Jump to content
eXtreme

Hack The PS4 - Status for End Users

Recommended Posts

Nice progress everyone! One question though, I remember an exploit back from January called (out of bond) that is usable even on 3.15, but I can see people using only the dlcclose one. That doesn't give enough permissions or what?

Share this post


Link to post
Share on other sites
5 hours ago, DotExE01 said:

Nice progress everyone! One question though, I remember an exploit back from January called (out of bond) that is usable even on 3.15, but I can see people using only the dlcclose one. That doesn't give enough permissions or what?

 

out of bond is a type of exception error, not an exploit, but potentially something exploitable...

anyway, its a linux/freebsd font bug, but no one said it works on 3.15 but 1 post by someone on wololo.net website.

i might be usable through the browser, but i did a quick research around that time, but as far as i found, that font format extension doesn't actually work in the browser.

@wildcard @eXtreme there are few ways to proceed...

both these method should work in theory... but my exams are only 2 weeks away, so I won't be able to experiment with this myself for a while, as 15minute attempt would end up being 2-3 days of no study :/ anyway,

1) if you're using live cd image, find which /dev/sd* is the usb, edit the gentoo initramfs to auto mount it (the livecd initramfs for example searches for gentoo image in the root of cd, so you could mount usb as /mnt/livecd and let the initramfs do the rest), next boot with the corrected initramfs would boot the os, since it would do the mount correct, for this you'd need to have  the image.squashfs which is inside the gentoo live cd image in the root of the usb

2) if you're using stage3 image, partition the USB, 1st partition fat32 and the 2nd ext4 with a KNOWN label name(e.g mylabel), extract the entire OS into the ext4 partition, then you could edit better-initramfs to use "root=LABEL=mylabel" that way it will do the mounting by itself. Edit3: you'd need to edit the command line (not the better-initramfs itself) used to boot the linux kernel, which is hard coded into the linux loader during compilation... as far as i know root is not set at all in the Playground, i open an issue to clarify if thats the case, if so, they'll either add a option to allow you to choose your root, though this might be complicated, editing a compiled binary, or will probably add a root=LABEL=somelabel that everyone must use...

the only other option is to edit and compiled the binary yourself.

 

Edit: FYI, i don't know how better-initramfs works, I've only read its github page, so i might be mistaken.

Edited by Zer0xFF
  • Upvote 1

Share this post


Link to post
Share on other sites

I have to try it again the next days, everytime I only get a black screen. ntfs, exfat and fat32 I have used in the left usb port. I noticed that the power led of the console was blue all the time after I got the linux screen first time.

CTurt said to me there is nothing to compile and he don't have tested the code from kR105 yet.


Feel free to show your Mods @ PS4 etreme Modding - This is for the Modders

 

278.jpg

 

Share this post


Link to post
Share on other sites
30 minutes ago, Zer0xFF said:

 

out of bond is a type of exception error, not an exploit, but potentially something exploitable...

anyway, its a linux/freebsd font bug, but no one said it works on 3.15 but 1 post by someone on wololo.net website.

i might be usable through the browser, but i did a quick research around that time, but as far as i found, that font format extension doesn't actually work in the browser.

@wildcard @eXtreme there are few ways to proceed...

both these method should work in theory... but my exams are only 2 weeks away, so I won't be able to experiment with this myself for a while, as 15minute attempt would end up being 2-3 days of no study :/ anyway,

1) if you're using live cd image, find which /dev/sd* is the usb, edit the gentoo initramfs to auto mount it (the livecd initramfs for example searches for gentoo image in the root of cd, so you could mount usb as /mnt/livecd and let the initramfs do the rest), next boot with the corrected initramfs would boot the os, since it would do the mount correct, for this you'd need to have  the image.squashfs which is inside the gentoo live cd image in the root of the usb

2) if you're using full OS img, partition the USB, 1st partition fat32 and the 2nd ext4 with a KNOWN label name(e.g mylabel), extract the entire OS into the ext4 partition, then you could edit better-initramfs to use "root=LABEL=mylabel" that way it will do the mounting by itself.

 

Edit: FYI, i don't know how better-initramfs works, I've only read its github page, so i might be mistaken.

Ok, I understand. Thank you very much! Btw, good-luck with your exams! ^^

 

  • Upvote 1

Share this post


Link to post
Share on other sites
On 1/4/2016 at 5:10 AM, cfwprophet said:

and what have that to do with the marks of @Zer0xFF and what i explained ? nothing. ^^

 

you are right but it's not the mark and what i said. it's this:


CTurt:
asm volatile ("movq %%cr0, %0;" : "=r" (cr0) : : "memory");
asm volatile ("movq %0, %%cr0;" : : "r" (cr0) : "memory");

Marcan:
asm volatile("mov %0, cr0;" : "=r" (reg));
asm volatile("mov cr0, %0;" :: "r" (val));

and yea. it's not the first time that i stumble arround such "noob protection's". dev's do that to prevent noobs and or better say skidz to be able to use their source. so only a dev what know's how to do that shit will be able to get it fixed.

i simple call it noob protection. :D

 

anyway. as we can see here the register and the data is wrong on CTurt's source. moveq move's a quad or QWORD so a 64bit value. that's ok. but the syntax is data--->destination that means for reading we need first as data the register so %0 and destination is then the buffer cr0. and to write back cr0--->%0.

 

EDIT:

HaHaHaHaHaHaHa it even don't need to be a noob protection by him. it's maybe even more deeper. if you enter the syntax from @CTurt into google he will spit out this shit and the second link then bring up a system_64.h. now....go down to line 77 and tell me whats written there. ^^

also compare all the other moveq asm instruction's. ALL WRONG !! :D :rotflmao:

it's clearly data--->destination and not the other way arround. also it's the first time i ever have seen this double percentage %%. One % describe a register, so that's ok. but for what i have googled and based on the source's with asm i have at home from other dev's and hacker's....i can't find a double % some where.

So must not be neccessary pure evil of @CTurt or so. I guess he simpled copyed thoes examples out. what does not change that he should know the syntax of moveq ^^.

anyway, back to work.

 

EDIT2:

ok found something with double percentage. ^^

What you are seeing is AT&T vs Intel ASM syntax http://www.imada.sdu.dk/Courses/DM18/Litteratur/IntelnATT.htm (I personally use Intel).

  • Upvote 2

Share this post


Link to post
Share on other sites

thx :)

 

ahhhhhhhhhhhh understood, AT&T is the standart for GNU Unix/Linux.


rsz_2cfwprophet_banner_3.jpg

Share this post


Link to post
Share on other sites

okay heres where i am at, i have better-initramfs made and running but im unsure of where to edit, do i edit init file in rescueshell running on ps4 using vim or do i set it to mount to /dev/sdb1 on making the initramfs? it says with fdisk ive got a sda of 298mb, a sdb of 3965mb, and a sdb1 listed as device boot (its a 4gb usb btw). im guessing its sdb1.. Do i need to put ps4-linux compiled on the usb as well to eventually install or does it do it via network?

  • Upvote 1

Share this post


Link to post
Share on other sites

I don't understand it, it doesn't work anymore. rebuild database and installing the fw doesn't help. format the usb stick in fat32 multiple times, nothing work. I get a black screen, shut down or crash. the files are the same when I got the linux screen the first time. I don't know what I can do now.


Feel free to show your Mods @ PS4 etreme Modding - This is for the Modders

 

278.jpg

 

Share this post


Link to post
Share on other sites
2 hours ago, eXtreme said:

I don't understand it, it doesn't work anymore. rebuild database and installing the fw doesn't help. format the usb stick in fat32 multiple times, nothing work. I get a black screen, shut down or crash. the files are the same when I got the linux screen the first time. I don't know what I can do now.

Perhaps you aren't waiting long enough or you just think it's shutting off. The PS4 -does- have to reboot before Linux boots, so my TV loses incoming signal and takes a sec to pick it back up after the PS4 starts video output again.

 

Try switching the TV input after waiting a sec when you run it.

Edited by SonyUSA

Share this post


Link to post
Share on other sites
3 hours ago, eXtreme said:

I don't understand it, it doesn't work anymore. rebuild database and installing the fw doesn't help. format the usb stick in fat32 multiple times, nothing work. I get a black screen, shut down or crash. the files are the same when I got the linux screen the first time. I don't know what I can do now.

I saw something about only working at 1080p a while back, not sure if that's still  an issue though. 

  • Upvote 1

Share this post


Link to post
Share on other sites
1 minute ago, twisted89 said:

I saw something about only working at 1080p a while back, not sure if that's still  an issue though. 

I was about to say to him the same thing but he got video output the first time so it couldn't be :/

Share this post


Link to post
Share on other sites
16 minutes ago, wildcard said:

I was about to say to him the same thing but he got video output the first time so it couldn't be :/

Only other thing I can think off is a bad usb stick, @eXtreme tried a different one? 

Share this post


Link to post
Share on other sites
16 hours ago, kr105 said:

What you are seeing is AT&T vs Intel ASM syntax http://www.imada.sdu.dk/Courses/DM18/Litteratur/IntelnATT.htm (I personally use Intel).

i guess i found a tiny bug in your code:

 

if(getuid() && getuid()) {

it just get's 2 times the value of uid. i think it should be getgid() or ?

 

otherwise the boolian compare does not make sense. could be only "if(getuid())" would be the same result. :)


rsz_2cfwprophet_banner_3.jpg

Share this post


Link to post
Share on other sites
5 hours ago, twisted89 said:

Only other thing I can think off is a bad usb stick, @eXtreme tried a different one? 

 

yes I have tried it with 2 usb sticks and a usb hdd, everytime the same, only a black screen, no reboot and no blue led light like the first time I got the linux screen. the console only lost the tv connection and nothing happen. I really don't understand it, the usb devices are ok and the files are from kR105. Tried two usb slots and rebuild the database and installed the rec fw again, no success for me, this really sucks.

 

same shit with a burned bd disc.

Edited by eXtreme

Feel free to show your Mods @ PS4 etreme Modding - This is for the Modders

 

278.jpg

 

Share this post


Link to post
Share on other sites

It may sound stupid. But try switching between hdmi and rgb. Sometimes when my PC is booting i can not see the start up message (bios), the U.I becomes alive only when I have to put my password. To fix this "problem" i have to switch to the other one.

 

 

P.s: nvm, i don't think the ps4 has that output.

Edited by DotExE01

Share this post


Link to post
Share on other sites

@SonyUSA I do it exactly you write on gba temp. still the same issue with 2 usb sticks. only a black screen for a few minutes and nothing happen.


Feel free to show your Mods @ PS4 etreme Modding - This is for the Modders

 

278.jpg

 

Share this post


Link to post
Share on other sites
4 hours ago, eXtreme said:

@SonyUSA I do it exactly you write on gba temp. still the same issue with 2 usb sticks. only a black screen for a few minutes and nothing happen.

Your TV supports 1080 I'm assuming. After it goes black for a bit, try turning your TV off and then back on again, some TVs are wishy-washy when flipping inputs/video modes.

 

 

Share this post


Link to post
Share on other sites
14 minutes ago, SonyUSA said:

Your TV supports 1080 I'm assuming. After it goes black for a bit, try turning your TV off and then back on again, some TVs are wishy-washy when flipping inputs/video modes.

 

 

 

I have tried it already, turning off and switching tv mode. the led light is still white after I click on Load!

Edited by eXtreme

Feel free to show your Mods @ PS4 etreme Modding - This is for the Modders

 

278.jpg

 

Share this post


Link to post
Share on other sites
5 minutes ago, eXtreme said:

 

I have tried it already, turning off and switching tv mode. the led light is still white after I click on Load!

 

Yeah it takes a while to load, but after a while your PS4 led should go blue when the penguins are loaded. So to get my facts straight it only worked for 1 time? (I can reproduce it many many times). What proxy are you using? Which Playground? And are you proxying? Or can you use the browser on the PS4?

Share this post


Link to post
Share on other sites

yes it worked for one time, the led changed to blue after a few seconds and I made a screenshot. after that everytime a blackscreen (and I wait 1 or 2 minutes). I use the user guide method without proxy and the latest playground from CTurt. I can't understand it because I do it correct and can't find the issue.

 

my steps are always the same:

 

1. uploaded latest playground to my server

2. copy the 2 files from kR105 on usb (fat32) and connect to left usb port

3. open playground html via user guide (without proxy)

4. click load

 

How I said I have installed the rec fw and formatted the hdd, rebuild the database, formatted multiple times 2 usb sticks, tried it from a burned bd and downloaded the 2 files multiple times.

 

one thing, I have uploaded one or two versions of the playground after it worked the first time. I think CTurt has updated it 2 or 3 times the last days.

Edited by eXtreme

Feel free to show your Mods @ PS4 etreme Modding - This is for the Modders

 

278.jpg

 

Share this post


Link to post
Share on other sites
2 hours ago, bigboss said:

hello there, i updated ps4link with new stuff for developers.

 

https://github.com/psxdev/ps4link

 

Enjoy

 

 

 

 

Tried compiling this on ubuntu, but sadly no luck. compiling elfldr itself is no problem, but as soon as I add main.c from  ps4link/ps4link/source/main.c it errors, with clang about a linker error. 

Share this post


Link to post
Share on other sites

yea the linker ^^

 

write me when you up. i needed a "short" rest :)


rsz_2cfwprophet_banner_3.jpg

Share this post


Link to post
Share on other sites
6 hours ago, eXtreme said:

yes it worked for one time, the led changed to blue after a few seconds and I made a screenshot. after that everytime a blackscreen (and I wait 1 or 2 minutes). I use the user guide method without proxy and the latest playground from CTurt. I can't understand it because I do it correct and can't find the issue.

 

my steps are always the same:

 

1. uploaded latest playground to my server

2. copy the 2 files from kR105 on usb (fat32) and connect to left usb port

3. open playground html via user guide (without proxy)

4. click load

 

How I said I have installed the rec fw and formatted the hdd, rebuild the database, formatted multiple times 2 usb sticks, tried it from a burned bd and downloaded the 2 files multiple times.

 

one thing, I have uploaded one or two versions of the playground after it worked the first time. I think CTurt has updated it 2 or 3 times the last days.

11

Have you tried loading Linux using the dlclose method after returning to userland?  kR105's files worked fine for me using both the PS4-playground and dlclose method.  With dlclose, you can at least check if initramfs and bzImage were loaded from USB successfully (i.e. FILE* != null)

Share this post


Link to post
Share on other sites
7 hours ago, bigboss said:

hello there, i updated ps4link with new stuff for developers.

 

https://github.com/psxdev/ps4link

 

Enjoy

 

 

 

Wow thanks bigboss! So its safe to say that i can now dump hdd files as root pretty easily with ps4link now yeah? Hopefullly it works this time for me since after building the previous i had trouble getting a response with socat - tcp, node server.js and elfldr running on ps4..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...