Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKGs.
Category PS4 CFW and Hacks       Thread starter PSXHAX       Start date Aug 12, 2020 at 1:15 PM       4,491       12            
Following the PS4 SysGlitch Tool and SysCon Glitching Pinout and his PS4 Unfself Tool, today PlayStation 4 developer @SocraticBliss is back with a PS4 Syscon Loader via Twitter tested with the IDA 7.0-7.2 Interactive Disassembler for reading the PS4's System Controller full firmware files by scene devs. :geek:

Download: / GIT

Previously we've seen a PS4 Syscon System Controller Firmware Decrypter, some PS4 System Controller High-Res Images alongside PS4 APU Floor Plan High-Resolution Die Shots and a Colwick Repository for PS4 Syscon Research and Development... from the PS4 Syscon Loader

SocraticBliss (R)

Dedicated to zecoxao <3

  1. Place the file in your IDA's loaders directory
  1. Load a PS4 Decrypted Syscon Full Firmware in IDA 32-bit
  2. Select the option ending with []
And from the
#!/usr/bin/env python
PS4 Syscon Loader by SocraticBliss (R)
Dedicated to zecoxao <3 IDA loader for reading Sony PlayStation(R) 4 Syscon Firmware files

from idaapi import *
from idc import *

import idaapi as ida
import idc

# Load Processor Details...
def processor(processor):

    # Processor
    idc.set_processor_type(processor, SETPROC_LOADER)

    # Assembler

    # Compiler
    idc.set_inf_attr(INF_COMPILER, COMP_GNU)

    # Loader Flags
    idc.set_inf_attr(INF_LFLAGS, LFLG_PC_FLAT | LFLG_COMPRESS)

    # Assume GCC3 names
    idc.set_inf_attr(INF_DEMNAMES, DEMNAM_GCC3)

    # Analysis Flags
    idc.set_inf_attr(INF_AF, 0xBFFFBFFF)

# Pablo's Function Search...
def function_search(mode, search, address = 0):

    while address < BADADDR:
        address = ida.find_binary(address, BADADDR, search, 0x10, SEARCH_DOWN)
        if address < BADADDR:
            address += mode
            ida.del_items(address, 0)
            ida.add_func(address, BADADDR)
            address += 1

# Load Segment Details...
def segment(f, start, end, name, type = 'DATA', perm = SEGPERM_MAXVAL):

    f.file2base(start, start, end, FILEREG_PATCHABLE)
    ida.add_segm(0x0, start, end, name, type, 0x0)

    # Processor Specific Segment Details
    idc.set_segm_addressing(start, 0x1)
    idc.set_segm_alignment(start, saAbs)
    idc.set_segm_combination(start, scPriv)
    idc.set_segm_attr(start, SEGATTR_PERM, perm)


# Open File Dialog...
def accept_file(f, n):

        if not isinstance(n, (int, long)) or n == 0:
            return 'PS4 - Syscon Full Firmware' if == '\x80\x01\xFF\xFF' else 0


# Load Input Binary...
def load_file(f, neflags, format):

    print('# PS4 Syscon Loader')

    # PS4 Syscon Processor

    # Boot Cluster 0
    print('# Creating Vector Table Area 0')
    segment(f, 0x0, 0x80, 'VTA0')

    for vec in xrange(0x40):
        ida.create_data(vec * 2, FF_WORD | FF_0OFF, 0x2, BADNODE)

    print('# Creating CALLT Table Area 0')
    segment(f, 0x80, 0xC0, 'CALLTTA0')

    print('# Creating Option Byte Area 0')
    segment(f, 0xC0, 0xC4, 'OBA0')

    print('# Creating On-chip Debug Security 0')
    segment(f, 0xC4, 0xCE, 'ODS0')

    print('# Creating Program Area 0')
    segment(f, 0xCE, 0x1000, 'PA0', 'CODE', SEGPERM_READ | SEGPERM_EXEC)

    # Boot Cluster 1
    print('# Creating Vector Table Area 1')
    segment(f, 0x1000, 0x1080, 'VTA1')

    for vec in xrange(0x40):
        ida.create_data(0x1000 + (vec * 2), FF_WORD | FF_0OFF, 0x2, BADNODE)

    print('# Creating CALLT Table Area 1')
    segment(f, 0x1080, 0x10C0, 'CALLTTA1')

    print('# Creating Option Byte Area 1')
    segment(f, 0x10C0, 0x10C4, 'OBA1')

    print('# Creating On-chip Debug Security 1')
    segment(f, 0x10C4, 0x10CE, 'ODS1')

    # ROM
    print('# Creating Program Area 1')
    segment(f, 0x10CE, 0x80000, 'PA1', 'CODE', SEGPERM_READ | SEGPERM_EXEC)

    # 0x80000 - 0xF0000 : Reserved

    print('# Creating Special Function Register 2')
    segment(f, 0xF0000, 0xF0800, 'SFR2')

    print('# Creating Reserved')
    segment(f, 0xF0800, 0xF1000, 'RES')

    # DATA
    print('# Creating Data')
    segment(f, 0xF1000, 0xF3000, 'DATA')

    print('# Creating Mirror')
    segment(f, 0xF3000, 0xF7F00, 'MIRROR')

    # RAM
    print('# Creating RAM')
    segment(f, 0xF7F00, 0xFFEE0, 'RAM')

    print('# Creating General-purpose Register')
    segment(f, 0xFFEE0, 0xFFF00, 'GR')

    print('# Creating Special Function Register')
    segment(f, 0xFFF00, 0x100000, 'SFR')

    print('# Search Function Start')
    function_search(1, 'D7 61 DD')
    function_search(1, 'FF C3 31 17')
    function_search(1, 'FB C3 31 17')
    function_search(1, 'FF 61 DD 8E FA')
    function_search(1, 'FF 61 DD C7')
    function_search(0, '61 DD C7')
    function_search(1, 'D7 C7 C3 C1')
    function_search(1, 'D7 C7 16')
    function_search(1, 'D7 30 02 00 C1')
    function_search(1, 'D7 C7 C1')
    function_search(1, 'D7 C7 88')
    function_search(1, 'D7 C7 20')
    function_search(1, 'D7 C7 41')
    function_search(1, 'D7 C7 36')
    function_search(1, '00 C7 C3 C1 FB')
    function_search(1, 'FF C7 57')
    function_search(2, '00 00 C7 C5 C1')
    function_search(1, '00 C5 C1')

    print('# Done!')
    return 1

PS4 Syscon Loader Python Script for System Controller Files by SocraticBliss.jpg


Recent Articles Script for PS4 Decrypted PUP Info by SocraticBliss
Following his PS4 Syscon Loader Python Script, today PlayStation 4 developer @SocraticBliss shared via Twitter a Python script to display detailed information of a decrypted...
DualSense Charging Station for PlayStation 5 and PS5 Accessory Pricing
We've seen some PS5 Game Box Art, the PlayStation 5 Console Packaging and now pricing is available for Sony's wireless DualSense with Updatable Controller Software and other PlayStation 5...
PlayStation Store Big in Japan Sale Offers Up to Half Off PSN Games
Starting this Wednesday, Sony's latest PlayStation Store Big in Japan Sale offers discounts of up to 50% off select PSN games including Capcom's survival horror remake Resident Evil 3, Bandai...
Mira 7.00-7.02 PS4 WIP Ports by Al Azif & MACROSS (Retail) 7.02 ELF Collection
Proceeding the 7.02 PS4 Kernel Exploit (KEX), previous Mira Project Updates and Payloads, potential New WebKit Exploit discovery and 702_MACROSS_COLLECTION_FOR_SLEIRSGOEVY.rar (7.02 PS4 Decrypted...