Hacking [Help Needed] Running Linux on PS4 Slim FW 6.72

D

Deleted User

Guest
ah ok cool attitude buuuut something is up. Hmmm my understanding is nothing should need updating in the latest image if you launch on 6.72 for those things you are mentioning. So I say again respectfully. What image did you boot too hmm?
 

S3phi40T

Well-Known Member
Member
Joined
Dec 15, 2016
Messages
302
Trophies
0
Age
39
XP
907
Country
Poland
Gentoo needs only init change. No change at system itself.
Was online yesterday but gdrive claimed it's virus so we are waiting for rehost.
 

Acid_Snake

Developer
OP
Developer
Joined
Aug 20, 2019
Messages
569
Trophies
0
Age
29
XP
1,494
Country
Spain
ah ok cool attitude buuuut something is up. Hmmm my understanding is nothing should need updating in the latest image if you launch on 6.72 for those things you are mentioning. So I say again respectfully. What image did you boot too hmm?
I've tried this kernel and initramfs images with Gentoo: https://www.psxhax.com/threads/ps4-...-3-7-with-baikal-chip-patches-via-iguy0.7263/

This is the only kernel image (bzImage) I have been able to load correctly on my console.
I've also used that same kernel image with psxitarch's initramfs to launch psxitarch itself.

Both Gentoo and psxitarch launch fine but none of them detect wifi networking nor USB tethering for that matter, which is leaving me even clueless as my phone is detected via lsusb but it doesn't show up in ifconfig (neither wlan0, nor mlan0 nor usb0, only loopback device). I've read you can overcome this issue if you launch linux with internet disabled in the PS4 OS, but how would I launch the exploit and payloads then? (maybe using browser cache?, haven't tried it...)
 

mircoho

Well-Known Member
Newcomer
Joined
Mar 23, 2018
Messages
66
Trophies
0
Age
36
Location
Switzerland
XP
332
Country
Switzerland
sorry i host the Exploit only for tests.. now i have the new Leeful Exploit Site but with same
.JS Code so is the same payload? but a other way to inject.

IDK have no console for testing, what i know the Linux Payload sourcecode is old.. so maybe we have luck and new Devs joined the PS4 Scene
 
  • Like
Reactions: KiiWii

S3phi40T

Well-Known Member
Member
Joined
Dec 15, 2016
Messages
302
Trophies
0
Age
39
XP
907
Country
Poland
I had a chat with @Cedsaill on Twitter.
There is temporary solution until he gets new kernel:

- flash Gentoo01-2020 to you USB drive
- resize partition (optional)
- on your PC open 1st partition with kernel and init
- replace (old) kernel from this tweet:
- run/cache https://ps4boot.github.io/
- load JB
- load Linux USB Aeolia or Baikal depends on your console model
- Gentoo will boot up :D
 
  • Like
Reactions: KiiWii

Grizzley

Member
Newcomer
Joined
Jul 26, 2020
Messages
8
Trophies
0
Age
24
Location
Discord : Grizzley#0001
Website
twitch.tv
XP
36
Country
United States
sorry i host the Exploit only for tests.. now i have the new Leeful Exploit Site but with same
.JS Code so is the same payload? but a other way to inject.

IDK have no console for testing, what i know the Linux Payload sourcecode is old.. so maybe we have luck and new Devs joined the PS4 Scene
Well I load baikal loader and then it does nothing afterwards. Says it was loaded but then nothing. was working fine yesterday.
 

mircoho

Well-Known Member
Newcomer
Joined
Mar 23, 2018
Messages
66
Trophies
0
Age
36
Location
Switzerland
XP
332
Country
Switzerland
ps4boot.github.io/old/index.html is the Host from yesterday.
ps4boot.github.io is a 1:1 Copy from leeful with disabled cache function for testing,
 
  • Like
Reactions: Leeful

mircoho

Well-Known Member
Newcomer
Joined
Mar 23, 2018
Messages
66
Trophies
0
Age
36
Location
Switzerland
XP
332
Country
Switzerland
maybe know Leeful why, but is the same js code

window.mira_blob_2_len = 0x4388; (new one)
window.mira_blob_2_len = 329960 (on old host)


int the linuxbaikal.js
 

S3phi40T

Well-Known Member
Member
Joined
Dec 15, 2016
Messages
302
Trophies
0
Age
39
XP
907
Country
Poland
ps4boot.github.io/old/index.html is the Host from yesterday.
ps4boot.github.io is a 1:1 Copy from leeful with disabled cache function for testing,
No, there is caching and new payloads for internal Linux added today. Clear your cache.
 

mircoho

Well-Known Member
Newcomer
Joined
Mar 23, 2018
Messages
66
Trophies
0
Age
36
Location
Switzerland
XP
332
Country
Switzerland
bin2js.c


Code:
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <assert.h>

int main(int argc, char** argv)
{
  assert(argc == 2);
  char* fn = argv[1];
  FILE* f = fopen(fn, "r");
  fseek(f, 0, SEEK_END);
  int l = ftell(f);
  int ll = (l + 0) / 1;
  fseek(f, 0, SEEK_SET);
  char *b = malloc(ll * 1);
  memset(b, 0, ll * 1);
  fread(b, l, 1, f);
  fclose(f);
  uint8_t *u = (uint8_t *)b;
  printf("var payload=[");
  for (int i = 0; i < ll; i++)
  {
    printf("%u", *u++);
    if (i < (ll - 1)) printf(",");
  }
  printf("];\n");
  free(b);
}

gcc bin2js.c
./a.out PAYLOAD.bin > payload.js

and then i have jsut copied the code an added them in write_mem(window.mira_blob_2, [..............


in endeffect i copied your linux.js (for Aeolia/beliza) and added the JS Code for Baikal Model and renamed the file linuxbaikal.js..
 
Last edited by mircoho,
  • Like
Reactions: Leeful

Leeful

GBAtemp Member
Developer
Joined
Sep 4, 2015
Messages
1,900
Trophies
1
XP
6,915
Country
United Kingdom
You cant do it like that anymore for 6.72. It must be converted to blob.
Use this, just edit the bat file and enter the name of the bin you want to convert.
It will give you the correct js to use with 6.72.

BTW you will notice that the window.mira_blob_2_len = 0x4388 will change for each payload because it is the length of the payload in hex bytes. You don't need to worry about that because the script will do it for you.:):)
 

Attachments

  • Bin To 6.72 blob.rar
    496 bytes · Views: 259
  • Like
Reactions: KiiWii and mircoho

Stefanos

New Member
Newbie
Joined
Jul 30, 2020
Messages
3
Trophies
0
Age
42
XP
32
Country
Greece
Dear mircoho I am having the same case as Grizzley. With the old
ps4boot.github.io my gentoo linux was working fine by selecting the
Baikal option. With the new page it will load but not restart the PS4.

I saw the link you gave for the old page (ps4boot.github.io/old/index.html).
I tried it and again the linux loaded fine.

One strange thing is that I took the files for the old page from the github
and hosted the exploit locally to my raspberry but again the baikal option
will restart my PS4 and freeze it. With your page it is working fine...

Also I need to mention that I tried many linux exploit pages but yours
was the only one that worked for my PS4 ( I own the CUH-7116B pro model
with 6.72).

Is there a way to cache the old page ?
 

Stefanos

New Member
Newbie
Joined
Jul 30, 2020
Messages
3
Trophies
0
Age
42
XP
32
Country
Greece
Ok one update from my side.

I downloaded the contents of ps4boot/ps4boot.github.io and copied the
extracted folder to my Raspberry apache html folder. I tested and by selecting the USB-Baikal
option the PS4 would not restart after loading the payload. Then I moved from within the \OLD\PAYLOADS\
folder the file linuxbaikal.js to the html root and renamed it to pl_linuxbaikal.js (overwriting the one that
was already there).

After doing the above the Linux loads perfectly for me using the 6.72 exploit localy from my Raspberry.
I just select first "Load Exploit" and then "Linux USB Baikal". My usb stick (plugged in the back of the PS4)
contains the Gentoo image burned with Rufus (original bzimage and initramfs.cpio.gz files)

This exploit menu is done by Leeful so big thanx to him :)
 

mircoho

Well-Known Member
Newcomer
Joined
Mar 23, 2018
Messages
66
Trophies
0
Age
36
Location
Switzerland
XP
332
Country
Switzerland
You cant do it like that anymore for 6.72. It must be converted to blob.
Use this, just edit the bat file and enter the name of the bin you want to convert.
It will give you the correct js to use with 6.72.

BTW you will notice that the window.mira_blob_2_len = 0x4388 will change for each payload because it is the length of the payload in hex bytes. You don't need to worry about that because the script will do it for you.:):)

the script doesn't make me a .js file? i changed the payload to input.bin and open
Unbenannt.JPG



EDIT : ok under linux no problem .. maybe missing python3 under windoof
 
Last edited by mircoho,
  • Like
Reactions: Leeful
General chit-chat
Help Users
  • No one is chatting at the moment.
    K3N1 @ K3N1: https://i.ibb.co/gTVKLHF/bill-king-of-the-hill.gif