PlayStation 4 developer BigBoss, who made available PS4EyeCam and more recently revealed details on reversing the PS4 Dual Eye Camera has released both PS4Client and PS4Link along with updating the open-source PS4SDK by CTurt with PS4 Camera support.
Download: ps4client-master.zip / PS4Client GIT / ps4link-master.zip / PS4Link GIT / PS4-***-master.zip / PS4SDK GIT
From Twitter on the recent updates:
Well, first thanks to all people involved in WebKit exploit. Without their tools i could't dump module and reverse it.
1) We need dump the module. Load libSceCamera.sprx its id is 31. So load it first.
2) Dump it. its index is 20 when it is loaded.
3) Idapro to the rescue. We need offset for all functions that can be called from other modules. Only a brief view and you can see that Sony is using printf("%s ...\n",__FUNCTION__,..) in his code (Thanks of this help Sony) so many function names are you waiting for you with the offset ready
and plenty of them are the same names that we know from vita and ps3.
You can use getFunctionAddressByName sycall 591 with the names that you see in idapro so you can confirm all function names and the offsets.
The list is:
There are more but are internals and you can't use it outside the module.
4) Now fun job. Dissasemble each function that you can use from WebKit. You will see that Sony is using the same error Codes than in vita so this will help you to follow better the code. For example function sceCameraStop is at offset 0x5890 you can see its code in the next capture:
Remember: "The first is placed in rdi, the second in rsi, the third in rdx, and then rcx, r8 and r9. Only the 7th argument and onwards are passed on the stack
For calls that may call functions that use varargs or stdargs (prototype-less
calls or calls to functions containing ellipsis (. . . ) in the declaration)
%al is used as hidden argument to specify the number of vector registers used."
So here we go: edi contains parameter passed to the function. It is comparing with itself so basically if it is less or equal to 0 go to loc_58c7.
You will see that in loc_58c7 it is using something like: printf("%s invalid handle:%d\n",__FUNCTION,arg1);
Then you will see our old friend 802E0000h aka SCE_CAMERA_ERROR_PARAM well known in psp2sdk. So if you pass an arg1 less or equal than 0 to this function you will get that.
So now what happen if you pass a valid handle greater than 0. When you open it will give you handle 1. If you are not open previously the camera what happen? Test and error and you will see.
If handle >0 it will call loc_58e3 with 2 parameter first is our handle and second you can see in the code. Result is saved on rsx and if it is not 0 (our old friend SCE_OK) it will return code error. For example try to call close before open and it will return 0x802e0004 aka SCE_CAMERA_ERROR_NOT_OPEN
Easy don't you? int sceCameraClose(int handle) 0 on success error codes on fail
5) Follow reversing functions. Advice some function are using structures in their parameter so it check if these structures are not NULL and depend of the function check the first 32 bits in these structures it is harcoded on the code so it you can call with a valid chain.data from WebKit and set the correct values on that first 32 bits you can call all the functions described with success.
6) What do you wait to help to open ***?
Sample output from ps4: gist.github.com/psxdev/0aec149948e0dbb3c382
The best is yet to come (greets to Kojima san)
PS4CLIENT FOR PC/MAC
What does this do?
ps4client is a host tool providing host fileio system for PS4. It is the same method that we used in ps2dev days, so basically it is the same protocol than ps2link and ps2client have been using since 2003.
It provide all io request operation availables on ps4link library. Now commands are not implemented but it can be easily incorporated.
By now only osx confirmed to run fine.
How do I use it?
1) Compile and install ps4client
You need a gcc installed in your environment
2) Run sample provided in ps4link in your PS4, after run html button is freezed waiting connection from ps4client, so run in your computer;
You will see logs in terminal window output from your PlayStation 4 using libdebugnet udp log feauture
Sample is showing only open, read , write and directory entry list operations, you have full io r/w access to your hard disk
3) ready to have a lot of fun
What next?
Add commands support
Credits
Special thanks goes to:
PS4LINK FOR PS4
What does this do?
ps4link is a library for PS4 to communicate and use host file system with ps4client host tool. It is the same method that we used in ps2dev days, so basically it is the same protocol than ps2link and ps2client have been using since 2003.
Functions available are defined like native sce functions so it is easy for homebrew developer to use these new functions:
How do I use it?
1) Compile
Like other examples in PS4-*** edit source/main.c and change your mac/linux server ip and your base directory for example host0:/usr/local
2) Run sample on your ps4 when html button freeze you are ready to run pc/mac client part
You will see logs in terminal window output from your PlayStation 4 using libdebugnet udp log feauture
Sample is showing only open, read , write and directory entry list operations, you have full io r/w access to your hard disk
3) ready to have a lot of fun
What next?
Well, this library can be extended adding differents commands like ps2link was defined. It is a internal tool to let me debug camera code and reverse data structures saving to mac with an easy and well known interface for file io.
Credits
Special thanks goes to:
PS4 ***
An open source PlayStation 4 ***.
Building and installing
Just run make on the PS4-*** directory to build the library.
Then create an environment variable called, PS4SDK which points to the base directory of the repository, using the Unix path style; for example:
You must make sure that your compiler supports the System V AMD64 ABI calling convention. PS4-*** relies on this for compatibility with Sony's functions and system calls.
Design
At the moment, it is primarily focused on the kernel. For example, all semaphore system calls have been implemented, from 549 to 556.
However, using function pointers and the RESOLVE macro, we can call functions from other modules. For example, the socket functions from libSceNet.sprx.
Support
Whilst the *** isn't capable of most basic functionality yet, such as displaying graphics, or receiving controller input, there are workarounds: rendering to an HTML5 canvas, and using third party USB controllers, or a DS/PSP wirelessly for example.
The *** is currently in a state where projects like an FTP server, or a mini Pong game could be developed.
Examples
PlayStation 4 Homebrew execution code PlayStation 4 Eye POC
PlayStation 4 Eye homebrew execution on PS4 POC camera frame showed mode 3 320x200 in y8 format.
Download: ps4client-master.zip / PS4Client GIT / ps4link-master.zip / PS4Link GIT / PS4-***-master.zip / PS4SDK GIT
From Twitter on the recent updates:
- PS4 libSceCamera research. I love holidays (pbs.twimg.com/media/CM7GJVqWoAAAFRG.jpg)
- Reversing ps4 sceLibCamera.sprx is fun. Function offsets checked, time to reverse data structs. Thanks to people involved in webkit exploit
- Ps4 camera module is almost here . Calling functions done, understanding paramerters and values returned done. Now reversing structs
- pbs.twimg.com/media/CNGqp53WsAAt-oH.jpg
- Playstation 4 Cameras just wanna have fun gist.github.com/psxdev/0aec149948e0dbb3c382
Well, first thanks to all people involved in WebKit exploit. Without their tools i could't dump module and reverse it.
1) We need dump the module. Load libSceCamera.sprx its id is 31. So load it first.
2) Dump it. its index is 20 when it is loaded.
3) Idapro to the rescue. We need offset for all functions that can be called from other modules. Only a brief view and you can see that Sony is using printf("%s ...\n",__FUNCTION__,..) in his code (Thanks of this help Sony) so many function names are you waiting for you with the offset ready
and plenty of them are the same names that we know from vita and ps3.You can use getFunctionAddressByName sycall 591 with the names that you see in idapro so you can confirm all function names and the offsets.
The list is:
Code:
sceCameraAudioOpen Offset = 0x6d00
sceCameraClose Offset = 0x5550
sceCameraCloseByHandle Offset = 0x55b0
sceCameraGetAttribute Offset = 0x5a10
sceCameraGetAutoExposureGain Offset = 0x5ba0
sceCameraGetAutoWhiteBalance Offset = 0x5d00
sceCameraGetConfig Offset = 0x5710
sceCameraGetContrast Offset = 0x5e60
sceCameraGetDefectivePixelCancellation Offset = 0x5fc0
sceCameraGetDeviceConfig Offset = 0x6dc0
sceCameraGetDeviceInfo Offset = 0x5af0
sceCameraGetExposureGain Offset = 0x6120
sceCameraGetFrameData Offset = 0x5950
sceCameraGetGamma Offset = 0x62c0
sceCameraGetHue Offset = 0x6460
sceCameraGetLensCorrection Offset = 0x65c0
sceCameraGetSaturation Offset = 0x6720
sceCameraGetSharpness Offset = 0x6880
sceCameraGetWhiteBalance Offset = 0x69e0
sceCameraIsAttached Offset = 0x6bd0
sceCameraIsValidFrameData Offset = 0x59b0
sceCameraOpen Offset = 0x5430
sceCameraOpenByModuleId Offset = 0x54c0
sceCameraSetAttribute Offset = 0x5a80
sceCameraSetAutoExposureGain Offset = 0x5c50
sceCameraSetAutoWhiteBalance Offset = 0x5db0
sceCameraSetCalibData Offset = 0x6c70
sceCameraSetConfig Offset = 0x5610
sceCameraSetConfigInternal Offset = 0x5690
sceCameraSetContrast Offset = 0x5f10
sceCameraSetDefectivePixelCancellation Offset = 0x6070
sceCameraSetExposureGain Offset = 0x6200
sceCameraSetGamma Offset = 0x63a0
sceCameraSetHue Offset = 0x6510
sceCameraSetLensCorrection Offset = 0x6670
sceCameraSetSaturation Offset = 0x67d0
sceCameraSetSharpness Offset = 0x6930
sceCameraSetWhiteBalance Offset = 0x6ac0
sceCameraStart Offset = 0x5790
sceCameraStartByHandle Offset = 0x5810
sceCameraStop Offset = 0x5890
sceCameraStopByHandle Offset = 0x58f04) Now fun job. Dissasemble each function that you can use from WebKit. You will see that Sony is using the same error Codes than in vita so this will help you to follow better the code. For example function sceCameraStop is at offset 0x5890 you can see its code in the next capture:
Remember: "The first is placed in rdi, the second in rsi, the third in rdx, and then rcx, r8 and r9. Only the 7th argument and onwards are passed on the stack
For calls that may call functions that use varargs or stdargs (prototype-less
calls or calls to functions containing ellipsis (. . . ) in the declaration)
%al is used as hidden argument to specify the number of vector registers used."
So here we go: edi contains parameter passed to the function. It is comparing with itself so basically if it is less or equal to 0 go to loc_58c7.
You will see that in loc_58c7 it is using something like: printf("%s invalid handle:%d\n",__FUNCTION,arg1);
Then you will see our old friend 802E0000h aka SCE_CAMERA_ERROR_PARAM well known in psp2sdk. So if you pass an arg1 less or equal than 0 to this function you will get that.
So now what happen if you pass a valid handle greater than 0. When you open it will give you handle 1. If you are not open previously the camera what happen? Test and error and you will see.
If handle >0 it will call loc_58e3 with 2 parameter first is our handle and second you can see in the code. Result is saved on rsx and if it is not 0 (our old friend SCE_OK) it will return code error. For example try to call close before open and it will return 0x802e0004 aka SCE_CAMERA_ERROR_NOT_OPEN
Easy don't you? int sceCameraClose(int handle) 0 on success error codes on fail
5) Follow reversing functions. Advice some function are using structures in their parameter so it check if these structures are not NULL and depend of the function check the first 32 bits in these structures it is harcoded on the code so it you can call with a valid chain.data from WebKit and set the correct values on that first 32 bits you can call all the functions described with success.
6) What do you wait to help to open ***?
Sample output from ps4: gist.github.com/psxdev/0aec149948e0dbb3c382
Code:
Output session PS4 webkit controlling Playstation 4 Camera
´´´
f2offs = 0x28
WebKit2 base address = 0x80c538000
libkernel Base = 0x815b34000
libSceLibcinternal Base = 0x820438000
Stack Base = 0x7efd44000
Refresh this page between calls to avoid instability and crashes. Enjoy...
syscall getLoadedModules
Variable 0 = 0x0 (OK)
Loaded modules:
Index - ID
0 - 0x0 (0)
1 - 0x1 (1)
2 - 0x2 (2)
3 - 0xc (12)
4 - 0xe (14)
5 - 0xf (15)
6 - 0x11 (17)
7 - 0x12 (18)
8 - 0x13 (19)
9 - 0x14 (20)
10 - 0x15 (21)
11 - 0x16 (22)
12 - 0x17 (23)
13 - 0x18 (24)
14 - 0x19 (25)
15 - 0x1a (26)
16 - 0x1b (27)
17 - 0x1e (30)
18 - 0x37 (55)
19 - 0x59 (89)
f2offs = 0x28
WebKit2 base address = 0x80c538000
libkernel Base = 0x815b34000
libSceLibcinternal Base = 0x820438000
Stack Base = 0x7efd44000
Refresh this page between calls to avoid instability and crashes. Enjoy...
call loadModule
syscall getModuleInfo
ModuleBase: 0x839174000
Loaded libSceCamera.sprx
Size: 64KB
This module will only be loaded during this process, please now refresh to avoid a crash (then you can dump it). Upon restart you must reload any extra module.
You can only load a single extra module, if you wish to load a different module restart the browser process.
f2offs = 0x28
WebKit2 base address = 0x80c538000
libkernel Base = 0x815b34000
libSceLibcinternal Base = 0x820438000
Stack Base = 0x7efd44000
Refresh this page between calls to avoid instability and crashes. Enjoy...
call sceCameraIsAttached
Variable 0 = 0x1 (Operation not permitted if you are calling syscall if not it is fine)
f2offs = 0x28
WebKit2 base address = 0x80c538000
libkernel Base = 0x815b34000
libSceLibcinternal Base = 0x820438000
Stack Base = 0x7efd44000
Refresh this page between calls to avoid instability and crashes. Enjoy...
call sceCameraOpen
Variable 0 = 0x1 (Operation not permitted if you are calling syscall if not it is fine)
f2offs = 0x28
WebKit2 base address = 0x80c538000
libkernel Base = 0x815b34000
libSceLibcinternal Base = 0x820438000
Stack Base = 0x7efd44000
Refresh this page between calls to avoid instability and crashes. Enjoy...
call sceCameraStart
Variable 0 = 0x0 (OK)
f2offs = 0x28
WebKit2 base address = 0x80c538000
libkernel Base = 0x815b34000
libSceLibcinternal Base = 0x820438000
Stack Base = 0x7efd44000
Refresh this page between calls to avoid instability and crashes. Enjoy...
call sceCameraCaptureFrame
Variable 0 = 0x0 (OK)
f2offs = 0x28
WebKit2 base address = 0x80c538000
libkernel Base = 0x815b34000
libSceLibcinternal Base = 0x820438000
Stack Base = 0x7efd44000
Refresh this page between calls to avoid instability and crashes. Enjoy...
call sceCameraStop
Variable 0 = 0x0 (OK)
´´´- Added camera support to ps4sdk done
- sceSystemServiceLoadExec offset 1530 in libSceSystemService.sprx dump. Reversing is reeeeally fun
- ps4client and ps4link released. Changes to ps4sdk commited. github.com/psxdev/ps4client github.com/psxdev/ps4link github.com/CTurt/PS4-***
- Next finish camera stuff and ps4sh
- Ps4 camera frames captured on ps4, saved on mac with ps4link/ps4client and decoded with https://gist.github.com/psxdev/4bf985f9caa54bce27ef
Code:
#include <opencv2/opencv.hpp>
#include <string> // std::string
#include <iostream> // std::cout
#include <sstream> // std::stringstream
#include <iomanip> // std::setfill, std::setw
#include<stdio.h> //SYSTEM
#include<iostream>
void convert_yuyv422_to_bgr(char *img,int x, int y)
{
cv::Mat yuv(y,x,CV_8UC2 ,img);
cv::Mat rgb(y,x,CV_8UC3);
cv::cvtColor(yuv, rgb, CV_YUV2BGR_YUY2);
while(1)
{
cv::imshow("ps4eye camera", rgb);
char key = cv::waitKey(1);
if(key == 'q')
break;
}
}
int main(int argc, char** argv)
{
cv::namedWindow("PlayStation 4 Camera capture decoding", 1);
FILE *fd;
//mode 0
char name[255]={0};
int x,y,i,j;
x=1280;
y=800;
char *image;
for(i=1;i<10;i++)
{
image=(char *)malloc(x*y*2);
sprintf(name,"leftframe_%d_mode_%d.raw",i,0);
fd=fopen(name,"rb");
fread(image,x*y*2,1,fd);
fclose(fd);
convert_yuyv422_to_bgr(image,x,y);
sprintf(name,"rightframe_%d_mode_%d.raw",i,0);
fd=fopen(name,"rb");
fread(image,x*y*2,1,fd);
fclose(fd);
convert_yuyv422_to_bgr(image,x,y);
free(image);
}
return 0;
}- Sorry about quality i will try tomorrow a better video. It's late here and tomorrow is the last day of my holidays
- Holidays ended. Poc PlayStation 4 Camera homebrew execution on PlayStation 4
PS4CLIENT FOR PC/MACWhat does this do?
ps4client is a host tool providing host fileio system for PS4. It is the same method that we used in ps2dev days, so basically it is the same protocol than ps2link and ps2client have been using since 2003.
It provide all io request operation availables on ps4link library. Now commands are not implemented but it can be easily incorporated.
By now only osx confirmed to run fine.
How do I use it?
1) Compile and install ps4client
You need a gcc installed in your environment
Code:
make
make install
Code:
psp2client -h ipofyourps4 listenSample is showing only open, read , write and directory entry list operations, you have full io r/w access to your hard disk
Code:
./ps4client -h yourps4ip listen
Client connected from xxx.xxx.xxx.xxx port: 49859
Client reconnected
sock ps4link_fileio set 86 connected 1
Waiting for connection
ps4link initialized and connected from pc/mac
file open req (host0:/usr/local/ps4dev/test.txt, 0 0)
Opening /usr/local/ps4dev/test.txt flags 0
Open return 5
file open reply received (ret 5)
file lseek req (fd: 5)
32 result of lseek 0 offset 2 whence
ps4link_lseek_file: lseek reply received (ret 32)
file lseek req (fd: 5)
0 result of lseek 0 offset 0 whence
ps4link_lseek_file: lseek reply received (ret 0)
ps4link_read_file: Reply said there's 32 bytes to read (wanted 32)
Content of file: Hello world from txt file on pc
ps4link_file: file close req (fd: 5)
ps4link_close_file: close reply received (ret 0)
file open req (host0:/usr/local/ps4dev/test1.txt, 101 0)
Opening /usr/local/ps4dev/test1.txt flags 601
Open return 5
file open reply received (ret 5)
file write req (fd: 5)
wrote 21 bytes (asked for 21)
ps4LinkWrite wrote 21 bytes
ps4link_file: file close req (fd: 5)
ps4link_close_file: close reply received (ret 0)
dir open req (host0:/usr/local/ps4dev)
dir open reply received (ret 0)
List entries
dir read req (0)
dir read reply received (ret 1)
. [DIR]
dir read req (0)
dir read reply received (ret 1)
.. [DIR]
dir read req (0)
dir read reply received (ret 1)
.DS_Store [FILE]
dir read req (0)
dir read reply received (ret 1)
bigbsd [DIR]
dir read req (0)
dir read reply received (ret 1)
core [DIR]
dir read req (0)
dir read reply received (ret 1)
doc [DIR]
dir read req (0)
dir read reply received (ret 1)
git [DIR]
dir read req (0)
dir read reply received (ret 1)
mount_bigbsd.sh [FILE]
dir read req (0)
dir read reply received (ret 1)
nuevo [DIR]
dir read req (0)
dir read reply received (ret 1)
test.txt [FILE]
dir read req (0)
dir read reply received (ret 1)
test1.txt [FILE]
dir read req (0)
dir read reply received (ret 0)
ps4link_file: dir close req (fd: 0)
dir close reply received (ret 0)
Aborting server_requests_sock
sceNetAccept error (0x80410104)
exit thread requests
closing fileio_sock
closing server_request_sockWhat next?
Add commands support
Credits
Special thanks goes to:
- ps2dev old comrades.
- All people collaborating in PS4SDK
PS4LINK FOR PS4What does this do?
ps4link is a library for PS4 to communicate and use host file system with ps4client host tool. It is the same method that we used in ps2dev days, so basically it is the same protocol than ps2link and ps2client have been using since 2003.
Functions available are defined like native sce functions so it is easy for homebrew developer to use these new functions:
Code:
int ps4LinkOpen(const char *file, int flags, int mode);
int ps4LinkClose(int fd);
int ps4LinkRead(int fd, void *data, size_t size);
int ps4LinkWrite(int fd, const void *data, size_t size);
int ps4LinkLseek(int fd, int offset, int whence);
int ps4LinkRemove(const char *file);
int ps4LinkMkdir(const char *dirname, int mode);
int ps4LinkRmdir(const char *dirname);
int ps4LinkDopen(const char *dirname);
int ps4LinkDread(int fd, struct dirent *dir);
int ps4LinkDclose(int fd);1) Compile
Like other examples in PS4-*** edit source/main.c and change your mac/linux server ip and your base directory for example host0:/usr/local
Code:
cd ps4link
make
Code:
ps4client -h ipofyourps4 listenSample is showing only open, read , write and directory entry list operations, you have full io r/w access to your hard disk
Code:
./ps4client -h yourps4ip listen
Client connected from xxx.xxx.xxx.xxx port: 49859
Client reconnected
sock ps4link_fileio set 86 connected 1
Waiting for connection
ps4link initialized and connected from pc/mac
file open req (host0:/usr/local/ps4dev/test.txt, 0 0)
Opening /usr/local/ps4dev/test.txt flags 0
Open return 5
file open reply received (ret 5)
file lseek req (fd: 5)
32 result of lseek 0 offset 2 whence
ps4link_lseek_file: lseek reply received (ret 32)
file lseek req (fd: 5)
0 result of lseek 0 offset 0 whence
ps4link_lseek_file: lseek reply received (ret 0)
ps4link_read_file: Reply said there's 32 bytes to read (wanted 32)
Content of file: Hello world from txt file on pc
ps4link_file: file close req (fd: 5)
ps4link_close_file: close reply received (ret 0)
file open req (host0:/usr/local/ps4dev/test1.txt, 101 0)
Opening /usr/local/ps4dev/test1.txt flags 601
Open return 5
file open reply received (ret 5)
file write req (fd: 5)
wrote 21 bytes (asked for 21)
ps4LinkWrite wrote 21 bytes
ps4link_file: file close req (fd: 5)
ps4link_close_file: close reply received (ret 0)
dir open req (host0:/usr/local/ps4dev)
dir open reply received (ret 0)
List entries
dir read req (0)
dir read reply received (ret 1)
. [DIR]
dir read req (0)
dir read reply received (ret 1)
.. [DIR]
dir read req (0)
dir read reply received (ret 1)
.DS_Store [FILE]
dir read req (0)
dir read reply received (ret 1)
bigbsd [DIR]
dir read req (0)
dir read reply received (ret 1)
core [DIR]
dir read req (0)
dir read reply received (ret 1)
doc [DIR]
dir read req (0)
dir read reply received (ret 1)
git [DIR]
dir read req (0)
dir read reply received (ret 1)
mount_bigbsd.sh [FILE]
dir read req (0)
dir read reply received (ret 1)
nuevo [DIR]
dir read req (0)
dir read reply received (ret 1)
test.txt [FILE]
dir read req (0)
dir read reply received (ret 1)
test1.txt [FILE]
dir read req (0)
dir read reply received (ret 0)
ps4link_file: dir close req (fd: 0)
dir close reply received (ret 0)
Aborting server_requests_sock
sceNetAccept error (0x80410104)
exit thread requests
closing fileio_sock
closing server_request_sockWhat next?
Well, this library can be extended adding differents commands like ps2link was defined. It is a internal tool to let me debug camera code and reverse data structures saving to mac with an easy and well known interface for file io.
Credits
Special thanks goes to:
- ps2dev old comrades.
- All people who collaborated in PS4SDK
PS4 ***An open source PlayStation 4 ***.
Building and installing
Just run make on the PS4-*** directory to build the library.
Then create an environment variable called, PS4SDK which points to the base directory of the repository, using the Unix path style; for example:
Code:
/C/Users/Chris/Documents/GitHub/PS4-***Design
At the moment, it is primarily focused on the kernel. For example, all semaphore system calls have been implemented, from 549 to 556.
However, using function pointers and the RESOLVE macro, we can call functions from other modules. For example, the socket functions from libSceNet.sprx.
Support
Whilst the *** isn't capable of most basic functionality yet, such as displaying graphics, or receiving controller input, there are workarounds: rendering to an HTML5 canvas, and using third party USB controllers, or a DS/PSP wirelessly for example.
The *** is currently in a state where projects like an FTP server, or a mini Pong game could be developed.
Examples
- hello - Load libc module and perform getpid system call
- sockets - Send a message over a TCP socket
- modules - Load and dump a module
- threads - Create and wait for a thread to increment a variable
- canvas - Render to an HTML5 canvas
- camera - Initialise the PlayStation Camera and capture 10 frames
- pad - Read controller input (not finished)
- directories - List the contents of a directory
- files - Read a file's size, and its contents
- list_devices - List information about all USB devices connected
- storage - Read raw image from a USB flash drive
PlayStation 4 Homebrew execution code PlayStation 4 Eye POC
PlayStation 4 Eye homebrew execution on PS4 POC camera frame showed mode 3 320x200 in y8 format.