Hey there.

So... you use an ad blocker. That's cool. Sometimes we do too.

But without ad revenue, we wouldn't even be here. And we might not be here much longer.

Please disable your ad blocker and click to continue.

Page 1 of 2 12 Last
  1. #1
    Join Date
    Apr 2005

    PS4 NOR Flash Dump MX25L25635FMI-10G for CXD90025G Arrives

    Following up on the previous PS4 Macronix MX25L25635FMI-10G and MX25L1006E NOR Flash dumps, today Sony PlayStation 4 hacker cfw prophet has made available a PS4 NOR Dump 1.06 (without MAC Address & Console-ID) serial flash MX25L25635FMI-10G for CXD90025G dump with some analysis details below.

    Download: ps4nordmp_1.06_without_Mac-Serial.rar (27.59 MB)

    To quote: Subject: Dump of serial flash MX25L25635FMI-10G for CXD90025G

    Reference file: PS4 NOR Dump 1.06 (without MAC Address & Console-ID)


    Size: 0x2000000 filesize / 0x1D40000 datasize
    Statistics: 2.64-2.66% 00s / 11.83% FFs / < 0.38% rest
    Entropy: 6.96569 (87.0711%) - 7.52856 (94.107%)
    Redundancy: 12.9289% - 5.893%
    A. Mean: 131072
    StdDev: 454103 - 245647
    Strings: Flash-Main/strings

    [Register or Login to view code]

    From modrobert (via eurasia.nu/modules.php?op=modload&name=Forums&file=viewtopic& topic=7171&forum=103#33454): I have analyzed the binary and there seem to be an interesting area not mentioned:

    Starting at offset 0x144200 there is a pretty big area which doesn't seem to be encrypted. I found the area by making a raw image conversion to get a better visual view of the data.

    The arrow marks the area which doesn't seem to be encrypted.

    Here's a close-up of the same area, look at the top bar, grains look lumpy there, not even as the encrypted area below.

    If you want to have a look, you can find the hi-res image here. Here's a hex dump of the first part of the suspect area.

    [Register or Login to view code]

    This looks more like executable code to me, not sure what the target device might be.

    [Register or Login to view code]

    Yes, looks this executable indeed, check the strings up there, embedded Linux maybe.

    [Register or Login to view code]

    Wireless/Bluetooth firmware!? Unencrypted?! We can't be that lucky.
    • Generic Bluetooth SDIO driver

    Source code: kerneldox.com/kdox-linux/d3/d99/btsdio_8c_source.html

    By the looks of it, this flash can be read by several PS4 devices accessing different offsets, so maybe we can use that to our advantage and modify data on the fly only when the decrypted area is accessed without breaking checksum in the original flash as a whole.

    I'm thinking of a hardware device between the PS4 Wifi/Lan/Bluetooth circuit (or whatever it is) and the MX25L25635FMI-10G flash chip.

    I found the Verilog model for the MX25L25635F flash from the manufacturer, so should be possible to emulate the flash in an FPGA for interesting manipulation. Also attached (PDF / ZIP), if their files suddenly disappear: macronix.com/en-us/Product/Pages/ProductDetail.aspx?PartNo=MX25L25635F

    Thanks goes to cfwprophet on IRC, I learned a lot of new stuff about the PS4. A block diagram of the MediaCon functions is also attached.

    Finally, from smhabib:

    [Register or Login to view code]

    OF PUP!

    1st 40 bytes are encrypted with aes-256-cbc and the result is used as erk and riv for the next 240 bytes. now that is decrypted through aes-128-ctr and now you can find the location for encrypted sections+hmac key+erk/riv keys. the rest sections are also encrypted with aes-128-ctr. enjoy! j/k

    More PlayStation 4 News...

  2. #2
    Taufik Guest
    Hopefully I will not fall behind PS4 information.

    Thank you very much of its information.

  3. #3
    lionsfan420 Guest
    I have a feeling the PS4 won't take near as long as the PS3, but I will wait till the slim model comes out before I buy one. lol

  4. #4
    racer0018 Guest
    This really doesn't mean anything as far as hacking goes. I have dumped my ps4 a while ago. It may or may not be a step in the right direction. Thanks.

  5. #5
    StevenTj Guest
    Sign ?

  6. #6
    kalberto Guest
    why was so many differs between consoles on the same version ?

    it is because of a different random encrypt in every console on the same version.

    You must decrypt it first then compare it.

  7. #7
    BBoy Chrif Guest
    No way.. The PS4 Still Young

  8. #8
    anamsel007 Guest
    PLAYSTATION hack i think is dead... SONY is the Winner... take GeoHOtz sample... hmmmmm...

  9. #9
    RetroA Guest
    Hacking Anything Is Always Possible, But people are scared of sony, that they will sew them, THEIR IS NOTHING THAT CAN'T BE HACKED

  10. #10
    Tek9 Guest
    Wow why am I not surprised that hackers are already figuring out ways to get into the PS4 system next thing you know homebrew appears

Page 1 of 2 12 Last

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Log in