1. Kai0

    Kai0 Member
    Newcomer

    Joined:
    May 1, 2020
    Messages:
    12
    Country:
    Germany
    @KiiWii I do not want to put the tinfoil on :). Also this has not much to do with my comment.

    What I have tried to write was, that if they fear $onY (or "getting slamed like Geohot") they could just release anonymously, so that noone can ever be sued (since noone "really" knows where the code/hax originally come from).
    In other words: Let's say I (Kai0) have found a way to play "up2date" games with my "old" PS4 FW and want to publish it, I can make it publish under another name "X01QW" (or "an0n" or whatever, or to mock someone use an "known" hackername e.g. "Geohot"), so that noone will know that I (Kai0) have written that code. In that case noone could sue me (Kai0). The moment a code gets published someone will share it (dl and upload it) and then another user will do the same etc. etc. The orign cannot be traced back. Whatever is/was once online will be online forever (even though some links will be deleted or lost or down or whatever).
     
  2. TR_mahmutpek

    TR_mahmutpek medic
    Member

    Joined:
    Jul 28, 2015
    Messages:
    1,372
    Country:
    Turkey
    If only we can find the keys (especially master key) but nvm, no need to dreaming;):wink:
     
    KiiWii likes this.
  3. Mo Poge

    Mo Poge GBAtemp Regular
    Member

    Joined:
    Jan 5, 2016
    Messages:
    136
    Country:
    United States
    Maybe instead of folks concentrating on cracking PS4 fw, maybe they should look at cracking SaveWizard at getting keys from it? The security for it can't be as complex as the PS4 security.
     
  4. mehrab2603

    mehrab2603 GBAtemp Fan
    Member

    Joined:
    Sep 29, 2008
    Messages:
    360
    Country:
    Canada
    I expect something to be released after TLoU 2 and Ghost of Tsushima come out as those are the last major titles on the PS4 and there is no compelling reason to hold off on releasing exploits anymore.
     
  5. MasterJ360

    MasterJ360 GBAtemp Addict
    Member

    Joined:
    Jan 10, 2016
    Messages:
    2,102
    Country:
    United States
    Save Wizard is server sided that already throws a wrench in trying to crack it. The price went down $10 less than what it used to be. If you have a good amount of ps4 games its worth it, heck theres a way for jailbroken ps4's to have the ability to dump save files now to use save wizard. There are PS4 trainers, but the problem with those are that they have few cheats and some of them are region/update specific also your favorite game may not have trainer support.
     
    Last edited by MasterJ360, May 4, 2020
    Mo Poge likes this.
  6. Mo Poge

    Mo Poge GBAtemp Regular
    Member

    Joined:
    Jan 5, 2016
    Messages:
    136
    Country:
    United States
    I don't even care about cracking SaveWizard to be able to use it. More interested in how it works with the PS4 according to what @KiiWii in his last post.

    With it being server side, could anything be gained by hex comparing a save before and after it goes through SaveWizard?
     
  7. MasterJ360

    MasterJ360 GBAtemp Addict
    Member

    Joined:
    Jan 10, 2016
    Messages:
    2,102
    Country:
    United States
    Only thing gained from that would be the values of the said codes which is something only valuable to coders, but you need to have access to their servers in order to do anything to your save file since it needs to be uploaded there first. You can hex edit/export encrypted saves through Advance mode, FF7 Remake has tons of custom cheats now which is how ppl are able to play as Red XIII.
     
    Last edited by MasterJ360, May 4, 2020
    Mo Poge likes this.
  8. godreborn

    godreborn Retired
    Member

    Joined:
    Oct 10, 2009
    Messages:
    12,839
    Country:
    United States
    aren't saves encrypted, so hex comparing would be worthless?
     
    KiiWii likes this.
  9. KiiWii

    KiiWii Reporter
    Reviewer

    Joined:
    Nov 17, 2008
    Messages:
    10,992
    Country:
    United Kingdom
    Absolutely.

    @Mo Poge

    Don’t forget though there are plenty of keys on psdevwiki that haven’t REALLY been investigated properly.

    There is a possibility that there is something there we can use, or methods to “ask Samu nicely” to at least do the dec/enc for us without having to crack anything.
     
    Mo Poge, peteruk and godreborn like this.
  10. godreborn

    godreborn Retired
    Member

    Joined:
    Oct 10, 2009
    Messages:
    12,839
    Country:
    United States
    may also be compressed. I know that sony likes using zlib compression (78 DA in hex), but in an encrypted state, it wouldn't be capable of being decompressed. anyway, the ps3 and the vita both use zlib.
     
    KiiWii likes this.
  11. MostlyUnharmful

    MostlyUnharmful GBAtemp Fan
    Member

    Joined:
    Feb 8, 2018
    Messages:
    387
    Country:
    Italy
    Yup, after the PS2 they start putting fucking DRM on the gamesaves, FFS!

    To answer a few questions above, even if PS5 would be a different architecture than a PS4, from the fact that it's allegedly backward compatible, a working exploit could be useful even in a emulated environment/sandbox. I didn't followed PSP and Vita scene and I'm not bored enough right now to check, bud wasn't found a jailbreak on the Vita via the PSP emulator? (OK, I checked. First Google hit is "Trinity: PSP Emulator Escape, 2019 but I think I read something related much earlier).

    Now, kexploit releases. Well, the common practice is never burn a 0-day, as you never know when you'll may need one.

    IIRC, the exploit for FW 5.50 was released after it was patched, and that happened, again IIRC, because probably one of qwertyoruiop's console sent a crashdump or two to Sony servers. You can probably find a mention of it in one of his Tweets. The exploit for FW 4.05 I think was found first by the fail0werflow crew and independently by a Chinese security firm, that disclosed it to Sony...
     
    KiiWii likes this.
  12. godreborn

    godreborn Retired
    Member

    Joined:
    Oct 10, 2009
    Messages:
    12,839
    Country:
    United States
    yes, what we're doing with the ps4 is bypassing pfs instead of defeating it. that's the nature of exploits now. instead of defeating the security, just find a way to get your foot in the door and let the system do the work. I think pfs is used with saves as well. the vita uses it as well with a folder named pfs. I'm not sure if the ps4 uses such a folder. it's part of both games and saves.
     
  13. KiiWii

    KiiWii Reporter
    Reviewer

    Joined:
    Nov 17, 2008
    Messages:
    10,992
    Country:
    United Kingdom
    @MostlyUnharmful its a shame nothing has come from Morph3us talks, Octoxors talks and even Pikhurs “rest mode exploit” (the latter being patched already)

    @godreborn keep an eye on xDPx PS4 tools repo on github.
     
    peteruk and MostlyUnharmful like this.
  14. godreborn

    godreborn Retired
    Member

    Joined:
    Oct 10, 2009
    Messages:
    12,839
    Country:
    United States
    it kinda sucks that there are private exploits, but I do understand the desire to prevent piracy and protect against online cheating. I've thought about updating a few times just so that I can play final fantasy vii remake, but it's not worth it for one game. my system is rare, so it would be a shame to update an already limited edition system.
     
  15. MostlyUnharmful

    MostlyUnharmful GBAtemp Fan
    Member

    Joined:
    Feb 8, 2018
    Messages:
    387
    Country:
    Italy
    @KiiWii maybe something will materialize in 5~10 years, look at the Vita! (* ^ O ^ *)
     
    Mo Poge and KiiWii like this.
  16. godreborn

    godreborn Retired
    Member

    Joined:
    Oct 10, 2009
    Messages:
    12,839
    Country:
    United States
    well, to be fair, the vita was asking for it. the system is nearly unplayable (the pstv even more so) in its original state.
     
    KiiWii likes this.
  17. Kai0

    Kai0 Member
    Newcomer

    Joined:
    May 1, 2020
    Messages:
    12
    Country:
    Germany
    Something like this: https://www.psdevwiki.com/ps4/Sealedkey_/_pfsSKKey
    or maybe "1.1" or "1.2" from this: https://www.psdevwiki.com/ps4/Bugs_&_Vulnerabilities
    syscon access is needed for clock or power slow down.

    Wait, wait, wait... how can you be so sure that there are private exploits? Can you sent some info/links please?
    And if so, the reason for not releasing it, shouldn't be "the desire to prevent piracy and protect against online cheating", because the argument fails for any previous released exlpoit ever (for every console). It cannot be like "well, we've changed. we do not want to release exploits anymore, because we do not want people to use piracy and cheats". Because one of the most important reason of exploits (at least for endusers) is the piracy thing. Other parts are just nice to have (at least for endusers). And it was/is the same way since ever (for any/every console). Else there would not be a need for public releases. Devs could have fun privately with their own codes implementations and what not, but without the piracy thing. And we already now they can run their own codes (w/o piracy thing). So they would be satisfied for now. No need to make something public if the reason you have mentioned would be true. But guess what...
     
  18. MostlyUnharmful

    MostlyUnharmful GBAtemp Fan
    Member

    Joined:
    Feb 8, 2018
    Messages:
    387
    Country:
    Italy
    We don't have direct proofs, only some indirect clues, like kernel dumps or decrypted kernels, for example the build string allegedly extracted from FW 6.50: https://twitter.com/fire30_/status/1104959566247276546?s=21

    FWIK, to dump BSD/Linux kernels from a running system, i.e. accessing RAM kernel context, you need root privileges, so it probably was done using an unknown/private kexploit.

    Now, about the reasons for not releasing an exploit, this depends always from the individuals, but again security researchers don't usually burn 0-days and FWIK Sony doesn't offer bounties.

    So why risking getting sued by a corporation when, for a security researcher, is better claiming to have powned a console as it looks good in a CV (look for example at "vpikhur", he joined an Oracle security team after his "rest mode attack", coincidence?), that's why they go public about them. Also I think they have fun trolling all the whining kids... (* ^ v ^ *)
     
    Last edited by MostlyUnharmful, May 4, 2020 - Reason: grammar
    KiiWii likes this.
  19. MasterJ360

    MasterJ360 GBAtemp Addict
    Member

    Joined:
    Jan 10, 2016
    Messages:
    2,102
    Country:
    United States
    Online cheating isn't much of an excuse if they keep the k-exploit atleast 1-2 firmware's below the latest. Sure piracy will be frowned upon, but if thats whats truly holding back a release then why even bother mention it its in private? Just keep it to themselves without twitter followers knowing it exists, it would save them the hassle of others begging for one. I mean they shot themselves in the foot there b/c media attention is important. Piracy is bad, but homebrew emulation is ok? Theres a good amount of contradiction riding on that, b/c you still have to get the said roms illegally to work/patch on the ps4
     
  20. Mo Poge

    Mo Poge GBAtemp Regular
    Member

    Joined:
    Jan 5, 2016
    Messages:
    136
    Country:
    United States
    Thanks for educating me, guys. I obviously no little about cracking and even less so above PS4 save files!:rofl2::sad: But there must be a way to get at the pertinent info if there are kexploits in private.:unsure:
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - jailbreak,