Welcome to PlayStationHaX

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more! This message will be removed once you have signed in.

zecoxao

Moderators
  • Content count

    839
  • Joined

  • Last visited

  • Days Won

    49

Community Reputation

1,215 Excellent

About zecoxao

  • Rank
    Posting Freak
  • Birthday 10/12/1990

Profile Information

  • Gender
    Not Telling
  1. I just completed this quiz. My Score 37/100 My Time 141 seconds  
  2. This tutorial would not be possible without the help of my friend Charles. Thank you Charles, for making this possible You will need: * A retail ps4 on 1.76 fw * A testkit or devkit on 1.76 fw, pre-activated (i will not go through details about the activation) * A game you wish to backup (disc or psn, as long as it's activated on psn) * hitodama's ps4sdk * DumpFile modified to decrypt the game's binaries (again, you're on your own) * An ftp payload to dump the files from app0 * Knowledge about the previous tutorials i wrote, namely pfs bypass and decrypt games * (Optional) The game's icons (you'll need the original pkg for this and flatz's awesome python script) * A resigner for AAAA00000 trophies (keys are on wiki, again, i won't go into much detail on this, but i'll update the tutorial later with info) * Target Manager and Target Manager Server (they're out there, just find them, once again, i will not help you on this) Some notes: I won't go into much detail on this tutorial. If you have a brain, use it. Savegames and Trophies now work. Filenames are case sensitive! Steps: - Install the game - Navigate to: system_data/priv/appmeta/ on your ftp server and find the title id of your game (CUSAXXXXX) - Copy the folder to a safe place (you'll need it) - Navigate to: /user/trophy/conf on your ftp server and find the np comms id of your game (hint, it's mentioned in the title id folder, inside npbind) (NPWRXXXXX) - Copy the folder to a safe place (you'll need it) - Resign the TRP inside NPWR folder to debug (i'll put a tutorial after this telling how to do it) - name it trophy00.trp - Transfer the entire content of app0 on pfsmnt to your desktop (you should have two folders, one called sce_sys, and another called trophy inside sce_sys) - Copy trophy00.trp to sce_sys/trophy - Copy the contents of the CUSAXXXXX folder to sce_sys - Decrypt the prx,sprx,eboot.bin contents of your app0 game using dumpfile modified - replace the existing ones in your copied app0 directory with the ones you just decrypted (using the same name) - now, on your activated testkit and devkit, launch the game using the configuration of eboot.bin as loading elf and elf directory as working directory - You should have your own backup running on testkit/devkit. Enjoy Here's the example of minecraft backup structure to serve as guide(take a closer look at sce_sys folder): http://pastebin.com/HNHLrwG5 Here are two videos as proof (Courtesy of Charles)
  3. Happy birthday @3141card !!
  4. It takes a while to build. On my case it took around 10 minutes on my i7, so results may vary.
  5. Credits(these go first): Original authors: wskeu(for the reading part), wildcard (for the writing part) Requirements: * 1.76 console * elf-loader * ps4-sdk * the payload source * a brain Steps: 1. Compile the payload. Specifically to what you want to patch, the size, etc. So, this: /* set variables for reading and writing mem */ size_t dumphexsize = 0x200; size_t dumpsize = 0x1; // size that you want to read size_t writesize = 0x1; // size of the data you are overwriting uint64_t base = start[0]; // use the number of the mapping you want to write to, starting with 0 size_t intoBase = 0x465FC9; // relative position of base and this: char *target = "SceShellCore"; 2. Load elf-loader. Let it stabilize on stage 5. (To increase success rate, clear cookies, cache and history) 3. Load the payload. Specifically: #listener socat - TCP:my.ps4.ip:5052 #sender socat -u FILE:path/to/rwmem TCP:my.ps4.ip:5053 4. This payload will take a while to listen to logs. Be patient. After a while it'll show log output with the memory before and memory after. Notes: this is process peek and poke (reading and writing to process memory) using proc_rwmem, which is more efficient than the old method.
  6. Requirements: * ps4sdk precompiled * elf loader precompiled or extreme-modding's elf loader * the payload source * 1.76 console * usb pendrive or external hdd (fat32 or exfat, exfat recommended) * A preactivated online game or a purchased disc game * The TITLE ID of the disc or online game Steps: 1. Compile the payload with the correct commands. Specifically for The Playroom (CUSA00001): decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/eboot.bin", "/mnt/usb0/eboot.bin"); decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/sce_module/libc.prx", "/mnt/usb0/libc.prx"); decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/sce_module/libSceFios2.prx", "/mnt/usb0/libSceFios2.prx"); decrypt_and_dump_self("/mnt/sandbox/pfsmnt/CUSA00001-app0/sce_sys/about/right.sprx", "/mnt/usb0/right.sprx"); 2. Start the game. 3. Minimize the game (PS Button) 4. Access elf loader 5. Let it load all the way until stage 5 and stabilize 6. Plug the usb stick or hdd on the rightmost port, near PS4 logo 7. Load the payload: #listener socat - TCP:my.ps4.ip:5052 #sender socat -u FILE:path/to/DumpFile TCP:my.ps4.ip:5053 8. when it finishes loading (user return 0) unplug the stick or hdd and check inside. you should have the files in elf format on the root PS: This is a continuation to the previous tutorial "dump and decrypt usermodules" PPS: do not forget that the games decryption require ABSOLUTE PATH due to rif management.
  7. @gusha i have a retarded idea. completely turn off your vita (instead of keeping it on standby) and try going to go.henkaku.xyz or beta.henkaku.xyz when you turn it on
  8. russians had it for a while and used it to make money out of it. so it's not new to them.
  9. it's the same thing...
  10. yeah, just grab a ps3 on 4.70 cfw, spoof it to 4.81, and perform data transfer. it'll allow both new and old games.
  11. you cannot downgrade to 4.70 due to SYSCON HASHES :/ EEPROM stores lv0 and lv1 hashes inside. you cannot magically flash 4.70 on your ps3s and hope it'd work. it'll triple beep and shutdown like the others. access EEPROM and you MIGHT be able to downgrade. since there's no way to access it on 3K/SuperSlim, you cannot downgrade.
  12. Just a quick note @BobbyBlunt, it's STILL 3.61 spoofing, it's just that it wasn't working before and now it is, and Sony didn't pull the plug on PSN for 3.61 yet
  13. Just a small note. segment 0x6fffff01 cannot be "decrypted" from game eboots because... it's a plaintext segment in encrypted file Just add it to the end of the elf.
  14. First of all i'd like to say thank you to the person who has allowed me to post this tutorial. His english isn't perfect so he asked me to make this tutorial on his behalf. Thanks, grass skeu So for this, you'll need: * ps4sdk precompiled * elf-loader precompiled OR alternatively extreme-modding.de's elf loader (found here) * the payload source * 1.76 console * fat32 usb pendrive Steps: 1- Fire up elf loader on your 1.76 console 2- Let it load all the way up to stage 5 without memory errors! 3- Compile the payload source. You can specify in between: ps4KernelExecute((void*)path_self_mmap_check_function, NULL, &ret, NULL); and ps4KernelExecute((void*)unpath_self_mmap_check_function, NULL, &ret, NULL); which module(s) you want to decrypt. if you want, you can even decrypt all modules from 1.76 Dump released a while ago! This includes elf,self,prx,sprx,sexe,sdll and eboot.bin. However, take into notice that you can only decrypt usermodules from disc or psn apps when you have loaded them and minimize them (by pressing ps button), and only from absolute path! (due to npdrm management) I have left an example: decrypt_and_dump_self("/mini-syscore.elf", "/mnt/usb0/mini-syscore.elf"); so, the elf will be written to usb0 (rightmost port), but you can specify others 4. run listener (if you want, this is optional): socat - TCP:my.ps4.ip.here:5052 where ps4 ip is your local ip (mine is 192.168.1.72) 5. finally send payload: socat -u FILE:path/to/DumpFile TCP:my.ps4.ip.here:5053 specifying the path to the payload and the ip. if the payload fails to be executed with out of memory error just stabilize on stage 5 WITHOUT restarting console and try again. Any doubts please ask. And all credits go to grass skeu for this awesome trick added 5 minutes later also @GregoryRasputin i cannot seem to find the attachment button >.<
  15. You'll need: * HxD * PS4 FileNinja v2.0 (the one with process dump support) * extreme-modding.de ftp payload (or you can use fileninja but filezilla is a better client for this purpose) * a brain Step 1: Go to your playground of choice (in this case my playground is extreme-modding.de one) Step 2: Grab your elf or self that you want to make a forgery of (i'm going to use SysCore for this) Step 3: Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the elf header must contain all of it's necessary bytes EXCEPT the last 32! Step 4: Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes. Step 5: If necessary restart ps4 so you can clean the payload's memory and then start ps4 file ninja. Step 6: Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process. Step 7: Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example: Step 8: Copy the first segment and add it after the end of the elf forged header. do the same for the other segments. Step 9: You have now a forged elf you can use in IDA for analysis. Some Notes: * You can use readelf to check on how good your elf looks * First section has libexec magic. Second section has ORBI magic.