Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Not open for further replies.
Recently 0xor0ne recirculated an interesting article from 2019 we missed covering Reverse Engineering Counterfeit PS4 Gamepads Cortex M0 Microcontroller Firmware via USB by @Octopus (aka oct0xor on Twitter) that was initially shared on Twitter from @zecoxao back in 2020. 🎮

For those new in the PlayStation 4 Scene, some related topics can be found below (sorted by date with the oldest first), followed by a brief synopsis of the Hacking Microcontroller Firmware Through a USB article:
And from the's article Conclusion, to quote:

This blog post turned out to be quite long, but I really wanted to prepare it for a very wide audience. I have given a step-by-step guide on the analysis of embedded firmware, finding vulnerabilities and exploiting them to acquire a firmware dump and to carry out code execution on a USB device.

The subject of glitching attacks is not included in the scope of this article, but such attacks are also very effective against USB devices. For those who want to learn more about them, I recommend watching this video. For those wondering how p!rates managed to acquire the algorithm and key from DualShock 4 to make their own devices, I suggest reading this article.

As for the mystery of the auxiliary microcontroller that was used to keep secrets, I found out that it was not used in all devices and was only added for obscurity. This microcontroller doesn’t keep any secrets and is only used for SHA1 and SHA256. This research also aids enthusiasts to create their own open source projects for use with game consoles.

As for buyers of counterfeit gamepads, they are not in an enviable position because manufacturers block illegally used keys and the users end up without a working gamepad or hints on where to get firmware updates.

After discovering what I wrote here, I thought I hit a dead-end: it’s easy to list all the GET reports, but doing the same with the SET reports will probably brick the device.

Well, luck was on my side when few hours later I stumbled upon a leaked reverse-engineered code of the PS4 uploaded on (wtf, really?). 😲

From PS4-SRC:

info.txt 20-Jul-2019 05:42 7.6K
links.txt 20-Jul-2019 05:43 14.9K
ps4-src_archive.torrent 03-Sep-2022 18:25 31.1K
ps4-src_files.xml 03-Sep-2022 18:25 1.9K
ps4-src_meta.sqlite 20-Jul-2019 06:51 16.0K
ps4-src_meta.xml 03-Sep-2022 18:25 1.2K (View Contents) 20-Jul-2019 06:50 2.9G
I could not believe my eyes when I found DS4_Flash-8.3.13.c inside the ZIP file, which contains the reverse-engineered code of an old version of the DS4. We’ll get into that in the next part! 🚀
this set of files should produce the necessary keys for the GP2040-CE PS4 Mode. You can quickly find it via google search but i've decided to put it here for you to use. This will make the device be able to skip 8 minute timeout
  • (789.79 KB - includes ds4sig.bin,,, jedi_flash-Aug_3_2013.bin, jedi_flash, Aug_3_2013.idc, and ps4nonce.bin via GodzIvan)
emulating ps4 controller without 8 minute timeout

From the included
# ds4
Tools for working with DualShock 4

With fw of controller, it is possible to do interesting things like:
 * flash custom fw to controller
 * learn how all aspects of controller works
 * implement native pairing on other host devices
 * present custom hardware as "official" DS4 to PS4

- GodzIvan -

Working ????
Reverse Engineering PS4 Counterfeit Gamepads Microcontroller Firmware.png


Not open for further replies.