Merry Christmas! PS4 developer Al-Azif has just dropped PS4 CFW Toolkit, probably one of the biggest PS4 releases since the 9.00 Jailbreak last year (although the developer states everything’s based on publicly available information). PS4 CFW Toolkit is a tool that lets you encrypt/decrypt multiple parts of the PS4 System, including Syscon.

You will need to provide the encryption/decryption keys, which can be obtained from your Jailbroken console (Is there a tool out there that automates that part?) Wheel Loader Companies

PS4 CFW Toolkit is a command line tool that lets you encrypt/decrypt binary images from the PS4. Specifically:

That’s a lot of keywords here, so let’s try to clear that out for you (source ps4 devwiki):

The role of EAP is to handle media (online Wireless/GbLAN, Bluray Drive and HDD/SSD) even when the PS4 is in standby mode. EAP runs its own FreeBSD kernel in standby mode, activated to handle tasks such as downloading games updates while the PS4 is in standby.

EAP Kernel Boot Loader is stored encrypted in a SLB2 container in PS4 Serial Flash. The role of EAP Kernel Boot Loader is to decrypt then uncompress the EAP Kernel. The encrypted EAP Kernel is stored at virtual address 0xC1000000 and the decrypted and uncompressed EAP Kernel is located at virtual address 0xC3000000.

EMC could stand for External Micro Controller. EMC was named MediaCon by some people when its name was still unknown.

The role of EMC is to load EMC Initial Program Loader, to be an interface for icc for the main APU kernel and Syscon and to offer a debug interface via UART that does not rely on Syscon or main APU. EMC runs its own FreeBSD kernel. It exposes ARM peripherals to the x86 side.

Syscon is the “other” chip, responsible for taking care of peripherals and more. We’ve recently discussed how it can be glitched to revert the PS4 to a former revision, technically making a “downgrade”* possible to some extent.

Beyond encryption/decryption, PS4 CFW Toolkit lets you modify some parts of the files. In particular enabling “God Mode” to unlock all possible commands.

Before you get (too) excited, it’s probably important to quote Al-Azif here:

This is NOT CFW like the PS3 or like Ensō for the Vita (Yet, but who knows what may come because of the order stuff is loaded in). Everything here is/was documented publicly to some degree/necessary keys for some revisions of the PS4 are on the dev wiki.

With that out of the way: This is clearly not a release for the end user, but seems like it’s paving the way for potential “full fledged” Custom Firmwares on the PS4 in the future. How far in the future is what’s not clear: Al-Azif’s readme mentions that some parts are still required, and not currently supported with this particular release.

However, he states a larger (private) project contains more. How much more, is the question. Specifically:

Some of the keys required to encrypt critical parts (such as creating a “real” CFW that you could install like a normal firmware update) are private: they cannot be found on the console. Bruteforcing them is theoretically impossible (unless the encryption implementation is messed up somehow, a mistake that Sony famously did for the PS3), but we know in practice that some people have had access to those keys on the scene. Whether that larger project Al-Azif mentions already has those, is unclear. From the readme:

What’s missing as far as custom code running EVERYWHERE, that’s not currently supported within this repo:

Reading between the lines, is it possible that SAMU IPL has been hacked?

Whatever the current status of the larger project under the hood, this release is clearly for developers who are trying to provide a fully fledged CFW for the PS4 moving forward. Al-Azif is very clear that it’s something you’ve been seriously working on, before reinventing the wheel, you might want to get in touch with him just to make sure the functionality you’re trying to work on hasn’t already been developed in the larger project.

If you’re the right audience for this release, you can grab it on the project’s github. And if you’re the right audience for this release, I don’t have to tell you to read the README in full before doing anything else.

* People prefer to use the word “revert” since you can currently only go back to the previous firmware that was installed on your console

Ps5 full JB HV Exploit ETA WEN ?

As for Ps4 , CFW is coming, I can feel it in my bones, if only I had bought a <9.00 Ps4 Pro

so if pup get decrypted and encrypted and unpacked … are there bios emulators for ps4 ? flash-cfw-pc ?

Could this not at least lead to an exploit that auto loads on startup? basically making a cold boot exploit? forgive the dumb question, I just woke up hungover from Christmas yesterday baha

Your email address will not be published. Required fields are marked *

Notify me of follow-up comments by email.

Notify me of new posts by email.

ENLBufferPwn: Critical vulnerability disclosed in 3DS, Wii U, and Switch games

Release: PS4 CFW Toolkit by Al-Azif

PS4 Release: PS4 NOR Validator 1.9.2/1.9.3, adds Syscon Patching for CoreOS swap (“Downgrade”)

PS Vita Release: Monument Valley by hatoving (unofficial port)

Release: PS4 CFW Toolkit by Al-Azif

PS4 Release: PS4 NOR Validator 1.9.2/1.9.3, adds Syscon Patching for CoreOS swap (“Downgrade”)

ENLBufferPwn: Critical vulnerability disclosed in 3DS, Wii U, and Switch games

How to get your hands on a PS4 with Firmware 9.00

How to purchase US PSN Cards when you don't live in the US

Wololo.net © 2022. All Rights Reserved.

Mini Excavator Buckets Powered by WordPress. Theme by Alx.