Hacking [Help Needed] Running Linux on PS4 Slim FW 6.72

[Deleted User]

ah ok cool attitude buuuut something is up. Hmmm my understanding is nothing should need updating in the latest image if you launch on 6.72 for those things you are mentioning. So I say again respectfully. What image did you boot too hmm?

 

[S3phi40T]

Gentoo needs only init change. No change at system itself.
Was online yesterday but gdrive claimed it's virus so we are waiting for rehost.

 

[Acid_Snake]

ah ok cool attitude buuuut something is up. Hmmm my understanding is nothing should need updating in the latest image if you launch on 6.72 for those things you are mentioning. So I say again respectfully. What image did you boot too hmm?

I've tried this kernel and initramfs images with Gentoo: https://www.psxhax.com/threads/ps4-...-3-7-with-baikal-chip-patches-via-iguy0.7263/

This is the only kernel image (bzImage) I have been able to load correctly on my console.
I've also used that same kernel image with psxitarch's initramfs to launch psxitarch itself.

Both Gentoo and psxitarch launch fine but none of them detect wifi networking nor USB tethering for that matter, which is leaving me even clueless as my phone is detected via lsusb but it doesn't show up in ifconfig (neither wlan0, nor mlan0 nor usb0, only loopback device). I've read you can overcome this issue if you launch linux with internet disabled in the PS4 OS, but how would I launch the exploit and payloads then? (maybe using browser cache?, haven't tried it...)

 

[Grizzley]

i have added a baikal loader to but have no ps4 to test

I tried using the baikal loader but it doesn't work anymore. What did you do when you updated the website? Cause it doesn't seem to work anymore

 

[mircoho]

sorry i host the Exploit only for tests.. now i have the new Leeful Exploit Site but with same
.JS Code so is the same payload? but a other way to inject.

IDK have no console for testing, what i know the Linux Payload sourcecode is old.. so maybe we have luck and new Devs joined the PS4 Scene

 

[S3phi40T]

I had a chat with @Cedsaill on Twitter.
There is temporary solution until he gets new kernel:

- flash Gentoo01-2020 to you USB drive
- resize partition (optional)
- on your PC open 1st partition with kernel and init
- replace (old) kernel from this tweet:

Maybe edid test this whith same init plshttps://t.co/khbWVC9AXC

— ᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠᅠ (@Cedsaill2) July 28, 2020

- run/cache https://ps4boot.github.io/
- load JB
- load Linux USB Aeolia or Baikal depends on your console model
- Gentoo will boot up

 

[Grizzley]

sorry i host the Exploit only for tests.. now i have the new Leeful Exploit Site but with same
.JS Code so is the same payload? but a other way to inject.

IDK have no console for testing, what i know the Linux Payload sourcecode is old.. so maybe we have luck and new Devs joined the PS4 Scene

Well I load baikal loader and then it does nothing afterwards. Says it was loaded but then nothing. was working fine yesterday.

 

[mircoho]

ps4boot.github.io/old/index.html is the Host from yesterday.
ps4boot.github.io is a 1:1 Copy from leeful with disabled cache function for testing,

 

[Grizzley]

ps4boot.github.io/old/index.html is the Host from yesterday.
ps4boot.github.io is a 1:1 Copy from leeful with disabled cache function for testing,

Weird, I don't know why it doesn't wanna load.
I cleared my Web history and cache. The old one works fine.

 

[mircoho]

maybe know Leeful why, but is the same js code

window.mira_blob_2_len = 0x4388; (new one)
window.mira_blob_2_len = 329960 (on old host)

int the linuxbaikal.js

 

[S3phi40T]

ps4boot.github.io/old/index.html is the Host from yesterday.
ps4boot.github.io is a 1:1 Copy from leeful with disabled cache function for testing,

No, there is caching and new payloads for internal Linux added today. Clear your cache.

 

[Leeful]

maybe know Leeful why, but is the same js code

window.mira_blob_2_len = 0x4388; (new one)
window.mira_blob_2_len = 329960 (on old host)

int the linuxbaikal.js

what are you using to convert the bin to js?

 

[mircoho]

bin2js.c

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <assert.h>

int main(int argc, char** argv)
{
  assert(argc == 2);
  char* fn = argv[1];
  FILE* f = fopen(fn, "r");
  fseek(f, 0, SEEK_END);
  int l = ftell(f);
  int ll = (l + 0) / 1;
  fseek(f, 0, SEEK_SET);
  char *b = malloc(ll * 1);
  memset(b, 0, ll * 1);
  fread(b, l, 1, f);
  fclose(f);
  uint8_t *u = (uint8_t *)b;
  printf("var payload=[");
  for (int i = 0; i < ll; i++)
  {
    printf("%u", *u++);
    if (i < (ll - 1)) printf(",");
  }
  printf("];\n");
  free(b);
}

gcc bin2js.c
./a.out PAYLOAD.bin > payload.js

and then i have jsut copied the code an added them in write_mem(window.mira_blob_2, [..............


in endeffect i copied your linux.js (for Aeolia/beliza) and added the JS Code for Baikal Model and renamed the file linuxbaikal.js..

 

[Leeful]

You cant do it like that anymore for 6.72. It must be converted to blob.
Use this, just edit the bat file and enter the name of the bin you want to convert.
It will give you the correct js to use with 6.72.

BTW you will notice that the window.mira_blob_2_len = 0x4388 will change for each payload because it is the length of the payload in hex bytes. You don't need to worry about that because the script will do it for you.

 

[mircoho]

Thank you @Leeful i test the script later and give feedback

 

[Stefanos]

Dear mircoho I am having the same case as Grizzley. With the old
ps4boot.github.io my gentoo linux was working fine by selecting the
Baikal option. With the new page it will load but not restart the PS4.

I saw the link you gave for the old page (ps4boot.github.io/old/index.html).
I tried it and again the linux loaded fine.

One strange thing is that I took the files for the old page from the github
and hosted the exploit locally to my raspberry but again the baikal option
will restart my PS4 and freeze it. With your page it is working fine...

Also I need to mention that I tried many linux exploit pages but yours
was the only one that worked for my PS4 ( I own the CUH-7116B pro model
with 6.72).

Is there a way to cache the old page ?

 

[Stefanos]

Ok one update from my side.

I downloaded the contents of ps4boot/ps4boot.github.io and copied the
extracted folder to my Raspberry apache html folder. I tested and by selecting the USB-Baikal
option the PS4 would not restart after loading the payload. Then I moved from within the \OLD\PAYLOADS\
folder the file linuxbaikal.js to the html root and renamed it to pl_linuxbaikal.js (overwriting the one that
was already there).

After doing the above the Linux loads perfectly for me using the 6.72 exploit localy from my Raspberry.
I just select first "Load Exploit" and then "Linux USB Baikal". My usb stick (plugged in the back of the PS4)
contains the Gentoo image burned with Rufus (original bzimage and initramfs.cpio.gz files)

This exploit menu is done by Leeful so big thanx to him

 

[Grizzley]

⠀

 

[mircoho]

You cant do it like that anymore for 6.72. It must be converted to blob.
Use this, just edit the bat file and enter the name of the bin you want to convert.
It will give you the correct js to use with 6.72.

BTW you will notice that the window.mira_blob_2_len = 0x4388 will change for each payload because it is the length of the payload in hex bytes. You don't need to worry about that because the script will do it for you.

the script doesn't make me a .js file? i changed the payload to input.bin and open

EDIT : ok under linux no problem .. maybe missing python3 under windoof

 

[Leeful]

the script doesn't make me a .js file? i changed the payload to input.bin and open

EDIT : ok under linux no problem .. maybe missing python3 under windoof

Oh yeah, Sorry I forgot to mention it needs python3 installed.