Jump to content
  • Announcements

    • GregoryRasputin

      Say Hello, Make An Introduction Thread :)   11/20/2015

      We love having new members join the forum, what we like more is them being productive people and contributing a little bit to the forum. So if you are a new member, let us know who you are by saying hi in an introduction thread, you can find the forum section here: https://playstationhax.xyz/forums/forum/15-member-introduction/
zecoxao

[Tutorial] How to grab your SFLASH from Root FTP Server

Recommended Posts

zecoxao    1,305

The SFlash is useful for when something might happen to your ps4 (some changes that affect the console in a way that it won't be able to boot later) and in case you need it you can use it together with your hardware flasher device to undo the changes you made to flash that caused the console to brick.

What you'll need:

http://www.extreme-modding.de/PS4/1.76/Playground/index.html
* ftp client such as filezilla or flash fxp

Steps:
1-Enable the ftp server (big silver star) located at http://www.extreme-modding.de/PS4/1.76/Playground/index.html
2-Connect with the client
3-Navigate to 

/dev/

4-There should be a device called sflash0. Download it.
5-Make sure its exact size after the download is finished is 33554432 bytes/  32768 KB / 32 MB

Congratulations! You should have your sflash :) Keep it safe in a location only you know in case something goes wrong with your ps4.

Edited by zecoxao
  • Upvote 5

Share this post


Link to post
Share on other sites
Lucif3r    2,438

inb4 "can I downgrade with this?????????"

Share this post


Link to post
Share on other sites
zecoxao    1,305
6 minutes ago, Lucif3r said:

inb4 "can I downgrade with this?????????"

LOL! i'm pretty sure you will never be able to, but who knows? :D

Share this post


Link to post
Share on other sites
OldBrain    156

Excuse the question ignorantly, but it is a confirmed procedure? in the sense ... has anyone been able to restore its ps4 by rewriting sFlash?
I ask this because years ago a friend of mine who was perhaps the first to make the dump via hardware flasher, after playing with the dump has bricked the ps4, then, even writing the original dump is no longer been able to restore his ps4.
I thought maybe, based on the changes that take place on the flash, they might have also an effect on other data written elsewhere, as the syscon on ps3, I'm wrong?

Forgive me but I have not time to follow the ps4 scene, so they are very behind in the things that concern

Edited by OldBrain

Share this post


Link to post
Share on other sites
wildcard    43

Ive got both a copy of my sflash taken with a teensy and from the /dev directory, they look pretty much the same in sense that the same dump that you get with a flasher is the same dump youll get in /dev.  Until we reverse engineer the flash and OS we wont know if any possible checks the ps4 performs on it. I think the only way to know now would to be to dump flash then write it straight back and see if it boots. Maybe there are some hash checks on the sflash0 partition when its mounted at boot. sflash0 also has a .crypt file so it is treated like an encrypted partition so the system isnt just mounting the flash directly, it needs to decrypt the image with a key. I think sceSblServiceCrypt has something to do with it, maybe sonys version of a geli or gdbe, just need the right passphrase and sflash could be mounted as a decrypted partition, just like sbram and other da0 partitions could be.

  • Upvote 1

Share this post


Link to post
Share on other sites
judges    27

I don't have a PS4, so I couldn't test it, but keep in mind that SPIway might not be able to "clone" the flash. I.e. you can dump the flash, you can reflash to a different flash chip, but this might not result in a 1:1 copy.

 

The data ofc is copied 1:1, but the MX25L25635F comes with a couple of security features:

 - 4Kb secured OTP mode -> provides 512 bytes independent from main data for storing a serial number or whatever, can be read and also written to a new flash device, but currently isn't supported by SPIway

 - Password protection mode -> the device can be protected with a 64bit password (OTP). Data can still be read when protected, but not programmed or erased. So this doesn't prevent reading data, but (and this is just a guess) could be used to validate if it's a genuine device and also for tamper protection ofc.

 

-- judges

  • Upvote 4

Share this post


Link to post
Share on other sites
Lucif3r    2,438
45 minutes ago, judges said:

keep in mind that SPIway might not be able to "clone" the flash.

 

 

 

Sloppy coding!!!!!

 

 

/runs

  • Upvote 2

Share this post


Link to post
Share on other sites
LOL    0
On 15.08.2016 at 0:03 AM, zecoxao said:

LOL! i'm pretty sure you will never be able to, but who knows? :D

I'm here:D

Share this post


Link to post
Share on other sites
wildcard    43
On 8/15/2016 at 8:24 PM, judges said:

I don't have a PS4, so I couldn't test it, but keep in mind that SPIway might not be able to "clone" the flash. I.e. you can dump the flash, you can reflash to a different flash chip, but this might not result in a 1:1 copy.

 

The data ofc is copied 1:1, but the MX25L25635F comes with a couple of security features:

 - 4Kb secured OTP mode -> provides 512 bytes independent from main data for storing a serial number or whatever, can be read and also written to a new flash device, but currently isn't supported by SPIway

 - Password protection mode -> the device can be protected with a 64bit password (OTP). Data can still be read when protected, but not programmed or erased. So this doesn't prevent reading data, but (and this is just a guess) could be used to validate if it's a genuine device and also for tamper protection ofc.

 

-- judges

 

 

Hey Judges, did you plan on implementing these features into spiway? I have a strong suspicion that flash has tamper protection, i have a dedicated 4.07 board i am using for flash testing. After dumping and flashing back data it wont accept it even though the dump is identical to what i have written. There are 2 sections in flash however that have a header of some sorts and table, these are updated every boot but after enough testing i think that they aren't involved in flash verification. I think your right about tamper protection and my dumps wont show anything cause like you said its in a separate area via OTP mode. If you wanna help me itd be appreciated, ill be looking into creating the support for OTP mode but hopefully with the help of your expertise.

 

wild

Share this post


Link to post
Share on other sites
judges    27
22 hours ago, wildcard said:

Hey Judges, did you plan on implementing these features into spiway?

 

Hi.. I had some doubts about this, since flashing the PS4 isn't something many people do and I never received any feedback. But some time ago I saw these vids on utube and now I'm pretty sure that it's working fine and that there's no protection or what so ever involved:

 

https://www.youtube.com/watch?v=O612Mtz43OI

https://www.youtube.com/watch?v=P1OT3isiqvM

https://www.youtube.com/watch?v=j9BNn-uH7oY

 

-- judges

  • Upvote 3

Share this post


Link to post
Share on other sites
wildcard    43
23 hours ago, judges said:

 

Hi.. I had some doubts about this, since flashing the PS4 isn't something many people do and I never received any feedback. But some time ago I saw these vids on utube and now I'm pretty sure that it's working fine and that there's no protection or what so ever involved:

 

https://www.youtube.com/watch?v=O612Mtz43OI

https://www.youtube.com/watch?v=P1OT3isiqvM

https://www.youtube.com/watch?v=j9BNn-uH7oY

 

-- judges

LOL, thanks for replying @judges, well i can say yeah, there doesnt seem to be any protection XD. After i commented here i spent the night and morning setting up avr studio and adding some functions to print out registers relating to security. all 00s for security features and password protection had a default of 1 meaning it was not enabled. Well from reading other very credible resources like psxhax for example, ive heard that there was some kind of protection implemented outside of flash that checks if you have written to it. This occurred after 2.50 rumor has it and reports are that you cant even flash back a dump without the ps4 being briked or in a flashing blue light state. I think sony implemented some kind of security to prevent the Brazilian cloners lol. Also i have seen 2 regions in flash change every boot, they look like a header and table and mirror eac hother but are slightly differnt. I dont think they have something to do with the flash check but i would need to compare these findings on a ps4 below 2.50 that i dump flash every time it boots and see if these values change as well. i think they should... ok while writing this i just checked my 1.76 dumps that i had from fs that occurred on diff boots, and.. the sections are diff as well just like occurs on 4.07. so lol it has nothing to do with flash checks. Its either in syscon or aeolia kernel which i dont think it is.

Share this post


Link to post
Share on other sites
wildcard    43

ok what is that guy on 4.XX ?? that video has confused the fuck outta me lol. Thanks for the link @judges, that seems to debunk what i was saying.. i think it may just be due to slightly long cables since they are twice as long when connecting flash to ps4 vs to breadboard and teensy. Also i dont have a decoupling cap so that could be it, or i dread to think that aeolia was effeted when removing flash.. well at least that cleared things up. Also this proves why psxhax is so credible huh XD

Edited by wildcard

Share this post


Link to post
Share on other sites
wildcard    43

lol shorter wires. confirmed, i can dump and write on 4.07 no brick guys. :D

  • Upvote 4

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×