Proceeding his initial PS4 Remote Package Installer release, PlayStation 4 developer @flatz returns bringing an update to his Remote PKG Installer with the changes detailed below. 
Download:remote_pkg_installer.pkg (4.1 MB) / remote_pkg_installer.pkg (Mirror) / RPI Controller.zip (161.09 KB) / ps4-exploit-host-win.x86-0.4.6b3.zip (4.99 MB) by @Al Azif via Twitter
To quote from flat_z's Tweets embedded below on the update: "Remote pkg installer update: added CORS header to interact with browser's ajax & deletion of temporary files in /data (last access date should be more than 3 days)"
"Up to date" with RPI installer using CORS headers. This version only uses HTML/JS, you must specify an external PKG list to list files as there's no server component (Line 47 rpi.js). Add the TMDB key, PS3 is same as PS4, to line 71 of rpi.js, to show PKG metadata automatically.
Device using this must be on same network or have port 12800 forwarded to your PS4
Corresponding selfhost- no need to add a pkg list, just stick pkgs in the pkg folder. Still need the key though. rpi.js is in themes/default folder. Make sure you update the RPI PKG and just visit http://yourexploitip/rpi
FPKG code have a bug that yields to game crash after suspend/resume cycle, so i've fixed it here:
Download: ps4-hen-vtx.bin (7.20 KB - 5.05 Test)
You should:
Cheers to Leeful for the heads up on the news earlier today!
Download:
To quote from flat_z's Tweets embedded below on the update: "Remote pkg installer update: added CORS header to interact with browser's ajax & deletion of temporary files in /data (last access date should be more than 3 days)"
"Up to date" with RPI installer using CORS headers. This version only uses HTML/JS, you must specify an external PKG list to list files as there's no server component (Line 47 rpi.js). Add the TMDB key, PS3 is same as PS4, to line 71 of rpi.js, to show PKG metadata automatically.
Device using this must be on same network or have port 12800 forwarded to your PS4
Corresponding selfhost- no need to add a pkg list, just stick pkgs in the pkg folder. Still need the key though. rpi.js is in themes/default folder. Make sure you update the RPI PKG and just visit http://yourexploitip/rpi
FPKG code have a bug that yields to game crash after suspend/resume cycle, so i've fixed it here:
Code:
//
// Name: Additional patches for fPKG
// Description: Prevents fPKG game crash during suspend/resume cycle
// Notes: offsets are given for 5.01 retail kernel
//
#define SIZEOF_SBL_KEY_SLOT_DESC 0x20
TYPE_BEGIN(struct sbl_key_slot_desc, SIZEOF_SBL_KEY_SLOT_DESC);
TYPE_FIELD(uint32_t key_id, 0x00);
TYPE_FIELD(uint32_t unk_0x04, 0x04);
TYPE_FIELD(uint32_t key_handle, 0x08); /* or -1 if it's freed */
TYPE_FIELD(uint32_t unk_0x0C, 0x0C);
TYPE_FIELD(TAILQ_ENTRY(sbl_key_slot_desc) list, 0x10);
TYPE_END();
TAILQ_HEAD(sbl_key_slot_queue, sbl_key_slot_desc);
#define SIZEOF_SBL_KEY_RBTREE_ENTRY 0xA8 // sceSblKeymgrSetKey
TYPE_BEGIN(struct sbl_key_rbtree_entry, SIZEOF_SBL_KEY_RBTREE_ENTRY);
TYPE_FIELD(uint32_t handle, 0x00);
TYPE_FIELD(uint32_t occupied, 0x04);
TYPE_FIELD(union sbl_key_desc desc, TYPE_SBL_KEY_RBTREE_ENTRY_DESC_OFFSET);
TYPE_FIELD(uint32_t locked, TYPE_SBL_KEY_RBTREE_ENTRY_LOCKED_OFFSET);
TYPE_FIELD(struct sbl_key_rbtree_entry* left, 0x88);
TYPE_FIELD(struct sbl_key_rbtree_entry* right, 0x90);
TYPE_FIELD(struct sbl_key_rbtree_entry* parent, 0x98);
TYPE_FIELD(uint32_t set, 0xA0);
TYPE_END();
//...
DECLARE_VARIABLE(0x2744558, sbl_keymgr_key_rbtree, struct sbl_key_rbtree_entry**);
DECLARE_VARIABLE(0x2744548, sbl_keymgr_key_slots, struct sbl_key_slot_queue*);
DECLARE_VARIABLE(0x2748000, sbl_keymgr_buf_va, uint8_t*);
DECLARE_VARIABLE(0x2748800, sbl_keymgr_buf_gva, uint64_t*);
DECLARE_FUNCTION(0x623BE0, sceSblKeymgrSetKeyStorage, int, uint64_t key_gpu_va, unsigned int key_size, uint32_t key_id, uint32_t key_handle);
//...
static int sceSblKeymgrInvalidateKey___sx_xlock__hook(struct sx* sx, int opts, const char* file, int line) {
struct sbl_key_rbtree_entry* key_desc;
struct sbl_key_slot_desc* key_slot_desc;
unsigned key_handle;
int ret, ret2;
ret = _sx_xlock(sx, opts, file, line);
if (TAILQ_EMPTY(sbl_keymgr_key_slots))
goto done;
TAILQ_FOREACH(key_slot_desc, sbl_keymgr_key_slots, list) {
key_handle = key_slot_desc->key_handle;
if (key_handle == (unsigned int)-1) {
/* unbounded */
continue;
}
key_desc = sceSblKeymgrGetKey(key_handle);
if (!key_desc) {
/* shouldn't happen in normal situations */
continue;
}
if (!key_desc->occupied) {
continue;
}
if (key_desc->desc.pfs.obf_key_id != PFS_FAKE_OBF_KEY_ID) {
/* not our key, just skip, so it will be handled by original code */
continue;
}
if (key_desc->desc.pfs.key_size != sizeof(key_desc->desc.pfs.escrowed_key)) {
/* something weird with key params, just ignore and app will just crash... */
continue;
}
memcpy(sbl_keymgr_buf_va, key_desc->desc.pfs.escrowed_key, key_desc->desc.pfs.key_size);
ret2 = sceSblKeymgrSetKeyStorage(*sbl_keymgr_buf_gva, key_desc->desc.pfs.key_size, key_desc->desc.pfs.obf_key_id, key_slot_desc->key_id);
if (ret2) {
/* wtf? */
continue;
}
}
done:
/* XXX: no need to call SX unlock because we'll jump to original code which expects SX is already locked */
return ret;
}
//...
static void do_debug_pfs_patches(void) {
//...
INSTALL_CALL_HOOK(0x62E58D, sceSblKeymgrInvalidateKey___sx_xlock__hook);
//...
}You should:
- Open a Game
- Long Press PS Button
- Go to Power Options
- Enter Rest Mode
- Wait 5 Minutes
- Press PS Button
- Do this 5 times at least
Cheers to Leeful for the heads up on the news earlier today!
