Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKGs.
PS4 CFW and Hacks       Thread starter PSXHAX       Start date Mar 15, 2021 at 7:51 PM       6,445       10      
Proceeding the PS4 Unjail / FTP Plugin Unity Native Code, his PS4_Tools Homebrew Updates and recent PS4-Xplorer 1.29 Mod that eliminates using the firmware selection screen, today PlayStation 4 Scene developer @TheDarkprograme (YouTube Channel) on Twitter updated his Github Repositories with a PS4 Unjail PRX Plugin for Unity (Leak) developers aided by @zecoxao (Twitter) alongside a basic Atrac9 Player added to PS4 Tools, a PS4 PKG Viewer update (not to be confused with PS4PKGViewer) and an Android application that allows viewing PKG's on your mobile device or phone! 🤩

Download: universal.prx (269 KB) / ps4_unjail-main.zip / GIT / PS4_Tools Repository / com.ps4_tools.ps4_pkg_viewer_android.apk (17.3 MB) / PS4 Tools (AppVeyor)

:idea: He has Bitcoin (bc1qmvc5wkzprqweec69zlqlzutgys2hv2e4ay207q) and also recently set up a PSTools Patreon Page for those who would like to support his continued PS4 Scene development work. <3

From the README.md file: ps4_unjail

PS4 Universal Plugin

Using Universal

To start you will need to do a DLL Import in unity (universal.prx needs to be placed inside Assets\Plugins\PS4)

DLL Import
Code:
    [DllImport("universal")]
    //Custom Funciton to be added like below
    private static extern UInt16 get_firmware();
Get_Firmware this will get the current firmware of the console not the spoofed firmware
Code:
   private static extern UInt16 get_firmware();
   // should return as XXX e.g 505, 702 or 755
Unjail
Code:
   private static extern int FreeUnjail(int FWVersion);
   //Will unjail the current process (you're game or app)
   //can be combined with the GetFirmware funciton to auto unjail
   FreeUnjail(get_firmware());
Temperature
Code:
   private static extern int Temperature();
   //Will return temp in ºC
FreeFTP
Code:
   private static extern int FreeFTP();
   //Will enable FTP on the console
FreeMount
Code:
   private static extern int FreeMount();
   //Allows full rw
SetTemperature
Code:
    private static extern void SetTemperature(int celsius);
    //allows you to set the temperature
Notification on PS4
Code:
    private static extern int SendMessageToPS4(string Message)
    //Shows a notification on the PS4
MountSaveData
Code:
    private static extern int MountSaveData(string TITLEID,string fingerprint)
    //mounts save data on the PS4 if using save mounter patches please use zero's for fingerprint
UnMountSaveData
Code:
    private static extern int UnMountSaveData()
    //Unmounts all mounted save data
Load another executable
Code:
    private static extern bool LoadExec(string path, string argv)
    //Calls and opens an application
GetIDPS
Code:
    private static extern string GetIDPS()
    //Gives you you're IDPS
GetPSID
Code:
    private static extern string GetPSID()
    //Gives you you're PSID
Get_Firmware this will get the current firmware of the console not the spoofed firmware
Code:
   private static extern UInt16 get_firmware();
   // should return as XXX e.g 505, 702 or 755
get_fw
Code:
    private static extern int get_fw()
    //gets the version as an int (reads from kern.sdk_version) can be spoofed
GetCallableList
Code:
    private static extern string GetCallableList()
    //Designed to show you all items you can call on the syste,
GetListOfServices
Code:
    private static extern string GetListOfServices()
    //Designed to show you all services you can call on the syste,
KernelGetOpenPsId
Code:
    private static extern string KernelGetOpenPsId()
    //Not sure why this call exists
firmware_version_kernel
Code:
    private static extern string firmware_version_kernel()
    //Get the firmware version on the kernel (but can be spoofed !)
firmware_version_libc
Code:
    private static extern string firmware_version_kernel()
    //Get the firmware version by libc (for prevent from kernel spoof)
    //Should no longer be required thanks to LM
GetUsername
Code:
    private static extern string GetUsername()
    //returns the current username
GetUserId
Code:
    private static extern string GetUserId()
    //returns the current userid
UnlockTrophies
Code:
    private static extern int UnlockTrophies(string TitleId,string Titleidsecret )
    //returns the current username
MakeCusaAppReadWrite
Code:
    private static extern int MakeCusaAppReadWrite()
    //returns the current userid
Change_Controller_Color
Code:
    private static extern int Change_Controller_Color(int r,int g,int b)
    //Changes controler collor to RBG provided
TakeScreenShot
Code:
    private static extern int TakeScreenShot()
    //Should take a screenshot of the current screen
MountandLoad
Code:
    private static extern int MountandLoad()
    //try's to mount something in sandbox
MountTrophy
Code:
    private static extern int MountTrophy()
    //try's to mount a trophy file
PS4 Tools - At9 Player
PS4 Tools - PS4 PKG Viewer
PS4 Tools - PS4 Save Manager
🔥 Also heating things up on Twitter today is a payload to exit PS4 IDU Mode if anyone needs it:
Exits IDU Mode
Should "turn off" when it's done, just hold the power button after the screen turns off. When you turn it back on you should be out of IDU mode

PS4_Unjail PRX Plugin, Android PS4 PKG Viewer & More by xXxTheDarkprogramerxXx.jpg
 

Comments

RedDotZer0

Developer
Member
Contributor
Verified
@upal "payloads or "payload" is just a way of running userland code in kernel memory once you install a syscall to system.on x86 its supervisor mode execution prevention. on 64 bits its supervisormode acess prevention.

for either smep/smap bypass you create a rop chain to run your own code.

there are good writeups for bypassing intel smep on a 64 bit windows operating system at least. for those interested in reading the write ups.
 
Top