[Tutorial] How To Enable More Logs On Your Retail PS4 Console

Spoiler Credits to: z80 ( ) for finding the patches to enable more UART | /dev/klog logs on his console You will need: *Retail Payload * elfldr/ playground’s elf loader * UART Soldering Skills / FTP Server (to grab logs from /dev/klog) * Ps4 on 1.76   Steps: * Fire up your own elfldr or one (it needs to go all the way to step 5 without out of memory!) * Listen to the payload:   #listener socat - TCP:my.ps4.ip:5052 * Send the payload:   #sender socat -u FILE:path/to/mempatch_retail.elf TCP:my.ps4.ip:5053 * Launch a game or a system app * [Extra UART] If you have UART connected, listen to the logs while the game or app is being loaded * [Extra klog] If you’re not a soldering guy, just grab the content from   /dev/klog On your ftp root server.WARNING! Logs will delete themselves once every a couple of minutes or so! * You should have some extra logs.   [Read More]

[Tutorial] How To Resign Trophies From Retail To Debug By @notzecoxao

So, for this tutorial, none of this would’ve been possible without the help of harlequin and Charles. all of the credits go to them, thanks guys   You will need: * A PS4 on 1.76 firmware with ftp capabilities * the ps4 trophy keys   (if it’s inconvenient to the mods, please remove this link immediately) * Trophy Resigner * The TITLE ID of the game whose trophies you want to resign * An Hexeditor * Command line Knowledge Here are the steps: 1- Extract the contents of the trophy keys zipfile into your %USERPROFILE% folder (in my case it’s C:\Users\zecoxao). You will have it as C:\Users\zecoxao\ps4keys\<keys_here> 2- Navigate to:   /system_data/priv/appmeta And find the TITLE ID of the game which you want to resign the trophy file 3- Copy the CUSA title id folder to a safe place. 4- Open npbind.dat inside with Hexeditor: here we can see that game CUSA00434 has correspondant trophy file NPWR05974 5- Now that you know correspondant id, navigate to:   /user/trophy/conf and find folder with that id and place it somewhere safe on your pc. you know have two things: your np communications id and your trophy file 6. Open a command line and type the appropriate command with trp_resigner.exe:   trp_resigner.exe NPWR05974_00/TROPHY.TRP NPWR05974_00 trophy00.trp Following the example above. 7. Congratulations! You now have a resigned debug trophy [Read More]

[Tutorial] Retail <-> Debug Game Transfusion

This tutorial would not be possible without the help of my friend Charles. Thank you Charles, for making this possible You will need:   * A retail ps4 on 1.76 fw * A testkit or devkit on 1.76 fw, pre-activated (i will not go through details about the activation) * A game you wish to backup (disc or psn, as long as it’s activated on psn) * hitodama’s ps4sdk * DumpFile modified to decrypt the game’s binaries (again, you’re on your own) * An ftp payload to dump the files from app0 * Knowledge about the previous tutorials i wrote, namely pfs bypass and decrypt games * (Optional) The game’s icons (you’ll need the original pkg for this and flatz’s awesome python script) * A resigner for AAAA00000 trophies (keys are on wiki, again, i won’t go into much detail on this, but i’ll update the tutorial later with info) * Target Manager and Target Manager Server (they’re out there, just find them, once again, i will not help you on this)   Some notes: I won’t go into much detail on this tutorial. If you have a brain, use it. Savegames and Trophies now work.Filenames are case sensitive! Steps: – Install the game – Navigate to:   system_data/priv/appmeta/ on your ftp server and find the title id of your game (CUSAXXXXX) – Copy the folder to a safe place (you’ll need it) – Navigate to: /user/trophy/conf on your ftp server and find the np comms id of your game (hint, it’s mentioned in the title id folder, inside npbind) (NPWRXXXXX) – Copy the folder to a safe place (you’ll need it) – Resign the TRP inside NPWR folder to debug (i’ll put a tutorial after this telling how to do it) – name it trophy00.trp – Transfer the entire content of app0 on pfsmnt to your desktop (you should have two folders, one called sce_sys, and another called trophy inside sce_sys) – Copy trophy00.trp to sce_sys/trophy – Copy the contents of the CUSAXXXXX folder to sce_sys – Decrypt the prx,sprx,eboot.bin contents of your app0 game using dumpfile modified – replace the existing ones in your copied app0 directory with the ones you just decrypted (using the same name) – now, on your activated testkit and devkit, launch the game using the configuration of eboot.bin as loading elf and elf directory as working directory – You should have your own backup running on testkit/devkit. Enjoy Here’s the example of minecraft backup structure to serve as guide(take a closer look at sce_sys folder):   Here are two videos as proof (Courtesy of Charles)     [Read More]