Welcome to PlayStationHaX

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more! This message will be removed once you have signed in.

  • Announcements

    • GregoryRasputin

      Say Hello, Make An Introduction Thread :)   11/20/2015

      We love having new members join the forum, what we like more is them being productive people and contributing a little bit to the forum. So if you are a new member, let us know who you are by saying hi in an introduction thread, you can find the forum section here: https://playstationhax.xyz/forums/forum/15-member-introduction/
zecoxao

[Tutorial] How to grab your SFLASH from Root FTP Server

The SFlash is useful for when something might happen to your ps4 (some changes that affect the console in a way that it won't be able to boot later) and in case you need it you can use it together with your hardware flasher device to undo the changes you made to flash that caused the console to brick.

What you'll need:

http://www.extreme-modding.de/PS4/1.76/Playground/index.html
* ftp client such as filezilla or flash fxp

Steps:
1-Enable the ftp server (big silver star) located at http://www.extreme-modding.de/PS4/1.76/Playground/index.html
2-Connect with the client
3-Navigate to 

/dev/

4-There should be a device called sflash0. Download it.
5-Make sure its exact size after the download is finished is 33554432 bytes/  32768 KB / 32 MB

Congratulations! You should have your sflash :) Keep it safe in a location only you know in case something goes wrong with your ps4.

Edited by zecoxao
5

Share this post


Link to post
Share on other sites

inb4 "can I downgrade with this?????????"

0

Share this post


Link to post
Share on other sites
6 minutes ago, Lucif3r said:

inb4 "can I downgrade with this?????????"

LOL! i'm pretty sure you will never be able to, but who knows? :D

0

Share this post


Link to post
Share on other sites

Excuse the question ignorantly, but it is a confirmed procedure? in the sense ... has anyone been able to restore its ps4 by rewriting sFlash?
I ask this because years ago a friend of mine who was perhaps the first to make the dump via hardware flasher, after playing with the dump has bricked the ps4, then, even writing the original dump is no longer been able to restore his ps4.
I thought maybe, based on the changes that take place on the flash, they might have also an effect on other data written elsewhere, as the syscon on ps3, I'm wrong?

Forgive me but I have not time to follow the ps4 scene, so they are very behind in the things that concern

Edited by OldBrain
0

Share this post


Link to post
Share on other sites

Ive got both a copy of my sflash taken with a teensy and from the /dev directory, they look pretty much the same in sense that the same dump that you get with a flasher is the same dump youll get in /dev.  Until we reverse engineer the flash and OS we wont know if any possible checks the ps4 performs on it. I think the only way to know now would to be to dump flash then write it straight back and see if it boots. Maybe there are some hash checks on the sflash0 partition when its mounted at boot. sflash0 also has a .crypt file so it is treated like an encrypted partition so the system isnt just mounting the flash directly, it needs to decrypt the image with a key. I think sceSblServiceCrypt has something to do with it, maybe sonys version of a geli or gdbe, just need the right passphrase and sflash could be mounted as a decrypted partition, just like sbram and other da0 partitions could be.

1

Share this post


Link to post
Share on other sites

I don't have a PS4, so I couldn't test it, but keep in mind that SPIway might not be able to "clone" the flash. I.e. you can dump the flash, you can reflash to a different flash chip, but this might not result in a 1:1 copy.

 

The data ofc is copied 1:1, but the MX25L25635F comes with a couple of security features:

 - 4Kb secured OTP mode -> provides 512 bytes independent from main data for storing a serial number or whatever, can be read and also written to a new flash device, but currently isn't supported by SPIway

 - Password protection mode -> the device can be protected with a 64bit password (OTP). Data can still be read when protected, but not programmed or erased. So this doesn't prevent reading data, but (and this is just a guess) could be used to validate if it's a genuine device and also for tamper protection ofc.

 

-- judges

4

Share this post


Link to post
Share on other sites
45 minutes ago, judges said:

keep in mind that SPIway might not be able to "clone" the flash.

 

 

 

Sloppy coding!!!!!

 

 

/runs

2

Share this post


Link to post
Share on other sites
On 15.08.2016 at 0:03 AM, zecoxao said:

LOL! i'm pretty sure you will never be able to, but who knows? :D

I'm here:D

0

Share this post


Link to post
Share on other sites
On 8/15/2016 at 8:24 PM, judges said:

I don't have a PS4, so I couldn't test it, but keep in mind that SPIway might not be able to "clone" the flash. I.e. you can dump the flash, you can reflash to a different flash chip, but this might not result in a 1:1 copy.

 

The data ofc is copied 1:1, but the MX25L25635F comes with a couple of security features:

 - 4Kb secured OTP mode -> provides 512 bytes independent from main data for storing a serial number or whatever, can be read and also written to a new flash device, but currently isn't supported by SPIway

 - Password protection mode -> the device can be protected with a 64bit password (OTP). Data can still be read when protected, but not programmed or erased. So this doesn't prevent reading data, but (and this is just a guess) could be used to validate if it's a genuine device and also for tamper protection ofc.

 

-- judges

 

 

Hey Judges, did you plan on implementing these features into spiway? I have a strong suspicion that flash has tamper protection, i have a dedicated 4.07 board i am using for flash testing. After dumping and flashing back data it wont accept it even though the dump is identical to what i have written. There are 2 sections in flash however that have a header of some sorts and table, these are updated every boot but after enough testing i think that they aren't involved in flash verification. I think your right about tamper protection and my dumps wont show anything cause like you said its in a separate area via OTP mode. If you wanna help me itd be appreciated, ill be looking into creating the support for OTP mode but hopefully with the help of your expertise.

 

wild

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now