e63273cb3762eec5ae50b2bd877024aa
    2.55 U 4f1c6d8597242ff346612773ffbc10ad
    2.57 U 67c94f173d3cff0668430669b1ef4ddf
    3.00 U d60d15db9a489ff73736ecc2e803c0d3
    3.10 U 66001b712670e9d804a642a46cf4225a
    3.11 U eb94028b3df04862c95f0c525c91ed73
    3.15 U 516f3ad9b1505a369f9aa86b4825cf55
    3.50 U 0aa1a7e346aaba18483a106f1a887a6f
    3.55 U 48e1adf0e9a598930a984babb1f9547c
    3.55 R aa2fa6b948373c6b670613d1bf794806
    4.00 U b67e17446b0ce4a9773aaee3e8ee5573
    4.01 U 8b4ef90dc5994ba89028558030e31180
    4.05 U 203c76c97f7be5b881dd0c77c8edf385
    4.06 U 659190bc39c174350b6c322af0f0ded5
    4.07 U 908b5f52e82c36536707844df67961d8
From the pup_unpack README.md, to quote: pup_unpack

A utility to unpack PS4 update blobs that have been previously decrypted using pup_decrypt.

Note

This utility will not unpack the contents of nested filesystems. The filesystem images in updates are FAT32, exFAT, etc images and can be mounted or unpacked with other tools.

From the PS4LibDoc README.md, to quote: PS4LibDoc

PS4 library documentation.

JSON Format

Documentation is split across a file for each executable, to improve diffs.
Code:
{
  "shared_object_name": "<name if is a shared library>",
  "shared_object_names": [
    "<imported shared object name>"
  ],
  "libraries": [
    {
      "name": "<library name>",
      "modules": [
        {
          "name": "<module name>",
          "is_export": false,
          "symbols": [
            {
              "id": 9819116604689812748,
              "hex_id": "884482872EAD0D0C",
              "encoded_id": "iESChy6tDQw",
              "name": "<symbol name>"
            }
          ]
        }
      ]
    }
  ]
}
is_export indicates if that module is exported, if false, it is imported.

name is either not present or is null when the name for the symbol is unknown. hex_id and encoded_id are included for human convenience and are not used.
Thanks to @zecoxao for the heads-up on Twitter and @Nesterwork, @Plankton, @simobuoncuo and @SockNastez for sharing the news in the PSXHAX Shoutbox! :cool:
PS4 PUP_Decrypt And PUP_Unpack to Decrypt And Unpack PS4 Updates by IDC.jpg
 

Comments

Recent Articles
JoystickUDP: Collection of Methods Using a PS4 Controller with UDPComms
Recently StanfordRoboticsClub shared on Github a collection of methods using a DualShock 4 PS4 Controller with UDPComms, which is a Python library to enable communication between different...
Star Wars Jedi: Fallen Order Joins New PS4 Game Releases Next Week
Explore the galaxy in the latest PlayStation 4 third-person action-adventure game Star Wars Jedi: Fallen Order from Respawn Entertainment arriving to PS4 next week on November 15th. Play as an...
Feel The Power of Pro with PlayStation 4 Pro Latest PS4 TV Spot!
Right behind their It's Time to Play! campaign and Black Friday Deals, Sony is ramping up PlayStation promotions for the holidays with the latest PS4 TV spot showcasing the Limited Edition PS4 Pro...
REPL4Y for Android PS4 Remote Play App Free Trial Version by Twist3d89
Proceeding his request for Beta Testers and the Chiaki Open Source PS4 Remote Play Client release, developer Twist3d89 has made available a free trial version of his REPL4Y for Android application...
Top