Category PS4 CFW and Hacks       Thread starter PSXHAX       Start date Nov 25, 2018 at 11:39 AM       10,787       31            
Proceeding his initial PS4 Remote Package Installer release, PlayStation 4 developer @flatz returns bringing an update to his Remote PKG Installer with the changes detailed below. :notworthy:

Download: remote_pkg_installer.pkg (4.1 MB) / RPI Controller.zip (161.09 KB) / ps4-exploit-host-win.x86-0.4.6b3.zip (4.99 MB) by @Al Azif via Twitter

To quote from flat_z's Tweets embedded below on the update: "Remote pkg installer update: added CORS header to interact with browser's ajax & deletion of temporary files in /data (last access date should be more than 3 days)"

"Up to date" with RPI installer using CORS headers. This version only uses HTML/JS, you must specify an external PKG list to list files as there's no server component (Line 47 rpi.js). Add the TMDB key, PS3 is same as PS4, to line 71 of rpi.js, to show PKG metadata automatically.
Device using this must be on same network or have port 12800 forwarded to your PS4
Corresponding selfhost- no need to add a pkg list, just stick pkgs in the pkg folder. Still need the key though. rpi.js is in themes/default folder. Make sure you update the RPI PKG and just visit http://yourexploitip/rpi
FPKG code have a bug that yields to game crash after suspend/resume cycle, so i've fixed it here:
Code:
//
// Name: Additional patches for fPKG
// Description: Prevents fPKG game crash during suspend/resume cycle
// Notes: offsets are given for 5.01 retail kernel
//

#define SIZEOF_SBL_KEY_SLOT_DESC 0x20

TYPE_BEGIN(struct sbl_key_slot_desc, SIZEOF_SBL_KEY_SLOT_DESC);
   TYPE_FIELD(uint32_t key_id, 0x00);
   TYPE_FIELD(uint32_t unk_0x04, 0x04);
   TYPE_FIELD(uint32_t key_handle, 0x08); /* or -1 if it's freed */
   TYPE_FIELD(uint32_t unk_0x0C, 0x0C);
   TYPE_FIELD(TAILQ_ENTRY(sbl_key_slot_desc) list, 0x10);
TYPE_END();
TAILQ_HEAD(sbl_key_slot_queue, sbl_key_slot_desc);

#define SIZEOF_SBL_KEY_RBTREE_ENTRY 0xA8 // sceSblKeymgrSetKey

TYPE_BEGIN(struct sbl_key_rbtree_entry, SIZEOF_SBL_KEY_RBTREE_ENTRY);
   TYPE_FIELD(uint32_t handle, 0x00);
   TYPE_FIELD(uint32_t occupied, 0x04);
   TYPE_FIELD(union sbl_key_desc desc, TYPE_SBL_KEY_RBTREE_ENTRY_DESC_OFFSET);
   TYPE_FIELD(uint32_t locked, TYPE_SBL_KEY_RBTREE_ENTRY_LOCKED_OFFSET);
   TYPE_FIELD(struct sbl_key_rbtree_entry* left, 0x88);
   TYPE_FIELD(struct sbl_key_rbtree_entry* right, 0x90);
   TYPE_FIELD(struct sbl_key_rbtree_entry* parent, 0x98);
   TYPE_FIELD(uint32_t set, 0xA0);
TYPE_END();

//...

DECLARE_VARIABLE(0x2744558, sbl_keymgr_key_rbtree, struct sbl_key_rbtree_entry**);
DECLARE_VARIABLE(0x2744548, sbl_keymgr_key_slots, struct sbl_key_slot_queue*);

DECLARE_VARIABLE(0x2748000, sbl_keymgr_buf_va, uint8_t*);
DECLARE_VARIABLE(0x2748800, sbl_keymgr_buf_gva, uint64_t*);

DECLARE_FUNCTION(0x623BE0, sceSblKeymgrSetKeyStorage, int, uint64_t key_gpu_va, unsigned int key_size, uint32_t key_id, uint32_t key_handle);

//...

static int sceSblKeymgrInvalidateKey___sx_xlock__hook(struct sx* sx, int opts, const char* file, int line) {
   struct sbl_key_rbtree_entry* key_desc;
   struct sbl_key_slot_desc* key_slot_desc;
   unsigned key_handle;
   int ret, ret2;

   ret = _sx_xlock(sx, opts, file, line);

   if (TAILQ_EMPTY(sbl_keymgr_key_slots))
       goto done;

   TAILQ_FOREACH(key_slot_desc, sbl_keymgr_key_slots, list) {
       key_handle = key_slot_desc->key_handle;
       if (key_handle == (unsigned int)-1) {
           /* unbounded */
           continue;
       }
       key_desc = sceSblKeymgrGetKey(key_handle);
       if (!key_desc) {
           /* shouldn't happen in normal situations */
           continue;
       }
       if (!key_desc->occupied) {
           continue;
       }
       if (key_desc->desc.pfs.obf_key_id != PFS_FAKE_OBF_KEY_ID) {
           /* not our key, just skip, so it will be handled by original code */
           continue;
       }
       if (key_desc->desc.pfs.key_size != sizeof(key_desc->desc.pfs.escrowed_key)) {
           /* something weird with key params, just ignore and app will just crash... */
           continue;
       }
       memcpy(sbl_keymgr_buf_va, key_desc->desc.pfs.escrowed_key, key_desc->desc.pfs.key_size);
       ret2 = sceSblKeymgrSetKeyStorage(*sbl_keymgr_buf_gva, key_desc->desc.pfs.key_size, key_desc->desc.pfs.obf_key_id, key_slot_desc->key_id);
       if (ret2) {
           /* wtf? */
           continue;
       }
   }

done:
   /* XXX: no need to call SX unlock because we'll jump to original code which expects SX is already locked */

   return ret;
}

//...

static void do_debug_pfs_patches(void) {
   //...
   INSTALL_CALL_HOOK(0x62E58D, sceSblKeymgrInvalidateKey___sx_xlock__hook);
   //...
}
Download: ps4-hen-vtx.bin (7.20 KB - 5.05 Test)

You should:
  • Open a Game
  • Long Press PS Button
  • Go to Power Options
  • Enter Rest Mode
  • Wait 5 Minutes
  • Press PS Button
  • Do this 5 times at least
Cheers to Leeful for the heads up on the news earlier today! :beer:
Remote PKG Installer Update by PS4 Scene Developer Flat_z.jpg
 

Comments

bablest

Senior Member
Contributor
Not sure exactly, but does this mean we can use callbacks on the ps4 client to retrieve a list in json or whatever? Or does this now work more like a web browser should in general? I still haven't used Rpi on the basis that I'm not sure how to select pkgs for install on the ps4.

I imagine you could just select a bunch then send 'install all' to the server (with a few second delay on the server for init). But I'm still not sure how the server detects free space on the ps4.

On a side note, does anyone know a tool to mount 7zip and rar as a vfs on Linux? Windows has only one tool it appears, WinArchiver (it does work as intended, well there is a choke if the archive is solid ... but still works).

But I can't find a single one for linux and I'm not sure how to get the pkg info for the ps4 client using a pipe, although I haven't tried (a simple 7z | curl might do, although that is sort of blind).

One more question, is anyone working on a way to run apps/games directly off the network, or is it not possible with only a kexploit?
 

lotus78

Senior Member
Contributor
Verified
Thx for sharing - but I have some troubles:
  • the new self host exploit does not work for me. I always get "No Categories Found". (I deleted all browser data - but no effect.)
  • where I can get the TMDB key ?
  • how to insert the PKG list ?
thx
 

bablest

Senior Member
Contributor
Is anyone else getting a cache redirect error with 0.4.6b3? If I manually enter the URLs, it works, but on the main exploit screen it redirects to a 404.
 

Al Azif

Developer
Senior Member
Contributor
@lotus78
  • That's because there are no exploits in the exploits folder, I put the binary out for testing, that's why there's no release on GH
  • Like I said it's the same as the PS3's, google is your friend (Like the 3rd result on a wiki page)
  • If using the selfhost just put your pkg's in the pkg directory, otherwise you'll have to make the list yourself
@bablest
In settings.json enable the debug option and post it.
 

bablest

Senior Member
Contributor
I guess it might be because I'm missing meta.json, or so it appears (That's not with 4.6a).
Code:
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /document/en/ps4/index.html HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/bootstrap.min.css HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/default.css HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/jquery-3.3.1.min.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/popper.min.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/common.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/bootstrap.min.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/default.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /blank.html HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/image.png HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /news HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /api/categories HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /api/categories HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /exploits/1.01/meta.json HTTP/1.1" 404 -
192.168.1.57 - - [28/Nov/2018 18:46:37] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /exploits/1.01/meta.json HTTP/1.1" 404 -
192.168.1.57 - - [28/Nov/2018 18:46:37] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /exploits/1.76/meta.json HTTP/1.1" 404 -
192.168.1.57 - - [28/Nov/2018 18:46:37] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /exploits/1.76/meta.json HTTP/1.1" 404 -
192.168.1.57 - - [28/Nov/2018 18:46:37] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /exploits/4.05/meta.json HTTP/1.1" 404 -
192.168.1.57 - - [28/Nov/2018 18:46:37] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /exploits/4.05/meta.json HTTP/1.1" 404 -
192.168.1.57 - - [28/Nov/2018 18:46:37] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /exploits/4.55/meta.json HTTP/1.1" 404 -
192.168.1.57 - - [28/Nov/2018 18:46:37] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /exploits/4.55/meta.json HTTP/1.1" 404 -
192.168.1.57 - - [28/Nov/2018 18:46:37] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /exploits/5.05/meta.json HTTP/1.1" 404 -
192.168.1.57 - - [28/Nov/2018 18:46:37] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /exploits/5.05/meta.json HTTP/1.1" 404 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /cache/redirect/en/index.html HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /cache/redirect/en/offline.manifest HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/image.png HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/bootstrap.min.css HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/default.css HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/style.css HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/rpi.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/popper.min.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /cache/redirect/en/index.html HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /document/en/ps4/index.html HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/rpi.html HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /index.html HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/ps4-updatefeature.html HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/common.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/index.html HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/jquery-3.3.1.min.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/sha.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/bootstrap.min.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET / HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /themes/default/default.js HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:37] "GET /blank.html HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:38] "GET /api/serverip HTTP/1.1" 200 -
192.168.1.57 - - [28/Nov/2018 18:46:38] code 404, message Not Found
192.168.1.57 - - [28/Nov/2018 18:46:38] "GET /cache/redirect/en/192.168.1.56:80 HTTP/1.1" 404 -
 

Al Azif

Developer
Senior Member
Contributor
@bablest

I handle the meta.json not being there, the issue is the last line. It should not have your IP in there, it should be "/cache/redirect/en/index.html" The code in question is line 458-464 in default.js and line 110-112 in common.js. I'm looking but can't see how this is happening, as 192.168.1.56:80 doesn't match the regex I'm using.
 
Recent Articles
New Blu-Play Homebrew Game in Development: The UFO Game!
Following the first Blu-Play homebrew game release and 8-bit Memoirs eBook, the team behind Ukko's Journey is back: LuBlu Entertainment is creating their 2nd Blu-Play game these days, titled The...
Samurai Shodown Joins New PS4 Game Releases Next Week
Thirteen beloved fighters return alongside three new ones to do battle in the legendary stage of Samurai Shodown on PS4 next week, featuring updated graphics, gameplay and a revolutionary new...
Marvel's Spider-Man PS4 Skeletal Models & Textures Tool by ID-Daemon
We've seen PS4 Game Texture Converters, a PS4 Game Model Data & Textures Extraction Guide, a PS4 Game Animations to Havok Files Converter and a PS4 Meshes / Textures Preview GUI with the latest...
Latest PlayStation Store Flash Sale Offers PSN Deals Under $10
It's been awhile since the last PS Store Flash Sale, and today Sony announced their latest PSN Flash Sale features deals under $10 with savings of up to 75% on select PlayStation Store titles...
Top