PS4
240 archivos
-
PS4 Homebrew Store
Features:
Download and install the applications you want to add Integrated update system, no need to reinstall PKG Store at every update Optimized for slow networks Software libraries created by hand Light PKG size about 10 MB Default hard drive download cache When you are at the main menu O go to the previous page INI backup system with native floating keyboard Possibility of uninstalling applications directly from the Store DL page Settings:
Indicates whether your INI is loaded from an application or USB device. Temporary path - Select your temporary download path CDN URL - Host your own personalized CDN using the published guide or use the CDN from Background path - Choose your own custom background PNGs ONLY, the background must be 1280 x 720 Load INI from USB or APP APP INI path - /user/app/NPXS39041/settings.ini USB INI path - /mnt/usb0/settings.ini USB INI copy to APP every time APP is launched Custom backgrounds Simple to implement
-
PS4 HOST 6.72 by FSGKteam
Menú host para para ejecutar el hack de PS4 tanto en 5.05 como en 6.72.
Como usarlo:
Copia el archivo applicationcache.db a una memoria USB formateada en fat32 o exFat en la raíz. Conecta la memoria USB a tu PS4 Elimina el caché y las cookies del navegador PS4 (2 a 3 veces) Reinicia la consola Ve a esta dirección a través del navegador web de la PS4: https://ciss84.github.io/restore2/index.html y no hacer clic en nada La consola restaurará el archivo de la memoria USB a la consola Una vez completo, desactiva la conexión a Internet en la opción de redes de la PS4 Luego ve a la guía del usuario que inicia el host. by FSGKteam.
-
PS4 Kernel BTTF
PS4 Kernel BTTF es una aplicación para cambiar la fecha y la hora del reloj interno de PS4.
Aplicación creada por Lapy.
-
PS4 Kernel for Gentoo
PS4 kernel 5.3.1 for gentoo on PS4 (WIP).
-
PS4 kexec implementation
This repo implements a kexec()-style system call for the PS4 Orbis kernel (FreeBSD derivative). This is designed to boot a Linux kernel directly from FreeBSD.
This is not an exploit. It is useless without some mechanism of injecting code into the PS4 OS kernel.
Building
To build a kexec.bin relocatable binary using the supplied Makefile, just type make. This will also build a kexec.a archive. You can either use the binary directly, or link the archive into your own project.
If you link kexec.a with your own code, you need to supply the two symbols _start and _end in your linker script, as kernel_init() will try to remap all pages covered by that range as RWX (to make global variable accesses work). Alternatively, you can add -DDO_NOT_REMAP_RWX to CFLAGS to disable this feature, if you have already taken care of page permissions for the code.
If you use a compiler toolchain that have a special prefix you can declare it by passing TOOLCHAIN_PREFIX option to the Makefile like this:
make TOOLCHAIN_PREFIX='amd64-marcel-freebsd9.0-' Usage
The code is designed to be completely standalone. There is a single entry point:
int kexec_init(void *early_printf, sys_kexec_t *sys_kexec_ptr); Simply call kexec_init(NULL, NULL). This will locate all the required kernel symbols and install the sys_kexec system call. The syscall is registered as number 153 by default (you can change this in kexec.h). The return value is 0 on success, or negative on error.
You may pass something other than NULL as early_printf. In that case, that function will be used for debug output during early symbol resolution, before printf is available.
Since PS4 3.55(?), KASLR(Kernel Address Space Layout Randomization) is enabled by default, symtab also disappears in newer kernel, we have to hardcode offsets for some symbols. Currently we use the early_printf given by user to caculate the base address of kernel, then relocate all the symbols from the kernel base. You could enable this feature like this:
make CFLAG='-DPS4_4_00 -DKASLR -DNO_SYMTAB' If you do not want to call the syscall from userspace, you can pass the address of a function pointer as sys_kexec_ptr. kexec_init will write to it the address of sys_kexec, so you can invoke it manually (see kexec.h for its prototype and how the arguments are passed).
If you are using the standalone kexec.bin blob, then the kexec_init function is always located at offset 0, so simply call the base address of the blob. Don't forget to pass two NULL arguments (or the appropriate pointers).
The injected sys_kexec system call takes (userspace) pointers to the kernel and initramfs blobs, their sizes, and a pointer to the (null-terminated) command line string. From userspace, this looks like this:
int kexec(void *kernel_image, size_t image_size, void *initramfs, size_t initramfs_size, const char *cmdline); // syscall() usage: syscall(153, kernel_image, image_size, initramfs, initramfs_size, cmdline);
kexec() will load the kernel and initramfs into memory, but will not directly boot them. To boot the loaded kernel, shut down the system. This can be accomplished by pressing the power button, but can also be done more quickly and reliably from userspace with the following sequence of system calls (this kills userspace quickly but still does a controlled filesystem unmount):
int evf = syscall(540, "SceSysCoreReboot"); syscall(546, evf, 0x4000, 0); syscall(541, evf); // should be syscall(37, 1, 30) but only tested via kill symbol kill(1, 30); Note that this software should be loaded into kernel memory space. If you are running kernel code from userland mappings, you should either switch to kernel mappings or separately copy kexec.bin to a location in kernel address space. While syscalls or exploit code may run properly from userland, the shutdown hook will not, as it will be called from a different process context.
Features
kernel_init() will automatically find the Orbis OS kernel and resolve all necessary symbols to work. There are no static symbol dependencies. If DO_NOT_REMAP_RWX is not defined (the default), it will also patch pmap_protect to disable the W^X restriction.
In addition to loading the user-supplied initramfs, kexec will locate the Radeon firmware blobs inside Orbis OS, extract them, convert them to a format suitable for Linux, and append them as an additional initramfs cpio image to the existing initramfs. This avoids the need to distribute the Radeon firmware blobs. The radeon module, when compiled into the kernel, will automatically load this firmware on boot. Note however that most typical initramfs scripts will wipe the initramfs contents while pivoting to the real system, so if you compile radeon as a module you may not be able to access the firmware after boot. To cover that case, add some code to your initramfs /init script to copy the firmware to a tmpfs mounted on the real filesystem:
# assuming real root FS is mounted on /mnt
mkdir -p /mnt/lib/firmware/radeon
mount -t tmpfs none /mnt/lib/firmware/radeon
cp /lib/firmware/radeon/* /mnt/lib/firmware/radeon/
# now switch_root to /mnt
This avoids having to permanently store copies of the Radeon firmware, which isn't really necessary for most use cases.
There is significant debug logging available, which will appear on the system UART. Most of the code relies on the kernel printf implementation, and therefore you should patch out the UART output blanker to see it. The final code that runs on the boot CPU before booting the kernel uses direct UART writes and is not affected by the blanking feature of Orbis OS.
-
PS4 Keyboard and Mouse Adapter
"PS4 Keyboard and Mouse Adapter" es una aplicación que nos permite jugar a cualquier juego en nuestra Playstation 4 con ratón y teclado, sin necesidad de mando. Y es completamente gratuita.
Cómo usarla:
No conectes tu mando Dualshock 4 al PC mientras estás usando la aplicación. Si ya está conectado de antes, desconéctalo porque va a interferir con la emulación del dispositivo. Asegúrate que tienes activado el juego remoto en el menú de ajustes de tu Playstation 4. Para hacer esto: Ve a tu Playstation 4 y selecciona Ajustes - Ajustes de la conexión del juego remoto y ahí seleccionas la casilla "Activar juego remoto". Para activarlo como nuestra Playstation 4 primaria seleccionamos Ajustes - Configuración de cuenta - Activar como nuestra PS4 primaria - Activar. Descarga la aplicación desde esta misma página, descomprime el archivo .zip y ejecuta el setup.exe. Automáticamente hará todos los ajustes necesarios por ti. Si no quieres nada de lag, conecta tu Playstation 4 a tu TV o monitor y visualliza el juego desde ahí.
Lista de cosas por hacer:
Mensaje de error explícito cuando el archivo mappings.json no se encuentra o es inválido. Actualmente falla algunas veces a no ser que lo abramos desde la línea de comandos. Detectar cuando el usuario tiene un Dualshock 4 conectado y pedir al usuario que lo desconecte. Algunos juegos necesitan detectar que agitas el mando. Necesitamos ver como manejar y emular eso. El panel táctil necesita más trabajo. Hacer la emulación del Dualshock 4 opcional support for analog input like from a controller stick, controller trigger, or Steering wheel Soporte para Playstation 5 Soporte para linux/mac Soporte para Chaikis Credits
PS4Macro - Big thanks to komefai for making and open-sourcing this tool. Komefai is MIA for 2 years and his repo is not supported anymore but you can still write pretty good bots with it, definitely check it out if you are into that kind of stuff EasyHook - The best tool for Windows API hooking. Works flawlessly - from the assembly injection, to the hook trampoline code. I haven't had a single problem with it I had one but that doesn't make EasyHook any less cool Jays2Kings/DS4Windows - don't need to explain that one soulehshaikh9 for pfx certificate generator by starshinata.
-
PS4 libjbc
This a firmware-agnostic implementation of the sandbox escape for PS4 homebrew apps. It operates by traversing the process list up to PID 1 (init) and copying its prison and rdir into the calling process.
In the future more functionality (e.g.Mira-style "mount in sandbox") may be supported.
by sleirsgoevy.
-
PS4 Linux Loader
A simple payload that let you run Linux on your 5.05 PS4
## How to build
I use PS4 SDK to compile it. You also need to compile PS4 Kexec and place 'kexec.bin' into this folder. Compile kexec with 'make CFLAG='-DPS4_5_05 -DKASLR -DNO_SYMTAB'.
## How to use
You need a FAT32 formatted USB drive plugged in on any PS4's USB port with the following files on the root directory : bzImage and initramfs.cpio.gz. You can download [them here](https://mega.nz/#!hEh1QI4B!gCDA5l7GyTekQ-fURvKw6WRieSbHETb3tYHb--SkmhM).
Then you will need to send the payload (PS4-Linux-Loader.bin) to your PS4. For that go to your PS4 web browser, go to darbness.com/ps4 and send the payload to your PS4 using netcat or other.. (You can also use my tool: [PS4 Payload Sender](https://github.com/valentinbreiz/PS4-Payload-Sender)).
For 4.05:
https://github.com/valentinbreiz/PS4-Linux-Loader/tree/master
For 4.55:
https://github.com/valentinbreiz/PS4-Linux-Loader/tree/4.55
For 5.01:
https://github.com/valentinbreiz/PS4-Linux-Loader/tree/5.01
For PS4 Pro / Slim / FAT:
https://github.com/eeply/ps4-linux/tree/ps4pro
## Credits and links
Thanks to 2much4u, Darbnes and jiangwei.
Useful links:
For the kexec execution: PS4-dlclose + linux+loader For kexec For more explanations: https://cturt.github.io/ps4-3.html For executing code in kernel space: Kernel Dumper
by PS3ITA.
-
PS4 Linux Loader 5.05 Internal HDD
Instructions:
Create a boot folder with PS4xplorer in user / system / boot then paste the bzimage and initramfs in Create a linux folder in user / system / linux and paste the distribution in linux.tar.xz Booting and entering install-hdd.sh
Note that if at the end of the installation and with start-psxitarch.sh it does not boote, just restart the console and restart and it's good that boote all alone on the distribution "copied" on the internal hard drive.
by Cedsaill.
-
PS4 Media Player 3.50 (VR) Patched for 5.05 / 5.07
This is a patched version of official PS4 Media Player 3.50 (VR supported) so it can play music and video on non PSN-activated console.
Will work only on 5.05/5.07 FW because it includes a kexec part with hardcoded offsets (sorry <5.05 guys, my bad).
Running on other than supported FW will make console to reboot.
Also do not forget to turn On MPEG-2 switch at "Debug Setting -> License Activation". Player is checking for it.
It's not the best variant of fixing this app, but it works for now (as a temporary solution).
Basically patch does two things:
- It escalates privileges for the mplayer's process, so it can freely access the stuff it wants.
*sonyCred = 0xffffffffffffffff; // sceSblACMgrIsSystemUcred
*sceProcType = 0x3801000000000013; // sceSblACMgrGetDeviceAccessType
I'm not sure if both patches are necessary. Probably second one is enough, too lazy to check.
- It patches SceMusicCoreServer process in memory.
Function at SceMusicCoreServer+0x3640 will now always <return 0>.
5.07 FW is unchecked but it almost certainly working (at least video should).
Credits: jkpatch and ps4-hen-vtx
-
PS4 NoBD Updater
PS4 NoBD Updater nos permite actualizar consolas con firmware 6.20 si nuestro reproductor Bluray es HS o su controlador está defectuosa y así utilizar el PS4 6.20 Kernel Exploit o actualizar al firmware 6.72.
Instructions:
0. plug out your BD logic board on Phats 1. put the MiraLoader.elf and 6.72 PS4UPDATE.PUP (system) on root of your USB 2. plugin in the USB and send "payload.bin" 3. install the PKG via debug menu 4. launch the updater 5. once it reboots plug out the power cable 6. plug it back in, your now on 6.72 6A: backup your HDD ASAP by LightningMods.
-
PS4 NOR dump without Mac & Serial
Dump de la NOR de PS4 sin la dirección Mac y el número de serie de la consola.
-
PS4 NOR Statistics
This program, another micro version of my PS4 NOR Validator, is designed solely to validate your NOR based on statistics only!
Why make this you ask? Entropy and statistics are a well used methodology in the malware analysis field to determine if a binary file is encrypted, and by how much.
What is entropy? Entropy is a method for measuring uncertainty in a series of numbers or bytes. In technical terms, entropy measures the level of difficulty or the probability of independently predicting each number in the series.
What has this got to do with PS4s? Well the PS4's NOR is almost entirely encrypted and so with a collection of known valid NOR's it is possible to determine the level of entropy that represents a valid NOR and what level of entropy would represent a corrupt NOR.
When corruption occurs it will generally wipe out a large chuck of the NOR, cause the NOR to repeat itself or will fill the NOR with junk. All of this will decrease or severely increase the entropy.
Seeing as the PS4 firmware is likely to add more or less complexity with each update I have made avaliable a settings file where you can adjust the predicted statistics.
Have fun!
NOTE: My program is designed for Windows 64 - If this is a problem then you're computing wrong.
Release Date: 5/11/18
Version: 1.0
MD5: BDABAAB45995A3D1E7AE83541E752721
Chiptune: Dubmood - A Tribute to Kootie
Loader Art: BwE (Credits to Maniac (Netflix))
by BwE.
-
PS4 NOR Unpack
PS4 NOR Unpack es una aplicación que desempaqueta las imágenes Sflash0 de PS4 (y quizás de PS5).
Analiza sflash0/sflash0s0 y sflash0s1.crypt/sflash0s1(con 0x4000 bytes de cabecera de sflash0s1.crypt)
Aplicación creada por zecoxao.
-
PS4 Offline Account Activator
Activates PSN account on jailbroken PS4 allowing you to export save data to USB among other things. The offsets are for 5.05 fw version.
Requires ps4debug to compile.
Notes & Warnings
It's better to use this program on a new account. If you use it on an old account (with saves and trophies) you'll encounter these problems:
You won't be able to use your old save files easily (the ones created before activation). They'll show as broken. Maybe you can recover them with Playstation 4 Save Mounter. You'll have to delete your trophies (via FTP) because they will be signed with the unactivated account and all the games you try to launch will error out. I repeat, I recommend to use a fresh console account for the activation, but do as you wish...
How to use
Launch ps4debug on your PS4 Launch this program on your computer Type in your PS4 IP adress and click Connect Click Get Users Type the account id you want to activate on the proper text box. You can get your account id from the folder name of an exported save Account id
Click Set Id & Activate Click Get Users again to check if it was changed properly If you used an old account with trophies then fix the problems in the Notes & Warnings section Credits
Made by barthen
Thanks to jogolden for the great ps4debug and to all the PS4 scene for making this possible.
-
PS4 OPKG Update Downloader
Tool written in Python to download Official PS4 update PKGs.
Features
Drag and drop game dump folder. Merge update pieces. Choose output directory. Resumable from script restart.
Setup
Fill in config.json. Usage
Drag game dump folder onto ps4_opkg_update_downloader.py/ps4_opkg_update_downloader_x86.exe. Input ID of update to download. or
Double click ps4_opkg_update_downloader.py/ps4_opkg_update_downloader_x86.exe. Input game CUSA. Input ID of update to download. by Sorrow446.
-
PS4 Overlay
PS4 Overlay for Gentoo.
thanks to fail0verflow team & psxita team.
-
PS4 Patch Installer
PS4 Patch Installer es un homebrew inicialmente creado con el propósito de proporcionar la habilidad de hacer downgrade o actualizar cualquier juego retail de PS4.
Requisitos
Para poder ejecutar Patch Installer, tu PS4 debe cumplir todos los siguientes requisitos:
La PS4 debe tener el jailbreak aplicado. El payload HEN/Mira debe estar activo y funcionando en la consola. Se requiere una conexión activa a interenet. Créditos
PS4 Patch Installer creado por 0x199. Gracias a theorywrong, flatz, IDC, Specter, SocraticBliss, sleirsgoevy, OpenOrbis y a todos los OpenOrbis colaboradores por hacer este homebrew posible. Este homebrew está hecho usando la realmente increíble OpenOrbis Toolchain. -
PS4 Payload Guest
¡ESTO REQUIERE QUE SEA CAPAZ DE EJECUTAR HEN / MIRA / GOLDHEN UNA VEZ A TRAVÉS DEL NAVEGADOR! SIGNIFICA QUE SI NO ESTÁ POR DEBAJO DE 8.00 NO PUEDE USAR ESTO. NO PUEDE USAR ESTO PARA INICIAR HEN / MIRA / GOLDHEN PORQUE NECESITA PODER EJECUTAR FPKGS PARA EJECUTAR ESTE PKG.
Payload Guest lee los payloads de `/ data / payloads /` (Desde el disco duro interno de la PS4) y / o `/ mnt / usb * / payloads /` (Desde un directorio de dispositivos USB `/ payloads /`). Si tiene un archivo `meta.json` en uno de estos directorios, analizará ese archivo en lugar de intentar escanear los archivos de ese directorio en particular.
Si no hay un archivo `meta.json`, la aplicación escaneará la carpeta y agregará los archivos` .bin` encontrados al menú, buscará un archivo `.png` con el mismo nombre para mostrar. Al presionar cuadrado, se actualizará la lista (para si insertó / quitó un dispositivo USB).
NOTA: ¡LEA ESTA LÍNEA POR FAVOR! --------------------------------------------------
> La capacidad de carga del payload en sí se ha eliminado para esta prueba. Solo aparecerá una notificación con la ubicación de los archivos bin, esto es para evitar que las personas se queden con versiones anteriores al lanzamiento antes de un lanzamiento oficial.
-------------------------------------------------- -----------------------------
Intente romper esta interfaz de usuario, cuanto más pueda destruirla ahora, menos tendrá que lidiar más tarde. Sin embargo, asegúrese de poder volver a crear su problema y de comunicarlo claramente.
## ¿Por qué?
Porque la tasa de éxito de la reutilización será menor que simplemente ejecutar el código "de forma nativa". Esto debería reemplazar completamente a los hosts de exploits para todas los payloads excepto uno, sin necesidad de un laberinto de botones o "ajustes de estabilidad" cuestionables. Esto también le da más control de lo que ejecuta en su sistema. Seguirás dependiendo de una solución diferente para HEN / Mira / GoldHEN pero ... toma buenas decisiones.
Aplicación creada por Al Azif.
-
PS4 Payload Injector Tool
Herramienta desarrollada en C# con la cual podremos inyectar / enviar nuestras cargas "payloads" a nuestra consola PS4 con exploit, y es compatible con todos los firmware con exploit. Recordad que los payloads o cargas utiles son archivos .bin. Para usarla simplemente necesitas habilitar ejecuccion de codigo en tu PS4 accediendo al webkit o exploit y despues enviar el payload mediante la aplicación.
Compatibilidad:
Actualmente soporta todos los Firmwares con Kernel Exploit de Playstation 4
1.76 4.05 4.55 5.05 5.07 6.72 7.02 7.55 9.00
Credits:
#valentinbreiz (codigo incial)
#AlfaModzZ (alguna ayuda)
Compilar:
*Necesitas tener Visual Studio 2015 o superior para poder compilar, mejorar o modificar este repositorio.
by TheWizWikii.
-
PS4 Payload Sender for Android
Send payloads to your PS4 from your Android device.
-
PS4 Payloads
Payloads and packages for PS4 updated.
by Scene-Collective.
-
PS4 Payloads
Todos los payloads de PS4 compatibles con el firmware 7.55.
Estos son los payloads incluidos, en formato .bin:
todex rif-renamer restore module-dumper kernel-dumper kernel-clock history-blocker ftp fan-threshold enable-updates enable-browser disable-updates disable-aslr backup app2usb app-dumper miraloader by Al Azif.
-
PS4 Permanent UART
Enables Permanent UART for PS4.
Requires a 5.05/6.72/7.02 Jailbroken PS4.
To build, you require ps4-sdk from Scene-Collective/ps4-payload-sdk
In the terminal, type make in the folder and then use bin loader from an exploit host to load the payload.
Once done, reboot and you have permanent UART for your PS4 until you update.
Credit to zecoxao for the information he posted on enabling persistent UART.
In Theory 6.70, 6.71 7.00, 7.01 and 7.02 are added but these are experimental, if you crash when loading, please make an issue and provide a kernel dump for your firmware and i will update and add 🙂
by JTAG7371.
-
PS4 PKG Installer (Store Remote Tool)
Dependencies
Rebex FTP PS4_Tools Windows Metro Framwork For use with the PS4 Store Custom FTP ONLY.
Credits
Xerpi xDPx all those involved with the Dependencies
by xXxTheDarkprogramerxXx.