Vita and PSP Factory Mode Manu Mode News (C)ode e(X)ecute 2023-05-02 | Brief description of this weeks newsPSP Manu Mode: psdevwiki.com/psp/Keysgithub.com/khubik2/pysweepergithub.com/balika011/BaryonSTMCredits to DaveeFTW, WildCard,Sean Shablack, for most of the glitch workExtra Special Thanks to Proxima for the reading of the code, to Nzaki for the 03g Golden PSP used for tests, and to MinaRalwasser for the service manual and guidance throughout the years.Vita Manu Mode:mega.nz/folder/zs8GURCJ#8bttelyO3iwIFGL7G6yPugpsdevwiki.com/vita/IUU-001Credits to Anonymous, Mathieulh and Freakler for the Card dumps.Special thanks to the APE discord group for the wonderful (and sometimes stressing) moments spent throwing ideas and dumping stuff.
Unbricking a BAD Cobra CFW From DEX or DECR by using FSM (C)ode e(X)ecute 2024-09-27 | Do this for bad cobra stage2 cfws such as pseudo rebug cfws for dex or decr flavors.Formats the dev_flash, preventing a stage2 brick (stage2 gets deleted)You just need to then exit FSM and flash your favorite cfw from recoveryEnable Hidden System Files- 1Enable Hidden Operating System Files- 2Format a pendrive FAT32 MBR (Rufus is recommended for this)Grab a Jig Dongle (Teensy ++ 2.0, TI 84+ or Fat PSP With 5.50 GEN D Recommended)Enter FSM (Insert Jig on Rightmost Port* (on DECR it's middle top port) Near bluray drive, turn off console completely by pulling cordor by switching I to O on the on off switch, switch back/replug power cord, quickly press power then eject immediately after, wait until it turns off...)Insert Lv2diag.self Enter 3.55 (366Kb) (midnight archive, also on darthsternie?) on root of fat32 MBR pendriveinsert rebug pup (the good kind) on root of fat32 MBR pendriveinsert pendrive on rightmost port (on DECR it's middle top)* near bluray drive, turn on console normally, it shouldstart led blinking (green led blinking), wait at least 20 minutes then forcefully turn it off if it doesn't do autoLogs should be in pendrive (see 1 and 2), under UPDATER_LOG.TXTContent:manufacturing updating startPackageName = /dev_usb000/PS3UPDAT.PUPsettle polling interval successvflash is disabled...boot from nand flash...creating flash regions...create storage region: (region id = 2)format partition: (region_id = 2, CELL_FS_IOS:BUILTIN_FLSH1, CELL_FS_FAT)create storage region: (region id = 3)format partition: (region_id = 3, CELL_FS_IOS:BUILTIN_FLSH2, CELL_FS_FAT)create storage region: (region id = 4)format partition: (region_id = 4, CELL_FS_IOS:BUILTIN_FLSH3, CELL_FS_FAT)create storage region: (region id = 5)create storage region: (region id = 6)Initializingtaking a while...start Updating ProccessInitialize elapsed time = 49 mseccheck UPLUpMng.UpdatePackage() failuremanufacturing updating FAILURE(0x8002f157)Total Elapsed time = 1413 msecExit fsm by placing Exit Lv2diag.self(202Kb) on root of pendrive. Remove PUP for safety from pendrive.You should now be out. Use recovery to return to the rebug cfw.
PS5 Prototype Devkit Debug Settings (C)ode e(X)ecute 2024-08-20 | This is a video of the Debug Settings from a PS5 Prototype Devkit my friend acquired. The story is sad (this friend of mine dumped all of the chips except for the main one which contained the Southbridge firmware and, most importantly, the nvs). He wanted to dump the southbridge chip, but lost it in the process. To anyone out there watching this video, if you have a similar kit, please contact me via twitter and provide a dump of your sflash to unbrick my friend's kit. Thank you!
PS5 Prototype Devkit Main Menu (C)ode e(X)ecute 2024-08-20 | PS5 Prototype Devkit Main Menu short video. This shows the main menu of a ps5 prototype devkit my friend recently acquired. The story is sad (this friend of mine dumped all of the chips except for the main one which contained the Southbridge firmware and, most importantly, the nvs). He wanted to dump the southbridge chip, but lost it in the process. To anyone out there watching this video, if you have a similar kit, please contact me via twitter and provide a dump of your sflash to unbrick my friend's kit. Thank you!
Downloading ShadPS4 Commit Bundles (C)ode e(X)ecute 2024-08-19 | Requirements:Have a github account : docs.github.com/en/get-started/start-your-journey/creating-an-account-on-githubShadps4 link (windows) : github.com/shadps4-emu/shadPS4/actions/workflows/windows.yml or github.com/shadps4-emu/shadPS4/actions/workflows/windows-qt.ymlPs4 modules: Dump them from your ps4 (use ps4 ftp with DECRYPT mode toggled on):Some hosts that can have it: Macedo Host / Karo Host (karo218.ir) / Al Azif Host / DefaultDNB Host ?? (The modules go to: SHADPS4_DIR\user\sys_modules )libSceDiscMaplibSceJpegEnclibSceJson2libSceLibcInternallibSceNgs2libSceRtcPs4 Game: Dump it from your ps4 (use app dumper) OR extract it from an fpkg (this is piracy, don't ask me how to do this)
Tutorial StartAllBack (C)ode e(X)ecute 2024-08-13 | startallback.comJust download and install.Free License is for 180 days, if you want paid eternal license you must pay :5 dollars 1 PC9 dollars 2 PCs12 dollars 3 PCsfor all life license dedicated to user w3z
Calculating HDD0 and HDD1 Offsets and Sizes on a nand hdd backup (C)ode e(X)ecute 2024-07-08 | backup.img (obtained by using a tool called HDD Raw Copy Tool, link hddguru.com/software/HDD-Raw-Copy-Tool )eid_root_key (obtained via cfw such as rebug or evilnat)ssl's /sorvigolova's ps3encdec tool (link github.com/Sorvigolova/ps3encdec/blob/master/bin/Release/ps3encdec.exe)hxd or any other hex editor (link https://mh-nexus.de/en/downloads.php?product=HxD)calculator (windows calculator is sufficient for this)WSL to make this easierdd tool to copy specific regions of the backup file
Extracting System, System ex, Preinst, Preinst2 From Pups (C)ode e(X)ecute 2024-06-06 | Tools requiredWSL/WSL2github.com/zecoxao/ps5-pup-unpacker - requires cmake, make, g++, gcc, git7zip - 7-zip.org/download.html7zip exfat - tc4shell.com/en/7zip/exfat7zDecrypted PUP - https://darksoftware.xyz/PS5/decryptedFWlist (PS5 for this example, PS4 needs other tools)
Permanently Enabling NVS Flags when Servicing PS4 or PS5 Unit (C)ode e(X)ecute 2024-05-24 | Non Volatile Storage Flags (such as IDU Mode or permanent UART) sometimes do not apply correctly.The reason for this is because all of these flags are stored in the memory of the southbridge (which persists after reboots as long as battery is on)So you must completely drain the power battery by removing the power cable and, if necessary, remove CMOS battery to completely drain.Finally, if that doesn't work, recheck if you have written the flag correctly. Sometimes that may not happen.Credit to Flatz for this information.
Testing PPPwn by TheFlow on windows with WSL2 + Python 3 (C)ode e(X)ecute 2024-05-01 | github.com/zecoxao/PPPwn (run.sh + WSL2 + Python3.11.6 + pip) usage:sudo apt install make gcc bash run.shdon't expect anything for ps5 yet, it is substantially harder to hack than ps4
ARK cIPL and ARK DC News (C)ode e(X)ecute 2024-04-16 | Support for 02g 03g 04g 07g 09g 11g on new cIPL (01g users have to use old cIPL)Support for 01g 02g 03g 04g 09g 11g on DC (despertar del cementerio)Strongly Advisable for Go (05g) users to not test this (you will brick with both flavors)Advisable for 07g users to not test this (you will brick with despertar del cementerio)Release maybe somewhere public? Maybe you can find it? wink wink ;) (No links until then, you can go hunt it, no responsibility myself if you brick)For despertar del cementerio you will of course need a baryon sweeper (do not ask me how to build one, as i do not know. Peter Lustig has an amazing collection of them for sale, you can find him on twitter)
OnePlus 12R Acquisition and The Als DualSense Calibration (C)ode e(X)ecute 2024-04-02 | One Plus 12R Acquisition Video and The Al's DualSense Calibration Talkhttps://blog.the.al/2024/04/02/calibrating-dualsense.html blog from mr the_algithub.com/carpikes/ds4-tools al's sexy dualshock/dualsense tools (ps4/ps5)Zadig: https://zadig.akeo.ie/Python 3: python.org/downloads/release/python-3122installing requirements.txtpython.exe -m pip install -r .\requirements.txt
Bytes in Gadgets (C)ode e(X)ecute 2024-03-17 | Small overview of bytes in rop gadgets.Dedicated to karo.
AMD 4800S News (C)ode e(X)ecute 2024-03-06 | Dumps : archive.org/details/w-25-q-128-jw-amd-4800-sOverview : eurogamer.net/digitalfoundry-2023-amd-4800s-desktop-kit-review-play-pc-games-on-the-xbox-series-x-cpuuse github.com/LongSoft/UEFITool (UEFIExtract) to extract UEFI Blobs with PE files, etc
PSVR Findings by Wildcard, FIGO Blog Post (C)ode e(X)ecute 2024-02-26 | PSVR XTS Keys Discovered due to DMA Trick by Wildcard, first found by PS4 Enthusiastfail0verflow.com/blog/2022/ps4-psvr - blog postgit clone github.com/zecoxao/ps4encdec - ps4 xts encdec repo for psvr / hdd./ps4encdec keyvault/factory_setting_key.bin psvr_emmc_dump/mmc/1.慦瑣牯役敳瑴湩g.img factory_setting 0./ps4encdec keyvault/rootfs_key.bin psvr_emmc_dump/mmc/6.潲瑯獦.img rootfs 0./ps4encdec keyvault/firmware_key.bin psvr_emmc_dump/mmc/7.楦浲慷敲.img firmware 0./ps4encdec keyvault/ta_storage_key.bin psvr_emmc_dump/mmc/8.牴獵整彤瑳牯条e.img trusted_storage 0./ps4encdec keyvault/rootfs_key.bin psvr_emmc_dump/mmc/9.潲瑯獦㉟.img rootfs2 0./ps4encdec keyvault/cache_key.bin psvr_emmc_dump/mmc/11.慣档e.img cache 0./ps4encdec keyvault/firmware_key.bin psvr_emmc_dump/mmc/13.楦浲慷敲㉟.img firmware2 0./ps4encdec keyvault/userdata_key.bin psvr_emmc_dump/mmc/14.獵牥慤慴.img userdata 0./ps4encdec keyvault/factory_fw_key.bin psvr_emmc_dump/mmc/15.慦瑣牯役睦.img factory_fw 0qiwi.gg/file/k2N15769-psvremmcdump - psvr emmc dump for testingpsdevwiki.com/ps4/Keys#PSVR_Keys - psvr keys
Setting up Als Docker Container (C)ode e(X)ecute 2023-11-02 | Hi this is zecoxao from twitter. Today we're going to talk about how to setup Al Azif's dns host locally, via docker. This works on both ps4 and ps5.Download Docker Desktop for Windows:docs.docker.com/desktop/install/windows-installClick on Blue Button Docker Desktop for Windows. I have it already so i placed it in desktop.Install it (Under the two checkmarks, DO NOT ENABLE WSL2, Use Hyper-V instead)Start it.Download the docker containter yml:sendspace.com/file/furtaqReplace the IP in the comment (REDIRECT_IPV4: 192.168.1.11 # Change me!) with your own PC IP. in my case it's already changedReplace the hijack url in the comment (HIJACK_URL: www.google.com) with your own site. in my case it's google.Open a command line (Hold shift and right click with mouse on an area of your desktop)Type the following command:docker compose upIt'll bring several subsystems up (the docker images of al's dns,http,etc) and start a logger.That's it, now you can use your IP from the PC as DNS IP. It'll work on both ps4 and ps5. The redirected site will be googleas soon as you enter the user manual.As you can see it works! I hope you enjoyed my tutorial! See you on the next one.
Al Azif DNS Hosted Locally (C)ode e(X)ecute 2023-10-27 | For those of you having issues on ps4 and ps5 with al azif host not being public for a while
The Option (C)ode e(X)ecute 2023-10-10 | Here's the option of bypassing version lock. The console being used is a testkit, running on 5.05, you can use a retail for this though. the hen used was 2.1.3, and not goldhen 2.3, which effectively spoofs qa flag options.This option cannot be enabled without throwing some registry error. Unfortunately i never found a way to bypass it. If you know a way, let me know. Thanks
Installing / Compiling PS3 Toolchain (C)ode e(X)ecute 2023-09-10 | git clone --recursive github.com/ps3dev/ps3toolchainsudo apt-get install autoconf automake bison flex gcc libelf-dev make \ texinfo libncurses5-dev patch python-is-python3 subversion wget zlib1g-dev \ libtool libtool-bin python-dev-is-python3 bzip2 libgmp3-dev pkg-config g++ libssl-dev clang
Mounting PS4 HDD On Windows, Only Specific Partitions (C)ode e(X)ecute 2023-09-10 | Requirements:sendspace.com/file/qwrurhRequirements:.wslconfig (for this you also need wsl2 installed, wsl1 should work as well)bzImage (this is ufs readonly! for ufs rw you need to compile your own bzImage)Both .wslconfig are place on C:\Users\(your_username)\ (in my case it's zecoxao)cmtabeap key partitions (i've chosen eap_vsh, update, user)folders (according to cmtab)and of course, your keysin the case of user partition the number of the partition will be 27 so you do thissubtract 27 with 1this will give 26then you left shift 32 this will give 111669149696Modify .wslconfig and cmtab accordingly! (path to bzImage, directory where to mount eap partitions, keys.bin location, ivoffset, etc)
CP Box Keys and Libhijacker Big App Not Crashing News (C)ode e(X)ecute 2023-08-27 | PS5 CP Box EMC Keys Discovered By Wildcard* psdevwiki.com/ps5/Keys#Communication_Processor_.28CP.29_EMC_Keys* Use sum of diff to find region where key is being used (fill header with 00s and ffs and apply diff)* Use DPA on the (in this case decryption) last round of the first aes* Used DPA to find keyset (algo aes 128 cbc with zero iv)* Noise had to be removed* 2 new codenames for cp box, related with Shakespeare's work Tempest (psdevwiki.com/ps5/Codenames#Shakespeare)Libhijacker does not hang anymore in app (work done by LM, illusion and astrelsky)* twitter.com/LightningMods_/status/1695696525437948245* github.com/astrelsky/libhijacker/commits/wip
RPCSX WITH AUDIO (C)ode e(X)ecute 2023-08-13 | Amazing progress. Latest build of rpcsx now has audio support
PSP Go Unbrick Jigkick News (C)ode e(X)ecute 2023-08-06 | psdevwiki.com/psp/Psp_Go_Jigkickpsp discord discord.gg/SFBGR2KrqS
PSVITA Unbrick News (C)ode e(X)ecute 2023-07-31 | twitter.com/skgleba/status/1685805706300010496twitter.com/Mathieulh/status/1685962694740803584twitter.com/Mathieulh/status/1685962696431190016twitter.com/Mathieulh/status/1685962699048415232Phat/Slim/PSTV - OKDEM/CEM Slide Models (Very Old Models) - No Go *DEM/CEM No Slide Models - Should be OK* (Different Voltage Levels)
AMD PSP Bootrom News (PS5 Fully Pwned) (C)ode e(X)ecute 2023-07-31 | Flatz got bootrom (with entry point at 0xFFFF0000 showing it) twitter.com/flat_z/status/1684554194366107650He already got the keys previous to this *He already got flash partitions previous to thisWhat follows:Flatz will decrypt entire chain (Bootrom - IPL - Secure Kernel/Kernel/Hypervisor - Selfs/PKGs/PUPs)Flatz will make a write up about a possible HEN/Fpkg method in future, if HEN is possible , as it might not be* A note:"not all keys, just some of them, and i still needed key seeds from bootrom to calculate other keys (and algorithms, ofc), so now i have all pieces of puzzle, just need to RE and calculate"
PS5 Testkit Debug Settings 3 00 (C)ode e(X)ecute 2023-07-10 | Just an overview of the PS5 Testkit Debug Settings.
Leak News AMD PSP Bootroms and VMProtect Source (C)ode e(X)ecute 2023-05-13 | AMD PSP Bootroms:github.com/anonpsp/bootromsVMProtect Source (Partial):github.com/Alukym/VMProtect-Source
PSVR2 funstuff overview (C)ode e(X)ecute 2023-02-23 | Brief description about psvr2 funstuff saucedoc.dl.playstation.net/doc/psvr2-oss/linux-kernel.htmlfolder is kernel_moduleDevice name is MT3612-A0
compiling stuff from mast1core (C)ode e(X)ecute 2023-02-22 | pastebin.com/ZfzmxaW7 (Instructions here, some characters aren't allowed on youtube)
PS4 PS5 PS2EMU Exploit Mast1core Summary (C)ode e(X)ecute 2023-02-14 | Brief description and overview of the ps2 emu exploit implemented by McCaulay from CTurt's blog post. Links:github.com/McCaulay/okragergithub.com/bucanero/apollo-ps4cturt.github.io/mast1c0re.htmlmccaulay.co.uk/mast1c0re-introduction-exploiting-the-ps4-and-ps5-through-a-gamesavemccaulay.co.uk/mast1c0re-part-1-modifying-ps2-game-save-filesmccaulay.co.uk/mast1c0re-part-2-arbitrary-ps2-code-execution
All Good Things Must Come To An End The Lv0ldr2 Saga Debunking (C)ode e(X)ecute 2023-02-13 | It is sad to bring these news to the channel, but after years of attempts, it has come to my attention that the lv0ldr.2 exploit may not be feasible.I'd like to thank to all the people that have contributed to this project, directly or indirectly:flatz- initial DECR-1000 syscon work of syscon updatesMineralwasser/M4j0r-documentation and follow up on syscon workwildcard-master glitcher, your work will always be apreciatedJuan Nadie-the honest guy behind the honest work, original D'Artagnan of the Lv0ldr exploitNaehrwert- The crypto guy, spuderman foreverJestero- Hardware dude, massive help during christmas in the exploit attemptsMikeM64- The carrier of the torch, follower of Juan's teachings, many thanks for having helped with the follow up hw iniciativeSSL/Zerotolerance-Perfect as always, the syscon pyramid bridge is an homage of your work, thank you for submitting yourself to the follow up work of MikeAnd thank you Sony, for making me still believe that the dream was possible, even if it wasn't...
Loading Files Via External Psp2Config (C)ode e(X)ecute 2023-02-02 | file needs to be a plain txt, renamed to psp2config.skprxtxt starts at first #, doesn't matter where it endsMore Info: https://wiki.henkaku.xyz/vita/SceSysStateMgr
Debug Settings QA INT DEV (C)ode e(X)ecute 2023-01-18 | Showcase of debug settings in a qa flagged internal 3.72 flashed devkit PDEL-1000A vita
A Video Dedicated to Hardware Tips (Appreciation Video) (C)ode e(X)ecute 2022-12-23 | Thanks to everyone at Hardware Tips, including, but not only:Bravo Norris,Raul Piedade,Rita Costa,and others (please tell me and i'll add them here)
Preparing a pendrive or an external harddrive for usage with ps3 updates (C)ode e(X)ecute 2022-12-11 | This might be an already made video, let me know if it was already made or not. Thanks :)Requirements:Rufus: https://rufus.ieUpdate file (has to be labeled PS3UPDAT.PUP, be CAREFUL with the extension, disable the check for known extensions if possible!)
Compiling samples from Official PS3SDK without visual studio (C)ode e(X)ecute 2022-11-26 | Requirements:7zip or winrar: to extract PSDK3v2-master.zip : e.g: 7-zip.orgPSDK3v2 by Estwald: github.com/Estwald/PSDK3v2Oficial PS3 SDK: Don't ask me where to get this, you must find it yourself.Dedicated to random reddit user :P
Shirts Merchandise Demonstration (C)ode e(X)ecute 2022-11-17 | A quick look at the future shirts that i'll (attempt to) sell in the near future. This one is for the winner of the previous giveaway @tozeleal which was randomly chosen on twitter after much deliberation.
ps5 debug settings testkit (better quality) (C)ode e(X)ecute 2022-11-10 | testkit ps5 debug settings without being recorded with a potato phone
Bdj Sdk Homebrew for the PS5 (C)ode e(X)ecute 2022-09-25 | Tutorial on how to compile john's bdj-sdk homebrewRequirements:WSL or LinuxBlank BD-RE 25GB DisksBD-RE BurnerIso Mounter (Windows 10/11 Come with one)bash script to install everything:www80.zippyshare.com/v/TDXt7Izn/file.htmlwhen doing a first blank bd-re disk, it'll ask if the type of disk will be:A Pen Drive (formatting takes less time, you can drag and drop files, and it works on ps5 and also ps4)A Disk to use with a Player (not recommended, shouldn't be used)Prepare the DiskFormat the DiskSend a message (files are ready to be added)
QAF on VITA memes (C)ode e(X)ecute 2022-09-24 | example of sheer raw power of qa flag force update on vita. more to come soon
Overview of the PS3 Keys (C)ode e(X)ecute 2022-09-19 | Video discussing a general overview of the ps3 keys on the wiki (there are a lot of them)
