orbital/tools/dumper/README.md

Orbital Dumper

Dumper to dump/extract files required by Orbital from an actual PlayStation 4 console. The dumper currently supports PS4 FW ver 1.76, 4.55, 5.00, 5.05.

Usage

1. Connect your computer and PS4 to the same network.

2. Setup ps4-payload-sdk.

3. Before building, change the IP address (#define BLOBS_ADDR IP(192,168,2,1)) found inside source/blob.c to the IP adress of the pc where the server.py will be running.

4. Build the payload for your firmware version with make. Pick one of the following supported firmware versions: 1.76, 4.55, 5.00, 5.05. For example:

   make 5.00
   

5. Start the server with:

   python server.py
   

6. Enter your computer's IP address in the PlayStation 4 web browser and follow the instructions on screen. The exploit provided by server.py only works for firmware 5.00. If you are on a different firmware you need to run an exploit manually and send the dumper payload using netcat/socat:

socat -u FILE:dumper.bin TCP:"PS4 IP":9020

Development

This dumper requires an exploit that listens for payloads in binary format on port 9020. These payloads need to be mapped as follows in user address space:

• 0x926200000: Code (can be changed in Makefile)
• 0x926300000: Data (can be changed in Makefile)
• 0x926400000: Arguments (can be changed in source/main.c)

Furthermore, the server will listen at port 9021 for incoming blobs, and optionally at 9022 for debug messages.

Compiling Notes

If you want to add support for a new FW, use one of the source/ksdk_XXX.inc as template and update the required offset to match that of your FW.