zecoxao

it's a mod i'd like it if you could add it to your nodemcu payload

Tools: HEN 1.8 https://cdn.discordapp.com/attachments/159066660962041856/498138504656715776/ps4-hen-vtx.bin https://cdn.discordapp.com/attachments/159066660962041856/498138541570654209/index.html payload_ldr https://cdn.discordapp.com/attachments/159066660962041856/498062138686963712/payload_ldr_verbose.pkg FTP payload/OrbisMAN (Optional But Recommended) Mira for usermode logs / UART Step0:If needed for your homebrew, put ALL resources inside /data/ (specify the path in your homebrew as well) Step1: Create a folder called self inside data folder (You can use ftp or orbisman for this) Step2: Launch HEN 1.8 Step3: If needed, launch mira aswell(for logging your homebrew/game while it's being tested) Step4: Install payload_ldr pkg Step5: Launch payload ldr (the screen should hang at start) Step6: Send the main eboot (it MUST be a self file) sender.py --endpoint 192.168.1.4 eboot.bin Other options are available but for now i'll only use this one Step7: Your homebrew should now run and (if you have it) logs should be displayed on putty/some other Telnet/Serial logger

First of all, credits to @Joonie, without him none of this would have been possible. Things required: 2 PS4s (one in 5.05 preferably, another in the version you wish to port stuff to, like 4.55) SDK of the older version (don't ask for it, just search a bit) Hexeditor (such as HxD) Fpkg tools (specifically https://www.sendspace.com/file/bqsin5 ) Game to port (Something like God of War or the likes) FTP Payload on 5.05 Filezilla Client First thing we'll do is find how many modules our game has and which they are. So we start our game minimized, go to the ftp payload and start filezilla, then navigate to the pfsmnt folder and to the title id for patch. In the case of God of War, they're libc and libSceFios2. So we'll grab both of these from our SDK (in this case, 4.50 sdk) and place them in the sce_module folder, replacing the ones existing there (from 5.00 SDK). Last but not least we grab the eboot from the ftp and we replace the version binary string (search for ORBI, caps, it should be around this location) Example: https://imgur.com/a/4rZofbG https://imgur.com/a/isZaGw9 And finally, after replacing those strings you can replace the eboot as well and place it under the fpkg creator. This has been tested by @Joonie and works for some games (cases like 5.05 on 4.55 work for the majority of it but cases like 5.05 on 4.05 don't for the majority so you're on your own to test these)

@sguerrini97 would it be possible to upload a vm with UFS rw support? something small, like what @3141card did, with easy to use scripts i think it'd be nice and much less time consuming than compiling the stuff ourselves

and this is the 4.55 kernel where the script is based (i tested the idc on one of my dumps and it didn't work so i'm also sharing this) https://www.sendspace.com/file/mtydoc

@3141card has given me permission to share this, as well. it is a RE script of 4.55 kernel by himself (the base being used here is the kernel's base without KASLR, 0xFFFFFFFF82200000, so rebase your own kernel in IDA before doing this.) Contains comments, defined globals, function symbols and other things. in a total of about 20000 functions, 12747 (64%) are defined. I didn't have luck using it with IDA 6.8 and below so i assume this only works with IDA 7. Enjoy added 2 minutes later link (forgot about it lol) https://www.sendspace.com/file/qknbez

Since @3141card has agreed to let these databases be released to the general public. Link: https://www.sendspace.com/file/5b9jw4 Contains LV1 and LV2 memory dump databases with several comments, constructors, destructors, documented syscalls, etc. Extremely useful for emulation research and/or exploit research

This executable decompresses ARZL binaries for the ps4, like the compressed eap kernel. This SHOULD also work on vita but i'm not sure about it. Download Link: https://www.sendspace.com/file/liris4

Happy birthday

Apologies for the necro bump, but since there's a new ksploit floating around i figured i might change < 2.00 games as green to < 4.06 games as green

fuck you @GregoryRasputin thanks guys

read the instructions again please: 1. load wb and start code execution, wait till its waiting for payload 2. press ps button 3. run the game 4. send the payload containing the path to the eboot inside the mounted folder in pfsmnt 5. collect your modules/eboot on usb0/any other output path that's how you prevent out of memory errors (this also happens with elfs)

go to that line and follow the instructions there.

use https://github.com/idc/PS4-SDK

there are tutorials that do this for you here. https://playstationhax.xyz/forums/topic/3271-tutorial-how-to-decrypt-and-dump-games-ebootprx-and-sprx/ https://playstationhax.xyz/forums/topic/3104-tutorial-how-to-bypass-pfs-protection-entirely/ but this is deprecated. i released on twitter a payload that allows to play any game without eboot_plugin patch