Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Jul 15, 2020 at 9:32 PM       17,700       38            
Proceeding the PS4 EEPROM Dumper, PS4 Serial / Flash Pinouts, PS4 UART to DCSD Project, PS4 Aux Hax Parts 1-3, PS4 Aux Hax Part 4, PS4 Syscon System Controller Firmware Decrypter, recent PS4 Renesas RL78 Debug Protocol Implementation and his Flexible Kernel Dumper PS4 Payload / PS4 Homebrew App Demo releases comes a PS4 SysGlitch Tool and SysCon Glitching Pinout and TEENSY 2.0++ / TEENSY 4.0 Hexcodes by VVildCard777 on Github. 🤩

Download: SYSGLITCH_TEENSY4.0.hex / SYSGLITCH_TEENSY2.0++.hex / SYSGLITCH-master.zip / GIT

According to his Tweets below, SYSGLITCH is a simplified System Controller glitching tool that will dump the PS4 / PS Vita SysCon flash continuously and is more user-friendly than an FPGA setup (although die hard FPGA lovers like @Chaos Kid may not agree 😜).

:idea: Also of note following the recent OrbisSWU PS4 Update Tool Developer Research in regards to the possibility of PS4 downgrading from his Tweets below, he states the following to quote:

"As for downgrade, I don't know about the process, but f0f hinted at it in their blog, seems to be completely per console-based tho. Someone should try it! :)"

:alert: In the Related Tweets below is more on the PS4 Firmware Downgrading / PS4 Firmware Reverting / Firmware Regression Method, however heavy soldering is required and from to summarize from VVildCard777's Tweets for the majority of end-users:

"Its kinda pointless for eta wen kidz because theyd need hw skills to dump it. and theyd need the foresight to copy everything. But imagine if you are on latest fw now. You know there will be a sploit eventually so you could just revert when its released. :) which is pretty cool!"

And from the README.md: SYSGLITCH

A tool for glitching the on-chip debugger rom located in RL78 devices in order to dump full flash contents

Only compatible with version 3.03 of the OCD rom.

Based on the attack outlined by Fail0verflow https://fail0verflow.com/blog/2018/ps4-syscon/

Setup
  • A Teensy 4.0 or Teesny 2.0++ and the Arduino IDE
  • If using the 2.0++ make sure it is fitted with a 3.3v regulator as instructed at https://www.pjrc.com/teensy/3volt.html
  • A usb serial cable wired to a PC, capturing raw data on RX with Realterm https://sourceforge.net/projects/realterm/
  • An RL78 with version 3.03 of the OCD rom
  • A small diode and ~4K ohm resistor for the RX line pulldown (needed to stabilise signal on syscon TOOL0)
PS4 Glitching Pinout

Teensy 4.0 Glitching Pinout


PS4 SysGlitch Tool and SysCon Glitching Pinout by VVildCard777.png


Teensy 2.0++ Glitching Pinout

PS4 SysGlitch Tool and SysCon Glitching Pinout by VVildCard777 3.png


PS Vita RL78 Pinout

PS4 SysGlitch Tool and SysCon Glitching Pinout by VVildCard777 2.png

Credits:
  • Fail0verflow for the initial Writeup on the attack.
  • droogie for early syscon investigations.
  • juansbeck for his findings on identifying the chip and pinout.
  • Zecoxao, M4j0r, and SSL for their support in all syscon related work.
PS4 SysGlitch Tool and SysCon Glitching Pinout by VVildCard777 2.jpg


Spoiler: Related Tweets

PS4 SysGlitch Tool and SysCon Glitching Pinout by VVildCard777.jpg
 

Comments

Recent Articles
PS5 DualSense Wireless Controller to Have Updatable Software
When you thought updating PlayStation 5's Firmware just to play a video game is enough hassle, Sony kicked things up a notch with confirmation on the DualSense Wireless Controller official page...
Latest PS4 Games Joining PlayStation Now in August 2020
Today Sony revealed the latest PS4 additions to their PlayStation Now digital video game streaming service this August for PS Now members will be Hitman 2, Greedfall and Dead Cells. 😀 Here's more...
Sony Reveals PS5 Details on Compatible PS4 Peripherals and Accessories
In PS5 News today, Sony revealed details on compatible PS4 peripherals and accessories with their upcoming PlayStation 5 console launch that is just months away now. After unveiling the PS5...
PS4 IPv6 UAF 6.70-6.72 Kernel Exploit with Patches, Maybe More Stable!
Since his PS4 Save Mounter Utility release, the PS4 6.20 ROP Execution Method, PS4 Webkit Bad_Hoist Exploit, 7.02 PS4 KEX, PS4 Webkit Exploit 6.72 Port, PS4 6.72 Jailbreak Exploit, Backporting PS4...
Top