previous updates and with help from PlayStation 4 developer @theorywrong, today @j0lama let us know on his Blog of his PS4 Real Time Memory Editor for Linux on PlayStation 4 retail consoles!
Download: PS4-Real-Time-Memory-Editor-master.zip / GIT
From the README.md: PS4-Real-Time-Memory-Editor
PS4 Real Time Memory Editor for Linux for retail consoles.
Read/Write in a game memory to create mods like PS3 with tmapi and ccapi.
This version a little demo.
I will improve the system with a graphic interface and the possibility of read and write arrays. I will release a windows/linux library to work with this easily.
Thanks to TheoryWrong for answer my noob questions.
And from j0lama's WebSite to quote, roughly translated: #Real Time Memory Editor (Retail PS4)
My main goal in PS4 was to develop a system that would allow me to edit the memory of the games that are running on the PS4 in order to be able to create modifications of the games and to cheat them.
This system is very similar to the one used in PS3 (ps3tmapi is the method used by the debug or ccapi consoles, developed by Enstone and allows to edit the memory of the games in retail consoles).
The system that I show you today is based on the call to the system ptrace and that in the PS4 corresponds to the syscall 26.
The system runs through the exploit of WebKit published by cTurt and allows random execution of codido.
Once we get code execution on the system, we raise privileges with the exploit dlclose discovered by cTurt and published by kR105. It is important to note that while the thread that raises privileges is running, there is a moment in which the direct writing in memory is activated that besides being used by the exploit also the use to disable Address Space Layout Randomization (ASLR), which is a method Which implement modern operating systems to "randomize" the memory zone where a process begins when it is loaded into main memory, games are usually run from 0x400000 after deactivating the ASLR. In PS4 this system was implemented from version 1.70. (Thanks to ZiL0G80).
Also the version of the system is modified (Spoofing thanks to zecoxao) to avoid that when initiating a game it prevents that it requests an update.
The code that runs on the PS4 is connected via sockets with the address 192.168.1.38 by port 4321. On the computer we have to have our server running which will be through which we will send the read and write commands.
First of all we run the server on the computer (If you use the precompiled server you have to change the address of your computer to 192.168.1.38 since the server is configured to use that if you can not recompile both binaries). It will wait until the request made by the console.
In PS4 you have to go to a website where the PS4 Playground is and activate the code execution. From the terminal of your Linux run "nc -w 3 PS4_IP 9023 <Debugger-Payload.bin" and you will see that on the server we got a response.
Now enter the name of the process (game normally) that we want to modify. The processes of almost all the games are usually called "eboot.bin" or as in Call of Duty Ghosts that is called "default_mp.elf") ">If you have written the name of a valid process the console will be activated (>) You can type "help" to see the possible commands
Here I leave you some Offsets of Call of Duty Ghosts version 1.00:
- Read from memory: r 0xOffset
- Write in memory: w 0xOffset 0xValue Search in forward: u 0xOffset 0xValue (Search between Offset and Offset + 0x1000)
- Find before: d 0xOffset 0xValue (Search between Offset and Offset-0x1000)
- New process: p Process_name
Demo in Call of Duty Ghosts:
- Name changer: 0x1F0F29C
- Main weapon: 0x1F0C26C
- Secondary weapon: 0x1F0C270
- Enable fps: 0x81B09A Enable: 80 78 10 01
- Primary Ammo: 0x1f0c454
- Primary FullAmmo: 0x1f0c3d4
- Primary Cammo: 0x1F0C26D
- Primary Accesory: 0x1F0C26E
- Secondary Ammo: 0x1f0c460
- Secondary FullAmmo: 0x1f0c3dc
- Tactical Granade Ammo: 0x1f0c43c
- Special Granade Ammo: 0x1f0c448
Thanks TheoryWrong for answering all those beginner questions. This is only a small demo and probably has many bugs.
Little by little I want to improve the system, to make graphic interface and port to windows with some program and some bookstore so that more people develops Tools like those that were made for PS3.