Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 / PS5 PKGs.
Category PS4 CFW and Hacks       Thread starter Thread starter PSXHAX       Date / timeStart date Feb 9, 2017 at 3:29 AM       Replies 13      
Status
Not open for further replies.
We've seen PS4 UserModules Decryption, PS4 EBOOT / SPRX Decryption, PS4 Game PKG Decryption and PS4 PUP Update Decryption leading up to PlayStation 4 developer @zecoxao's latest Twitter hint on sceSblAuthMgrAuthHeader. o_O

Before you ask (like I was about to :p), @LightningMods has us covered in the PSXHAX Shoutbox reminding us that previously developer CTurt blogged about it briefly in his Hacking the PS4: Part 2 Userland code execution analysis.

To quote: Executable files with kernel access

The following two kernel functions seem to deal with the majority of integrity checks of executable files: sceSblAuthMgrAuthHeader and sceSblAuthMgrIsLoadable.

With kernel code execution, executable files can be directly decrypted on the console, however there isn't much benefit to this over just loading the module and dumping it from userland.

And now we know, and knowing is half the battle... here's to hoping more great PS4 stuff is in the pipeline! :geek:
From Pastebin:
Code:
ERROR: W:\Build\J00739801\sys\internal\modules\sbl\authmgr\authmgr_secure_module.c:verifyHeader(626) mail retval err -37
[KERNEL] ERROR: segment #3 of "/mnt/usb0/hello_world.elf" is not page aligned.
ERROR: found illegal segment header in /mnt/usb0/hello_world.elf.
In summary from @zecoxao, it authenticates the PS4 self header before decrypting it.

Thanks to @Centrino and @spyro2670 for passing this along in the PSXHAX Shoutbox! :love:
sceSblAuthMgrAuthHeader PS4 Executable File Decryption on Console.jpg
 

Comments

I know you do! I tried searching the PSDevWiki but didn't see it there and was about to ask until you posted that :D
 
Marcan has said that the ps4 is not checking if an application is startable or not if i remind me right...

So that it must be really simple to start linux or games because there are no checks...
 
->With kernel code execution, executable files can be directly decrypted on the console, however there isn't much benefit to this over just loading the module and dumping it from userland.

rofl thats been known for quite some time now
hence usermode emulation

some might even say you cannot even mount this particular file format because u need to read it in before mounting it as its not a raw image and it requires a utility of its own to do so

perhaps base image is read only and your looking in the wrong place for holes....
 
Status
Not open for further replies.
Back
Top