Post: How to Decrypt and Dump UserModules by Zecoxao
Options
10-27-2016, 04:10 PM
#1
Hydrogen
Super Mod
, has now shared a public tutorial to the whole PS4 Scene which other, PS4 Developer, Grass Skeu had made for us. In this tutorial he conveys on how to decrypt and Dump UserModules on the PS4. Hope you enjoy his tutorial. To roughly quote what Zeco had to say in english:"First of all i'd like to say thank you to the person who has allowed me to post this tutorial. His english isn't perfect so he asked me to make this tutorial on his behalf. Thanks, grass skeu
Pre-Requisites
- You must login or register to view this content.
- You must login or register to view this content. OR alternatively extreme-modding.de's elf loader (found You must login or register to view this content.)
- You must login or register to view this content.
- 1.76 Console
- fat32 usb pendrive
Steps:
1- Fire up elf loader on your 1.76 console
2- Let it load all the way up to stage 5 without memory errors!
3- Compile the payload source. You can specify in between:
ps4KernelExecute((void*)path_self_mmap_check_function, NULL, &ret, NULL);
and
ps4KernelExecute((void*)unpath_self_mmap_check_function, NULL, &ret, NULL);
which module(s) you want to decrypt. if you want, you can even decrypt all modules from 1.76 Dump released a while ago! This includes elf,self,prx,sprx,sexe,sdll and eboot.bin. However, take into notice that you can only decrypt usermodules from disc or psn apps when you have loaded them and minimize them (by pressing ps button), and only from absolute path! (due to npdrm management)
I have left an example:
decrypt_and_dump_self("/mini-syscore.elf", "/mnt/usb0/mini-syscore.elf");
so, the elf will be written to usb0 (rightmost port), but you can specify others
4. run listener (if you want, this is optional):
socat - TCP:my.ps4.ip.here:5052
where ps4 ip is your local ip (mine is 192.168.1.72)
5. finally send payload:
socat -u FILE:path/to/DumpFile TCP:my.ps4.ip.here:5053
pecifying the path to the payload and the ip.
if the payload fails to be executed with out of memory error just stabilize on stage 5 WITHOUT restarting console and try again.
Any doubts please ask.
And all credits go to grass skeu for this awesome trick!
"Zeco also added saying:
"Just a small note. segment 0x6fffff01 cannot be "decrypted" from game eboots because... it's a plaintext segment in encrypted file
Just add it to the end of the elf."
Last edited by
Hydrogen ; 10-27-2016 at 04:17 PM.
10-27-2016, 05:02 PM
#2
Red-EyeX32
AstroCFG
Originally posted by Hydrogen
Hello NextGenUpdate, today, PS4 Developer, Zecoxao, aka Mr. Rapper Zeco , has now shared a public tutorial to the whole PS4 Scene which other, PS4 Developer, Grass Skeu had made for us. In this tutorial he conveys on how to decrypt and Dump UserModules on the PS4. Hope you enjoy his tutorial. To roughly quote what Zeco had to say in english:
"First of all i'd like to say thank you to the person who has allowed me to post this tutorial. His english isn't perfect so he asked me to make this tutorial on his behalf. Thanks, grass skeu
Pre-Requisites
Steps:
1- Fire up elf loader on your 1.76 console
2- Let it load all the way up to stage 5 without memory errors!
3- Compile the payload source. You can specify in between:
and
which module(s) you want to decrypt. if you want, you can even decrypt all modules from 1.76 Dump released a while ago! This includes elf,self,prx,sprx,sexe,sdll and eboot.bin. However, take into notice that you can only decrypt usermodules from disc or psn apps when you have loaded them and minimize them (by pressing ps button), and only from absolute path! (due to npdrm management)
I have left an example:
so, the elf will be written to usb0 (rightmost port), but you can specify others
4. run listener (if you want, this is optional):
where ps4 ip is your local ip (mine is 192.168.1.72)
5. finally send payload:
pecifying the path to the payload and the ip.
if the payload fails to be executed with out of memory error just stabilize on stage 5 WITHOUT restarting console and try again.
Any doubts please ask.
And all credits go to grass skeu for this awesome trick!"
Zeco also added saying:
"Just a small note. segment 0x6fffff01 cannot be "decrypted" from game eboots because... it's a plaintext segment in encrypted file
Just add it to the end of the elf."
, has now shared a public tutorial to the whole PS4 Scene which other, PS4 Developer, Grass Skeu had made for us. In this tutorial he conveys on how to decrypt and Dump UserModules on the PS4. Hope you enjoy his tutorial. To roughly quote what Zeco had to say in english:"First of all i'd like to say thank you to the person who has allowed me to post this tutorial. His english isn't perfect so he asked me to make this tutorial on his behalf. Thanks, grass skeu
Pre-Requisites
- You must login or register to view this content.
- You must login or register to view this content. OR alternatively extreme-modding.de's elf loader (found You must login or register to view this content.)
- You must login or register to view this content.
- 1.76 Console
- fat32 usb pendrive
Steps:
1- Fire up elf loader on your 1.76 console
2- Let it load all the way up to stage 5 without memory errors!
3- Compile the payload source. You can specify in between:
ps4KernelExecute((void*)path_self_mmap_check_function, NULL, &ret, NULL);
and
ps4KernelExecute((void*)unpath_self_mmap_check_function, NULL, &ret, NULL);
which module(s) you want to decrypt. if you want, you can even decrypt all modules from 1.76 Dump released a while ago! This includes elf,self,prx,sprx,sexe,sdll and eboot.bin. However, take into notice that you can only decrypt usermodules from disc or psn apps when you have loaded them and minimize them (by pressing ps button), and only from absolute path! (due to npdrm management)
I have left an example:
decrypt_and_dump_self("/mini-syscore.elf", "/mnt/usb0/mini-syscore.elf");
so, the elf will be written to usb0 (rightmost port), but you can specify others
4. run listener (if you want, this is optional):
socat - TCP:my.ps4.ip.here:5052
where ps4 ip is your local ip (mine is 192.168.1.72)
5. finally send payload:
socat -u FILE:path/to/DumpFile TCP:my.ps4.ip.here:5053
pecifying the path to the payload and the ip.
if the payload fails to be executed with out of memory error just stabilize on stage 5 WITHOUT restarting console and try again.
Any doubts please ask.
And all credits go to grass skeu for this awesome trick!
"Zeco also added saying:
"Just a small note. segment 0x6fffff01 cannot be "decrypted" from game eboots because... it's a plaintext segment in encrypted file
Just add it to the end of the elf."
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
