|
|
||
|---|---|---|
| .. | ||
| exploit/500 | ||
| source | ||
| .gitignore | ||
| dumper.css | ||
| dumper.js | ||
| index.html | ||
| Makefile | ||
| README.md | ||
| server.py | ||
Orbital Dumper
Dumper to dump/extract files required by Orbital from an actual PlayStation 4 console. The dumper currently supports PS4 FW ver 1.76, 4.55, 5.00, 5.05.
Usage
-
Connect your computer and PS4 to the same network.
-
Setup ps4-payload-sdk.
-
Before building, change the IP address (
#define BLOBS_ADDR IP(192,168,2,1)) found insidesource/blob.cto the IP adress of the pc where theserver.pywill be running. -
Build the payload for your firmware version with
make. Pick one of the following supported firmware versions: 1.76, 4.55, 5.00, 5.05. For example:make 5.00 -
Start the server with:
python server.py -
Enter your computer's IP address in the PlayStation 4 web browser and follow the instructions on screen. The exploit provided by
server.pyonly works for firmware 5.00. If you are on a different firmware you need to run an exploit manually and send the dumper payload using netcat/socat:
socat -u FILE:dumper.bin TCP:"PS4 IP":9020
Development
This dumper requires an exploit that listens for payloads in binary format on port 9020. These payloads need to be mapped as follows in user address space:
0x926200000: Code (can be changed inMakefile)0x926300000: Data (can be changed inMakefile)0x926400000: Arguments (can be changed insource/main.c)
Furthermore, the server will listen at port 9021 for incoming blobs, and optionally at 9022 for debug messages.
Compiling Notes
If you want to add support for a new FW, use one of the source/ksdk_XXX.inc as template and update the required offset to match that of your FW.