Developer SKFU made a very interesting post a few days ago on his blog regarding PS4 firmware 2.0. He managed to get access to debug settings on his retail console. Although at the moment you cannot do anything with it, it is great news to see findings like these on the new console. SKFU also mentions that he managed to get some readable code, so lets hope there is something useful in there.
[img(700px,400px)]http://www.psx-place.com/banshee.php?atid=978[/img]
[hide]It took a while until I found some spare time to check firmware 2.00 for the PlayStation4, but it was worth it!
So yes, I could finally access the ★Debug Settings on a retail console. But no, we can not use it
Sony learned their lesson and removed the back-end so this is not very useful for us. Maybe there is a way to unlock it's full potential, but I could not find it, yet.
Last but not least I made a ridiculous discovery. This one has to do with a memory leak which led me to super interesting data. So far I got around 15MB of compressed but clear-text script data. If you wonder if this is a lot, YES IT IS! In a readable layout this is more than 250.000 lines of code.[/hide]
[img(700px,400px)]http://www.psx-place.com/banshee.php?atid=979[/img]
Source: http://www.psx-place.com/ps4-news/4...fty-findings-on-his-ps4-post-firmware-20.html
Source 2: http://www.skfu.xxx/2014/09/ps4-state-of-things-part-i-titleids.html
[DOUBLEPOST=1418753008,1418752973][/DOUBLEPOST]Thread originally belonging to Sergio_host
[img(700px,400px)]http://www.psx-place.com/banshee.php?atid=978[/img]
[hide]It took a while until I found some spare time to check firmware 2.00 for the PlayStation4, but it was worth it!
So yes, I could finally access the ★Debug Settings on a retail console. But no, we can not use it
Sony learned their lesson and removed the back-end so this is not very useful for us. Maybe there is a way to unlock it's full potential, but I could not find it, yet.Last but not least I made a ridiculous discovery. This one has to do with a memory leak which led me to super interesting data. So far I got around 15MB of compressed but clear-text script data. If you wonder if this is a lot, YES IT IS! In a readable layout this is more than 250.000 lines of code.[/hide]
[img(700px,400px)]http://www.psx-place.com/banshee.php?atid=979[/img]
PS4 - The State of Things Part I: TitleID's (#1 Update)
Yeah I'm still here! A lot of information was collected, analyzed and misused in the past months. I want to share an overview with you and I'll start with "Part I: TitleID's".
(img(700px,400px))http://oi57.tinypic.com/15gcq3t.jpg(/img)
This post is not entirely about the PS4, it will include some information about the PSV as well.
Why are we interested in TitleID's?
Both the PS4 and the PSV use the known system of TitleID's to identify games and apps. Most of them are visible to you via either the Livearea on PSV or the menu of the PS4.
Some of them, on the other hand are only used as references for internal modules or similar and are therefore hidden. The most interesting ones are those which are linked with applications you shall not see and are just implemented for tests, were forgotten or exist for other unknown reasons. Do we want to find and start them? Yes, we do!
(size=24)How do we find valid TitleID's?(/size)
Well, the best start is to look at the error reports of the consoles. Once a game or app crashes, a small error report is generated and you can view this information via the systems settings. You'll see that the TitleID is always with it.
(img(700px,400px))http://www.vitadevwiki.com/images/c/c2/Error_Log.jpg(/img)
NPXS19999 is the TitleID
Surely this will not lead us to any interesting hidden applications since those are most likely never active and can not be crashed without even knowing how to start them, but it will give us a good startpoint since the range of commonly used system ID's is huge (NPXS00000-NPXS9999). So now we need a way to test for valid ID's aka a possibility to launch games/apps by it's TitleID with bruteforcing.
(b)How do we start apps/games by TitleID's?(/b)
(color=#00ffff)PS VITA Method: (UPDATED)(/color)
(UPDATE)
For simplicity here's a small webform which will unlock the PKG Installer for your PS VITA: http://www.zload.net/pkg/ kindly hosted by The Zett. Just enter the E-Mail adress you use on your PSV and the script will send you the unlock E-Mail.
(/UPDATE)
On PlayStation VITA there are many ways to achieve our goal, so it's not important right now if one is public. I will show you the most simple one. Probably you have noticed the leak of information regarding a hidden PKG installer a few months ago - this was achieved by using this technique.
Simply as it is, the only thing you have to do is setup the E-Mail client application on your PlayStation VITA and write yourself an HTML E-Mail with the following content to receive the E-Mail on your PSV.
<a href="psgmpen?titleid=NPXS10031">OPEN PKG INSTALLER</a>
Open your E-Mail app and click the link and the PKG installer will start. You may want to replace the titleid parameter with any of your choice. I have a small list of tested TitleID's for PSV right here, feel free to add or modify information.
PS4 Method:
For the PlayStation 4 our method is a bit more complicated and requires a bit of RE knowledge for Android and/or iOS. I'll describe an example for Android:
Please grab a copy of the <a href="https://play.google.com/store/apps/details?id=jp.konami.mgsvgzapp">(color=#009999)Metal Gear Solid V: GZ companion app for Android(/color)</a> and save the APK on your PC. <a href="http://apps.evozi.com/apk-downloader/"> (color=#ffcc00)APK Downloader(/color)</a> is useful here! ( It's a fantastic game, I'm rly sorry I had to use this one )
Now you'll need the <a href="http://apkmultitool.com/?q=node/5">(color=#ffcc00)APK-Multi-Tool(/color).</a> Setup the tool and place the MGS companion APK file in the (color=#ccff00)"place-apk-here-for-modding"(/color) folder. Start the tool, via the "Script.bat" and choose option 9 to decompile the APK. You now have a decompiled copy of the APK in your (color=#ccff00)"projects"(/color) folder.
Locate the "PS4Net$1.smali" source file in "/smali/jp/konami/mgsvgzapp/", open it and replace the MGS V: GZ TitleID's with one of your choice and save the file. Go back to the APK-Multi-Tool script and choose option 15 (assuming your Android phone connected in debugger mode).
Now you can start the app on your phone, choose the main option and it will find your PS4 after you logged in PSN. Once started, normally the application would start Metal Gear Solid V: GZ, but now tries to start your TitleID if available.
The authentication system used for the secure communication between your phone and your PS4 is well done, but sadly not useful if we use a modification like this. Feel free to join the list of tested TitleID's for PS4.
For obvious reasons I made a small TitleID's launcher to test different ID's a lot faster.
Yeah I'm still here! A lot of information was collected, analyzed and misused in the past months. I want to share an overview with you and I'll start with "Part I: TitleID's".
(img(700px,400px))http://oi57.tinypic.com/15gcq3t.jpg(/img)
This post is not entirely about the PS4, it will include some information about the PSV as well.
Why are we interested in TitleID's?
Both the PS4 and the PSV use the known system of TitleID's to identify games and apps. Most of them are visible to you via either the Livearea on PSV or the menu of the PS4.
Some of them, on the other hand are only used as references for internal modules or similar and are therefore hidden. The most interesting ones are those which are linked with applications you shall not see and are just implemented for tests, were forgotten or exist for other unknown reasons. Do we want to find and start them? Yes, we do!
(size=24)How do we find valid TitleID's?(/size)
Well, the best start is to look at the error reports of the consoles. Once a game or app crashes, a small error report is generated and you can view this information via the systems settings. You'll see that the TitleID is always with it.
(img(700px,400px))http://www.vitadevwiki.com/images/c/c2/Error_Log.jpg(/img)
NPXS19999 is the TitleID
Surely this will not lead us to any interesting hidden applications since those are most likely never active and can not be crashed without even knowing how to start them, but it will give us a good startpoint since the range of commonly used system ID's is huge (NPXS00000-NPXS9999). So now we need a way to test for valid ID's aka a possibility to launch games/apps by it's TitleID with bruteforcing.
(b)How do we start apps/games by TitleID's?(/b)
(color=#00ffff)PS VITA Method: (UPDATED)(/color)
(UPDATE)
For simplicity here's a small webform which will unlock the PKG Installer for your PS VITA: http://www.zload.net/pkg/ kindly hosted by The Zett. Just enter the E-Mail adress you use on your PSV and the script will send you the unlock E-Mail.
(/UPDATE)
On PlayStation VITA there are many ways to achieve our goal, so it's not important right now if one is public. I will show you the most simple one. Probably you have noticed the leak of information regarding a hidden PKG installer a few months ago - this was achieved by using this technique.
Simply as it is, the only thing you have to do is setup the E-Mail client application on your PlayStation VITA and write yourself an HTML E-Mail with the following content to receive the E-Mail on your PSV.
<a href="psgm
pen?titleid=NPXS10031">OPEN PKG INSTALLER</a>Open your E-Mail app and click the link and the PKG installer will start. You may want to replace the titleid parameter with any of your choice. I have a small list of tested TitleID's for PSV right here, feel free to add or modify information.
PS4 Method:
For the PlayStation 4 our method is a bit more complicated and requires a bit of RE knowledge for Android and/or iOS. I'll describe an example for Android:
Please grab a copy of the <a href="https://play.google.com/store/apps/details?id=jp.konami.mgsvgzapp">(color=#009999)Metal Gear Solid V: GZ companion app for Android(/color)</a> and save the APK on your PC. <a href="http://apps.evozi.com/apk-downloader/"> (color=#ffcc00)APK Downloader(/color)</a> is useful here! ( It's a fantastic game, I'm rly sorry I had to use this one
)Now you'll need the <a href="http://apkmultitool.com/?q=node/5">(color=#ffcc00)APK-Multi-Tool(/color).</a> Setup the tool and place the MGS companion APK file in the (color=#ccff00)"place-apk-here-for-modding"(/color) folder. Start the tool, via the "Script.bat" and choose option 9 to decompile the APK. You now have a decompiled copy of the APK in your (color=#ccff00)"projects"(/color) folder.
Locate the "PS4Net$1.smali" source file in "/smali/jp/konami/mgsvgzapp/", open it and replace the MGS V: GZ TitleID's with one of your choice and save the file. Go back to the APK-Multi-Tool script and choose option 15 (assuming your Android phone connected in debugger mode).
Now you can start the app on your phone, choose the main option and it will find your PS4 after you logged in PSN. Once started, normally the application would start Metal Gear Solid V: GZ, but now tries to start your TitleID if available.
The authentication system used for the secure communication between your phone and your PS4 is well done, but sadly not useful if we use a modification like this. Feel free to join the list of tested TitleID's for PS4.
For obvious reasons I made a small TitleID's launcher to test different ID's a lot faster.
Source: http://www.psx-place.com/ps4-news/4...fty-findings-on-his-ps4-post-firmware-20.html
Source 2: http://www.skfu.xxx/2014/09/ps4-state-of-things-part-i-titleids.html
[DOUBLEPOST=1418753008,1418752973][/DOUBLEPOST]Thread originally belonging to Sergio_host
