Sponsored Links

PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!
Sponsored Links
Sponsored Links
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

  1. #1
    Forum Moderator PS4 News's Avatar
    Sponsored Links

    PS4 NOR Flash Dump MX25L25635FMI-10G for CXD90025G Arrives

    Sponsored Links
    Following up on the previous PS4 Macronix MX25L25635FMI-10G and MX25L1006E NOR Flash dumps, today Sony PlayStation 4 hacker cfw prophet has made available a PS4 NOR Dump 1.06 (without MAC Address & Console-ID) serial flash MX25L25635FMI-10G for CXD90025G dump with some analysis details below.

    Download: ps4nordmp_1.06_without_Mac-Serial.rar (27.59 MB)

    To quote: Subject: Dump of serial flash MX25L25635FMI-10G for CXD90025G

    Reference file: PS4 NOR Dump 1.06 (without MAC Address & Console-ID)


    Size: 0x2000000 filesize / 0x1D40000 datasize
    Statistics: 2.64-2.66% 00s / 11.83% FFs / < 0.38% rest
    Entropy: 6.96569 (87.0711%) - 7.52856 (94.107%)
    Redundancy: 12.9289% - 5.893%
    A. Mean: 131072
    StdDev: 454103 - 245647
    Strings: Flash-Main/strings

    [Register or Login to view code]

    From modrobert (via eurasia.nu/modules.php?op=modload&name=Forums&file=viewtopic& topic=7171&forum=103#33454): I have analyzed the binary and there seem to be an interesting area not mentioned:

    Starting at offset 0x144200 there is a pretty big area which doesn't seem to be encrypted. I found the area by making a raw image conversion to get a better visual view of the data.

    The arrow marks the area which doesn't seem to be encrypted.

    Here's a close-up of the same area, look at the top bar, grains look lumpy there, not even as the encrypted area below.

    If you want to have a look, you can find the hi-res image here. Here's a hex dump of the first part of the suspect area.

    [Register or Login to view code]

    This looks more like executable code to me, not sure what the target device might be.

    [Register or Login to view code]

    Yes, looks this executable indeed, check the strings up there, embedded Linux maybe.

    [Register or Login to view code]

    Wireless/Bluetooth firmware!? Unencrypted?! We can't be that lucky.
    • Generic Bluetooth SDIO driver

    Source code: kerneldox.com/kdox-linux/d3/d99/btsdio_8c_source.html

    By the looks of it, this flash can be read by several PS4 devices accessing different offsets, so maybe we can use that to our advantage and modify data on the fly only when the decrypted area is accessed without breaking checksum in the original flash as a whole.

    I'm thinking of a hardware device between the PS4 Wifi/Lan/Bluetooth circuit (or whatever it is) and the MX25L25635FMI-10G flash chip.

    I found the Verilog model for the MX25L25635F flash from the manufacturer, so should be possible to emulate the flash in an FPGA for interesting manipulation. Also attached (PDF / ZIP), if their files suddenly disappear: macronix.com/en-us/Product/Pages/ProductDetail.aspx?PartNo=MX25L25635F

    Thanks goes to cfwprophet on IRC, I learned a lot of new stuff about the PS4. A block diagram of the MediaCon functions is also attached.

    Finally, from smhabib:

    [Register or Login to view code]

    OF PUP!

    1st 40 bytes are encrypted with aes-256-cbc and the result is used as erk and riv for the next 240 bytes. now that is decrypted through aes-128-ctr and now you can find the location for encrypted sections+hmac key+erk/riv keys. the rest sections are also encrypted with aes-128-ctr. enjoy! j/k

    PS4 NOR Flash Dump MX25L25635FMI-10G for CXD90025G Arrives

    More PlayStation 4 News...
    Attached Thumbnails<br><br> Attached Thumbnails

    ps4_mediacon_block_digram.png   MX25L25635F, 3V, 256Mb, v1.3.pdf   ps4nordmp_1_06_raw_gfx_marked.png   ps4nordmp_1_06_raw_gfx_zoom.png  
    Attached Files Attached Files

  2. #2
    Sponsored Links
    Hopefully I will not fall behind PS4 information.

    Thank you very much of its information.

  3. #3
    I have a feeling the PS4 won't take near as long as the PS3, but I will wait till the slim model comes out before I buy one. lol

  4. #4
    This really doesn't mean anything as far as hacking goes. I have dumped my ps4 a while ago. It may or may not be a step in the right direction. Thanks.

  5. #5

  6. #6
    why was so many differs between consoles on the same version ?

    it is because of a different random encrypt in every console on the same version.

    You must decrypt it first then compare it.

  7. #7
    No way.. The PS4 Still Young

  8. #8
    PLAYSTATION hack i think is dead... SONY is the Winner... take GeoHOtz sample... hmmmmm...

  9. #9
    Hacking Anything Is Always Possible, But people are scared of sony, that they will sew them, THEIR IS NOTHING THAT CAN'T BE HACKED

  10. #10
    Wow why am I not surprised that hackers are already figuring out ways to get into the PS4 system next thing you know homebrew appears


Sponsored Links
Page 1 of 2 12 LastLast
Please Register at PS4News.com, Login or Activate Your Account to make comments on the PS4 News Forums. Thanks!

Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News