sleirsgoevy

On offsets

After the recent release of ps5-kstuff with support for PS4 fpkg files, there is a lot of questions about porting this to other firmwares (4.50 and 4.51 are important in particular, because users of those firmwares can't update to 4.03, but they are still vulnerable to all of the used exploits). The main problem with these ports it the bespoke XOM, which prevents finding the offsets by simply examining the dumps. So in this document I'm going to go over what offsets are important for ps5-kstuff, and how I found them for 4.03.

These are the main categories of offsets:

1. Kernel data offsets, those can be found from data dumps that are not XOM-protected
2. Kernel text offsets pointed to by kernel data
3. doreti_iret offset (that's one offset, but it deserves its own word)
4. Offsets found from single-stepping of kernel functions

devded

Note: I don't know where does this thread belongs. If I'm on the incorrect section, move it to the correct one.

Many people are literally just selling this method and I feel like sharing this out so that you don't have to pay because the seller just don't do a minute of work to get you the drive.
So moving straight towards the method:

Step I:
Go to this link: https://td.fastio.me/ (mirrors to be left at the last)

Step II:
Type your desired drive's name at the first field and your Gmail on the bottom field.

Wunkolo

DAT/DTT files are general containers found within the compressed .cpk files

struct Header
{
	std::uint32_t Magic; // 'DAT\x00'
	std::uint32_t FileCount;
	std::uint32_t FileTableOffset;
	std::uint32_t ExtensionTableOffset;
	std::uint32_t NameTableOffset;