How do I update safely?
-All you have to do is download the 5.05 recovery image (one place to do so is DarkSoftware.xyz) place it on a USB device in the following folder tree /PS4/UPDATE/UPDATE.PUP (make sure you change the file name to just "UPDATE.PUP" if you use the darksoftware link).
Put the USB storage into the left-most USB port and start your console in safe mode by turning it off, then once it is off, hold power for around 12-15 seconds until you hear a second beep, then choose option "(3) Update System Software). Make sure that your .pup file is in the correct folder, and is properly named or you may install the wrong update file (I'm not sure if it just errors out or not). URL
-You would have to disable update blocking through the payload launching menu (if you have blocked updates), then just download the firmware file and update. I would encourage you to download the full ~800mb system image and boot into recovery mode and install it from there.
Some people also recommend you to make a backup of whatever saves etc you care about and then wipe your system to be on the safe side but as it sits nobody has been known to have had any trouble (bans or whatever) due to this exploit. URL
How do I find a PS4 with firmware 5.05 or lower?
You have to find out which bundles come with which firmware. There are a few scattered around on GBAtemp and Wololo.net but IIRC there were not many PS4 Pro bundles on the list. I think FarCry 5, God of War, Destiny 2, and possibly the Gran Turismo 5 VR bundle?
I will post a couple of threads for you, keep in mind that with the PS4 Pro they are still likely making bundles, so it's possible that a bundle that was lower 4.xx in March could now be 5.55 and it also sometimes depends on your region what firmware is shipping.
https://en.wikipedia.org/wiki/PlayStation_4_models?oldformat=true#Pro_Bundles
https://gbatemp.net/threads/any-bundle-of-ps4-pro-comes-with-5-05-or-lower.505502/
https://gbatemp.net/threads/suggestion-ps4-bundles-firmware-list.487337/
http://wololo.net/2018/05/18/ps4-get-hands-ps4-firmware-5-05-lower/
This should give you a good start anyways, basically if the bundle was shipping before March-April 2018 then it's very likely to be 5.05 and lower. Good Luck! URL
Will it ever be possible to play games requiring firmware versions greater than 5.05?
-It definitely will be possible eventually to play games with minimum FW versions higher than 5.05. What it requires is that decryption for higher versions to become available, this requires some kind of exploit working on whatever version the game happens to require (or for the required keys to be leaked, pretty unlikely). There are two likely ways this can happen (both are related). One way is that some person (or release group) acquires the ability to dump games (via either exploit or available keys) and they dump and patch the games for release (this may or may not be possible for any given game due to differences in API/SDK). And of course, the other possible way is via a public or semi-public jailbreak. This has happened in the past where games with required firmware higher than 4.55 circulated (in a limited way) for a few weeks before 5.05 jailbreak was released. In summary, I would say if you want to play semi-fresh games for the foreseeable future the only way is to get a second PS4, it doesn't appear to be too hard to find PS4 pro's with <5.05 firmware so personally I have been considering trying to pick one up and updating my current slim. If worst comes to worst and I'm stuck with a Pro that isn't exploitable at least I know it will likely be functional long into the PS4's End of Life period where people are more likely to release exploits (if they are in fact holding onto them). That may change though, given Sony seems to now be releasing security updates long into the EOL of PSP. Who knows, really what you're asking is for someone to tell ya the future. All anyone can do is make an (informed?) guess. URL
-Maybe someday something previously thought impossible might become possible. Every time a new firmware is released the crypto keys are updated, that's why games with newer required firmware's need a system that's able to play them, to be able to dump them. If you're ever able to play games requiring higher firmware, that almost certainly means there will be a kernel exploit for that higher firmware. Even if it is private, there will eventually be a public one, and as more research gets done the more vulnerabilities are discovered. It just gets more and more likely that the next version gets broken. URL
How do I know what games are playable on which firmware?
-Any game made after about April of this year is unplayable on 5.05. Just find out the date for the games, and you will know. There's no really complete list of minimum required firmware, but there are a few that aren't particularly maintained so the fastest/easiest way is to just check wikipedia (or some game site) for the release date.
In the future, please confine your questions to the sticked "Questions" thread, thanks. URL
How to find <5.05 PS4 Pro Bundles?
-You have to find out which bundles come with which firmware. There are a few scattered around on GBAtemp and Wololo.net but IIRC there were not many PS4 Pro bundles on the list. I think FarCry 5, God of War, Destiny 2, and possibly the Gran Turismo 5 VR bundle?
I will post a couple of threads for you, keep in mind that with the PS4 Pro they are still likely making bundles, so it's possible that a bundle that was lower 4.xx in March could now be 5.55 and it also sometimes depends on your region what firmware is shipping.
https://en.wikipedia.org/wiki/PlayStation_4_models?oldformat=true#Pro_Bundles
https://gbatemp.net/threads/any-bundle-of-ps4-pro-comes-with-5-05-or-lower.505502/
https://gbatemp.net/threads/suggestion-ps4-bundles-firmware-list.487337/
http://wololo.net/2018/05/18/ps4-get-hands-ps4-firmware-5-05-lower/
This should give you a good start anyways, basically if the bundle was shipping before March-April 2018 then it's very likely to be 5.05 and lower. Good Luck! URL
Why don't hackers release exploits for newer firmware? Because they want to keep it until it is patched?
-That is one reason, yes. I don't think they expect to keep everything they have until its patched, but at least until the most important parts are patched. You have to understand that to get full control there is more than just one bug involved. There is usually a whole chain of bugs and tricks used and often one part of it may get found and patched by Sony, but there are still pieces that can be used by hackers to find a new road to exploit.
I can only tell you what they have said before. One big thing is that they don't want to promote piracy. They are willing to put up with piracy if people start to create and release stuff not related to piracy, but for many reasons, the scene has a focus on free games right now.
People are asking for stuff that does not even yet exist. It often takes time to catch up when new firmware is released. These same people who update every single time are always asking for the newest firmware.
5.05 KEX was released less than a year ago, that isn't very long. It might seem like it for people who come from the Nintendo scene, but waiting is nothing new for the PlayStation scene.
The PS4 is getting close to its End of Life, it makes sense to hold onto as much as possible for this for the health of the scene. Hacking really comes into its golden age when company support for the product dries up. That's when the community comes together to add features and extend the lifetime of our expensive junk.
These are all reason's I have seen mentioned by different hackers in the last while. I'm not saying I agree with everything, I am just saying what the kernel hackers have said. URL
What do you mean by a "Private" exploit, does that mean there is a way to pay for it?
-Hey, how's it going? There's not really a lot I can tell you about any 5.05+ exploits as it would be mostly speculation. When we are talking about private exploits here it usually just means that researchers/hackers have the capability to exploit them but it doesn't necessarily mean that there is a packaged "jailbreak" (a user-friendly exploit chain) or that anyone is even working on one for the public. Usually it just means that someone has shared a bit of data publicly that other trusted researchers have used to verify that they indeed have the required privileges to read or manipulate it. Normally this is a hash of a protected file/document.
Normally, researchers and hackers in these scenes are against selling hacking methods (unless they are hardware based, which makes it infeasible to distribute for free although they often release all the info for anyone to freely produce the hardware Open-Source such as SD2Vita or SwitchMe).
More often than not, if there is a commercial (paid) software hack available it is based on freely available Open-Source code and targets users who are unaware of the Open-Source software solution. In the (currently) uncommon situation that a commercial method is available before an Open-Source hack, it is usually promptly reverse-engineered and made public. URL
How do I reinstall/reinitialize using recovery mode?
-Yes, you can do this no problem. I don't think there's anyone who has written a guide since it's fairly straight forward, you can use the one on Sony's support website if needed, be sure to download the correct PUP file though. Sony only links to the most current firmware (7.0) which you obviously want to avoid.
- Download the 5.05 recovery image (one place to do so is DarkSoftware.xyz) place it on a USB device in the following folder tree /PS4/UPDATE/UPDATE.PUP (make sure you change the file name to just "UPDATE.PUP" if you use the darksoftware link).
- If you have used the "Block Updates" payload, be sure to run the "Unblock Updates" payload now.
- Put the USB storage into the left-most USB port and start your console in safe mode by turning it off, then once it is off, hold power for around 12-15 seconds until you hear a second beep.
- Choose option* "(7) Reinitialize System". Make sure that your .pup file is in the correct folder and is properly named or you may install the wrong update file if you have previously downloaded it.
*I would suggest following these same basic instructions but using option "(3) Update System Software" first. This may get you the same results but save you having to reinstall all your homebrew or other apps. URL
Fake Jailbreak sites/Family Share "Jailbreak"
-There are services (usually in small shops) in countries that don't really care about Piracy where they charge you money to copy games to your PS4 and they advertise it as "Jailbreaking".
They just have a bunch of accounts that they already own a lot of games on, and when you give them $50 or whatever they will log into that account on your PS4 and download the games. There is a bug that allows them to disconnect the PS4 from the internet and still have those games authorized on your PS4.
Then you take your PS4 home from the shop and as long as you don't go online you can still play the games. If you do go online then it locks them all and you can't play any of the games anymore. That's all it is. You have to bring your PS4 to them (or they sometimes sell consoles already loaded with games).
Any other websites or services selling a jailbreak are just farming you for clicks or to fill in ad-surveys. Those sites usually will allow you to download some file but it is password protected and they make you jump through a bunch of hoops (like surveys that they get paid for you clicking on) to get the password. What normally happens is there is an email address at the end where you are supposed to contact but they never reply. Sometimes they just make it look like the page isn't working right so you do it all over again.
Other times the file is just plain malware. Bottom line is that there is no jailbreak for firmware higher than 5.07 available (yet). URL
What is the difference between a jailbreak , CFW, and Exploit? The wiki says: "there is no chance of getting banned playing online in ps4 exploit" is this true? Is it not possible with jailbreak?
Hey, how's it going? I can help you with most of these questions but the first thing you are going to need to know is that you won't be able to use any of the stuff we talk about here without buying another PS4 that has been offline for like 2 years because you need to be on firmware version 5.07 or lower. There's no way to go back (downgrade) once you have updated. The only way is to get another PS4 and that doesn't seem to be likely to change for the foreseeable future.
- What is the difference between a jailbreak, CFW, and Exploit? I read somewhere that exploit is temporary and we have to do it every time system restarts.
An exploit is a piece of software that takes advantage of a bug or vulnerability to cause unintended behavior to occur on the PS4 that includes gaining control of the PS4 (or privilege escalation).
The PS4 system is based on BSD, an operating system that has a security concept called "Jail". A jailbreak is an act or tool used to break out of the PS4 "Jail" allowing us to see files outside of the filesystem that Sony never intended to make available and for bypassing digital rights management (DRM).
Custom firmware is unofficial firmware created by third parties for the PS4 to provide new features and unlock hidden functionality. The term is often written as CFW, referring to an altered version of the original system software (also known as the official firmware or simply OFW) inside a video game console such as the PlayStation Portable, PlayStation 3, PlayStation Vita and Nintendo 3DS.
Basically in our context, a jailbreak is slang for a group of exploits packaged in a format easy for the average person to use which allows us to run software on the PS4 that Sony never intended up to and including custom system software (or CFW).
- Here is what wiki source says: "there is no chance of getting banned playing online in ps4 exploit" is this true? is it not possible with jailbreak?
There is no chance of getting banned online with an exploited PS4 because there is no way to use PSN and play on Sony's servers at all. We can not update, and if you have a PS4 and play online you know very well that your PS4 must be up to date to play games online. I didn't write the wiki, but I believe it might be worded this way because we technically can play online multiplayer games (using X-Link Kai), we just can't play on Sony's network. Therefore there is no way to be banned for online play (yet). URL
How can I learn to create my own hack or exploit?
-Truth is, there doesn't appear to be any schools or anything to learn to reverse engineer. I have heard of bootcamps and workshops, they do them at conventions sometimes. Your best bet is to just dive in and start trying like most people learned their practical skills.
I don't mean to start hacking your PS4 open with a hammer or something, start with any cheap electronics you can find.
Maybe get some of those Arduino blue-pill clones for two bucks a crack and there are some hardware CTF's that use them. An amazing YouTuber you may have heard of as he has become quite popular lately is LiveOverflow, he makes videos about RE and related topics and he goes through the RHME-2016 CTF step by step in video's with supplemental written material as well.
I'm working on (following along, really) a device called the Smart Response XE. They are used in Schools and stuff so you may be familiar with them. You can get like 30 of them for $100 on ebay.
I got mine from a guy in the Arduboy Forums, 4 of em for $20 and there are a few guys saying they have lots and will sell them like that to anyone.
They're based on Arduino and there's a group working on REing them and porting the Arduino libraries (as well as new implementations, such as a wifi serial link).
If you only care about gaming, one thing worth noting is that earlier systems are exponentially less secure (PSP shipped with like no real security measures) so it is probably good to start digging in on one of those (preferably one with a lot of public information available).
I would say the main thing I see when I have researched how to learn to Reverse Engineer is just to have an interest in it and to try to do it.
One last thing I want to point out, I'm just a guy with an interest like you are. I can barely edit someone else's code, but I find it fun to try. Maybe you will get better answers from one of the Pro's that sometimes stop in here, I don't know.
Good luck though, and have fun with it. URL
u/AromaticBricks take:
-There's way too much to learn to be able to exploit systems such as the PS4. Regardless, I'm going to write an answer which I hope will satisfy your curiosity. I think in about two years of full time dedication one can become able to exploit such systems.
First, you need to have some programming knowledge, which you claim you already know. My recommendation would be in this order: C, C++, then x86_64 ASM. Contrary to what is usually said, you don't need a mastery of either, but it's important to understand how each language works.
With C, you are coding at a level very close to machine code, but you still have enough abstractions not to get bothered away with too many details. Next, C++ will teach you about OOP, but the most important thing to learn here is how C++ actually implements things such as classes and objects (e.g., look up Virtual Method Table/VMT). As soon as you believe you understand C and C++ well enough — not master them, mastery will come later — move to the next step.
Now that you grasped the fundamentals , you need to learn how the computer works. And I think there's no better resource than Computer Systems: A Programmer's Perspective. Interestingly, assuming you read this book cover to cover, and do all the exercises, you will learn:
Assembly programming (lowest level you can go)
Basic reverse engineering and exploitation
Memory management and how Virtual Memory works
There are chapters you can absolutely skip, but I suggest you only skip these two chapters if you must: Processor Architecture, and Optimizing Program Performance.
Now is the time to start getting involved in various Capture The Flag contests. By all means, try to do previous challenges. Find an old CTF contest, and try to do their challenges. You should start from basic challenges such as simple stack overflows (which are very hard to come by in the real word now), and move your way up into heap corruption and Return Oriented Programming. Something I also recommend is exploit-exercises.com. It's absolutely amazing.
Solving CTF challenges will give you a good way of becoming better at gdb and reverse engineering.
While you're honing your exploitation skills, you should also start reading a bit more about OS internals, and since your primary target is the PS4, you may as well start with FreeBSD, which Orbis OS is based on.
Two books which I can recommend are these:
Designing BSD Rootkits: An Introduction to Kernel Hacking (will give you hands on practice inside the FreeBSD kernel)
The Design and Implementation of the FreeBSD Operating System (not really required, but what do you have to lose?)
Also, learning some Python won't hurt. It's fairly common to find exploits written in Python, so it will definitely help.
By the time you've finished reading Designing BSD Rootkits, you should have a fairly good knowledge of FreeBSD internals. Now's the time to start getting your hands dirty.
After you feel comfortable with all kinds of CTF challenges (only binary exploitation mind you, don't bother with stuff like web exploitation, unless that's your thing), it means you're ready to learn actual Kernel exploitation. Find public exploits of older vulnerabilities.
Let's say you found an exploit of an older vulnerability. By now you have an idea of how the kernel works. So read the source code of the exploit, and try to make sense of it. Next, after reading the source of the exploit, go inside the kernel source code (for that specific version of the FreeBSD that has the vulnerability), and try to find the actual vulnerability in the source. Then, the next step is to reproduce the exploit. Try to write it yourself.
After you repeat this process a few times for various public exploits, you should be comfortable with kernel exploitation. You may end up learning patterns. If a certain part of the kernel had a vulnerability in the past, there's a good chance there may be other vulnerabilities lurking around, waiting for someone to discover them.
Unfortunately, there's not much I can say about the vulnerability discovery part. Certain techniques, such as fuzzing, definitely help. In the end, you'll most probably end up developing your own fuzzing tools and techniques. Personally I've never had the chance to find such vulnerabilities myself because I never tried (I like to say I never had the time, but I'd only be fooling myself). But there is a reason why certain hackers in the scene find vulnerabilities time and time again. Once you get your first kill, you'll be in a roll.
That was really long, I know. But I really recommend you take this path if you feel like doing this. It's very rewarding, as I hope you'll find out. URL
Can someone explain why certain games require a different firmware?
-The decryption key changes with newer versions of firmware. So firmware 5.05 has the keys to decrypt games that were released at the time 5.05 was released, as well as keys for all the games released before 5.05.
If a game was released after any given firmware, it would not be possible for that firmware to have keys for that game. The keys may not even have existed at the time that firmware was released. (There are a few caveats and exceptions here, a few games always come out with the earlier set of keys around the time the encryption changes). URL
Is it possible to play games that require 6.50 on let's say 6.20 when there is a custom firmware/mod installed on the console?
-It is if someone breaks a higher firmware in a way to access the encryption keys, and releases them publicly. Again there's some caveats here and what I'm providing is a simplistic explanation, not a technical one (I couldn't provide a techie answer if I wanted to, I don't have that knowledge or skillset). URL
Does a game disk itself contain PS4 firmware that it requires the console to be on, then it automatically updates PS4 upon inserting the game disk ? I'm currently at 6.20 and don't want to mess it up.
-Yes, every disc for every game comes with an update for the minimum firmware that is required to play that particular game in its base version without DLC or update patches. This is so that people who are unable or don't want to download an update file (no internet, or metered connections) are able to play the game they just purchased and ran home giggling to play. It does not automatically update, you have to confirm the update in a dialogue box and agree to the license. URL
What is the latest game patch version I can use with XXXX game?
-You can check which updates work using https://ps4database.io/search. If there is an update patch available it will say so, and if there is more than one it will have a red drop-down menu in the upper left corner.
If you choose an update from the dropdown menu it will tell you the minimum version required for that update. If it doesn't have a minimum it means that it is the same required version as reported on the main page. URL