Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 / PS5 PKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Aug 17, 2017 at 3:32 AM       2      
Not open for further replies.
Following the previous updates on PlayStation 4's Secure Asset Management Unit more commonly referred to as SAMU, @HydrogenNGU shared details on further understanding the PS4 processor SAMU for developers. :geek:

According to a SAMU patent, it's described as a method and apparatus for including architecture for protecting multi-user sensitive code and data.

Below is a summary of what Hydrogen on NGU shared about it including details from Fail0verflow slides (if you missed it, see their Postscript also) to quote in part: Understanding The PS4 Processor SAMU


Overall, SAMU is a strong processor that holds mostly everything everyone in the PS4 Scene wants. If someone ever handles SAMU, modding has the chance to go online, but I don't know how things would work with the banning and the CIDs. We already had a few discussions speaking about the PSID awhile back. We know @theorywrong and @2much4u had discovered Partial IDPS from the kernel memory, including the PSID since it's there as well. To read more about that old post, you can view it here.

You can dump it from the kernel memory with a certain payload, and I will not be providing any payload in order to so. In addition, @zecoxao had explained to us you could do the same with it running the dl close. Use memcpy in the Kernel Mode, and use sys sendto. This should send it to your computer.

Approximately, most things that were done on PlayStation 3 is of course, possible on the PlayStation 4. If this ever gets decrypted and fully hacked. Yes, you'd see a lot of new innovations being brought on to the table. That's of course, if someone releases it first. This is a little guide explaining what SAMU is, and what it does. Hopefully, this clears out the questions from the air I've always got. Always remember, SAMU is a tough nut to crack!

  • Wildcard777 - For being the sexiest chick ever.
  • Zecoxao - For being the baddest chick ever.
  • mcmrc1ā€ - For sending some old PS4 slides from marcan.
  • CTurtE - Good information off of his write ups.
  • Marcan42 - Good information off of his slides.
Also do not forget that some guys had access to SAMU keys and could dump decrypted Kernels from latest FW version even without any kernel exploit šŸ˜œ
From, to quote: Sam ipl

SAMU IPL, codenamed as 80000001, is the main loader of the Secure Kernel (80010001)
The header contained in it contains the following information:

Header Info

Offset Size Description Notes
0x0 4 Magic 5E D7 9A 0B
0x4 4 Header Size Little Endian (0x280)
0x8 4 Entry Point Little Endian (0x100)
0xC 4 Payload Size Little Endian (e.g 0x232D0)
0x10 0x10 Padding Zeroes
0x20 0x20 SHA256 of the decrypted payload -
0x40 0x100 Padding Ascii Zeroes
0x140 0x40 Metadata -
0x180 0x100 RSA Header Signature -
0x280 0x232D0 Payload -
0x23550 0x100 RSA Footer Signature -
MetaData Info

Offset Size Description Notes
0x0 0x20 MetaData Body Contains Keyslot Keys
0x20 0x20 HDR + MetaData SHA256HMAC SHA256 of hdr plus metadata (HMAC)
MetaData Body

Offset Size Description Notes
0x0 0x20 KeySlot 1 -
serials for AMD tools:
20FBC6A1-4F25-476F-9C52-97A9220DAC27 BIOS SUITE
SD3T-W1R7-FEC2-4GQ9-8V04-25UY-BM90-0A0L HDT
Cheers to both @Figure03 and @HydrogenNGU for the news tips in the PSXHAX Shoutbox yesterday! :beer:
PS4 Secure Asset Management Unit (SAMU) Processor by HydrogenNGU.jpg


Not open for further replies.